6

I set up JMX on one of services running on Amazon EC2 instance but it doesn't work properly. I'm using VisualVM to connect and after short period of pending it fails with timeout. Looks like it fails because of missing response data or lags. I checked that JMX port is enabled in security group and also tried with different port with no JMX enabled and also with port not enabled in security group settings and both fails immediately, so it looks different. My EC2 instance and desktop both have Ubuntu 12.04 and JDK 7 installed.

It turns out ports don't make sense since connection is SSL secured. I have a private key and have no idea how to use it with JConsole or VisualVM.

Jacek Laskowski
  • 72,696
  • 27
  • 242
  • 420
Viktor Stolbin
  • 2,899
  • 4
  • 32
  • 53
  • possible duplicate of [How to connect to Java instances running on EC2 using JMX](http://stackoverflow.com/questions/13734646/how-to-connect-to-java-instances-running-on-ec2-using-jmx) – Gray Apr 14 '15 at 13:11

2 Answers2

13

JMX needs an RMI registry operating on an open port. By default the RMI registry port is chosen randomly at the startup time and it doesn't play well with firewalls. Since JDK7u4 you can use 

-Dcom.sun.management.jmxremote.rmi.port=<port>

to set the RMI port to be used. Then you can enable that port in the security group.

Note the .rmi. part of the above setting because this usually gets confused with the com.sun.management.jmxremote.port setting. You should not!

Jacek Laskowski
  • 72,696
  • 27
  • 242
  • 420
JB-
  • 2,615
  • 18
  • 17
  • 1
    I turns out ports don't make sense since connection is SSL secured. I have a private key and have no idea how to use it with JConsole or VisualVM – Viktor Stolbin Oct 02 '13 at 18:41
  • This should be the the accepted best answer, as it does not require an SSH tunnel or opening the entire port range from 0-65535 (as I saw suggested elsewhere). – mmindenhall Dec 30 '14 at 07:02
4

This works for me. Set the JMX options on your server:

-Dcom.sun.management.jmxremote 
-Dcom.sun.management.jmxremote.port=<some port>
-Dcom.sun.management.jmxremote.ssl=false 
-Dcom.sun.management.jmxremote.authenticate=false 
-Djava.rmi.server.hostname=localhost

Open up an SSH tunnel:

ssh -i /path/to/key -D <some port> username@public_dns_address

Start VisualVM:

jvisualvm -J-Dnetbeans.system_socks_proxy=localhost:<some port> -J-Djava.net.useSystemProxies=true

Add a remote connection to the server. Add a JMX connection using the port you've specified for JMX.

To be clear, in all three cases above, should be the same port.

Peter
  • 971
  • 9
  • 15
  • I haven't tried but as far as I understand it uses ssh as local proxy. I have 8 different EC2 instances and that means I'll need to run 8 different VisualVMs? – Viktor Stolbin Oct 05 '13 at 14:33
  • 1
    That's correct. What I've done in this situation is to open one VisualVM to get the details about the MBeans I want to look at and then write a script to get them locally from each machine. Specifically, I install JRuby and use the JMX gem to query JMX on the local machine and print the results to the console, or send them to a remote system for collection. This creates a little bit of load on the systems where the script is running, so you'll need to consider that. – Peter Oct 05 '13 at 18:32
  • 1
    Just a heads-up - you are leaving your JMX server completely unprotected (SSL off, authentication off). – JB- Jan 08 '15 at 10:48