Connecting To JBoss Via JConsole in Domain Mode

Solution Unverified - Updated -

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 6.x

Issue

  • How do I connect to a JBoss instance within a domain via JConsole?
  • JConsole can not jmx connection domain mode
  • We saw the following instructions for jconsole, but this is for standalone mode. What about domain mode?
  • How to connect the JBoss EAP 6 via JConsole in domain mode on Windows ?
  • Can not see some mbeans through JConsole after enabling the rbac access-control in EAP 6.3 .
  • How to connect the JBoss using jconsole in domain mode on Linux?
  • How does one access the JMX info for a managed server instance in domain mode?

Resolution

To connect to JBoss EAP From jconsole:

  • Make sure $JAVA_HOME is set correctly

  • Set the remoting-connector in the jmx subsystem to not use the management endpoint. In domain mode only the host controller has a management port, the individual servers do not. So that's why we set use-management-endpoint=false implying using the remote endpoint instead if you want to connect to the individual servers.

Example using the full-ha profile:

/profile=full-ha/subsystem=jmx/remoting-connector=jmx:add(use-management-endpoint=false)

resulting xml in domain.xml

<subsystem xmlns="urn:jboss:domain:jmx:1.2">
     <expose-resolved-model/>
     <expose-expression-model/>
     <remoting-connector use-management-endpoint="false"/>
</subsystem>
  • Define an ApplicationRealm user with the help of add-user.sh or add-user.bat (i.e. option b when running add-user.sh). If your environment contains remote host controllers, the ApplicationRealm user would be defined on each of the host controllers.

  • Start up $JBOSS_HOME/bin/jconsole.sh and connect to instance within the domain using service:jmx:remoting-jmx://{$HOSTNAME}:4447 and authenticating using the previously defined ApplicationRealm user.

Notes :

  • $HOSTNAME will be IP address or hostname on which server is running and 4447 is the default remoting port. Add respective port offset in 4447 to connect through jconsole.

  • In EAP 6.3 ,if you have enabled the rbac access-control then you can not see all the mbeans throgh JConsole. To see all the mbeans through JConsole , you need to add that application user with superuser role through admin console and set realm to ApplicationRealm while adding it. The items you can see are accessible to all. The items you cannot see are protected. On top of that, most functionality of the visible items is refused with "Not authorized" when the user is not setup in a proper role.

Root Cause

  • As per jboss-as-jmx_1_2.xsd, it seems show-model is no longer available in EAP 6.1.x.

  • service:jmx:remoting-jmx://{host_name}:9999 cannot be used when attempting to connect to a specific instance within a domain. The aformentioned address connects to the domain controller. Port 9999 will be directed to the host controller, not to each managed server, using mgmt-users.properties for authentication.

Diagnostic Steps

To check if the connection request is raised on the JBoss, enable the TRACE log for org.jboss.remoting and check the connection information, like authentication or protocol issues.

<logger category="org.jboss.remoting">
    <level name="TRACE"/>
</logger>

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

2 Comments

Good reference ==> http://planet.jboss.org/post/jmx_connections_to_jboss_as

EAP7 has consolidated a lot of ports, so for EAP7 the port associated with the HTTP socket binding (8080) should be used. EAP6 lists a remoting port in the socket bindings. EAP7 does not, so it's not clear whether it's possible to put JMX on another port.