Connecting To JBoss Via JConsole in Domain Mode
Environment
- Red Hat JBoss Enterprise Application Platform (EAP)
- 6.x
Issue
- How do I connect to a JBoss instance within a domain via JConsole?
- JConsole can not jmx connection domain mode
- We saw the following instructions for jconsole, but this is for standalone mode. What about domain mode?
- How to connect the
JBoss EAP 6via JConsole in domain mode on Windows ? - Can not see some
mbeansthroughJConsoleafter enabling therbac access-controlinEAP 6.3. - How to connect the JBoss using jconsole in domain mode on Linux?
- How does one access the JMX info for a managed server instance in domain mode?
Resolution
To connect to JBoss EAP From jconsole:
-
Make sure
$JAVA_HOMEis set correctly -
Set the remoting-connector in the jmx subsystem to not use the management endpoint. In domain mode only the host controller has a management port, the individual servers do not. So that's why we set
use-management-endpoint=falseimplying using the remote endpoint instead if you want to connect to the individual servers.
Example using the full-ha profile:
/profile=full-ha/subsystem=jmx/remoting-connector=jmx:add(use-management-endpoint=false)
resulting xml in domain.xml
<subsystem xmlns="urn:jboss:domain:jmx:1.2">
<expose-resolved-model/>
<expose-expression-model/>
<remoting-connector use-management-endpoint="false"/>
</subsystem>
-
Define an ApplicationRealm user with the help of
add-user.shoradd-user.bat(i.e. option b when runningadd-user.sh). If your environment contains remote host controllers, the ApplicationRealm user would be defined on each of the host controllers. -
Start up
$JBOSS_HOME/bin/jconsole.shand connect to instance within the domain usingservice:jmx:remoting-jmx://{$HOSTNAME}:4447and authenticating using the previously definedApplicationRealmuser.
Notes :
-
$HOSTNAMEwill be IP address or hostname on which server is running and4447is the default remoting port. Add respective port offset in4447to connect through jconsole. -
In EAP 6.3 ,if you have enabled the
rbac access-controlthen you can not see all thembeansthrogh JConsole. To see all thembeansthrough JConsole , you need to add thatapplication userwithsuperuserrole throughadmin consoleand set realm toApplicationRealmwhile adding it. The items you can see are accessible to all. The items you cannot see are protected. On top of that, most functionality of the visible items is refused with "Not authorized" when the user is not setup in a proper role.
Root Cause
-
As per
jboss-as-jmx_1_2.xsd, it seems show-model is no longer available inEAP 6.1.x. -
service:jmx:remoting-jmx://{host_name}:9999cannot be used when attempting to connect to a specific instance within a domain. The aformentioned address connects to the domain controller. Port 9999 will be directed to the host controller, not to each managed server, usingmgmt-users.propertiesfor authentication.
Diagnostic Steps
To check if the connection request is raised on the JBoss, enable the TRACE log for org.jboss.remoting and check the connection information, like authentication or protocol issues.
<logger category="org.jboss.remoting">
<level name="TRACE"/>
</logger>
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.