jvisualvm/jconsole jmx方式连接远程tomcat应用终于成功,附踩大坑记录!!(二:jmx方式)
一、问题概述
参考前一篇:
jvisualvm连接远程应用终于成功,附踩大坑记录!!(一:jstatd方式)
这篇主要讲讲jmx方式。
二、启动前设置jmx参数
我这边拿tomcat举例,其余java应用只会比它更简单,读者可以自行尝试下。
在tomcat的bin目录下,创建setenv.sh(文件名不能错,这个是tomcat提供的一个定制参数的钩子,名字不同就找不到了)
内容如下:
#!/bin/sh JAVA_OPTS="$JAVA_OPTS -Xmx1024m -Djava.rmi.server.hostname=192.168.19.114 -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=9998 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false"
其中,
-Djava.rmi.server.hostname=192.168.19.114 ---------------- 192.168.19.114为tomcat所在机器的ip地址。
-Dcom.sun.management.jmxremote ----------------- 开启jmx,jdk1.5之前还要手动开启,现在已经默认开启了,所以可以省略
-Dcom.sun.management.jmxremote.port=9998 -------------------jmx的端口
-Dcom.sun.management.jmxremote.authenticate=false ---------------- 不开启验证
-Dcom.sun.management.jmxremote.ssl=false ----------------------不开启ssl通信
配置好了之后,正常启动应用即可。接下来验证是否可以连接。
除了上面几个参数,oralce官方(jdk1.8版本)还公布了其他的相关参数,如下:
| Property | Description | Values |
|---|---|---|
|
com.sun.management.jmxremote |
Enables the JMX remote agent and local monitoring via a JMX connector published on a private interface used by JConsole and any other local JMX clients that use the Attach API. JConsole can use this connector if it is started by the same user as the user that started the agent. No password or access files are checked for requests coming via this connector. |
true / false. Default is true. |
|
com.sun.management.jmxremote. port |
Enables the JMX remote agent and creates a remote JMX connector to listen through the specified port. By default, the SSL, password, and access file properties are used for this connector. It also enables local monitoring as described for the com.sun.management.jmxremote property. |
Port number. No default. |
|
com.sun.management.jmxremote. registry.ssl |
Binds the RMI connector stub to an RMI registry protected by SSL. |
true / false. Default is false. |
|
com.sun.management.jmxremote. ssl |
Enables secure monitoring via SSL. If false, then SSL is not used. |
true / false. Default is true. |
|
com.sun.management.jmxremote. ssl.enabled.protocols |
A comma-delimited list of SSL/TLS protocol versions to enable. Used in conjunction with com.sun.management.jmxremote.ssl. |
Default SSL/TLS protocol version. |
|
com.sun.management.jmxremote. ssl.enabled.cipher.suites |
A comma-delimited list of SSL/TLS cipher suites to enable. Used in conjunction with com.sun.management.jmxremote.ssl. |
Default SSL/TLS cipher suites. |
|
com.sun.management.jmxremote. ssl.need.client.auth |
If this property is true and the property com.sun.management.jmxremote.ssl is also true, then client authentication will be performed. It is recommended that you set this property to true. |
true / false. Default is false. |
|
com.sun.management.jmxremote. authenticate |
If this property is false then JMX does not use passwords or access files: all users are allowed all access. |
true / false. Default is true. |
|
com.sun.management.jmxremote. password.file |
Specifies location for password file. If com.sun.management.jmxremote.authenticate is false, then this property and the password and access files are ignored. Otherwise, the password file must exist and be in the valid format. If the password file is empty or nonexistent, then no access is allowed. |
JRE_HOME/lib/management/ jmxremote.password |
|
com.sun.management.jmxremote. access.file |
Specifies location for the access file. If com.sun.management.jmxremote.authenticate is false, then this property and the password and access files are ignored. Otherwise, the access file must exist and be in the valid format. If the access file is empty or nonexistent, then no access is allowed. |
JRE_HOME/lib/management/ jmxremote.access |
|
com.sun.management.jmxremote.login.config |
Specifies the name of a Java Authentication and Authorization Service (JAAS) login configuration entry to use when the JMX agent authenticates users. When using this property to override the default login configuration, the named configuration entry must be in a file that is loaded by JAAS. In addition, the login modules specified in the configuration should use the name and password callbacks to acquire the user's credentials. For more information, see the API documentation forjavax.security.auth.callback.NameCallback and javax.security.auth.callback.PasswordCallback. |
Default login configuration is a file-based password authentication. |
链接如下:
https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html#gdeum
三、设置setenv.sh的可执行权限
[root@localhost bin]# chmod +x setenv.sh [root@localhost bin]# pwd /home/apache-tomcat-8.5.28/bin [root@localhost bin]# ll setenv.sh -rwxr-xr-x 1 root root 259 Mar 13 10:56 setenv.sh [root@localhost bin]# pwd /home/apache-tomcat-8.5.28/bin // 添加可执行权限 [root@localhost bin]# chmod +x setenv.sh
然后启动startup.sh来启动tomcat。
等待tomcat启动后,查看9998端口是否开启:
netstat -nltp
三、本机visualvm进行连接
参考前一篇,在本机的visualvm上,依然是失败的。
四、换台机器试试
五、jconsole连接
更新于2020-3-13,
今天被同事问到这个,于是用jconsole也试了下,发现可以连接:
六、结论
依然是,遇到bug不要怕,换个客户端,不行就换台机器试试
