Red Hat Training

A Red Hat training course is available for Red Hat JBoss Web Server

7.3. Configuring Tomcat for JBoss ON Monitoring

To allow JBoss ON to monitor Tomcat in Red Hat JBoss Web Server, you must configure Tomcat to allow JBoss ON discovery, as well as providing JBoss ON the required access.

Procedure 7.3. Configuring User Permissions on a Linux Operating System

Note

For Microsoft Windows, skip these steps and proceed to Procedure 7.4, “Configuring Tomcat for JBoss ON Monitoring”.
The JBoss ON agent requires read and write permission to the httpd and Tomcat directories.
  • As a user with root privileges, run the following command to add the user which runs the JBoss ON Agent to the tomcat and apache user groups:
    # usermod -aG tomcat,apache <JBOSSON_AGENT_USER>

Procedure 7.4. Configuring Tomcat for JBoss ON Monitoring

JBoss Web Server instances are auto-discovered on Linux and Unix platforms. However, you need to configure the instance's JMX to allow for proper handling of authentication, and accurate Tomcat monitoring.
To configure JMX to handle authentication:
  1. Open the startup file of the respective JBoss Web Server instance for editing:
    • On Red Hat Enterprise Linux installed from a ZIP file, open JWS_HOME/tomcat<VERSION>/bin/startup.sh
    • On Red Hat Enterprise Linux installed from RPM, open /usr/sbin/tomcat<VERSION>
    • On Microsoft Windows open JWS_HOME\share\tomcat<VERSION>\bin\startup.bat.
    • On Solaris using daemon.sh to start Tomcat, open JWS_HOME/tomcat<VERSION>/bin/setenv.sh
  2. Define an available port for JMX monitoring. Ensure the port is not blocked by any firewall.
    • On Red Hat Enterprise Linux and Solaris:
      JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.port=PORT_NUMBER -Djava.rmi.server.hostname=IP_ADDRESS"
    • On Microsoft Windows:
      set "JAVA_OPTS=%JAVA_OPTS% -Dcom.sun.management.jmxremote.port=PORT_NUMBER -Djava.rmi.server.hostname=IP_ADDRESS"
  3. In production environments, add the following lines to the JAVA_OPTS variable in the startup file to secure JMX with SSL and restrict the access with a firewall:
    • On Red Hat Enterprise Linux and Solaris
      JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.access.file=JWS_HOME/jmxremote.access"
      JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.password.file=JWS_HOME/jmxremote.password"
    • On Microsoft Windows:
      set "JAVA_OPTS=%JAVA_OPTS% -Dcom.sun.management.jmxremote.access.file=JWS_HOME\jmxremote.access"
      set "JAVA_OPTS=%JAVA_OPTS% -Dcom.sun.management.jmxremote.password.file=JWS_HOME\jmxremote.password"

    Note

    If you want to disable authentication and SSL for development purposes, add the following lines to the JAVA_OPTS variable in the startup file:
    JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.ssl=false"
    JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.authenticate=false"
  4. Once the Tomcat server resource is discovered and imported into the JBoss ON inventory, it may be necessary to update the new resource's connection settings.
    1. In the JBoss ON interface, click Connection Settings for the newly imported Tomcat server resource.
    2. Verify the value of the Manager URL property to the RMI URL, to ensure it uses the correct JMX host name and port number as defined in the Tomcat server startup file. An example for this value is shown below:
      service:jmx:rmi:///jndi/rmi://$IP_ADDRESS:$PORT/jmxrmi

7.3.1. Configuring JBoss ON Monitoring for Tomcat Installed from RPMs

Procedure 7.5. Configuring JBoss ON Monitoring for Tomcat Installed from RPMs

  1. In a shell prompt become the root user.
  2. Set up JMX JAVA_OPTS properties in the /usr/sbin/tomcat<VERSION>/startup file in the start and start-security sections.
    if [ "$1" = "start" ]; then
    JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.port=8100 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxr
    emote.access.file="/etc/tomcat<VERSION>/jmxremote.access" -Dcom.sun.management.jmxremote.password.file="/etc/tomcat<VERSION>/jmxremote.password""
    
      ${JAVACMD} $JAVA_OPTS $LOGGING_CONFIG $CATALINA_OPTS \
        -classpath "$CLASSPATH" \
        -Dcatalina.base="$CATALINA_BASE" \
        -Dcatalina.home="$CATALINA_HOME" \
        -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" \
        -Djava.io.tmpdir="$CATALINA_TMPDIR" \
        org.apache.catalina.startup.Bootstrap start \
         >> ${CATALINA_BASE}/logs/catalina.out 2>&1 & 
        if [ ! -z "$CATALINA_PID" ]; then
          echo $! > $CATALINA_PID
        fi
    elif [ "$1" = "start-security" ]; then
    JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.port=8100 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxr
    emote.access.file="/etc/tomcat<VERSION>/jmxremote.access" -Dcom.sun.management.jmxremote.password.file="/etc/tomcat<VERSION>/jmxremote.password""
    
      ${JAVACMD} $JAVA_OPTS $LOGGING_CONFIG $CATALINA_OPTS \
        -classpath "$CLASSPATH" \
        -Dcatalina.base="$CATALINA_BASE" \
    
  3. In /etc/tomcat<VERSION>/tomcat<VERSION>.conf, configure Tomcat to run as the root user.
    TOMCAT_USER="root"
  4. Run the following command to start Tomcat.
    service tomcat<VERSION> start
  5. Start the JBoss ON agent.
  6. In the JBoss ON Web UI, import the JBoss ON agent and Tomcat.
  7. In the JBoss ON Web UI, setup the Tomcat connection configuration (principal and credentials).
  8. In the JBoss ON Web UI, set the Tomcat Control method configuration to RPM System V init script.

    Note

    Start and Shutdown script may not be set because the Tomcat plugin always runs the service tomcat<VERSION> start/stop command for the RPM System V init script configuration setting.

7.3.2. Configuring JBoss ON Monitoring for Tomcat Installed as a Windows Service

Procedure 7.6. Configuring JBoss ON for JBoss Web Server with Tomcat Installed as a Windows Service

  1. Create the jmxremote.access file with controlRole readwrite in the C:\jmx directory.
  2. Create the jmxremote.password file with controlRole pwd in the C:\jmx directory.

    Note

    Set the owner of jmxremote.access and jmxremote.password to SYSTEM, and restrict the access of jmxremote.password only to SYSTEM. The SYSTEM user must only have read access.
  3. Enable JMX for the Tomcat Windows service.
    JWS_HOME\sbin\tomcat<VERSION>.exe //US//Tomcat<VERSION> ++JvmOptions="-Dcom.sun.management.jmxremote.port=8100;-Dcom.sun.management.jmxremote.access.file="C:\jmx\jmxremote.access";-Dcom.sun.management.jmxremote.password.file="C:\jmx\jmxremote.password";-Dcom.sun.management.jmxremote.ssl=false;-Dcom.sun.management.jmxremote.authenticate=true"
  4. Start the Tomcat Windows service, and verify that it is running.
  5. Install and configure the JBoss ON agent. Type discovery in the agent prompt to discover the Tomcat Windows service.
  6. In the JBoss ON Web UI, click Inventory and then, click Discovery Queue and select import Tomcat and RHQ agent.
  7. In the JBoss ON Web UI, go to Platforms and search for the agent name. Click on your agent.
  8. On the Agent page, Tomcat Servers are listed. Select your Tomcat server by clicking it.
  9. In the JBoss ON Web UI, click on the Inventory tab and then configure the Tomcat Server in Connection Settings.
  10. Enter the Principal and Credentials information. use the controlRole and password set in the jmxremote files.
  11. Set the control method to RPM System V init script.

    Note

    You can not set Start and Shutdown Script fields.
  12. Click Save.
  13. Update the connection settings of the Tomcat Server JVM and set Principal and Credentials.