Skip to main content

RE: GF 2.1 - JMX through firewall

Please note these java.net forums are being decommissioned and use the new and improved forums at https://community.oracle.com/community/java.
No replies
mgainty
Offline
Joined: 2004-05-21

you should have a JSR-160 JMX Listener pre-configured here is why

JMX_SYSTEM_CONNECTOR_PORT is assigned by create-instance command

if you dont specify JMX_SYSTEM_CONNECTOR_PORT i believe the default is 9686 (but dont quote me)

e.g.

asadmin>create-instance --node localhost-domain1
--systemproperties HTTP_LISTENER_PORT=58294:
HTTP_SSL_LISTENER_PORT=58297:
IIOP_LISTENER_PORT=58300:
IIOP_SSL_LISTENER_PORT=58303:
IIOP_SSL_MUTUALAUTH_PORT=58306:
JMX_SYSTEM_CONNECTOR_PORT=58309 pmdcpinst

domain\config\server.policy would contain those perms to grant codebase the connect capability to any IP on any port e.g.

grant {

permission java.net.SocketPermission "*", "connect";

...

}

processLauncher.xml should contain the JMX.invoke.getters entry as true

observe the jmxremote_optional.jar is in sharedChainJars for same process

Once you create and start the instance the JMX listener should be casting to JMX agents

asadmin>create-instance

asadmin>start-instance

you should see JMX entries popping in the server.log with these params

-Djavax.management.builder.initial=com.sun.enterprise.admin.server.core.jmx.AppServerMBeanServerBuilder
-Djmx.invoke.getters=true

servicC:jmx:rmi:///jndi/rmi://localhost:9686/jmxrmi;|ADM1504: Here is the JMXServiceURL for the Standard JMXConnectorServer: [servicC:jmx:rmi:///jndi/rmi://localhost:9686/jmxrmi]. This is where the remote administrative clients should connect using the standard JMX connectors|#]

you should now be able to use remote RMI clients to connect to JMX Service via port <9686>

MG>confirm with netstat -a | grep 9686

using jndi that would be jndi/rmi://localhost:9686/jmxrmi

let us know you are able to get that far

Martin
______________________________________________

> To: users@glassfish.java.net
> From: satadru.roy@bchydro.com
> Subject: GF 2.1 - JMX through firewall
> Date: Thu, 17 Oct 2013 23:47:43 +0000
>
> This one is about Glassfish 2.1.x and JMX connectivity through
> firewall. Basically, we’re struggling with the random port allocation
> for the RMIServer and a client like VisualVM fails to connect through a
> firewall, even after setting
> -Dcom.sun.aas.jconsole..cbport = , as documented
> here :
> https://blogs.oracle.com/tronds/entry/glassfish_and_jmx_through_a
>
> I was looking around in the codebase and found that in the JSR 160
> connector, the JmxConnectorServerDriver expects the JMX service url to
> be of the form "service:jmx:rmi://localhost:" +
> port1 + "/jndi/rmi://localhost:" + port2 + "/jmxrmi" where port1
> is the RMIserver port and port2 is the JMXConnector RMIRegistry port?
>
> Does this mean VisualVM has to pass in a JMX service URL of this form?

This email and its attachments are intended solely for the personal use of the individual or entity named above. Any use of this communication by an unintended recipient is strictly prohibited. If you have received this email in error, any publication, use, reproduction, disclosure or dissemination of its contents is strictly prohibited. Please immediately delete this message and its attachments from your computer and servers. We would also appreciate if you would contact us by a collect call or return email to notify us of this error. Thank you for your cooperation.
-BCHydroDisclaimerID5.2.8.1541