1

I want to use jmx with Jconsole.Here is the relevant line in the .sh file

## enable jconsole access
JAVA_OPTS="$JAVA_OPTS -Dcom.sun.management.jmxremote  -Dcom.sun.management.jmxremote.port=9999
-Dcom.sun.management.jmxremote.password.file=/usr/pkg/tomcat-rusznak/jmxremote.password -Dcom.sun.management.jmxremote.access.file=/usr/pkg/tomcat-rusznak/jmxremote.access -Djava.rmi.server.hostname=ba.accra.com"

here is the content of the jmxremote.password file

monitorRole password
controlRole password

here is the content of jmxremote.access file

monitorRole   readonly
controlRole   readwrite \
              create javax.management.monitor.*,javax.management.timer.* \
              unregister

But when I provide the correct hostname, port and try to log in with the monitorRole - password pair all what I get is this:

Connection failed: connection refused.

Why?

I checked a lot of similar questions, for example I know from stackoverflow that I need to include the hostname (-Djava.rmi.server.hostname=ba.accra.com) too, but it does not solve the problem, something obviously is misssing. What else do I need?

EDITED

I dont know if it is relevant or not but I would like to add that I had no problem to launch jconsole locally (although the connection is always refused) but I can not even launch it on the server!

jconsole: not found
Sanyifejű
  • 2,610
  • 10
  • 46
  • 73
  • How are you running your JConsole? Do you launch it with some options? – Sylvain B May 06 '13 at 12:50
  • On the server, do you see the port 9999 as LISTEN? When you try to telnet to the server port 9999 does it work? Any firewalls? Remember that there are 2 ports involved and both need to be allowed in any firewalls. – Gray May 06 '13 at 12:53
  • Gray: yes, the port 9999 listen when I try telnet. I am not following you, what is the other port? – Sanyifejű May 06 '13 at 13:13
  • Sylvain: I added the lines above to the script that launches our application. I run it on the server. Then I go to my local machine and I just simply type jconsole and when the pop up appears I give the hostname, the port, the username and the password – Sanyifejű May 06 '13 at 13:16
  • I posted a valid solution here: http://stackoverflow.com/a/17457394/1531271 – sushicutta Jul 04 '13 at 07:26

2 Answers2

2

I have a solution for this:

see also: https://stackoverflow.com/a/17457394/1531271

If your Java process is running on Linux behind a firewall and you want to start Jconsole on Windows on your local machine.

NOTE: you also can use ssh command to add tunneling, if you do not have putty.exe (if you are a linux oder mac os user)


1. You need the putty-suite for your Windows machine from here:

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

At least the putty.exe


2. First check ip adress on the linux machine

hostname -i

result ---> <your-linux-ip-adress>

Example:

your-linux-ip-adress = 10.20.30.40


3. Define two free Ports on your linux machine:

<jmx-remote-port>
<jndi-remote-port>

Example:

jmx-remote-port = 15666      
jndi-remote-port = 15667


4. Add arguments to java process on the linux machine

-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port=<jmx-remote-port>
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.local.only=false
-Djava.rmi.server.hostname=<your-linux-ip-adress>
-Djava.rmi.activation.port=<jndi-remote-port>

Example:

java -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=15666 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.local.only=false -Djava.rmi.server.hostname=10.20.30.40 -Djava.rmi.activation.port=15667 ch.sushicutta.jmxremote.Main


5. Enable two SSH-Tunnels from your Windows machine with putty

Source port: <jmx-remote-port>
Destination: <your-linux-ip-adress>:<jmx-remote-port>
[x] Local       
[x] Auto       

Source port: <jndi-remote-port>
Destination: <your-linux-ip-adress>:<jndi-remote-port>
[x] Local       
[x] Auto

Example:

Source port: 15666
Destination: 10.20.30.40:15666
[x] Local       
[x] Auto       

Source port: 15667
Destination: 10.20.30.40:15667
[x] Local       
[x] Auto


6. Login to your Linux machine with this SSH-Tunnel enabled.

When you are logged in, Putty will tunnel all TCP-Connections to 

localhost:15666 and localhost:15667

to

10.20.30.40:15666 and 10.20.30.40:15667


7. Start JConsole and connect to your Java Process using the following URL

[x] Remote Process:
service:jmx:rmi://localhost:**<jndi-remote-port>**/jndi/rmi://localhost:<jmx-remote-port>/jmxrmi

Example:

[x] Remote Process:
service:jmx:rmi://localhost:15667/jndi/rmi://localhost:15666/jmxrmi


8. ENJOY :)

Community
  • 1
  • 1
sushicutta
  • 1,536
  • 1
  • 9
  • 11
0

Ok, so actually, the following options are enabled by default:

  • com.sun.management.jmxremote.authenticate
  • com.sun.management.jmxremote.ssl

And as explained here, if you have SSL enabled, you need to run your JConsole with SSL configured properly. I think that you should try to disable SSL by adding this option in your script that launch the application: com.sun.management.jmxremote.ssl=false

Sylvain B
  • 513
  • 7
  • 12
  • I added these lines but nothing changed:-( -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false – Sanyifejű May 06 '13 at 13:37
  • As you have setup authentication, you'd just need to define `-Dcom.sun.management.jmxremote.ssl=false`. With `authenticate=false`, you should be able to connect without username/password. Which URL are you setting in JConsole? I remember that just putting hostname:port never worked fine for me, I always used the `service:jmx:///jndi/rmi://...` url. – Sylvain B May 06 '13 at 13:53