3

My Tomcat 7 process, which I run on a server on Amazon EC2, has settings such as these in CATALINA_OPTS which should allow me to connect for JMX monitoring remotely:

-Dcom.sun.management.jmxremote.port=8086
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false

However, connecting remotely does not work with either jconsole or jvisualvm. It just times out.

I've triple-checked that the EC2 security group allows access to the JMX remote port from my IP (and only from my IP).

Are there any settings missing?

Jonik
  • 2,911
  • 4
  • 37
  • 48

4 Answers4

3

Specify the java.rmi.server.hostname option too, so that it points to the public DNS name of your EC2 server:

-Djava.rmi.server.hostname=your.public.dns

That was sufficient to get it working for me, but for more tips, try this blog post:
JMX Monitoring on Amazon EC2

Jonik
  • 2,911
  • 4
  • 37
  • 48
3

Here is more complete explanation of how to do it without messing with the group security (aka firewall):

Server side:

  1. download http://archive.apache.org/dist/tomcat/tomcat-7/v7.0.23/bin/extras/catalina-jmx-remote.jar and put it in tomcat/lib
  2. add following listener to server.xml:

    <listener classname="org.apache.catalina.mbeans.JmxRemoteLifecycleListener"
        rmiregistryportplatform="10001" 
        rmiserverportplatform="10002" 
        uselocalports="true" />
    
  3. add following settings in tomcat/bin/setenv.sh:

CATALINA_OPTS="-Dcom.sun.management.jmxremote \
 -Dcom.sun.management.jmxremote.ssl=false \
 -Dcom.sun.management.jmxremote.authenticate=false"
export CATALINA_OPTS 

Restart tomcat

Client side:

  1. download same catalina-jmx-remote.jar and put it in JDK/JRE/lib/ext (same file as downloaded at Server step 1)
  2. start ssh tunnel with:

    ssh user@aws-host -L10001:127.0.0.1:10001 -L10002:127.0.0.1:10002

  3. Start JConsole and enter the following remote service URL:

    service:jmx:rmi://127.0.0.1:10002/jndi/rmi://127.0.0.1:10001/jmxrmi

You have JConsole connected over SSH to your tomcat running on AWS.

As posted on: http://www.cod.ro/2012/08/monitoring-tomcat-7-on-rhel-aws-using.html

cod
  • 31
  • 1
3

If you're having trouble setting the correct hostname for java.rmi.server.hostname try the following:

-Djava.rmi.server.hostname=$(/usr/bin/curl -s --connect-timeout 2 instance-data.ec2.internal/latest/meta-data/public-hostname)

This is convenient to use in an Elastic Beanstalk environment where instances will come and go.

richid
  • 140
  • 6
0

I also tried using the JmxRemoteLifecycleListener and it didn't work for me.

This is what it worked for me:

  1. I choose 1005 as JMX port and my setenve.sh is like:

    CATALINA_OPTS="$CATALINA_OPTS -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=10005 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.local.only=false -Djava.rmi.server.hostname=localhost"
    
  2. Redirect using SSH the JMX port and the RMI

  3. Run visualvm using the following URI:

    service:jmx:rmi:///jndi/rmi://localhost:10005/jmxrmi
    

If you need more information have a look to this post: http://ignaciosuay.com/how-to-connect-a-java-profiler-like-visualvm-or-jconsole-to-a-remote-tomcat-running-on-amazon-ec2/

techraf
  • 4,163
  • 8
  • 27
  • 44
ignacio.suay
  • 101
  • 1