Skip navigation

Pitfall go Round Blog

1 post

This post is about monitoring a jboss server jvm via jmx. Usually jmx is served by the host jvm on a tcp port that can be configured with -Dcom.sun.management.jmxremote.port, and subsequent calls to the MBean server are handled by an additionally and dynamically configured port. This is not trivial for a firewall between the JBoss host and the monitoring server, or it would require an any to any accept rule. Therefore it is desired to have JMX requests working with one single port, that can be allowed by the firewall. Read the following lines about how to set it up with JBoss 6.x

 

  1. create a premain agent jar, that serves all jmx rmi requests on one port. See: http://blogs.oracle.com/jmxetc/entry/jmx_connecting_through_firewalls_usinghttp://blogs.oracle.com/jmxetc/entry/connecting_through_firewall_using_jmx
    compile the listed class CustomAgent and pack it into a premain agent jar as per the instructions given there.
  2. copy the resulting jar file to ${JBOSSHOME}/lib/jmx-premain-agent.jar
  3. insert the following additional variables to the ${JBOSSHOME}bin/run.conf (unix) or ${JBOSSHOME}bin/run.conf.bat (win)

set "JAVA_OPTS=%JAVA_OPTS% -Dexample.rmi.agent.port=3390 -javaagent:../lib/jmx-premain-agent.jar"

set "JAVA_OPTS=%JAVA_OPTS% -Dcom.sun.management.jmxremote.authenticate=false"

set "JAVA_OPTS=%JAVA_OPTS% -Dcom.sun.management.jmxremote.ssl=false"

set "JAVA_OPTS=%JAVA_OPTS% -Djboss.platform.mbeanserver"

set "JAVA_OPTS=%JAVA_OPTS% -Djavax.management.builder.initial=org.jboss.system.server.jmx.MBeanServerBuilderImpl"

set "JAVA_OPTS=%JAVA_OPTS% -Djava.util.logging.manager=org.jboss.logmanager.LogManager"

set "JAVA_OPTS=%JAVA_OPTS% -Dorg.jboss.logging.Logger.pluginClass=org.jboss.logging.logmanager.LoggerPluginImpl"

set "JBOSS_CLASSPATH=..\lib\jboss-logmanager.jar"

 

Now run the jboss server, and upon startup, it will print the following additional lines:

Create RMI registry on port 3390

Get the platform's MBean server

Initialize the environment map

Create an RMI connector server

Start the RMI connector server on port 3390

 

This allows us to connect to the jmx server via only one single port. With JConsole, it is possible to connect to the server also if all ports other than the specified 3390 are blocked.

 

Another useful tool to query jvm relevant information is checkjmx http://nagioscheckjmx.sourceforge.net/. Once you found your metrics of interest with the JConsole MBean browser, you can query the current values from nagios with the check_jmx plugin:

 

check_jmx\nagios\plugin>java -cp ./jmxquery.jar org.nagios.JMXQuery -U service:jmx:rmi:///jndi/rmi://localhost:3390/jmxrmi -O java.lang:type=Threading -A ThreadCount -w 50 -c 100

 

JMX WARNING ThreadCount=76

Filter Blog

By date: By tag: