You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@synapse.apache.org by "Eric Hubert (JIRA)" <ji...@apache.org> on 2009/04/14 18:16:14 UTC

[jira] Updated: (SYNAPSE-526) Enhanced JMX-support for Synapse

     [ https://issues.apache.org/jira/browse/SYNAPSE-526?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Eric Hubert updated SYNAPSE-526:
--------------------------------

    Component/s: Core
    Description: 
Hi,

currently it is only possible to use Java's "out-of-the-Box JMX solution" configured via system properties and/or property files which is sufficient for many cases.
Anyway there are the following advantages of using the according Remote API to create, configure and deploy the management agent (server connector) programatically:
1) easier configuration for average users
2) exporting RMI server's remote objects over a certain port to allow passage through a firewall (very important for enterprise deployments), possibility to configure a specific network interface (also sometimes important for enterprise deployments in multi-homed systems 
3) possibility to use a custom JMXAuthenticator to handle own credential configuration (including use of Secret-API to encrypt passwords in plain text files if required/prefered over setting os permissions accordingly.

  was:
Hi,

currently Synapse does not create a JMX server connector to enable the user to make use of the existing MBeans via JConsole or any other JMX-compliant management solution. The attached patch introduces a small JMXAdapter class to create an RMI registry using a specified JNDI port in synapse.properties (synapse.jmx.jndiPort). Only if this port is specified it will create the registry and start the server connector. If the user additionally specifies a fixed RMI port in synapse.properties (synapse.jmx.rmiPort) instead of using a dynamic RMI port Synapse will use the specified port thus allowing a firewalled setup (you have to open both ports in your firewall).
The Javadoc of the class explains the connect syntax:
service:jmx:rmi:///jndi/rmi://<hostname>:<jndiPort>/synapse or service:jmx:rmi://<hostname>:<rmiPort>/jndi/rmi://<hostname>:<jndiPort>/synapse

This patch shall just demonstrate the basic idea. I'm of course willing to contribute further work on this (including documentation). The best place in the startup and shutdown phase of Synapse should be discussed. I'm going to start a separate discussion on the order of actions in the Synapse startup phase anyway.

        Summary: Enhanced JMX-support for Synapse  (was: Add server connector to make use of existing MBeans)

Hi,

according to the feedback received so far I tried to improve the provided patch to cover the following concerns:
- start server connector with default configuration using automatic JNDI port detection (as suggested by Asankha)
- possibility to overwrite JNDI port with any fixed port
- possbility to also set RMI port (to support firewalled environments)
- start JMX server connector early, but report connect details at the end of startup
- enhancement of security implementation to support JBoss AS encryption 
  (possibility to use same encrypted passwords for datasource or JMX passwords or any other passwords as in JBoss)
- integration of security API to encrypt JMX passwords
- providing synapse.properties with default configuration and examples for configuration

The patch is rather comprehensive and although I tried to avoid touching too many files, I still added and changed quite a lot of code with this new patch. So I'll ask all developers to do some review.
Regarding the secret changes I would very much appreciate if Indika could have a glance on my changes, but of course any other developer is also invited. ;-)
Once those changes are committed I would like to work on unit test coverage improvements in this area as there is currently almost nothing.

Thanks a lot in advance!






> Enhanced JMX-support for Synapse
> --------------------------------
>
>                 Key: SYNAPSE-526
>                 URL: https://issues.apache.org/jira/browse/SYNAPSE-526
>             Project: Synapse
>          Issue Type: Improvement
>          Components: Core
>    Affects Versions: 1.2
>            Reporter: Eric Hubert
>            Priority: Minor
>             Fix For: 1.3
>
>         Attachments: jmx_and_security.patch
>
>
> Hi,
> currently it is only possible to use Java's "out-of-the-Box JMX solution" configured via system properties and/or property files which is sufficient for many cases.
> Anyway there are the following advantages of using the according Remote API to create, configure and deploy the management agent (server connector) programatically:
> 1) easier configuration for average users
> 2) exporting RMI server's remote objects over a certain port to allow passage through a firewall (very important for enterprise deployments), possibility to configure a specific network interface (also sometimes important for enterprise deployments in multi-homed systems 
> 3) possibility to use a custom JMXAuthenticator to handle own credential configuration (including use of Secret-API to encrypt passwords in plain text files if required/prefered over setting os permissions accordingly.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@synapse.apache.org
For additional commands, e-mail: dev-help@synapse.apache.org