JMX Access to EAP 6 Host Controller: Difference between revisions
No edit summary |
|||
| (7 intermediate revisions by the same user not shown) | |||
| Line 16: | Line 16: | ||
The generic JMX client must connect to [[WildFly_Management_Interfaces#The_Native_API_Endpoint|the native endpoint of the host controller management interface]]. | The generic JMX client must connect to [[WildFly_Management_Interfaces#The_Native_API_Endpoint|the native endpoint of the host controller management interface]]. | ||
The host address and port binding for the endpoint are specified | The host address and port binding for the native management endpoint of the host controller are specified in the "socket" element of the management interface, in the corresponding [[host.xml]] configuration file. | ||
<pre> | <pre> | ||
< | <management> | ||
... | ... | ||
< | <management-interfaces> | ||
</ | <native-interface security-realm="ManagementRealm"> | ||
<socket interface="management" port="${jboss.management.native.port:9999}"/> | |||
</native-interface> | |||
... | |||
</management-interfaces> | |||
</management> | |||
</pre> | </pre> | ||
The port value is 9999. | The port value is 9999. | ||
The actual value for the management interface bind address is specified under the related "management" interface specification, in the same [[host.xml]] file: | |||
The actual value for the management interface bind address is specified under the related "management" interface specification: | |||
<pre> | <pre> | ||
| Line 44: | Line 45: | ||
Unless explicitly re-configured, the default bind address for the management interface is 127.0.0.1. | Unless explicitly re-configured, the default bind address for the management interface is 127.0.0.1. | ||
The bind address and the port are reported as INFO | The bind address and the port are reported as INFO in the host controller log file $JBOSS_HOME/domain/log/host-controller.log: | ||
<pre> | <pre> | ||
18:00:00,293 INFO [org.jboss.as.remoting] (MSC service thread 1-16) JBAS017100: Listening on 127.0.0.1:9999 | |||
</pre> | </pre> | ||
| Line 54: | Line 55: | ||
==Server Endpoint Authentication== | ==Server Endpoint Authentication== | ||
A generic JMX client usually provides a username and a password when connecting. Those values must be explicitly added to the Management Realm of the | A generic JMX client usually provides a username and a password when connecting. Those values must be explicitly added to the Management Realm specified in the <management> section of the [[host.xml]] of the host controller. By default, the Management Real reads its data from the <tt>$jboss.domain.config.dir/mgmt-users.properties</tt> file. The procedure to add a user to the Management Realm is presented in detail here: | ||
<blockquote style="background-color: #f9f9f9; border: solid thin lightgrey;"> | <blockquote style="background-color: #f9f9f9; border: solid thin lightgrey;"> | ||
| Line 72: | Line 73: | ||
* [[Jconsole#jconsole_Classpath_and_Startup_Options|jconsole]] | * [[Jconsole#jconsole_Classpath_and_Startup_Options|jconsole]] | ||
* [[Using VisualVM with WildFly|VisualVM]] | * [[Using VisualVM with WildFly|VisualVM]] | ||
* [[ | * [[Dynatrace_and_JMX#JMX_Integration_with_JBoss|Dynatrace]] | ||
* [[DataDog]] | * [[DataDog_and_JMX#JMX_integration_with_JBoss|DataDog]] | ||
==URL== | ==URL== | ||
| Line 80: | Line 81: | ||
<pre> | <pre> | ||
service:jmx:remoting-jmx://< | service:jmx:remoting-jmx://<host-controller-host>:9999 | ||
</pre> | </pre> | ||
where < | where <host-controller-host> is the interface the native management endpoint of the host controller process is bound to. If the client and server are collocated, that is usually 127.0.0.1. | ||
==Authentication== | ==Authentication== | ||
Use the username and the password configured | Use the username and the password configured for the host controller, as described in the "[[#Server_Endpoint_Authentication|Server Endpoint Authentication]]" section. | ||
==SSL Connection Configuration== | ==SSL Connection Configuration== | ||
Latest revision as of 14:47, 21 October 2016
External
- Accessing JMX with jconsole over SSL on EAP 6 https://access.redhat.com/solutions/632773
Internal
Overview
A generic JMX client connects to a EAP 6 host controller instance using the native endpoint of the host controller management interface. For an in-depth explanation on how that works, see Remoting Concepts - Remoting and JMX Access. Specific JBoss libraries must be added to the generic client's classpath, and we will show how those can be added for Visual VM and jconsole. Also, the access must be secured by adding a specific user (or using an existing user) to the management realm associated with the native management interface, on that specific host controller.
Server Endpoint
The generic JMX client must connect to the native endpoint of the host controller management interface.
The host address and port binding for the native management endpoint of the host controller are specified in the "socket" element of the management interface, in the corresponding host.xml configuration file.
<management>
...
<management-interfaces>
<native-interface security-realm="ManagementRealm">
<socket interface="management" port="${jboss.management.native.port:9999}"/>
</native-interface>
...
</management-interfaces>
</management>
The port value is 9999.
The actual value for the management interface bind address is specified under the related "management" interface specification, in the same host.xml file:
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
</interface>
...
</interfaces>
Unless explicitly re-configured, the default bind address for the management interface is 127.0.0.1.
The bind address and the port are reported as INFO in the host controller log file $JBOSS_HOME/domain/log/host-controller.log:
18:00:00,293 INFO [org.jboss.as.remoting] (MSC service thread 1-16) JBAS017100: Listening on 127.0.0.1:9999
The bind address and port will be needed when assembling the URL to be used by the JMX client, below.
Server Endpoint Authentication
A generic JMX client usually provides a username and a password when connecting. Those values must be explicitly added to the Management Realm specified in the <management> section of the host.xml of the host controller. By default, the Management Real reads its data from the $jboss.domain.config.dir/mgmt-users.properties file. The procedure to add a user to the Management Realm is presented in detail here:
Note that no specific group is necessary to be specified during the procedure.
JMX Client
The generic JMX client must add client JBoss libraries to its class path and must set up JBoss specific system properties, as shown below. It also must use a specific URL to connect, and the user and the password configured on the server, as described in the "Server Endpoint Authentication" section.
JMX Client Classpath and Startup Options
The JBoss JAR $JBOSS_HOME/bin/client/jboss-cli-client.jar must be added to the JMX client classpath. Also, the JMX client must be started with -Dmodule.path=${JBOSS_HOME}/modules. Specific details for a number of clients are available below:
URL
Use:
service:jmx:remoting-jmx://<host-controller-host>:9999
where <host-controller-host> is the interface the native management endpoint of the host controller process is bound to. If the client and server are collocated, that is usually 127.0.0.1.
Authentication
Use the username and the password configured for the host controller, as described in the "Server Endpoint Authentication" section.
SSL Connection Configuration
TODO, come up with the full procedure, until then, more details are available here: https://access.redhat.com/solutions/632773