tomcat

by

jmx remote using JmxRemoteLifecycleListener

needed to monitor tomcat, and specifically tomcat behind a firewall.

The problem here is that JMX uses two ports, one for the RMI registry and another to export JMX RMI connection objects to which a client is expected to connect into.

  • However, the second port is random which of course is a pain given we can’t open all ports on the firewall then Zabbix Java Agent can’t connect to the RMI port on the monitored host.

to overcome this we need to use JmxRemoteLifecycleListener and specify the secondary port, which can then be permitted in the firewall.

to make this work, locate the server.xml  (eg /etc/tomcat6/server.xml) and add the following line

<Listener className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener" rmiRegistryPortPlatform="10001" rmiServerPortPlatform="10002"/>

next on the Tomcat startup script (eg /etc/tomcat6/tomcat6.conf)

if you are on a network where the internal DNS name is different to that of the public, add the following

-Djava.rmi.server.hostname=your.public.dns

this address can be either a hostname or IP address

by

Tomcat & remote access

I’m using Centos for our production application servers, running Tomcat6.

now the application are working, need to monitor their state – in this example, the servers are all on the same network – see note on JmxRemoteLifecycleListener when using firewalls
exampl

So need to allow remote connections to the tomcat servers.
Default Configuration data is in file –  /etc/tomcat6/tomcat6.conf

Required basic Parameters

-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port=xxxxx
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false

just add the the above into the conf file and restart the tomcat service. eg

CATALINA_OPTS="-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=10001 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false"

however, this isn’t exactly secure…

to achieve this, add the following lines

-Dcom.sun.management.jmxremote.authenticate=true \
-Dcom.sun.management.jmxremote.password.file=$CATALINA_BASE/conf/jmxremote.password \ 
-Dcom.sun.management.jmxremote.access.file==$CATALINA_BASE/conf/jmxremote.access \
  • create the password and access files if they don’t exist

example contents for jmxremote.access :

monitorRole readonly 
controlRole readwrite
by

Easy way to Install Tomcat In Centos

Installing Tomcat just takes a few minutes.

Tomcat requires java so install that followed by tomcat.

Method: open terminal, sudo as root type the following commands:

yum -y install java
yum -y install tomcat6 tomcat6-webapps tomcat6-admin-webapps

the start tomcat

/etc/init.d/tomcat6 start

to make it start automatically

chkconfig --add tomcat6
chkconfig tomcat on 235
chkconfig --list tomcat6
chkconfig --list tomcat6
tomcat6 0:off 1:off 2:on 3:on 4:on 5:on 6:off

To connect to Tomcat, browse to port 8080 on the server:

http://[serverip]:8080