Chapter 13. Configuring JMX
Abstract
Red Hat JBoss Fuse uses JMX for its underlying management features. You can configure the JMX RMI port, the JMX URL, and the credentials used to access the JMX features.
Overview
Red Hat JBoss Fuse uses JMX for reporting runtime metrics and providing some limited management capabilities. You can configure how the JMX management features are accessed by changing the properties in the
org.apache.karaf.management PID.
Changing the RMI port and JMX URL
Two of the most commonly changed parts of a container's JMX configuration are the RMI port and the JMX URL. You can set these using the properties described in Table 13.1, “JMX Access Properties”.
| Property | Description |
|---|---|
| rmiRegistryPort | Specifies the RMI registry port. The default value is 1099. |
| serviceUrl | Specifies the the URL used to connect to the JMX server. The default URL is service:jmx:rmi://${rmiServerHost}:${rmiServerPort}/jndi/rmi://${rmiRegistryHost}:${rmiRegistryPort}/karaf-${karaf.name}, where karaf.name is the container's name (by default, root). All ${...} placeholders are replaced by properties with the same names as they are inside parentheses |
Setting the JMX username and password
In a standalone container, use any valid JAAS user credentials (see the section called “Create a secure JAAS user”).
In a fabric, the default username is
admin and the default password is admin.
You can change the username and password used to connect to the JMX server by configuring the JAAS security system as described in Chapter 14, Configuring JAAS Security.
Restricting JMX to Accept Only Local Connections
In Red Hat JBoss fuse, you can configure the JMX RMI port, the JMX URL, and the credentials which are used to access the JMX features. The following service URL leads to a successful connection:
Below are the given workarounds, If you need to configure the JMX port on the karaf container so that it only accepts connections from local client:
service:jmx:rmi://127.0.0.1:44444/jndi/rmi://127.0.0.1:1099/karaf-root
Note
- The RMI registry tells JMX clients where to find the JMX RMI server port; information can be obtained under key jmxrmi.
- The RMI registry port is generally known as it is set through the system properties at JVM startup. The default value is 1099.
- The JMX RMI server port is generally not known as the JVM chooses it at random.
- Change the iptables to add a redirecting rule. When you call on 44444 port, it redirects all the network interfaces to IP 127.0.0.1:44444.
sudo iptables -t nat -I OUTPUT -p tcp -o lo --dport 44444 -j REDIRECT --to-ports 44444
- Before starting the container, set the system property java.rmi.server.hostname to 127.0.0.1 port. It works even without iptables re-directing the rule in place.
export JAVA_OPTS="-Djava.rmi.server.hostname=127.0.0.1" bin/fuse
Note
You can change the port numbers of the JMX layer in the
etc/org.apache.karaf.management.cfg configuration file.
Troubleshooting on Linux platforms
On Linux platforms, if you have trouble getting a remote JConsole instance to connect to the JMX server, check the following points:
- Check that the hostname resolves to the correct IP address. For example, if the
hostname -icommand returns 127.0.0.1, JConsole will not be able to connect to the JMX server. To fix this, edit the/etc/hostsfile so that the hostname resolves to the correct IP address. - Check whether the Linux machine is configured to accept packets from the host where JConsole is running (packet filtering is built in the Linux kernel). You can enter the command,
/sbin/iptables --list, to determine whether an external client is allowed to connect to the JMX server.Use the following command to add a rule to allow an external client such as JConsole to connect:/usr/sbin/iptables -I INPUT -s JconsoleHost -p tcp --destination-port JMXRemotePort -j ACCEPT
Where JconsoleHost is either the hostname or the IP address of the host on which JConsole is running and JMXRemotePort is the TCP port exposed by the JMX server.
