JMX Access to Standalone EAP 6

From NovaOrdis Knowledge Base
Jump to navigation Jump to search

External

Internal

Overview

A generic JMX client connects to a standalone EAP 6 instance using the native endpoint of the standalone instance's management interface. For an in-depth explanation on how that works, see Remoting Concepts - Remoting and JMX Access. Specific JBoss libraries must be added to the generic client's classpath, and we will show how those can be added for Visual VM and jconsole. Also, the access must be secured by adding a specific user and its associated password to the management realm, associated with the native management interface.

Server Endpoint

A generic JMX client must connect to the native endpoint of the standalone instance's management interface.

The network interface and port binding for the endpoint are specified as "management-native" socket binding: 

<socket-binding-group name="standard-sockets" ...>
    ...
    <socket-binding name="management-native" interface="management" port="${jboss.management.native.port:9999}"/>
</socket-binding-group>

The port value is 9999.


If the standalone instance runs with a specific port offset, the management endpoint port value must account for that offset.

The actual value for the management interface bind address is specified under the "management" interface specification: 

<interfaces>
    <interface name="management">
        <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
    </interface>
   ...
</interfaces>

Unless explicitly re-configured, the default bind address for the management interface is 127.0.0.1.

The bind address and port will be needed when assembling the URL to be used by the JMX client, below.

Server Endpoint Authentication

A generic JMX client usually provides a username and a password when connecting. Those values must be explicitly added to the Management Realm, for the server instance we connect to. The procedure to add a user to the Management Realm is presented in detail here:

Add a User to the Managment Realm

Note that no specific group is necessary to be specified during the procedure.

JMX Client

The generic JMX client must add specific JBoss libraries to its class path, as specified below. It also must use a specific URL to connect, and the user and the password configured on the server, as described in the "Server Endpoint Authentication" section.

JMX Client Classpath

The JBoss JAR $JBOSS_HOME/bin/client/jboss-cli-client.jar must be added to the JMX client classpath. Specific details for the following clients are available below:

URL

Use: 

service:jmx:remoting-jmx://<server-host>:9999/

where <server-host> is the interface the native management endpoint is bound to. If the client and server are collocated, that is usually 127.0.0.1.

Authentication

Use the username and the password configured on the server, as described in the "Server Endpoint Authentication" section.

SSL Connection Configuration

TODO, more details here: https://access.redhat.com/solutions/632773

Retrieved from "https://kb.novaordis.com/index.php?title=JMX_Access_to_Standalone_EAP_6&oldid=11930"