I am running a java app as a service using procrun. The app is running fine when the JMX authentication is not enabled, but when I add an access and password files, restrict permissions on the password file and enable the JMX authentication, the app is not starting and giving 1074: The process terminated unexpectedly error.
Below is the script I am using to register the app as a service using the latest version of procrun.
cd E:\MyApp
MyApp.exe //IS//MyApp --Install=%cd%\MyApp.exe --Jvm="C:\Program Files\Java\jdk1.8.0_131\jre\bin\server\jvm.dll" --JvmMx=2048 --JvmMs=2048 --Startup=auto --StartMode jvm --StartClass com.MyApp --StartParams start --StartMethod start --StopMode jvm --StopClass com.MyApp --StopParams stop --StopMethod stop --Classpath=%cd%\MyApp.jar --LibraryPath=%cd%\bin --JvmOptions="-Duser.dir=%cd%" ++JvmOptions=-XX:+RelaxAccessControlCheck ++JvmOptions=-Dcom.sun.management.jmxremote ++JvmOptions=-Dcom.sun.management.jmxremote.port=1099 ++JvmOptions=-Dcom.sun.management.jmxremote.ssl=false ++JvmOptions=-Dcom.sun.management.jmxremote.authenticate=true ++JvmOptions=-Dcom.sun.management.jmxremote.access.file=E:\MyApp\Conf\jmxremote.access ++JvmOptions=-Dcom.sun.management.jmxremote.password.file=E:\MyApp\Conf\jmxremote.password --JvmOptions=-XX:+UseConcMarkSweepGC --JvmOptions=-XX:CMSInitiatingOccupancyFraction=40 ++JvmOptions=-Dorg.xml.sax.parser="com.sun.org.apache.xerces.internal.parsers.SAXParser" ++JvmOptions=-Djavax.xml.parsers.DocumentBuilderFactory="com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl" ++JvmOptions=-Djavax.xml.parsers.SAXParserFactory="com.sun.org.apache.xerces.internal.jaxp.SAXParserFactoryImpl" --LogPath=E:\Logs --LogLevel=DEBUG --StdOutput=auto --StdError=auto --StartPath=%cd% --StopPath=%cd% --DisplayName=MyApp
Any clues on what could be wrong?
I think there is a problem with your password file. At first just use a simple jmx configuration like mine. Here is my simple JMX configuration for startup:
-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port=11099
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.local.only=false
-Djava.rmi.server.hostname=localhost
-Dcom.sun.management.jmxremote.rmi.port=11098
Related
I have a SpringBoot Application which internally communicate with the JMS and activeMQ. I have a .cmd file to start that application. I have added arguments to enable remote debugging, so I can debug the application in eclipse. The cmd file as below:
set JAVA_CP=./;./config;./lib/*
set JAVA_JMX=-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=10090 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false
set JAVA_CL=com.myapp.test.server.TestServer
set JAVA_OP=-Xmx280m -Xdebug -Xrunjdwp:server=y,transport=dt_socket,address=8090,suspend=n %JAVA_JMX%
"%JAVA_HOME%\bin\java" %JAVA_OP% -cp "%JAVA_CP%" %JAVA_CL%
Now when I start ActiveMQ and then my application with above .cmd file. I got following error:
18:27:53.234 [main] ERROR [o.a.coyote.http11.Http11NioProtocol] Failed to start end point associated with ProtocolHandler ["http-nio-8080"]
java.net.BindException: Address already in use: bind
If I remove the debugging arguments(-Xdebug -Xrunjdwp:server=y,transport=dt_socket,address=8090,suspend=n) from .cmd file, it works fine.
I search about this and found that it may possible that two instances are running, but I verified that also. Can you please help?
I wanna make wildfly-domain as a systemd service in centos7
in works by root user but when i start it as wilfly user after a while it shows error:
java.lang.OutOfMemoryError: unable to create new native threadESC
and stop . even stop service doesn't work .
I tried to change heap-memo and ... but the user is a problem!
How can I solve this?
service file is ib wildfly8/bin/init.d/wildfly-init-redhat.sh
I tried "ulimit -n " at the top of service script but nothing changed!
I have 256Gb Ram and 64core CPU but ....
Right place for unit is:
/etc/systemd/system/wildfly.service
This minimal is ok
[Unit]
Description=WildFly application server
Wants=network-online.target
After=network-online.target
[Service]
Type=simple
User=web
Group=web
ExecStart=/opt/wildfly-10.1.0.Final/bin/domain.sh
Restart=always
RestartSec=20
[Install]
WantedBy=multi-user.target
You should edit only ExecStart field to match your path.
Create user web with
useradd web
Also exec by root:
chown -R web:web /opt/wildfly-10.1.0.Final/
When
systemctl start wildfly
systemctl enable wildfly
If you get OOMs, inspect your limits
[Service] section of systemd unit, like
LimitFSIZE=infinity
LimitCPU=infinity
LimitAS=infinity
LimitNOFILE=64000
LimitNPROC=64000
or
/etc/security/limits.d/
/etc/security/limits.conf
I have a CentOS box hosting a Drupal 7 site. I've attempted to run a Java application called Tika on it, to index files using Apache Solr search.
I keep running into an issue only when SELinux is enabled:
extract using tika: OpenJDK 64-Bit Server VM warning: INFO: os::commit_memory(0x00007f1ed9000000, 2555904, 1) failed; error='Permission denied' (errno=13)
#
# There is insufficient memory for the Java Runtime Environment to continue.
# Native memory allocation (malloc) failed to allocate 2555904 bytes for committing reserved memory.
# An error report file with more information is saved as:
# /tmp/jvm-2356/hs_error.log
This does not happen if I disable selinux. If I run the command from SSH, it works fine -- but not in browser. This is the command it is running:
java '-Dfile.encoding=UTF8' -cp '/var/www/drupal/sites/all/modules/contrib/apachesolr_attachments/tika' -jar '/var/www/drupal/sites/all/modules/contrib/apachesolr_attachments/tika/tika-app-1.11.jar' -t '/var/www/drupal/sites/all/modules/contrib/apachesolr_attachments/tests/test-tika.pdf'
Here is the log from SELinux at /var/log/audit/audit.log:
type=AVC msg=audit(1454636072.494:3351): avc: denied { execmem } for pid=11285 comm="java" scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:httpd_t:s0 tclass=process
type=SYSCALL msg=audit(1454636072.494:3351): arch=c000003e syscall=9 success=no exit=-13 a0=7fdfe5000000 a1=270000 a2=7 a3=32 items=0 ppid=2377 pid=11285 auid=506 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=1 comm="java" exe="/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.95.x86_64/jre/bin/java" subj=unconfined_u:system_r:httpd_t:s0 key=(null)
Is there a way I can run this with SELinux enabled? I do not know the policy name of Tika (or should I use Java?) so I'm unsure where to go from here...
This worked for me...
I have tika at /var/apache-tika/tika-app-1.14.jar
setsebool -P httpd_execmem 1
chcon -t httpd_exec_t /var/apache-tika/tika-app-1.14.jar
Using the sealert tools (https://wiki.centos.org/HowTos/SELinux) helped track down the correct selinux type.
All of your context messages reference httpd_t, so I would run
/usr/sbin/getsebool -a | grep httpd
And experiment with enabling properties that show as off. It's been a while since I ran a database-backed website (Drupal, WordPress, etc.) on CentOS, but as I recall, these two were required to be enabled:
httpd_can_network_connect
httpd_can_network_connect_db
to enable a property with persistence, run
setsebool -P httpd_can_network_connect on
etc.
The booleans you're looking for are:
httpd_execmem
httpd_read_user_content
How to find:
audit2why -i /var/log/audit/audit.log will tell you this.
Part of package: policycoreutils-python-utils
I have a local Nagios Server and I'm trying to configure it to monitor my tomcat8 server with check_jvm, so I can control the memory and classes used by Java.
To do so I installed the check_nrpe plugin on the client, and configured it but I'm having an 'odd' error.
If I try to call the plugin on the client from my server, it answers correctly, even using check_jvm commands as parameter.
But when I configure it so nagios do the check on his own, the web browser returns a "CHECK_NRPE: Error - Could not complete SSL handshake" for that service specifically.
This is what I have:
From my nagios server
# /usr/local/nagios/libexec/check_nrpe -H <client.ip>
NRPE v2.12
# /usr/local/nagios/libexec/check_nrpe -H <client.ip> -c tomcat_heap
OK 799998504 |max=2101870592;;; commited=2101870592;;; used=799998504;;;
Where tomcat_heap is the name of a command defined in nrpe.cfg at the client in order to use the check_jvm plugin.
command[tomcat_heap]=sudo /usr/local/nagios/libexec/check_jvm -n org.apache.catalina.startup.Bootstrap -p heap -w 1700000000 -c 2000000000
Now, back again on my Nagios server, this is the service definition
define service{
use generic-service
host_name lin-des
service_description Tomcat heap
check_command check_nrpe!tomcat_heap
}
Now, this returns a 'CHECK_NRPE: Error - Could not complete SSL handshake' on the web app.
I've checked the allowed_hostson the nrpe.cfgfile, as well as on /etc/xinetd.d/nrpe, so it includes my nagios server IP.
I've also checked Selinux and Iptables configuration.
I've also checked that both my Nagios server, and the client share the same version of the ssl libraries.
Lastly, I've checked all the permissions on /usr/local/nagios/libexec on both the server and the client, so the user nagios have the ownership of them.
At this point, I ran out of ideas, and that's why I'm asking you. Any ideas on where the problem may be?
Found it.
It seems when I defined the check_nrpe command in the command.cfg, I made a mistake on the command line.
define command{
command_name check_nrpe
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -p 5656 -t 30 -c $ARG1$
}
As you can see, I defined the command to work on the port 5656 which isn't the port used by the nrpe service (it actually is 5666).
After fixing this error, everything runs properly.
I hope this helps to anyone with similar problems.
I trying to connect remote jvm, used jvisualvm.
I started server with this parameters:
-Dcom.sunmanagement.jmxremote=true
-Dcom.sun.management.jmxremote.port=15001
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false
and i have this error:
Error: Exception thrown by the agent : java.lang.NullPointerException
when i removed this parameters:
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false
i have another error, like this:
Error: Password file not found: /var/lib/openshift/5406e3aa500446a793000178/
wildfly/usr/lib/jvm/jdk1.8.0_05/jre/lib/management/jmxremote.password
Question. How configure server for jmx remote connetion?
I used action hooks for init java parameters.
May be exists another tools for monitoring jvm?
My guess is that trying to use jmx remoting bind per default to 0.0.0.0 (aka all network interfaces). However, on Openshift you can only bind to $OPENSHIFT_INTERNAL_IP. The error seems cryptic, but that might be caused by https://bugs.openjdk.java.net/browse/JDK-8048050.