tags:

views:

150

answers:

2
Q: 

How to remotely connect to jmx on tomcat using ssh tunnelling and not break ehcache...

I've followed the instructions in the following link to create my own RMI registry and jmx server on a single port inside tomcat. According to the comments, I need to set -Djava.rmi.server.hostname=localhost. Once I do that, I can indeed connect to my server via jconsole using ssh port forwarding.

http://blogs.sun.com/jmxetc/entry/connecting_through_firewall_using_jmx

However, I've found it has the very bad side affect of breaking our ehcache replication which uses RMI. It fails complaining that it cannot bootstrap from remote peer localhost. I'm guessing because the peers all have their rmi server hostname set to localhost from setting -Djava.rmi.server.hostname=localhost.

Does anyone have a possible workaround to this problem?

+1  A: 

I just came across the problem. The problem is that the java.rmi.servername.hostname property is global. To make ehcache and the jmx server play in harmony, you must perform a few hacks on the machine you're running VisualVM from.

Here's what you need to do. This is based on using a Mac for the client so modify the commands as needed.

  1. Remove the -Djava.rmi.server.hostname=localhost.

  2. Write a tester application that will give you the value of InetAddress.getLocalHost().getHostAddress() on your server machine you want to profile. This should give you the local ip (private if nat'd). You will have to refer to this IP on your local machine. Use this IP where the commands below say IP.

  3. Now, this is the fun part: Add the internal IP to your loopback interface on your machine. (ifconfig lo0 IP netmask 255.255.255.0 up)

  4. Test that this will actually direct traffic to the loopback. It should return the loopback. (route get IP)

  5. Initiate the SSH tunnel: ssh -C -L IP:PORT:localhost:PORT -L IP:OTHER_PORT:localhost:OTHER_PORT user@host.

Notice the IP's for the ssh tunnel are actually the one now tied to loopback. You no longer refer to localhost, but the IP of the machine for everything. You'll also have to modify your JMX URL to refer to this IP instead of localhost.

Chris Lampley  2010-05-19 01:06:28
A: 

If you look for an easy to use, firewall friendly JMX remoting alternative, jmx4perl might be worth a try. It is an agent based approach, which export JMX MBeans via HTTP/Rest.

Though its main focus is directed for use in a scripting environment (i.e. perl) for monitoring purposes, for the scheduled version 0.70 a Java client library has been added (beta quality)

Roland Huß  2010-06-04 20:39:17

related questions

Is there a better Java implementation of SSH2 than JSch?
Check out from a remote SVN repository TO a remote location?
Download files to local drive when sshed
Are there any good free .Net network libraries? (FTP, SFTP, SSH, etc.)
How do you install an ssh server on qnx?
How do I remove the passphrase for the SSH key without having to create a new key?
ssh-agent with passwords without spawning too many processes
Why does cisco IOS require domain-name to be set before SSH keys can be generated?
Setting the default ssh key location
Managing authorized_keys on a large number of hosts.
Inter-convertability of asymmetric key containers (eg: X.509, PGP, OpenSSH)
Which is the best way to bring a file from a remote host to local host over an SSH session?
Is it possible to forward ssh requests that come in over a certain port to another machine?
Can you have virtual users using an SFTP server?
Why does Vista complain about a dead process when I use Cygwin X11 ssh and how do I get it to shut up?
ssh hangs when command invoked directly, but exits cleanly when run interactive
Getting ssh to execute a command in the background on target machine
How do you use ssh in a shell script?
Avoid traffic shaping by using ssh on port 443
Alternative SSH Application to Plink
What are some good SSH Servers for windows?
Keep Remote Directory Up-to-date
Allow user to set up an SSH tunnel, but nothing else
How do I setup Public-Key Authentication?
Gtk SSH client for Linux?