Chapter 8. Connecting to remote Fuse applications


The Fuse Console uses Jolokia, an agent-based approach to Java Management Extensions (JMX) that requires extra software (an agent) installed on the client. By default, Red Hat Fuse includes a jolokia agent.

With standalone Fuse Console distributions, you can connect to remote integrations that already have a jolokia agent (https://jolokia.org/) running inside them. If the process that you want to connect to does not have a jolokia agent inside, refer to the jolokia documentation (http://jolokia.org/agent.html).

8.1. Unlocking the Fuse Console

By default, Jolokia for Fuse 7 standalone on Apache Karaf is locked and the Fuse Console is not accessible remotely.

To unlock the Fuse Console for a hostname or IP address other than locahost or 127.0.0.1, follow these steps:

  1. Open the $KARAF_HOME/etc/jolokia-access.xml file in an editor.
  2. Register the hostnames or IP addresses for the Fuse integrations that you want to access with the Fuse console by adding them to the <cors> section.

    For example, to access hostname 0.0.0.3 from the Fuse Console, add the

    *<allow-origin>http://0.0.0.3:*</allow-origin>*

    line as shown:

    <!--
    
      Cross-Origin Resource Sharing (CORS) restrictions
    
      By default, only CORS access within localhost is allowed for maximum security.
    
      You can add trusted hostnames in the <cors> section to unlock CORS access from them.
    
      -->
    
      <cors>
    
        <!-- Allow cross origin access only within localhost -->
    
        <allow-origin>http*://localhost:*</allow-origin>
    
        <allow-origin>http*://127.0.0.1:*</allow-origin>
    
        <allow-origin>http://0.0.0.3:*</allow-origin>
    
        <!-- Whitelist the hostname patterns as <allow-origin> -->
    
        <!--
    
        <allow-origin>http*://*.example.com</allow-origin>
    
        <allow-origin>http*://*.example.com:*</allow-origin>
    
        -->
    
        <!-- Check for the proper origin on the server side to protect against CSRF -->
    
        <strict-checking />
    
      </cors>
  3. Save the file.

8.2. Restricting remote access

Optionally, you can restrict remote access to the Fuse Console for specific hosts and IP addresses.

You can grant overall access based on the IP address of an HTTP client. To specify these restrictions:

In the jolokia-access.xml file, add or edit a <remote> section that contains one or more <host> elements. For the <host> element, you can specify an IP address, a host name, or a netmask given in CIDR format (for example, 10.0.0.0/16 for all clients coming from the 10.0 network).

The following example allows access from localhost and all clients whose IP addresses start with 10.0. For all other IP addresses, access is denied.

<remote>
  <host>localhost</host>
  <host>10.0.0.0/16</host>
</remote>

For more details, see the Jolokia security documentation (https://jolokia.org/reference/html/security.html).

8.3. Allowing connections to remote Fuse instances

The Fuse Console’s proxy servlet uses whitelist host protection, with which by default the Fuse Console can only connect to localhost. If you want to connect the Fuse Console to other remote Fuse instances, you need to configure the whitelist as follows:

For Apache Karaf, make the following configuration changes in etc/system.properties file:

hawtio.proxyWhitelist = localhost, 127.0.0.1, myhost1, myhost2, myhost3

8.4. Connecting to a remote Jolokia agent

Before you begin, you need to know the connection details (host name, port, and path) of the remote Jolokia agent.

The default connection URL for the Jolokia agent for Fuse on Apache Karaf is http://<host>:8181/hawtio/jolokia.

As a system administrator, you can change this default.

Typically, the URL to remotely connect to a Jolokia agent is the URL to open the Fuse Console plus /jolokia. For example, if the URL to open the Fuse Console is http://<host>:1234/hawtio, then the URL to remotely connect to it would probably be http://<host>:1234/hawtio/jolokia.

To connect to a remote Jolokia instance so that you can examine its JVM:

  1. Click the Connect tab.
  2. Click the Remote tab, and then Add connection.
  3. Type the Name, Scheme (HTTP or HTTPS), and the hostname.
  4. Click Test Connection.
  5. Click Add.
Note

The Fuse Console automatically probes the local network interfaces other than localhost and 127.0.0.1 and adds them to the whitelist. Hence, you do not need to manually register the local machine’s addresses to the whitelist.

8.5. Setting data moving preferences

You can change the following Jolokia preferences, for example, if you want to more frequently refresh data that displays in the Fuse Console. Note that increasing the frequency of data updates impacts networking traffic and increases the number of requests made to the server.

  • Update rate - The period between polls to Jolokia to fetch JMX data (the default is 5 seconds).
  • Maximum depth - The number of levels that Jolokia will marshal an object to JSON on the server side before returning (the default is 7).
  • Maximum collection size - The maximum number of elements in an array that Jolokia marshals in a response (the default is 50,000).

To change the values of these settings:

  1. In the upper right of the Fuse Console, click the user icon and then click Preferences.

    mf preferences

  2. Edit the options and then click Close.

8.6. Viewing JVM runtime information

To view JVM runtime information, such as system properties, metrics, and threads, click the Runtime tab.

Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.