Details

    • Type: Improvement Improvement
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: V3
    • Fix Version/s: V3
    • Component/s: amx
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: All

    • Issuezilla Id:
      9,058

      Description

      http://blogs.sun.com/jmxetc/entry/connecting_through_firewall_using_jmx

      It turns out that there is a random port being used by GlassFish for RMI connections, re-randomized on
      every server start. This is classic JMX, though there is a way to configure this port, I guess we chose not to
      do that. Real bummer for JMX through firewalls since the rules have to be updated every time the server is
      started.

        Activity

        Hide
        peterwx added a comment -

        This issue makes it difficult to run Performance Monitor (or VisualVM) to
        monitor GlassFish from outside a firewall.

        Show
        peterwx added a comment - This issue makes it difficult to run Performance Monitor (or VisualVM) to monitor GlassFish from outside a firewall.
        Hide
        jthoennes added a comment -

        Hmmm, this is even on top of the missing support for port unification for HTTP
        and RMI (IIOP?) ports.

        Does JMX use the same RMI port(s) as e.g. JNDI?

        Show
        jthoennes added a comment - Hmmm, this is even on top of the missing support for port unification for HTTP and RMI (IIOP?) ports. Does JMX use the same RMI port(s) as e.g. JNDI?
        Hide
        peterwx added a comment -

        GlassFish has a standard configurable port for it's RMI registry (8686 by default) but once a connection is
        established, the JMX protocol establishes a second random port for the actual RMI connector. See the
        blog entry (and others by same author) in first description entry, above, for more details on the problem
        and possible solutions.

        Show
        peterwx added a comment - GlassFish has a standard configurable port for it's RMI registry (8686 by default) but once a connection is established, the JMX protocol establishes a second random port for the actual RMI connector. See the blog entry (and others by same author) in first description entry, above, for more details on the problem and possible solutions.
        Hide
        llc added a comment -

        Modifying the URL per http://blogs.sun.com/jmxetc/entry/connecting_through_firewall_using_jmx seems to
        work.

        The revised URL apparently causes the RMI code to use the same port for the RMIRegistry and for client
        connections. It requires a server-side code change.

        service:jmx:rmi:///jndi/rmi://192.168.1.5:8686//jndi/rmi://192.168.1.5:8686/jmxrmi

        This has downstream effects:

        • my jmxcmd tool can't deal with this URL (essential for my work, so I have to fix).
        • Existing clients (if backported to V2) would need to use the new URL.

        Other side-effects might be present, not sure.

        Show
        llc added a comment - Modifying the URL per http://blogs.sun.com/jmxetc/entry/connecting_through_firewall_using_jmx seems to work. The revised URL apparently causes the RMI code to use the same port for the RMIRegistry and for client connections. It requires a server-side code change. service:jmx:rmi:///jndi/rmi://192.168.1.5:8686//jndi/rmi://192.168.1.5:8686/jmxrmi This has downstream effects: my jmxcmd tool can't deal with this URL (essential for my work, so I have to fix). Existing clients (if backported to V2) would need to use the new URL. Other side-effects might be present, not sure.
        Hide
        llc added a comment -

        I'd prefer to see this problem solved both for RMI, but also by offering the jmxmp connector, which has no
        such firewall issues.

        Show
        llc added a comment - I'd prefer to see this problem solved both for RMI, but also by offering the jmxmp connector, which has no such firewall issues.
        Hide
        llc added a comment -

        Fixed.

        URL now looks like this:
        service:jmx:rmi://192.168.1.5:8686/jndi/rmi://192.168.1.5:8686/jmxrmi

        I have verified that JConsole works correctly with this form, either entering the full service url, or by
        entering host:port.

        llcMP:common llc$ svn commit
        Sending
        common/mbeanserver/src/main/java/org/glassfish/admin/mbeanserver/JMXMPConnectorStarter.java
        Sending
        common/mbeanserver/src/main/java/org/glassfish/admin/mbeanserver/RMIConnectorStarter.java
        Transmitting file data ..
        Committed revision 30422.

        Show
        llc added a comment - Fixed. URL now looks like this: service:jmx:rmi://192.168.1.5:8686/jndi/rmi://192.168.1.5:8686/jmxrmi I have verified that JConsole works correctly with this form, either entering the full service url, or by entering host:port. llcMP:common llc$ svn commit Sending common/mbeanserver/src/main/java/org/glassfish/admin/mbeanserver/JMXMPConnectorStarter.java Sending common/mbeanserver/src/main/java/org/glassfish/admin/mbeanserver/RMIConnectorStarter.java Transmitting file data .. Committed revision 30422.

          People

          • Assignee:
            llc
            Reporter:
            llc
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: