-
15. Re: How to monitor a MBean on WebSphere
mazz Dec 20, 2008 9:32 PM (in response to rafaelri)Greg has been traveling this week - so he's not been online much. I'll ping him to get him to reply here as soon as he can.
-
16. Re: How to monitor a MBean on WebSphere
rafaelri Dec 21, 2008 7:34 AM (in response to rafaelri)Tks a lot Mazz!
I would never guess he was travelling :D
This week I'll be doing final tests with the changes I did and I am also planning to compile a step-by-step tutorial on how to monitor a secured WebSphere installation since it requires fetching server certificates and importing into the VM that is running the agent and also some other tips.
As a person that knows more RHQ/Jopr code than me, is there a custom trust provider registered on RHQ/Jopr that we could use for storing this certificate or you think for now we should use JVM one?
best regards, -
17. Re: How to monitor a MBean on WebSphere
mazz Dec 21, 2008 1:16 PM (in response to rafaelri)is there a custom trust provider registered on RHQ/Jopr that we could use for storing this certificate
Not for what you want to do (but read the below "Side Note", as I go off on a tangent related to truststores). But - what you can do is just put your truststore in the agent's /data directory and have the JMX plugin contain an additional plugin configuration setting (<plugin-configuration> in the plugin descriptor) so you can tell the plugin component where to find the truststore. You don't have to do this, but if you do, you will make it possible to be able to keep your truststore intact even after an agent auto-updates itself (a new feature I just added - see RHQ-110 JIRA). This is because during an agent update, the update code will make sure it keeps any files that match the regex "data/*truststore*" (and "data/*keystore*"). So, that's the only caveat I have for you - if you name your truststore something like "data/websphere-truststore.dat", you'll be able to keep your agent continually monitoring your websphere app, even after the agent auto-upates itself.
Of course, your plugin code needs to ensure its ssl connection uses that truststore.
Side note: the agent does not create truststores but you can tell it to use one for those times when it talks to the Jopr server over a secure transport (like the "sslservlet" transport). That's what the "rhq.communications.connector.security.truststore.file" and "rhq.agent.client.security.truststore.file" settings are for (the former is the truststore used to verify the remote Jopr server when incoming messages come into the agent, and the latter is the truststore used to verify the remote Jopr server when the agent sends outgoing messages *to* the server). This is all mentioned in the communications pages in the docs. But all that said, these truststores are only used for when the agent sends/receives messages to the Jopr server - so its different for what you need your truststore for. I only mention it because it is the only place in the agent that relates to truststores and I wanted to avoid any confusion with that versus what you need to do. -
18. Re: How to monitor a MBean on WebSphere
rafaelri Feb 6, 2009 7:15 AM (in response to rafaelri)If anyone is interested in a step-by-step guide I've tried to document everything I went through to have a secured WAS installation export an MBean to JOPR in a blog post:
http://itdevworld.wordpress.com/2009/02/01/monitoring-a-secured-websphere-installation-through-joprrhq/[/url] -
19. Re: How to monitor a MBean on WebSphere
cmorgan Feb 6, 2009 7:17 AM (in response to rafaelri)Excellent!
-
20. Re: How to monitor a MBean on WebSphere
rafaelri May 5, 2009 2:53 PM (in response to rafaelri)Hi Mazz!
I just saw that version 2.2 is out. Any news about the fix for enabling WebSphere support?
best regards, -
21. Re: How to monitor a MBean on WebSphere
rafaelri Jul 15, 2009 10:15 AM (in response to rafaelri)Hi Mazz!!!
Just saw that JIRA RHQ-1296 got integrated! Tks a lot!
By the way, have you heard anything from Greg about the changes for the WebsphereConnectionProvider class in MC4J?
After having this integrated into MC4J we would have out of the box 100% working support for WebSphere installations!
cheers! -
22. Re: How to monitor a MBean on WebSphere
mazz Jul 15, 2009 10:30 AM (in response to rafaelri)I thought for sure Greg put in that stuff in EMS trunk. I don't know specifically what you needed, can you find it in here?
http://mc4j.svn.sourceforge.net/viewvc/mc4j/trunk/mc4j/modules/ems/src/ -
23. Re: How to monitor a MBean on WebSphere
mazz Jul 15, 2009 10:32 AM (in response to rafaelri)Hmmm.. perhaps not:
http://mc4j.svn.sourceforge.net/viewvc/mc4j/trunk/mc4j/modules/ems/src/ems-impl/org/mc4j/ems/impl/jmx/connection/support/providers/WebsphereConnectionProvider.java?view=markup
Is that the file you need tweeked? That hasn't changed in a while. I'll ping Greg on this, I'd like to get this in. -
24. Re: How to monitor a MBean on WebSphere
pilhuhn Jul 15, 2009 10:35 AM (in response to rafaelri)Or add a WebsphereConnectionProvider2 with the needed functionality, so that other projects can still use the old semantics.
-
25. Re: How to monitor a MBean on WebSphere
rafaelri Jul 15, 2009 10:35 AM (in response to rafaelri)Yes, that's exactly the file! And I did the same as you did, checked the last update date ;)
I've also pasted the changed file to a message post on MC4J forum since I guess I dont have the rights to file a bug on MC4J bug system@SF.net
here is the changed file http://sourceforge.net/forum/message.php?msg_id=5865601
tks a lot Mazz!!! -
26. Re: How to monitor a MBean on WebSphere
mazz Jul 15, 2009 10:38 AM (in response to rafaelri)Rafael, Was it a big change? Can you post the actually patch/diff here (if its not too large - which I suspect it isn't).
-
27. Re: How to monitor a MBean on WebSphere
rafaelri Jul 15, 2009 11:40 AM (in response to rafaelri)Hi Mazz!
you're right it was a slight change, there goes the diff:119c119 < if (serverUrl.getScheme().equalsIgnoreCase("http")) { --- > if (serverUrl.getScheme().equalsIgnoreCase("http") || serverUrl.getScheme().equalsIgnoreCase("https")) { 132,133c132,139 < props.setProperty( < getConstant(adminClientClass, "CONNECTOR_SECURITY_ENABLED"), "false"); --- > String username = connectionSettings.getPrincipal(); > String password = connectionSettings.getCredentials(); > boolean security = ((username != null) && (!"".equals(username))); > if (security) { > props.setProperty(getConstant(adminClientClass, "CONNECTOR_SECURITY_ENABLED"), Boolean.toString(security)); > props.setProperty(getConstant(adminClientClass, "USERNAME"), username); > props.setProperty(getConstant(adminClientClass, "PASSWORD"), password); > } 206c212 < } --- > }
-
28. Re: How to monitor a MBean on WebSphere
rafaelri Jul 15, 2009 11:50 AM (in response to rafaelri)I'd also risk saying that the chance of breaking backwards compatibility is minimal not to say that it does not exist ;)
-
29. Re: How to monitor a MBean on WebSphere
mazz Jul 15, 2009 12:35 PM (in response to rafaelri)wouldn't you need an "else" clause to set the security property to false if security==false?
String username = connectionSettings.getPrincipal(); String password = connectionSettings.getCredentials(); boolean security = ((username != null) && (!"".equals(username))); if (security) { props.setProperty(getConstant(adminClientClass, "CONNECTOR_SECURITY_ENABLED"), "true"); props.setProperty(getConstant(adminClientClass, "USERNAME"), username); props.setProperty(getConstant(adminClientClass, "PASSWORD"), password); } else { // DON'T YOU NEED THIS ELSE? props.setProperty(getConstant(adminClientClass, "CONNECTOR_SECURITY_ENABLED"), "false"); }