-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chuck
On 1/26/12 1:41 PM, Caldarale, Charles R wrote: >> From: Christopher Schultz [mailto:ch...@christopherschultz.net] >> Subject: [OT] Inspecting JMX > >> Should I just give up and use JmxRemoteLifecycleListener? > > Yes. You really aren't get to get anywhere on EC2 without it. Okay, so I enabled the JmxRemoteLifecycleListener like this: <Listener className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener" rmiRegistryPortPlatform="1234" rmiServerPortPlatform="1235" /> ... and had the same problem: the client connects to the registry port and then tries to connect to [public IP]:1235. So, I tried adding useLocalPorts="true" to the above and not I'm able to connect -- using the same URL as before, actually: ./check_jmx \ -U service:jmx:rmi:///jndi/rmi://localhost:1234/jmxrmi \ -O java.lang:type=Memory -A HeapMemoryUsage -K used \ -I HeapMemoryUsage -J used -vvvv -w 4248302272 -c 5498760192 JMX OK HeapMemoryUsage.used=39749208{committed=59572224;init=67108864;max=59703296;used=39749208} So, that's good. The JmxRemoteLifecycleListener installs a special RMIClientSocketFactory that always binds to "localhost" instead of whatever the default is that the JVM uses. I'm surprised there's not a way to tell the JVM to do this kind of thing. I wasn't able to find any canonical source of information about what system properties affect the JMX configuration... just lots of "simple" examples of how things should "just work". :( The nice thing about having the JmxRemoteLifecycleListener installed is that the ports are predictable and so I can tunnel them. Now I can use jconsole from my computer to observe whats happening on the server. >> Should I hack the code for check_jmx to use the Attach API. > > Maybe; might be fun. (Always seemed to be a security hole to me > :-) It looks simple to code... I'll take a look at it. I'm sure I'll have some similar kind of problem. Thanks, - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8huJQACgkQ9CaO5/Lv0PDVggCdE0aT954QjHRRVRNSl6ieY/cA JGUAn2pD2JbEjwiTl5Gy/t0TyVAmQViI =3VmZ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
