Chapter 7. Monitoring JBoss Web Server with JBoss Operations Network (ON)

JBoss Web Server can be monitored and managed by Red Hat JBoss Operations Network (JBoss ON).

To monitor JBoss Web Server using JBoss ON, you must install the Web Server Plugin Pack on your JBoss ON server, and then configure Tomcat in JBoss Web Server to be monitored.

7.1. Downloading the Web Server Plugin Pack for JBoss ON

To monitor JBoss Web Server using JBoss ON, you must first download and install the Web Server Plugin Pack on your JBoss ON server.

  1. Open a web browser, and log in to the Red Hat Customer Portal: http://access.redhat.com.
  2. Click Downloads.
  3. Click Red Hat JBoss Web Server in the Product Downloads list.
  4. Select JBoss ON for Web Server in the Product drop-down menu.
  5. Find Web Server Plugin Pack for Red Hat JBoss Operations Network in the list and click Download.

Consult the JBoss ON documentation for instructions on installing the plugin on your JBoss ON server.

7.2. Configuring Tomcat for JBoss ON Monitoring

To allow JBoss ON to monitor Tomcat in JBoss Web Server, you must configure Tomcat to allow JBoss ON discovery, as well as providing JBoss ON the required access.

Note

For Microsoft Windows, skip this step and proceed to Configuring Tomcat for JBoss ON Monitoring

The JBoss ON agent requires read and write permission to the Tomcat directories. As a user with root privileges, run the following command to add the user which runs the JBoss ON Agent to the tomcat group:

# usermod -aG tomcat <JBOSSON_AGENT_USER>

Configuring Tomcat for JBoss ON Monitoring

JBoss Web Server instances are auto-discovered on Linux and Unix platforms. However, you need to configure the instance’s JMX to allow for proper handling of authentication and accurate Tomcat monitoring.

To configure JMX to handle authentication:

  1. Open the startup or the setenv file of the respective JBoss Web Server instance for editing:

    • On Red Hat Enterprise Linux installed from a ZIP file, open JWS_HOME/tomcat<VERSION>/bin/setenv.sh.
    • On Red Hat Enterprise Linux installed from RPMs, open /usr/sbin/tomcat<VERSION>.
    • On Microsoft Windows open JWS_HOME\share\tomcat<VERSION>\bin\setenv.bat.
    • On Solaris using daemon.sh to start Tomcat, open JWS_HOME/tomcat<VERSION>/bin/setenv.sh.
  2. Define an available port for JMX monitoring. Ensure the port is not blocked by any firewall.

    • On Red Hat Enterprise Linux and Solaris:

      JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.port=PORT_NUMBER -Djava.rmi.server.hostname=IP_ADDRESS"
    • On Microsoft Windows:

      set "JAVA_OPTS=%JAVA_OPTS% -Dcom.sun.management.jmxremote.port=PORT_NUMBER -Djava.rmi.server.hostname=IP_ADDRESS"
  3. In production environments, add the following lines to the JAVA_OPTS variable in the startup file to secure JMX with SSL, and restrict the access with a firewall:

    • On Red Hat Enterprise Linux and Solaris:

      JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.access.file=JWS_HOME/jmxremote.access"
      JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.password.file=JWS_HOME/jmxremote.password"
    • On Microsoft Windows:

      set "JAVA_OPTS=%JAVA_OPTS% -Dcom.sun.management.jmxremote.access.file=JWS_HOME\jmxremote.access"
      set "JAVA_OPTS=%JAVA_OPTS% -Dcom.sun.management.jmxremote.password.file=JWS_HOME\jmxremote.password"
    Note

    If you want to disable authentication and SSL for development purposes, add the following lines to the JAVA_OPTS variable in the startup file:

    JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.ssl=false"
    JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.authenticate=false"
  4. Once the Tomcat server resource is discovered and imported into the JBoss ON inventory, it may be necessary to update the new resource’s connection settings.

    1. In the JBoss ON interface, Connection Settings for the newly imported Tomcat server resource.
    2. Verify the value of the Manager URL property to the RMI URL, to ensure it uses the correct JMX host name and port number as defined in the Tomcat server startup file. An example for this value is shown below:

      service:jmx:rmi:///jndi/rmi://$IP_ADDRESS:$PORT/jmxrmi

7.2.1. Configuring JBoss ON Monitoring for Tomcat Installed from RPMs

  1. In a shell prompt become the root user.
  2. Configure the JMX JAVA_OPTS properties in the /usr/sbin/tomcat<VERSION> file in the start and start-security sections.

    if [ "$1" = "start" ]; then
    JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.port=8100 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxr
    emote.access.file="/etc/tomcat<VERSION>/jmxremote.access" -Dcom.sun.management.jmxremote.password.file="/etc/tomcat<VERSION>/jmxremote.password""
    
      ${JAVACMD} $JAVA_OPTS $LOGGING_CONFIG $CATALINA_OPTS \
        -classpath "$CLASSPATH" \
        -Dcatalina.base="$CATALINA_BASE" \
        -Dcatalina.home="$CATALINA_HOME" \
        -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" \
        -Djava.io.tmpdir="$CATALINA_TMPDIR" \
        org.apache.catalina.startup.Bootstrap start \
         >> ${CATALINA_BASE}/logs/catalina.out 2>&1 &
        if [ ! -z "$CATALINA_PID" ]; then
          echo $! > $CATALINA_PID
        fi
    elif [ "$1" = "start-security" ]; then
    JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.port=8100 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxr
    emote.access.file="/etc/tomcat<VERSION>/jmxremote.access" -Dcom.sun.management.jmxremote.password.file="/etc/tomcat<VERSION>/jmxremote.password""
    
      ${JAVACMD} $JAVA_OPTS $LOGGING_CONFIG $CATALINA_OPTS \
        -classpath "$CLASSPATH" \
        -Dcatalina.base="$CATALINA_BASE" \
  3. Run the following command to start Tomcat:

    service tomcat<VERSION> start
  4. Start the JBoss ON agent.
  5. In the JBoss ON Web UI, import the JBoss ON agent and Tomcat.
  6. In the JBoss ON Web UI, setup the Tomcat connection configuration (principal and credentials).
  7. In the JBoss ON Web UI, set the Tomcat Control method configuration to RPM System V init script.

    Note

    The Start and Shutdown script may not be set because the Tomcat plugin always runs the service tomcat<VERSION> start/stop command for the RPM System V init script configuration setting.

7.2.2. Configuring JBoss ON Monitoring for Tomcat Installed as a Windows Service

  1. Create the jmxremote.access file with controlRole readwrite in the C:\jmx directory.
  2. Create the jmxremote.password file with controlRole pwd in the C:\jmx directory.

    Note

    Set the owner of jmxremote.access and jmxremote.password to SYSTEM, and restrict the access of jmxremote.password only to SYSTEM. The SYSTEM user must only have read access.

  3. Enable JMX for the Tomcat Windows service:

    JWS_HOME\sbin\tomcat<VERSION>.exe //US//Tomcat<VERSION> ++JvmOptions="-Dcom.sun.management.jmxremote.port=8100;-Dcom.sun.management.jmxremote.access.file="C:\jmx\jmxremote.access";-Dcom.sun.management.jmxremote.password.file="C:\jmx\jmxremote.password";-Dcom.sun.management.jmxremote.ssl=false;-Dcom.sun.management.jmxremote.authenticate=true"
  4. Start the Tomcat Windows service, and verify that it is running.
  5. Install and configure the JBoss ON agent. Type discovery in the agent prompt to discover the Tomcat Windows service.
  6. In the JBoss ON Web UI, click Inventory, then click Discovery Queue, and select import Tomcat and RHQ agent.
  7. In the JBoss ON Web UI, go to Platforms and search for the agent name. Click on your agent.
  8. On the Agent page, Tomcat Servers are listed. Select your Tomcat server by clicking it.
  9. In the JBoss ON Web UI, click on the Inventory tab and then configure the Tomcat Server in Connection Settings.
  10. Enter the Principal and Credentials information. Use the controlRole and password set in the jmxremote files.
  11. Set the control method to RPM System V init script.

    Note

    You cannot set Start and Shutdown script fields.

  12. Click Save.
  13. Update the connection settings of the Tomcat Server JVM, and set Principal and Credentials.