datispars blog

Exploring under hood of Java applications using JMX – Part 2

Introduction

Here you will find how to monitor an application which is hosted in Apache Tomcat. There are many reasons for monitoring an application in run time. In our case the client was looking for some measurable factors that shows slap of business ratios on demand. Moreover, the technical department was looking for fine-grain informations such as user uptime, most visited pages, idle time and any possible exception that occurs in run time. JMX is the perfect answer for this kind of requirements. Connecting to the Tomcat using JMX has a straight forward procedure.

Let Tomcat listens to the out side world

We should declare multiple environmental variables that notify Tomcat for using JMX. They also specify the listener port.
There are different ways to introduce environment variables to Tomcat. But, I’v found that using setenv.sh in Linux or setenv.bat in Windoes is the best one:
Create “setenv.sh” with exactly below content:

export CATALINA_OPTS="-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port=9898
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false
-Djava.rmi.server.hostname=100.101.102.103"

Now make it executable:

chmod +x setenv.sh

Note: 9898 is the JMX listener on tomcat. 100.101.102.103 is the IP of tomcat server.

2. Put “setenv.sh” in “bin” directory of tomcat.

3. Turn the fire wall off or run below command on the Tomcat machine:

sudo /sbin/iptables -I INPUT -s 100.101.102.150 -p tcp --destination-port 9898 -j ACCEPT

Note:
100.101.102.150 is the JConsole machine. Also 9898 is the same as port that you defined in setenv,sh

4. Re-start tomcat.

5. Run jconsole and connect to a remote process using : 100.101.102.103:9898

The MBean objects are observe able now. Also you may call remote behaviors that are implemented the MBean interface.

Authentication

If you need to secure jmx connection then follow bellow steps and restart tomcat:
1. Create a new text file called “jmxremote.password” under “/tomcat/conf” folder:
Note: use TAB for separating words in each line:

amir      thepassword
admin   applepie

2. Create a new text file called “jmxremote.access” under “/tomcat/conf” folder:
Note: use TAB for separating words in each line:

amir      readonly
admin   readwrite

3. Make those readonly:

$ chmod 600 /conf/jmxremote.password
$ chmod 600 /conf/jmxremote.access

4. Update setenv.sh to looks like below:

export CATALINA_OPTS="-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port=9898
-Dcom.sun.management.jmxremote.ssl=false
-Djava.rmi.server.hostname=100.101.102.103
-Dcom.sun.management.jmxremote.authenticate=true
-Dcom.sun.management.jmxremote.password.file=/home/amir/tomcat/conf/jmxremote.password
-Dcom.sun.management.jmxremote.access.file=/home/amir/tomcat/conf/jmxremote.access"

Trouble Shooting

The procedure seems to be easy. In Datispars we have deployed successfully the solution over Ubuntu 9.04 and FreeBSD 7.2. . However, Anyway keep attention about below items:
-Do download a new Tomcat from apache repository rather using a customized version that you have gotten by Linux package managers.
-First of all be sure you there is no any space around “=” in setenv.sh because, the syntax is pretty important.
-Also for checking the listener use “telnet” or “netstat” to find out the port is open and is listening.
-Check /etc/hosts if it is correct or not. In my case a wrong definition made troubles.

Posted in Java, Linux, Software Engineering