Chapter 13. Configuring JMX

Abstract

Red Hat JBoss Fuse uses JMX for its underlying management features. You can configure the JMX RMI port, the JMX URL, and the credentials used to access the JMX features.

Overview

Red Hat JBoss Fuse uses JMX for reporting runtime metrics and providing some limited management capabilities. You can configure how the JMX management features are accessed by changing the properties in the org.apache.karaf.management PID.

Changing the RMI port and JMX URL

Two of the most commonly changed parts of a container's JMX configuration are the RMI port and the JMX URL. You can set these using the properties described in Table 13.1, “JMX Access Properties”.

Table 13.1. JMX Access Properties

PropertyDescription
rmiRegistryPortSpecifies the RMI registry port. The default value is 1099.
serviceUrlSpecifies the the URL used to connect to the JMX server. The default URL is service:jmx:rmi://${rmiServerHost}:${rmiServerPort}/jndi/rmi://${rmiRegistryHost}:${rmiRegistryPort}/karaf-${karaf.name}, where karaf.name is the container's name (by default, root). All ${...} placeholders are replaced by properties with the same names as they are inside parentheses

Setting the JMX username and password

In a standalone container, use any valid JAAS user credentials (see the section called “Create a secure JAAS user”).
In a fabric, the default username is admin and the default password is admin.
You can change the username and password used to connect to the JMX server by configuring the JAAS security system as described in Chapter 14, Configuring JAAS Security.

Restricting JMX to Accept Only Local Connections

In Red Hat JBoss fuse, you can configure the JMX RMI port, the JMX URL, and the credentials which are used to access the JMX features. The following service URL leads to a successful connection:

service:jmx:rmi://127.0.0.1:44444/jndi/rmi://127.0.0.1:1099/karaf-root

Note
  1. The RMI registry tells JMX clients where to find the JMX RMI server port; information can be obtained under key jmxrmi.
  2. The RMI registry port is generally known as it is set through the system properties at JVM startup. The default value is 1099.
  3. The JMX RMI server port is generally not known as the JVM chooses it at random.
Below are the given workarounds, If you need to configure the JMX port on the karaf container so that it only accepts connections from local client:
  • Change the iptables to add a redirecting rule. When you call on 44444 port, it redirects all the network interfaces to IP 127.0.0.1:44444.
    sudo iptables -t nat -I OUTPUT -p tcp -o lo --dport 44444 -j REDIRECT --to-ports 44444
    
  • Before starting the container, set the system property java.rmi.server.hostname to 127.0.0.1 port. It works even without iptables re-directing the rule in place.
    export JAVA_OPTS="-Djava.rmi.server.hostname=127.0.0.1"
    bin/fuse
    
Note
You can change the port numbers of the JMX layer in the etc/org.apache.karaf.management.cfg configuration file.

Troubleshooting on Linux platforms

On Linux platforms, if you have trouble getting a remote JConsole instance to connect to the JMX server, check the following points:
  • Check that the hostname resolves to the correct IP address. For example, if the hostname -i command returns 127.0.0.1, JConsole will not be able to connect to the JMX server. To fix this, edit the /etc/hosts file so that the hostname resolves to the correct IP address.
  • Check whether the Linux machine is configured to accept packets from the host where JConsole is running (packet filtering is built in the Linux kernel). You can enter the command, /sbin/iptables --list, to determine whether an external client is allowed to connect to the JMX server.
    Use the following command to add a rule to allow an external client such as JConsole to connect:
    /usr/sbin/iptables -I INPUT -s JconsoleHost -p tcp --destination-port JMXRemotePort -j ACCEPT
    Where JconsoleHost is either the hostname or the IP address of the host on which JConsole is running and JMXRemotePort is the TCP port exposed by the JMX server.