Hi

can anyone please tell me that where should i place jmx paramters for jconsole in catalina.sh

i have placed them at the start of catalina.sh file and it works fine. but when i try to shutdown tomcat i get exception that port is already in use. exception is below.

Error: Exception thrown by the agent : java.rmi.server.ExportException: Port already in use: 8008; nested exception is:
java.net.BindException: Address already in use

i am unable to understand that y it is throwing this exception coz port is really in use and it should stop this port.
when i change parameters position in catalina and start tomcat then i get some other exceptions in catalina.out of tomcat and tomcat doesn't start properly.
tomcat server is hosted on a linux machine and i am using remote jconsole to access it.


and i am using following parameters:

JAVA_OPTS="-Dcom.sun.management.jmxremote \
-Dcom.sun.management.jmxremote.port=8008 \
-Dcom.sun.management.jmxremote.ssl=false \
-Dcom.sun.management.jmxremote.authenticate=true \
-Dcom.sun.management.jmxremote.password.file=/u/bin/apache-tomcat-6.0.18/conf/jmxremote.password"

Thanks in advance.

Regards,
Kashif

Dear Kashif,

To find out what is running on port 8008, stop Tomcat and then use the directions in this thread to find out what is using that port (http://java-monitor.com/forum/showthread.php?t=22).

Or, just pick another port. :-)

Hope that helps.

Kees Jan

Dear Kashif,

Also, simply specifying this port will not solve your firewall issues, since ports for JMX are dynamically allocate (http://java-monitor.com/forum/showthread.php?t=37)d.

Kees Jan

Hi Kees Jan,

i have already tried these things like changing port and looking wht other application is using this port...but nothing changed the results.

if i change port then 2 i get same exception when i stop tomcat.

and when i check that which other application is using that port then i dont see that this port is in use by any other application.

also there is no issue with firewall coz iptable server is stopped.

also JMX is using the port i specify coz after starting tomcat when i use command netstat -pln | grep java then i see that my specified port is in use by java process. means JMX is using same port. so no help yet :(

any other thing that i shud check?

Regards,
Kashif

Dear Kashif ,

So this is a remote server?

*sigh* getting JConsole to work is just too hard remotely. Perhaps you could use VNC or a remote X11 connection to that machine and then run jconsole locally on the server, displaying on your machine. From experience I can tell you that that can be painfully slow, though.

Another option is to ssh into the box with X11-forwarding enabled. That way you can also run JConsole on the remote box.

Of course, java-monitor was designed to work around the RMI problems that jconsole introduces. You don't even need to set any command line parameters. Check it out (http://java-monitor.com/install.html).

Kees Jan

well Thanks kees Jan,

issue has been resolved by changing JAVA_OPTS with CATALINA_OPTS and now i am able to access jvm info from remote system using jconsole.

but now i wnt to know one more thing that is it possible to change memory parameters using jconosle. like can i increase/decrease premgen space or heap memory using jconsole.

your thoughts please?

Regards,
Kashif

Dear Kashif,

Good to hear that jconsole works for you now.

You cannot change the memory pool sizes using jconsole, as these are startup options for the JVM. You have to use the -Xmx (and -Xms) command line options for that. They also go into JAVA_OPTS (or CATALINA_OPTS, I think).

Use jconsole to find how much memory you need and then restart the JVM with the new -Xmx settings.

Does this answer your questions?

Kees Jan

Thanks Kees Jan,

Yes its ok with me now. now i can monitor my jvm on remote server. but now i want to know one more thing...

is it possible to restrict only mentioned ip to use jconsole with that jvm.

like i have put authentication using following syntax...

-Dcom.sun.management.jmxremote.password.file=/u/bin/apache-tomcat-6.0.18/conf/jmxremote.password"

this will read passwords from file and then allow users to view that info.

but i dont feel that it is reliable for production servers. therefore i wnt only allowed ips to access it. so is there any syntax available for this purpose???

Regards,
Kashif

Dear Kashif,

Good to hear that everything works.

As for your question about restricting access to a single IP: you suggest that RMI's password protection may not be enough. Do you have any articles or blog posts or other evidence that RMI's SSL password implementation is flawed? If that is the case I'd love to hear about it.

I use the OS firewall to restrict access to sensitive ports. I prefer to keep my port whitelist in one place, instead of having to keep track of several application configuration files.

Kees Jan

hi Kes,

i agree, completely agree with you that there is no flaw with RMI's password protection but my point is that:

password in "jmxremote.password" is not encrypted. so anyone who can open this file, will be able to read this password.

also there are different ways to protect system and i am looking for this way :) so no offense i think :D

so is there any way to mention "valid ip" to access jvm info?

Regards,
Kashif

Dear Kashif,

According to this list of JVM options (http://java.sun.com/j2se/1.5.0/docs/guide/management/agent.html#properties), there is no such option.

As for having files with encrypted passwords in them, here is a discussion on the subject of encrypting JDBC passwords for Tomcat (http://www.mail-archive.com/users@tomcat.apache.org/msg54102.html) that might interest you.
Kees Jan