Chris‘, > Am 10.12.2019 um 18:59 schrieb Chris Cheshire <yahoono...@gmail.com>: > > On Tue, Dec 10, 2019 at 11:58 AM Chris Cheshire <yahoono...@gmail.com> wrote: >> >>> On Tue, Dec 10, 2019 at 9:42 AM Christopher Schultz >>> <ch...@christopherschultz.net> wrote: >>> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA256 >>> >>> Chris, >>> >>> On 12/9/19 17:10, Chris Cheshire wrote: >>>> In CATALINA_BASE/bin/setenv.sh I have the following : >>>> >>>> CATALINA_OPTS="-Dcom.sun.management.jmxremote >>>> -Dcom.sun.management.jmxremote.ssl=false >>>> -Dcom.sun.management.jmxremote.authenticate=false" >>> >>> Okay. >>> >>>> In CATALINA_BASE/conf/server.xml I have a listener configured : >>>> >>>> <Listener >>>> className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener" >>>> rmiRegistryPortPlatform="10001" rmiServerPortPlatform="10002" >>>> useLocalPorts="true" /> >>>> >>>> >>>> Upon startup I see in logs : INFO [main] >>>> org.apache.catalina.mbeans.JmxRemoteLifecycleListener.createServer >>>> The JMX Remote Listener has configured the registry on port >>>> [10001] and the server on port [10002] for the [Platform] server >>>> >>>>
I didn‘t read it anywhere. Did you add the catalina-jmx.jar to the classpath? Peter >>>> $ netstat -an | grep 10001 tcp4 0 0 127.0.0.1.10001 >>>> *.* LISTEN tcp6 0 0 ::1.10001 >>>> *.* LISTEN >>>> >>>> On my local machine I have a tunnel set up as follows : ssh -N >>>> -L10001:localhost:10001 -L10002:localhost:10002 user@remotehost >>>> >>>> (where user is the user tomcat is running under) >>>> >>>> When I try to add a remote JMX connection in VisualVM on my client >>>> machine to localhost:10001 I get an error dialog after a brief >>>> delay with the message "Cannot connect to localhost:10001 using >>>> service:jmx:rmi:///jndi/rmi://localhost:10001/jmxrmi". If I change >>>> it to port 10002 I get the same error. On the server at this time >>>> : $ netstat -an | grep 10001 tcp4 0 0 127.0.0.1.10001 >>>> *.* LISTEN tcp6 0 0 ::1.10001 >>>> *.* LISTEN tcp4 0 0 127.0.0.1.62637 >>>> 127.0.0.1.10001 TIME_WAIT >>>> >>>> >>>> If I try to use jconsole connecting to port 10001 I get the error >>>> "Connection failed: non-JRMP server at remote endpoint". Connecting >>>> to port 10002 I get the error "Connection failed: no such object >>>> in table" >>> >>> You should be using the port defined by rmiRegistryPortPlatform, so >>> 10001 is the correct port to use. >>> >>>> I've been through the tomcat configuration documentation a couple >>>> times but I can't see what else I need to configure. >>> >>> What you have looks good to me without reproducing it myself. Can you do >>> : >>> >>> $ netstat -an | grep 1000[0-9] >>> >>> ? >>> >>> Just to be sure about both ports? >>> >> >> $ netstat -an | grep 1000[0-9] >> tcp6 0 0 :::10001 :::* LISTEN >> tcp6 0 0 :::10002 :::* LISTEN >> >> >> Hmmmm. Tomcat is only listening on ipv6 ports, but my tunnel is using >> ipv4. After digging around [1], I added this to CATALINA_OPTS in >> setenv.sh >> >> -Djava.net.preferIPv4Stack=true -Djava.net.preferIPv4Addresses=true >> >> $ netstat -an | grep 1000[0-9] >> tcp 0 0 0.0.0.0:10001 0.0.0.0:* LISTEN >> tcp 0 0 0.0.0.0:10002 0.0.0.0:* LISTEN >> >> When I try to connect with jconsole I get the same error (non-JRMP >> server at remote endpoint), with the server showing >> >> tcp 0 0 0.0.0.0:10001 0.0.0.0:* LISTEN >> tcp 0 0 0.0.0.0:10002 0.0.0.0:* LISTEN >> tcp 0 0 127.0.0.1:10001 127.0.0.1:43803 TIME_WAIT >> tcp 0 0 127.0.0.1:10001 127.0.0.1:43815 TIME_WAIT >> >> >> I have also updated sshd_config with >> >> PermitTunnel yes >> >> and restarted that. Still no change. >> >> Chris >> >> >> [1] >> https://serverfault.com/questions/390840/how-does-one-get-tomcat-to-bind-to-ipv4-address > > > As a followup to take the tunnel out of the equation I downloaded > jmxterm [1] on the server and tried to connect > > > $ java -jar jmxterm-1.0.0-uber.jar > Welcome to JMX terminal. Type "help" for available commands. > $>open localhost:10001 > #RuntimeIOException: Runtime IO exception: Failed to retrieve > RMIServer stub: javax.naming.CommunicationException [Root exception is > java.rmi.ConnectIOException: non-JRMP server at remote endpoint] > $> > > > Back to the tomcat documentation, I added this to CATALINA_OPTS > (based on listener config and assumed defaults) > > -Dcom.sun.management.jmxremote.registry.ssl=false > > and now I get a different error : > $>open localhost:10001 > #RuntimeIOException: Runtime IO exception: Failed to retrieve > RMIServer stub: javax.naming.CommunicationException [Root exception is > java.rmi.UnmarshalException: error unmarshalling return; nested > exception is: > java.lang.ClassNotFoundException: > org/apache/catalina/mbeans/JmxRemoteLifecycleListener$RmiClientLocalhostSocketFactory > (no security manager: RMI class loader disabled)] > > > So I enabled the security manager by adding to CATALINA_OPTS > > -Djava.security.manager > -Djava.security.policy=$CATALINA_BASE/conf/catalina.policy > > And got a reminder why I turned it off in the first place. Now I have > to figure out how to allow the mysql drivers to work (and probably > everything else about the web app) so tomcat will start :/ > > Uggh. > > Chris > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
