jmx为啥开了额外两个随机端口?
来源:互联网 发布:python 二维高斯分布 编辑:程序博客网 时间:2024/05/01 12:24
通常配置的是registry port:
-Dcom.sun.management.jmxremote.port=9123
jdk7之后rmi server port也可以配置了,可以配置成同一个。
-Dcom.sun.management.jmxremote.rmi.port=9123
但是还有一个随机端口没解决。。。还是这哥们执着,最后开了bug
http://stackoverflow.com/questions/20884353/why-java-opens-3-ports-when-jmx-is-configured
相关链接
https://issues.apache.org/bugzilla/show_bug.cgi?id=55931
http://stackoverflow.com/questions/20699068/tomcat7-with-enabled-jmx-opens-2-additional-random-listening-ports
http://tomcat.apache.org/tomcat-7.0-doc/config/listeners.html#JMX_Remote_Lifecycle_Listener_-_org.apache.catalina.mbeans.JmxRemoteLifecycleListener
-----------------------------------
jmx 端口原理
http://chqz1987.blog.163.com/blog/static/5143831120131011105755778/
JMX connectivity through the firewall
Posted by Oleg Zhurakousky on March 23, 2009
Recently I’ve been asked to help out a customer who was having issues with JMX connectivity to Spring Source dmServer through the firewall. However, one thing I want to point out right up front is that the issue is rather generic and has nothing to do with dmServer. It is really about understanding JMX, RMI and proper configuration. But I will use dmServer and its configuration as an example.
Here is the sample JMX configuration options provided in the dmServer startup script:
-Dcom.sun.management.jmxremote.port=${jmxPort} \
-Dcom.sun.management.jmxremote.authenticate \
-Dcom.sun.management.jmxremote.password.file=${jmxUsersPath} \
-Djavax.net.ssl.keyStore=${keystorePath} \
-Djavax.net.ssl.keyStorePassword=${keystorePassword} \
-Dcom.sun.management.jmxremote.ssl=true \
-Dcom.sun.management.jmxremote.ssl.need.client.auth=false”
This will enable JMX agent (MBean Server) when you start dmServer. Once started you can now monitor your process via JMX-compliant tool such asjconsole. Connectivity could be local or remote.
The above configuration seem to provide everything we need to access this process through the firewall, sincecom.sun.management.jmxremote.port is obviously the port that we need to open in the firewall. However there is a caveat.
Once connected to JMXRegistry running on the port specified by com.sun.management.jmxremote.port property, the actual objects are served by RMIServer which is running on different port. Unfortunately this port is chosen randomly by default instance of JMX Agent and there is no –D option to specify it. Obviously going through the firewall would require opening up two ports and with random port it presents a delicate issue.
Fortunately it is easily solvable by writing a custom Java Agent where you can programmatically specify each port and externalize it through custom properties (I am attaching sample code).
More info here: http://java.sun.com/javase/6/docs/technotes/guides/management/agent.html
In the nutshell, the custom agent will take the port value provided by the com.sun.management.jmxremote.port property and will create a second port (RMIServer port) by incrementing it by 1. (in our case the port specified is 44444 which makes RMIServer port 44445)
Once such agent is in place (JAR) and the appropriate ports are open in the firewall all you need is modify the startup script to include–javaagent option providing the JAR.
. . . . .
$JAVA_HOME/bin/java \
-javaagent:/Users/olegzhurakousky/../../../dmserver.jmx-0.0.1-SNAPSHOT.jar
$JAVA_OPTS \
. . . . .
Well, that really only solved one half of the problem, since by default RMI stubs sent to the client contain the server’s private address instead of the public
Just look at this tcpdump fragment while monitoring the client’s access (jconsole running on the local network):
. . . . . . .
09:41:23.778663 IP 72.234.14.89.44444 > 192.168.1.156.52926: . ack 71 win 65535 <nop,nop,timestamp 919359579 313492>
09:41:23.779958 IP 192.168.1.152.44444 > 72.234.14.89.52926: P 20:251(231) ack 71 win 65535 <nop,nop,timestamp 919359579 313492>
09:41:23.780456 IP 72.234.14.89.44444 > 192.168.1.156.52926: P 20:251(231) ack 71 win 65535 <nop,nop,timestamp 919359579 313492>
09:41:23.796075 IP 192.168.1.156.37861 > 192.168.1.152.44445: S 1334070579:1334070579(0) win 5840 <mss 1460,sackOK,timestamp 313496 0,nop,wscale 6>
09:41:23.796328 IP 192.168.1.152.44445 > 192.168.1.156.37861: S 1760846938:1760846938(0) ack 1334070580 win 65535 <mss 1460,nop,wscale 3,nop,nop,timestamp 919359579 313496,sackOK,eol>
. . . . . . .
You can clearly see that 192.168.1.156 (client i.e., jconsole) is attempting to connect directly to 192.168.1.152 (server) instead of 72.234.14.89 which is a public IP, although the JMX URL is:
service:jmx:rmi://72.234.14.89:44445/jndi/rmi://72.234.14.89:44444/jmxrmi
If I was behind the firewall I would obviously had problems connecting to 192.168.1.152
Fortunately, this one is easy to fix. All you need is to provide additional option on the server side (java.rmi.server.hostname) and add it to the script This option represents the host name string that should be associated with remote stubs for locally created remote objects, in order to allow clients to invoke methods on the remote object:
. . . . . . .
JMX_OPTS=” \
$JMX_OPTS \
-Dcom.sun.management.jmxremote.port=${jmxPort} \
-Djava.rmi.server.hostname=72.234.14.89 \
. . . . . . .
That is all .
Start jconsole: ./jconsole.sh service:jmx:rmi://<pub-ip>:<rmi-port>/jndi/rmi://<pub-ip>:<registry-port>/jmxrmi
Once you modify the script and start the dmServer you should see output similar to this:
. . . . . .
oleg-2:bin olegzhurakousky$ ./startup.sh
com.springsource.rmiregistry.port:44444
com.springsource.rmiserver.port:44445
Getting the platform’s MBean Server
Local Connection URL: service:jmx:rmi://oleg-2.local:44445/jndi/rmi://oleg-2.local:44444/jmxrmi
Public Connection URL: service:jmx:rmi://72.234.14.89:44445/jndi/rmi://72.234.14.89:44444/jmxrmi
Creating RMI connector server
[2009-02-26 18:53:34.031] main <SPKB0001I> Server starting.
[2009-02-26 18:53:35.943] main <SPOF0001I> OSGi telnet console available on port 2401.
[2009-02-26 18:53:41.558] main <SPKE0000I> Boot subsystems
- jmx为啥开了额外两个随机端口?
- JMX实践-JMX连接端口
- JMX连接端口问题
- 美国人为啥变卦了
- 为啥用到了EventBus?
- 为啥现在不好找工作了?
- 当装了两个tomcat后,如何修改tomcat端口
- 当装了两个tomcat后,如何修改tomcat端口
- 当装了两个tomcat后,如何修改tomcat端口
- 当装了两个tomcat后,如何修改tomcat端口
- 当装了两个tomcat后,如何修改tomcat端口
- 当装了两个tomcat后,如何修改tomcat端口
- 当装了两个tomcat后,修改tomcat端口
- merge两个数组,不用额外空间
- 不用额外空间,交换两个数
- Java 5.0 内置了JMX
- 生成随机可用端口
- go监听随机端口
- 【原创】C指针常见用法
- 404错误页面的信息
- Android--加载外部.so文件
- VisionMobile报告:商业和生产应用:蕴藏的开发者机遇(五)3、深入观察经济(2)
- 趣图展现程序员职业生涯的11个阶段
- jmx为啥开了额外两个随机端口?
- 4.23操作建议:金价破新低依旧看空
- Bzoj1877 SDOI 2009 晨跑 费用流
- Linux Shell编程(1)—小试牛刀(2)
- 云南边境1名士兵持枪离队 部队悬赏10万寻人
- nginx:模块的理解以及划分
- 任务失败:构建精简界面类库
- tomcat6运行jsp报错javax.servlet.ServletException: javax.servlet.jsp.tagext.TagAttributeInfo.<init>
- Intel CPU的CPUID指令