Java Anwendungen per JMX über RMI remote Monitoren.

[Thomas Darimont]

Hallo!

Folgende JVM Arguemente müssen wir angeben:

 -Dcom.sun.management.jmxremote.password.file=E:/stuff/jmxremote.password -Dcom.sun.management.jmxremote.access.file=e:/stuff/jmxremote.access -Dcom.sun.management.jmxremote.port=9999 -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=true

unser Management Interface lassen wir auf dem Port 9999 lauschen...

Unser jmxremote.password schaut so aus:

   # ----------------------------------------------------------------------
   #		   Template for jmxremote.password
   #
   # o Copy this template to jmxremote.password
   # o Set the user/password entries in jmxremote.password
   # o Change the permission of jmxremote.password to read-only
   #   by the owner.
   #
   # See below for the location of jmxremote.password file.
   # ----------------------------------------------------------------------
   
   ##############################################################
   #		Password File for Remote JMX Monitoring
   ##############################################################
   #
   # Password file for Remote JMX API access to monitoring.  This
   # file defines the different roles and their passwords.  The access
   # control file (jmxremote.access by default) defines the allowed
   # access for each role.  To be functional, a role must have an entry
   # in both the password and the access files.
   #
   # Default location of this file is $JRE/lib/management/jmxremote.password
   # You can specify an alternate location by specifying a property in 
   # the management config file $JRE/lib/management/management.properties
   # or by specifying a system property (See that file for details).
   
   
   ##############################################################
   #	File permissions of the jmxremote.password file
   ##############################################################
   #	  Since there are cleartext passwords stored in this file,
   #	  this file must be readable by ONLY the owner,
   #	  otherwise the program will exit with an error. 
   #
   # The file format for password and access files is syntactically the same
   # as the Properties file format.  The syntax is described in the Javadoc
   # for java.util.Properties.load.
   # Typical password file has multiple  lines, where each line is blank,
   # a comment (like this one), or a password entry.
   #
   #
   # A password entry consists of a role name and an associated
   # password.  The role name is any string that does not itself contain
   # spaces or tabs.  The password is again any string that does not
   # contain spaces or tabs.  Note that passwords appear in the clear in
   # this file, so it is a good idea not to use valuable passwords.
   #
   # A given role should have at most one entry in this file.  If a role
   # has no entry, it has no access.
   # If multiple entries are found for the same role name, then the last one
   # is used.
   #
   # In a typical installation, this file can be read by anybody on the
   # local machine, and possibly by people on other machines.
   # For # security, you should either restrict the access to this file,
   # or specify another, less accessible file in the management config file
   # as described above.
   #
   # Following are two commented-out entries.  The "measureRole" role has
   # password "QED".  The "controlRole" role has password "R&D".
   #
   # monitorRole  QED
   # controlRole   R&D
   monitorRole foobar
   controlRole foobar

Unser jmxremote.access file schaut so aus:

   ######################################################################
   #	 Default Access Control File for Remote JMX(TM) Monitoring
   ######################################################################
   #
   # Access control file for Remote JMX API access to monitoring.
   # This file defines the allowed access for different roles.  The
   # password file (jmxremote.password by default) defines the roles and their
   # passwords.  To be functional, a role must have an entry in
   # both the password and the access files.
   #
   # Default location of this file is $JRE/lib/management/jmxremote.access
   # You can specify an alternate location by specifying a property in 
   # the management config file $JRE/lib/management/management.properties
   # (See that file for details)
   #
   # The file format for password and access files is syntactically the same
   # as the Properties file format.  The syntax is described in the Javadoc
   # for java.util.Properties.load.
   # Typical access file has multiple  lines, where each line is blank,
   # a comment (like this one), or an access control entry.
   #
   # An access control entry consists of a role name, and an
   # associated access level.  The role name is any string that does not
   # itself contain spaces or tabs.  It corresponds to an entry in the
   # password file (jmxremote.password).  The access level is one of the
   # following:
   #	   "readonly" grants access to read attributes of MBeans.
 #				 For monitoring, this means that a remote client in this
 #				 role can read measurements but cannot perform any action
 #				 that changes the environment of the running program.
   #	   "readwrite" grants access to read and write attributes of MBeans,
 #				 to invoke operations on them, and to create or remove them.
 #			This access should be granted to only trusted clients, 
 #				 since they can potentially interfere with the smooth
   #			operation of a running program 
   #
   # A given role should have at most one entry in this file.  If a role
   # has no entry, it has no access.
   # If multiple entries are found for the same role name, then the last
   # access entry is used.
   #
   #
   # Default access control entries:
   # o The "monitorRole" role has readonly access.  
   # o The "controlRole" role has readwrite access.
   
   monitorRole   readonly
   controlRole   readwrite

Beispiel wäre nun mal das remote monitoren von Eclipse... (ist ja nur ein beispiel ;-)

 eclipse -vmargs -Dcom.sun.management.jmxremote.password.file=E:/stuff/jmxremote.password -Dcom.sun.management.jmxremote.access.file=e:/stuff/jmxremote.access -Dcom.sun.management.jmxremote.port=9999 -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=true

Dann kann man auch mit anderen Tools als der jconsole wie etwa dem netten MC4J (http://www.tutorials.de/tutorials231309.html&highlight=mc4j) die lokalen JVMs monitoren (Damit kann man mal den nervigen OOMEs innerhalb Eclipse 3.1.1 + WTP auf den Zahn fühlen...)

Gruss Tom

Ps.:
Frohe Weihnachten