Chapter 7. Connecting to remote Fuse integrations (standalone distributions)
The Fuse Console uses Jolokia, an agent-based approach to Java Management Extensions (JMX) that requires extra software (an agent) installed on the client. By default, Red Hat Fuse includes a jolokia agent.
With standalone Fuse Console distributions, you can connect to remote integrations that already have a jolokia agent (https://jolokia.org/) running inside them. If the process that you want to connect to does not have a jolokia agent inside, refer to the jolokia documentation (http://jolokia.org/agent.html).
7.1. Unlocking the Fuse Console
By default, Jolokia for Fuse 7 standalone (on Apache Karaf} and JBoss EAP) is locked and the Fuse Console is not accessible remotely.
To unlock the Fuse Console for a hostname or IP address other than locahost or 127.0.0.1, follow these steps:
Open the
jolokia-access.xml
file in an editor.On Karaf, the XML file is located in the
$KARAF_HOME/etc
folder.On JBoss EAP, it is located in the
$EAP_HOME/standalone/configuration
folder.Register the hostnames or IP addresses for the Fuse integrations that you want to access with the Fuse console by adding them to the <cors> section.
For example, to access hostname 0.0.0.3 from the Fuse Console, add the
*<allow-origin>http://0.0.0.3:*</allow-origin>*
line as shown:
<!-- Cross-Origin Resource Sharing (CORS) restrictions By default, only CORS access within localhost is allowed for maximum security. You can add trusted hostnames in the <cors> section to unlock CORS access from them. --> <cors> <!-- Allow cross origin access only within localhost --> <allow-origin>http*://localhost:*</allow-origin> <allow-origin>http*://127.0.0.1:*</allow-origin> <allow-origin>http://0.0.0.3:*</allow-origin> <!-- Whitelist the hostname patterns as <allow-origin> --> <!-- <allow-origin>http*://*.example.com</allow-origin> <allow-origin>http*://*.example.com:*</allow-origin> --> <!-- Check for the proper origin on the server side to protect against CSRF --> <strict-checking /> </cors>
- Save the file.
7.2. Restricting remote access
Optionally, you can restrict remote access to the Fuse Console for specific hosts and IP addresses.
You can grant overall access based on the IP address of an HTTP client. To specify these restrictions:
In the jolokia-access.xml
file, add or edit a <remote>
section that contains one or more <host>
elements. For the <host>
element, you can specify an IP address, a host name, or a netmask given in CIDR format (for example, 10.0.0.0/16
for all clients coming from the 10.0 network).
The following example allows access from localhost and all clients whose IP addresses start with 10.0
. For all other IP addresses, access is denied.
<remote> <host>localhost</host> <host>10.0.0.0/16</host> </remote>
For more details, see the Jolokia security documentation (https://jolokia.org/reference/html/security.html).
7.3. Allowing connections to remote Fuse instances
The Fuse Console’s proxy servlet uses whitelist host protection, with which by default the Fuse Console can only connect to localhost. If you want to connect the Fuse Console to other remote Fuse instances, you need to configure the whitelist as follows:
For Apache Karaf, make the following configuration changes in
etc/system.properties
file:hawtio.proxyWhitelist = localhost, 127.0.0.1, myhost1, myhost2, myhost3
For JBoss EAP, make the following configuration changes in the
standalone/configuration/standalone-*.xml
file:<property name=hawtio.proxyWhitelist" value="localhost, 127.0.0.1, myhost1, myhost2, myhost3"/>
For Spring Boot, configure the hawtio.proxyWhitelist system property in the
main()
method of your Spring Boot application:System.setProperty("hawtio.proxyWhitelist", "localhost, 127.0.0.1, myhost1, myhost2, myhost3");
7.4. Connecting to a remote Jolokia agent
Before you begin, you need to know the connection details (host name, port, and path) of the remote Jolokia agent.
Here are the default connection URLs for the Jolokia agent depending on your Fuse distribution:
-
Spring Boot:
http://<host>:8080/jolokia
-
Red Hat JBoss EAP:
http://<host>:8080/hawtio/jolokia
-
Fuse Karaf:
http://<host>:8181/hawtio/jolokia
As a system administrator, you can change these defaults.
Typically, the URL to remotely connect to a Jolokia agent is the URL to open the Fuse Console plus /jolokia
. For example, if the URL to open the Fuse Console is http://<host>:1234/hawtio
, then the URL to remotely connect to it would probably be http://<host>:1234/hawtio/jolokia
.
To connect to a remote Jolokia instance so that you can examine its JVM:
- Click the Connect tab.
Click the Remote tab, and then Add connection.
- Type the Name, Scheme (HTTP or HTTPS), and the hostname.
- Click Test Connection.
- Click Add.
The Fuse Console automatically probes the local network interfaces other than localhost and 127.0.0.1 and adds them to the whitelist. Hence, you do not need to manually register the local machine’s addresses to the whitelist.
7.5. Setting data moving preferences
You can change the following Jolokia preferences, for example, if you want to more frequently refresh data that displays in the Fuse Console. Note that increasing the frequency of data updates impacts networking traffic and increases the number of requests made to the server.
- Update rate - The period between polls to Jolokia to fetch JMX data (the default is 5 seconds).
- Maximum depth - The number of levels that Jolokia will marshal an object to JSON on the server side before returning (the default is 7).
- Maximum collection size - The maximum number of elements in an array that Jolokia marshals in a response (the default is 50,000).
To change the values of these settings:
In the upper right of the Fuse Console, click the user icon and then click Preferences.
- Edit the options and then click Close.
7.6. Viewing JVM runtime information
To view JVM runtime information, such as system properties, metrics, and threads, click the Runtime tab.