How to Remote Manage » History » Revision 5
« Previous |
Revision 5/7
(diff)
| Next »
Henning Blohm, 08.03.2020 18:00
How to Remote Manage¶
A significant amount of internal state and operations of a z2 system can be accessed via JMX using tools such as jconsole or jvisualvm. In order to access z2 via JMX some JMX related configuration should be applied.
Configuring JMX access in Z2¶
Accessing a Java VM remotely via JMX¶
It should not be necessary, but unfortunately, as JMX in based on RMI, accessing to a Java VM via JMX remotely can be non-trivial, if
a) You have port restrictions
b) The externally used hostname is not the same as the internally used hostname
Both are typical, if you need to manage machines remotely.
Here are two practical approaches:
Accessing a Remote JVM via JMX directly¶
The tricky thing about JMX over RMI is that knowing the host name and the JMX port is merely sufficient to request RMI access that then uses a different (random) port and a host name defined by the JMX endpoint. That is, when accessing to the JMX endpoint we get a redirect to a different host and port combination that may not make sense from where we are calling, either because the host name is not resolvable or wrong (e.g. localhost), or because the port is not accessible.
However, the following two system properties can be used to solve these problems:
com.sun.management.jmxremote.rmi.port | Defines the RMI port to use and can be set to be the same as the JMX port |
java.rmi.server.hostname | Defines the RMI host name to use |
If hostnames differ¶
So, for example, assuming your host is accessible as myhost externally, but has a different name by itself, adding
java.rmi.server.hostname=myhost
to Z2_HOME/bin/runtime.properties
(which is one way to make sure the system property is set on all z2 processes), will make sure that JMX access to myhost works. However, when doing so and checking for the ports used by the JVM you might see something like this:
netstat -nltp | grep java
tcp6 0 0 :::42149 :::* LISTEN 2775/java
tcp6 0 0 :::8080 :::* LISTEN 2775/java
tcp6 0 0 :::38291 :::* LISTEN 2775/java
tcp6 0 0 :::37237 :::* LISTEN 2735/java
tcp6 0 0 :::43767 :::* LISTEN 2735/java
tcp6 0 0 :::7800 :::* LISTEN 2775/java
tcp6 0 0 :::7777 :::* LISTEN 2735/java
Note the expected "unexpected" ports 42149 and 38291 for the web worker process and 37237 and 43767 for the home process.
Using the same port for JMX and RMI¶
By default, z2 sets uses the JMX port 7777 for the <home> process and 7800 for the web worker process. If not all ports are accessible but you are willing to allow to make dedicated ports accessible, it could
be a good idea to make sure that these ports are also used for JMX over RMI.
In that case, we need to set the property com.sun.management.jmxremote.rmi.port
for each process invidually.
For the home process, that is started directly from the command line, we configure startup settings in Z2_HOME/bin/launch.properties
. We enhance home.vmopts
to include the new property:
home.vmopts=\
-Xmx64M -cp z.jar \
-Dcom.sun.management.config.file=management.properties \
-Dworker.remoteJmx=true \
-Djava.util.logging.config.file=logging.properties \
-Dcom.zfabrik.home.concurrency=5 \
-Dcom.sun.management.jmxremote.rmi.port=7700 \
-Dcom.zfabrik.home.start=environment/home
In addition in Z2_HOME/base/environment.base/webWorker.properties
we change the VM options to
worker.process.vmOptions\:JEXL3=`\
-Xmx128m -Xms128m -XX:+HeapDumpOnOutOfMemoryError \
-Dderby.system.home=../../data/derby \
-Dsvnkit.symlinks=false \
-Duser.language=en \
-Dcom.sun.management.config.file=management.properties \
-Dcom.sun.management.jmxremote.rmi.port=${this["worker.jmx.port"]}\
`
so that the same port is used for JMX over RMI as for the initial JMX access.
After that we will see two of the obscure ports gone. For example this:
netstat -nltp | grep java
tcp6 0 0 :::44809 :::* LISTEN 8980/java
tcp6 0 0 :::35691 :::* LISTEN 8956/java
tcp6 0 0 :::8080 :::* LISTEN 8980/java
tcp6 0 0 :::7700 :::* LISTEN 8956/java
tcp6 0 0 :::7800 :::* LISTEN 8980/java
tcp6 0 0 :::7777 :::* LISTEN 8956/java
The remaining two random ports are due to the Java Attach API.
Using jstatd¶
Another way of allowing access to all Java VMS on some machine is by running jstatd .
Accessing a Remote JVM via JMX via an SSH tunnel¶
Another option is to access JMX via an SSH tunnel. Given you made sure the ports for JMX and JMX RMI are identical, this works and has the additional benefits, that you could protect access to JMX completely by limiting it to SSH access.
All you need to do for that is to add the property com.sun.management.jmxremote.local.only=true
to Z2_HOME/bin/management.properties
Remote Synchronization and Log Streaming¶
Starting with version 2.8, Z2 offers a built-in command line utility to synchronize (with log output) and provide streaming access to the z2 home log. When in Z2_HOME/bin run:
java -cp z.jar com.zfabrik.launch.Manage -?
for the usage:
SYNOPSIS
java -cp z.jar Manage <command> <options>
COMMANDS
sync The sync performs a synchronization of a running (remote) z2 Home.
showlog Continuously stream the z2 Home log of a running z2 Home to the current stderr.
OPTIONS
-url <url>
JMX URL identifying the target z2 Home. Defaults to service:jmx:rmi:///jndi/rmi://localhost:7777/jmxrmi
The URL may be shortened to <host>:<port> (e.g. localhost:7777)
-user <username>
Username used for JMX authentication. Optional.
-pass <password>
Password used for JMX authentication. Optional. Mandatory when a username has been set
-b <n>
Number of lines to read before current (if available) when running showlog.
EXAMPLE
java -cp z.jar com.zfabrik.launch.Manage showlog -url host:7777 -user admin -pass admin
Updated by Henning Blohm almost 5 years ago · 5 revisions