All,
If i want to enable JMX on Tomcat for monitoring from the same machine, (i.e. not remotely) are these properties still required?
com.sun.management.jmxremote.authenticate=false
com.sun.management.jmxremote.port=12345
Isnt it the case that the authenticate and port number properties are only relevant if monitoring remotely? Do i need the above if monitoring locally?
If the port number is not required, how does the client know who to contact Tomcat? Does it listen to a port number that TOmcat has open by default?
You are correct, these parameters only required when monitoring remote application via JMX. When monitoring locally, you can skip them. Obviously the process needs to be started by the same user.
I think there are some exceptions to this rule, see
http://download.oracle.com/javase/1.5.0/docs/guide/management/agent.html#local
Q:"If the port number is not required, how does the client know who to contact Tomcat?"
A: jconsole, jps and the likes simply looks for any Java processes that are running on the system and owned by the same user.
Read here: http://download.oracle.com/javase/6/docs/technotes/guides/management/jconsole.html (chapter about attachable applications).
Here is a writeup i did on this subject. JMX setup for external access
Related
Memory Analysers (Instrumentation and Monitoring tools) like VisualVM and jProfiler connect to Java Application's JVM though JMX extensions (though there might be other means to connect - like jstatd etc, i have seen JMX is quite common)
My Understanding About JMX:
By default JMX must expose its default port(not sure if there is a default port number) so that Memory Analysers can connect. So, I assume that when more than one java apps are running with default JMX config, on the same machine, there must be a JMX port conflict.
But I have never noticed that. I have seen java apps running happily with default configs and Mem Analysers could happily connect with each of these java apps at the same time. So my understanding about JMX ports is not entirely correct. Could some one say how more than one java app is able to expose JMX functionality with default configurations at the same time on the same machine. (???? is a random port used by JMX for each java application????)
Tools like VisualVM use JMX together with Dynamic Attach mechanism to monitor local Java Virtual Machines.
First, the tool connects to a local JVM via Attach
API.
Then it executes (also via Attach API) a command to start Management Agent (JMX server) in the target JVM.
The target JVM starts Management Agent on some free port and sets the opened port value in the Agent properties.
The tool uses Attach API again to read Agent properties, and thus discovers the port the Agent listens to.
Then it establishes the JMX connection to the Management Agent on this port.
Obviously, different local JVMs start Management Server on different ports, but VisualVM discovers the port number via Dynamic Attach.
I have created a Java Web Application using Jetty (in Eclipse, using OSGI etc.). The application itself runs quite well (when being tested locally), so I wanted to run it on an Azure virtual machine in order to be accessible for external users (for testing reasons).
What I did so far:
created an Azure account
create a virtual machine with Windows Server running in it
downloaded all my eclipse files etc. to the virtual machine
started the application (in fact in eclipse, not the compiled jar) in the virtual machine; the application is published to port 8080
so, when i run a webbrowser in the VM and connect to localhost:8080, everything works well
but when I try to access the website from external (using my assigned domain of the VM, something.cloudapp.net:8080), it does not work
I also created endpoints in the azure management console for this VM (80, 8080, etc.)
Does anyone ever tried to run a java webapp on Azure or has a hint what could go wrong here?
By default, windows servers in Azure have the windows firewall enabled. This would block external connections to port 8080 by default. Try adding an appropriate exception to the windows firewall rules.
According to your description, I think you have correctly configured the new endpoints for the network traffic of Java Webapp. If not or incorrectly does, please refer to the article https://azure.microsoft.com/en-us/documentation/articles/virtual-networks-create-nsg-arm-pportal/ to configure again.
Then, as #CtrlDot said, you need to configure the firewall for allowing the inbound traffic on Windows Server.
As reference, please see the article about allowing inbound traffic to a specified TCP or UDP port on Windows Server to do it.
I'm wondering if there is a way to setup connection between a client and a server over the internet and have both of them programmatic setup all needed router/firewall configuration changes to open needed external ports to communicate.
Assuming both server and client have known ip addresses and a DNS is not needed in this example to find the IP addresses. How might one have a server that when started configures access past the firewall and tells the router how to route proper communication to the server. I would assume the client may not need anything like this as it should only need to know the external IP address and port number of the server. If i'm wrong about my assumption please let me know.
Example if I have two houses house (A) has a server and house (B) has a client and both sites know what the other house external IP address is and know what port they will be using how may a Java application do all the configuration or at least do as much as possible on say windows,mac,ubuntu. The idea is the user of the server and client should not have to do a bunch of firewall/router configurations to get the application running. It would also be nice if in the example it shows how to release the connections when the server is terminated. Example when the java server is turned off it should close up port settings on the firewall and router. security and clean house.
There is no easy way of doing that as it will depend on the OS and on the many possible firewall application running on the machine. Plus, if your app crash, you will never set back the original parameters, which can be problematic when talking about security. Instead of trying to set up custom configuration, you should try to use standard communication template/protocol like http. This will gives you a high probability of your app running without additional configuration almost anywhere (since there is almost no point of having an internet connection if you don't allow http port).
I want to create a JMX agent that has to be accessible from local host only.
Please advise how can I do that.
Also help with a Simple JMX client on same machine that will connect to that JMX agent.
If somehow we can get away with specifying an explicit port, that will be helpful.
You might find this helpful. It uses the attach API for Oracle's JVM to connect to a running Java process and have it start a local only JMX agent. You would setup whatever MBeans you want to expose as usual. I get the impression that this code is similar to what JConsole does for connecting to local JVM processes. You might also want to investigate the source for Jmxterm which leverages JConsole for connecting to local JVM processes.
I want to write an unprivileged (non-root-access) JMX client program that monitors a privileged (running as root) application that has JMX local access enabled -Dcom.sun.management.jmxremote .
At least on MacOSX, jconsole (and jps) don't see root processes when I run as myself.
Is this just the fact of life here, or is there some way to configure this?
If your client is not permitted to see the root process, then you cannot attach by PID. What you need is to have the root application load a JMXServer that will listen on a [>1024] port and then you can connect through the port rather than by PID. The easiest way to do this would be to specify a couple of more system properties which will trigger the JVM to load a JMX server automatically. For example (these are all the most insecure):
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.port=7777
See JMX Management and Monitoring Properties.
To create a JMXServer programmatically, see the JavaDoc for javax.management.remote. There is a really good guide/tutorial on this topic here.
JMX uses a simple TCP port that you can define with some command-line options. If the port is open, anyone (included non-priviledged users) should be able to see it.
As for the process itself, jps cannot see other user's process, but you can see then with "ps aux".