30.2. Enabling the Agent to Connect to Secured JMX Servers


By default, JBoss EAP has its JMX server running in secure mode. However, while the agent can discover a JMX server in secure mode, it cannot connect to that secured JMX server because it cannot detect the proper credentials.
For example, the JMX server has these system properties:
-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port=5222
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=true
-Dcom.sun.management.jmxremote.password.file=/jmxremote.password
-Dcom.sun.management.jmxremote.access.file=/jmxremote.access
The agent's JMX plug-in examines the command line for the JMX server's process. It detects the port to use to connect to the JMX server, but it cannot read the password and access files to get the JMX server's credentials.
Note
Because the agent cannot connect to the JMX server, it assigns the resource a DOWN availability state, even if the server is running fine.
There are several ways to enable the agent to connect to the JMX server.

Edit the jmx-console-users.properties File

The agent generally reads the connection credentials from the jmx-console-*.properties file in the JbossASInstallDir/server/default/conf/props/ directory.

When the JMX server is running secured, there are no entries in the jmx-console-users.properties file, so there is no way for the agent to get the credentials.
  1. Open the jmx-console-*.properties file for editing. For example:
    [root@server ~]# vim JbossASInstallDir/server/default/conf/props/jmx-console-users.properties
  2. Uncomment or add a line for the admin user.
    admin=admin
If that does not work, then edit the connection settings for the resource.

Edit the Connecting Settings to Use the Remote Access Files

By default, the agent uses the jmx-console-*.properties file for a username, not the access files. It is possible to change the connection settings for the resource so that the agent uses the access files, going through the remote endpoint, which were specified in the JMX server's command line.

  1. Click the Inventory tab in the top menu.
  2. Search for the JMX server in the Servers area of the Inventory, or open the JBoss EAP instance and navigate through its children to find the JMX server instance.
  3. On the JMX server's entry page, open the Inventory tab, and select the Connection Settings subtab.
  4. Enter the user name and password to set in the JMX remote access files.
  5. Click the Save button.

Edit the Connection Settings to Connect Through the Parent Resource

JBoss ON can connect to the parent resource, and then use that to connect to the JMX server, rather than connecting through the remoting endpoint. This does not require using any user credentials, since the parent can connect to the child resource using internal authentication.

  1. Click the Inventory tab in the top menu.
  2. Search for the JMX server in the Servers area of the Inventory, or open the JBoss EAP instance and navigate through its children to find the JMX server instance.
  3. On the JMX server's entry page, open the Inventory tab, and select the Connection Settings subtab.
  4. Unset all of the connection properties except for the Type property.
  5. For the Type property, select the Parent value.
  6. Click the Save button.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.