9

I am running Tomcat 6 on a Linux server in Amazon's cloud. I am trying to connect to it with VisualVM from my Mac at my office. I have allowed opened up all TCP ports between my desktop and the server, but I am unable to get VisualVM to do anything.

On the linux box, I have started Tomcat with:

-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port=9191
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false

On my Mac, I launch VisualVM and choose File -> New JMX Connection...

I enter amazonhostname.com:9191 in the box. It says "Adding amazonhostname.com:9191..." and sits there for several minutes before timing out.

From my Mac, I can "telnet amazonhostname.com 9191" just fine, and I tried some other random ports, and they all worked. I'm pretty convinced it's not a firewall issue, unless I need to open UDP or ICMP or something like that. (Really??)

There is nothing in catalina.log on the server, or the system console on my Mac, related to jmx. netstat on the server shows 9191 and some other ports open on all interfaces.

There is no jstatd on the remote server. Is that a pre-requisite for JMX? (I am totally new to Java and I'm not even sure what those things mean, but I saw it on a blog post somewhere. I'm grasping at straws now.)

luksch
  • 11,497
  • 6
  • 38
  • 53
jsd
  • 7,673
  • 5
  • 27
  • 47
  • Have you made sure that iptables isn't blocking the connection on your linux box? EDIT: I see you can telnet - okay, scratch that. – Greg Kopff May 11 '12 at 00:42
  • 1
    The other thing you need to look at is the RMI hostname - take a look at: http://stackoverflow.com/questions/9985293/how-do-i-use-jconsole-to-connect-to-ec2 – Greg Kopff May 11 '12 at 00:44
  • 1
    Jstatd is not needed. As Greg suggested try to add -Djava.rmi.server.hostname=the.public.ip to Tomcat JVM arguments. – Tomas Hurka May 11 '12 at 07:09
  • Thanks Tomas & Greg - rmi.server.hostname did the trick. I'm in! If one of you wants to rewrite your comment as an answer, I will accept it. – jsd May 11 '12 at 16:23
  • @GregKopff You should write an answer – fglez May 29 '12 at 10:34

2 Answers2

20

Set the hostname property before the VM starts:

java -Dcom.sun.management.jmxremote \
     -Dcom.sun.management.jmxremote.port=9191 \
     -Dcom.sun.management.jmxremote.authenticate=false \
     -Dcom.sun.management.jmxremote.ssl=false \
     -Djava.rmi.server.hostname=the.public.ip \
     -jar program.jar

Add the relevant rules to your security group.

Greg Kopff
  • 15,945
  • 12
  • 55
  • 78
  • Won't work for auto-scaling like Elastic Beanstalk, unfortunately. – mwoodman Nov 13 '12 at 21:05
  • @mwoodman: I've not used EB, but do you know why this isn't applicable (to let subsequent SO searchers know)? – Greg Kopff Nov 13 '12 at 23:51
  • 1
    I think the -Dcom.sun.management.remote.ssl=false should be -Dcom.sun.management.jmxremote.ssl=false – Tom Gwozdz Jan 02 '13 at 16:26
  • @TomGwozdz: It's been a long time since I looked at this, and I don't have access to that codebase anymore to double check, but it would appear you're right - I've updated the answer. – Greg Kopff Jan 02 '13 at 21:21
  • @greg-kopff: EB instances come and go depending on load. There isn't an easy way to control the pre-deployment environment with per-instance customizations. You get an instance based on a predetermined image, and your app deployed into Tomcat. Everything else is fairly opaque. – mwoodman Jan 10 '13 at 06:50
0

What worked well for me in RHEL7 environment is to implement the JmxRemoteLifecycleListener on Tomcat using the example provided in the documentation. I have also opened up ports 10001 and 10002 on the firewall. JMX Remote Lifecycle Listener

Neoheurist
  • 3,183
  • 6
  • 37
  • 55
Francis Vinluan
  • 84
  • 3