Currently working on a PoC to enable remote JMX on TC server.
The config to do this goes into 3 places:
1- Setenv.sh:
needs to put in JVM parameters to allow JMX remotely using authentication
JMX_OPTS="-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port=16001
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=true
-Dcom.sun.management.jmxremote.password.file=${CATALINA_BASE}/conf/jmxremote.password
-Dcom.sun.management.jmxremote.access.file=${CATALINA_BASE}/conf/jmxremote.access"
2- jmxremote.access:
[root@khofo05 conf]# cat jmxremote.access
#admin readonly
admin readwrite
[root@khofo05 conf]#
3- jmxremote.password
[root@khofo05 conf]# cat jmxremote.password
# The "admin" role has password "springsource".
admin springsource
[root@khofo05 conf]#
The above is sufficient to have an authenticated remote JMX up and running on any tomcat.
I wanted to explore using SSL, for more protection since JMX would allow altering server parameters if readwrite rule is required, but since I need JMX for monitoring purpose is would just need to have read only rules.
After some reading and consulting my colleges i decided to abandon JMX and go with Jstatd instead.
The config to do this goes into 3 places:
1- Setenv.sh:
needs to put in JVM parameters to allow JMX remotely using authentication
JMX_OPTS="-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port=16001
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=true
-Dcom.sun.management.jmxremote.password.file=${CATALINA_BASE}/conf/jmxremote.password
-Dcom.sun.management.jmxremote.access.file=${CATALINA_BASE}/conf/jmxremote.access"
2- jmxremote.access:
[root@khofo05 conf]# cat jmxremote.access
#admin readonly
admin readwrite
[root@khofo05 conf]#
3- jmxremote.password
[root@khofo05 conf]# cat jmxremote.password
# The "admin" role has password "springsource".
admin springsource
[root@khofo05 conf]#
The above is sufficient to have an authenticated remote JMX up and running on any tomcat.
I wanted to explore using SSL, for more protection since JMX would allow altering server parameters if readwrite rule is required, but since I need JMX for monitoring purpose is would just need to have read only rules.
After some reading and consulting my colleges i decided to abandon JMX and go with Jstatd instead.
No comments:
Post a Comment