Connecting remote tomcat JMX instance using jConsole

java tomcat jmx jconsole

85,673

Solution 1

I had a similar, if not the same, problem. I could connect to the JMX server if I started jconsole locally on the machine.

It appears the RMI server was not listening on the correct ip. So, as was suggested in this related question, I added the following:

-Djava.rmi.server.hostname=<host ip>

to JAVA_OPTS as well, and then it worked.

Solution 2

I've collected information spread over the net, found with hints from other members.

Most pain caused by JMX is (imo) the fact that JMX opens a second dynamically allocated network port. A firewall (like iptables) will block this.

Solution for tomcat on linux :

use tomcat 6.0.24 or newer download catalina-jmx-remote.jar from apache tomcat extras (use browse on tomcat download page) copy it in the $CTALINA_HOME\lib

This allows you to set both ports used by JMX

edit Server section in your server.xml

<Server port="8005" ..>
  ...
  <Listener className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener" rmiRegistryPortPlatform="9840" rmiServerPortPlatform="9841"/>

set some environment variables (e.g. in setenv.sh)

CATALINA_OPTS="
  -Djava.rmi.server.hostname=IP-TO-LISTEN
  -Dcom.sun.management.jmxremote.password.file=$CATALINA_BASE/conf/jmxremote.password 
  -Dcom.sun.management.jmxremote.access.file=$CATALINA_BASE/conf/jmxremote.access 
  -Dcom.sun.management.jmxremote.ssl=false"

this activates access control for JMX

jmxremote.access will look like

monitorRole readonly
controlRole readwrite

end jmxremote.password will be

monitorRole tomcat
controlRole tomcat

(just simple spaces)

restart tomcat.

Now configure firewall on the server (e.g. iptables)

/etc/sysconfig/iptables

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 9840 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 9841 -j ACCEPT

and /etc/sysconfig/ip6tables

-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 9840 -j ACCEPT
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 9841 -j ACCEPT

restart iptables

Done!

Now use VisualVM or JConsole on your workstation to establish a connection to rmiRegistryPortPlatform, 9840 in our sample.

If there are no more firewalls between workstation and server it should work.

Solution 3

Tried with Java 8

1. Add this to your java tomcat startup script:

-Dcom.sun.management.jmxremote.port=1616
-Dcom.sun.management.jmxremote.rmi.port=1616
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.local.only=false
-Djava.rmi.server.hostname=localhost

for example add into bin/setenv.sh this:

export CATALINA_OPTS="$CATALINA_OPTS \
-Dcom.sun.management.jmxremote.port=1616 \
-Dcom.sun.management.jmxremote.rmi.port=1616 \
-Dcom.sun.management.jmxremote.local.only=true \
-Dcom.sun.management.jmxremote.authenticate=false \
-Dcom.sun.management.jmxremote.ssl=false "

2. Execute this on your computer.

Windows users:

putty.exe -ssh user@remote-host -L 1616:remote-host:1616
Linux and Mac Users:

ssh user@remote-host -L 1616:remote-host:1616

3. Start `jconsole` on your computer

jconsole localhost:1616

4. Have fun!

P.S.: during step 2, using ssh and -L you specify that the port 1616 on the local (client) host is to be forwarded to the remote side.
P.S.2.: you can specify same port for JMX and RMI conversations

Solution 4

what string are you using as the JMX connection url. I don't mean to point out the obvious but JConsole has a terrible interface and to me requires an overly complex url before it will connect to a remote jmx app. Mine looks like this:

service:jmx:rmi:///jndi/rmi://(hostname):(jmxport)/jmxrmi

Solution 5

Enable JMX in Tomcat8, successfully tested in my POC

1/ Download the catalina-jmx-remote.jar from apache website and place in $CATALINA_HOME/lib.

2/ Take server.xml / setenv.sh backup. Make the changes to server.xml like below-

<Listener className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener" rmiRegistryPortPlatform="10001" rmiServerPortPlatform="10002" />

3/ Make the changes to $CATALINA_BASE/bin/setenv.sh like -

[...]

JVM_OPTS="[...] 
-Dcom.sun.management.jmxremote 
-Dcom.sun.management.jmxremote.authenticate=true 
-Djava.rmi.server.hostname=<eth:0_IP>| <`hostname -i`> 
-Dcom.sun.management.jmxremote.password.file=/apps/data/apache-tomcat-8_8080/conf/jmxremote.password 
-Dcom.sun.management.jmxremote.access.file=/apps/data/apache-tomcat-8_8080/conf/jmxremote.access 
-Dcom.sun.management.jmxremote.ssl=false 
-Dcom.sun.management.jmxremote.local.only=false 
-Dcom.sun.management.jmxremote=true "

4/ Create these two files as - $touch $CATALINA_BASE/conf/jmxremote.password containing:

admin letmein

$touch $CATALINA_BASE/conf/jmxremote.access containing:

admin readwrite

$ chmod 600 jmxremote.password

5/ Restart tomcat and test on jconsole tool :)

$echo|telnet 10.105.14.90 10001

View more solutions

85,673

Author by

Niger

Updated on July 21, 2020

Comments

Niger almost 4 years

I am trying to connect to a remote tomcat JMX instance using jConsole. But can't connect successfully. Any Idea?

I included the following option in remote tomcat catalina.sh:

JAVA_OPTS="$JAVA_OPTS -Dcom.sun.management.jmxremote \
    -Dcom.sun.management.jmxremote.port=9004 \
    -Dcom.sun.management.jmxremote.ssl=false \
    -Dcom.sun.management.jmxremote.authenticate=false"