0

If I open jvisualvm and go to File >> Add Remote Host I am prompted to create a new remote server entry. I enter a host name of myapp01.example.org, and then I see that server show up under the Remote section of the Applications tree on the left-hand side. When I right-click that server, and click Add JMX Connection, I see the following dialog:

enter image description here

Let's say I have a Java app (WAR deployed to Tomcat) running on myapp01.example.org:8443. To SSH into the server, I use username skroob and a password of 12345 (hey, that's the combination on my luggage!):

ssh skroob@myapp01.example.org
skroob@myapp01.example.org's password: 12345

When I fill out the dialog as follows:

  • Connection: myapp01.example.org:8443
  • Username: skroob
  • Password: 12345

I get the following error:

Cannot connect to skroob@myapp01.example.org:8443 using service:jmxLrmi:///jndi/rmi://myapp01.example.org:8443/jmxrmi

I believe this may be because I'm not configuring JMX to be exposed on Tomcat itself. Or maybe I'm just entering the wrong info. Maybe both. Either way:

  • What do I need to do to configure this with proper JMX info?
  • What do I need to do to configure this properly for jstatd?
smeeb
  • 27,777
  • 57
  • 250
  • 447
  • 1
    You need to create managa-jmx user with username/pwd you want to use to access it. http://tomcat.apache.org/tomcat-7.0-doc/manager-howto.html – kosa Jan 14 '15 at 19:12
  • Thanks @Nambari (+1) - however please see the [JMX section on that page](http://tomcat.apache.org/tomcat-7.0-doc/manager-howto.html#Using_the_JMX_Proxy_Servlet) - there is no mention of a username/password config? Are you sure this isn't something that was deprecated/removed from an earlier version of Tomcat? Thanks again! – smeeb Jan 14 '15 at 19:23
  • Search for "manager-jmx" section. There you will see how to create users for manager-* role. – kosa Jan 14 '15 at 19:24

1 Answers1

3

That's not how JMX connection is specified. For tomcat the best way is to create a bin/setenv.sh file This is best because the Apache scripts are already set up to look for it and call it if present.

This is the place where you are intended to set any installation specific parameters.

You will go far with something like this:

#
# PORT for debug
export JPDA_ADDRESS='8000'

echo start with 'jpda start' parameters to enable debugging.  Tomcat will listen on $JPDA_ADDRESS

CATALINA_OPTS="\
-Dcom.sun.management.jmxremote \
-Dcom.sun.management.jmxremote.port=1299 \
-Dcom.sun.management.jmxremote.authenticate=true \
-Dcom.sun.management.jmxremote.password.file=../conf/jmxremote.password \
-Dcom.sun.management.jmxremote.access.file=../conf/jmxremote.access \
-Dcom.sun.management.jmxremote.ssl=false

jmxremote.access: 

monitorRole readonly
controlRole readwrite

jmxremote.password: This file MUST be READONLY by the ID that starts Tomcat or JMX WILL NOT WORK! i.e. chmod 400 jmxremote.password

monitorRole  readpass
controlRole  changepass

Basically you are setting up 2 JMX user IDs. One that can access exposed getters. The other that can also access setters and arbitary mbean methods. In practice you'll usually want to supply the latter so you can do more than just look.

SO.... In your dialog above it becomes

  • Connection: myapp01.example.org:1299
  • Username: controlRole
  • Password: changepass
Terry
  • 911
  • 10
  • 26
  • Awesome, thank you @Terry (+1)! A few followup questions. (1) If I define `bin/setenv.sh`, won't Tomcat start up with these options every time? This wouldn't be desirable; only if I needed to start it in debug mode and troubleshoot something. Is there a way to define this in another file and then start Tomcat with that other file instead? (2) Where do I place `jmxremote.access` and `jmxremote.password` files? Thanks again! – smeeb Jan 14 '15 at 19:44
  • 1
    1. No it does not always start in debug mode. This just tells it what port debug would run on. To actually attach with Eclipse for remote debugging instead of "bin/startup.sh" you would start tomcat with the command "bin/startup.sh jpda start" – Terry Jan 14 '15 at 20:14
  • 1
    technically jmxremote files have to be on the classpath for the JVM (if I remember correctly). But it is most common to put them in the tomcat/conf directory (same place as context.xml) NOTE the relative path specification in the setenv.sh – Terry Jan 14 '15 at 20:16