You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@karaf.apache.org by Thiago Souza <tc...@gmail.com> on 2012/04/02 19:16:37 UTC
Re: Connect to remote JMX?
Hello all,
Well, I still can not connect to JMX. I tried everything. I can even
telnet to port 1099 from the client, but yet can't connect to JMX. I always
get: "Cannot connect
to service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root
using service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root".
That's really bad, hope I can convince the production team to support
my system without JMX, that won't be an easy task...
Thank you all,
Thiago Souza
On Wed, Mar 28, 2012 at 18:45, Achim Nierbeck <bc...@googlemail.com>wrote:
> Hi Reuben,
>
> I'd say this is less part of wisdom then of comfort or personal taste ;)
> From my experience with deploying any type of server in a production
> environment I'm personally in favor of closing everything up and
> add extra documentation on how to enable wanted "security breaches" for
> development or operation where needed.
>
> But again this is my personal feeling for it, and if disabling SSH is a
> regression we surely don't want to do it for the 2.2.x line
> but should consider it for the 3.0 line.
>
> Regards, Achim
>
>
>
> Am 28.03.2012 22:37, schrieb Reuben Garrett:
>
> with due respect for those more experienced than i am, i feel it's best
>> to disable by default any remote access, along the lines of "security is
>> mandatory" [1]. sure, the deployer of an instance is responsible for
>> tuning security - but it's nice to help people avoid mistakes. if
>> necessary, it could even be deferred to a major release if there's a real
>> backwards-compatibility issue.
>>
>> that being said, i am still a fledgling, and i defer to the committers'
>> wisdom.
>>
>> ~ Reuben
>>
>> [1]: http://www.apache.org/**foundation/how-it-works.html#**management<http://www.apache.org/foundation/how-it-works.html#management> (below "Philosophy")
>>
>>
>
> --
> - Apache Karaf<http://karaf.apache.org/**> Committer& PMC
> - OPS4J Pax Web<http://wiki.ops4j.org/**display/paxweb/Pax+Web/<http://wiki.ops4j.org/display/paxweb/Pax+Web/>>
> Committer& Project Lead
> - Blog<http://notizblog.**nierbeck.de/ <http://notizblog.nierbeck.de/>>
>
>
Re: Connect to remote JMX?
Posted by Thiago Souza <tc...@gmail.com>.
Hi Guillaume,
That's exactly what I did. I can also telnet to port 1099 and 44444
from the client.
But still, can't connect (with or without credentials).
Cheers...
On Tue, Apr 3, 2012 at 03:54, PAC Kieffer Guillaume <
Guillaume.Kieffer@panalpina.com> wrote:
> Hi,
>
> I got JMX working yesterday, thanks to this post :)
>
> You have to:
> - Copy exactly the URL provided in the "serviceUrl" from the
> org.apache.karaf.management.cfg
> - Replace the jmxRegistryPort, jmxServerPort and karaf.name with the
> correct values
> - Paste the exact full URL in the "JMX Connection Field" of JVisualvm
>
> You really have to use the full service URL / not only the host and port
> that seems requested.
>
> Regards,
> Guillaume.
>
> -----Original Message-----
> From: Dan Tran [mailto:dantran@gmail.com]
> Sent: Tuesday, April 03, 2012 03:12
> To: user@karaf.apache.org
> Subject: Re: Connect to remote JMX?
>
>
> service:jmx:rmi://your.karaf.host:1099/jndi/rmi://your.karaf.host:4444/karaf-root
> does not work?
>
> Can you telnet to your.karaf.host:1099 and your.karaf.host:4444?
>
> -D
>
>
>
>
>
> On Mon, Apr 2, 2012 at 2:18 PM, Thiago Souza <tc...@gmail.com>
> wrote:
> > Hi Dan,
> >
> > - Minimum, standard, or enterprise?
> >
> > Standard
> >
> > - how do you invoke karaf?
> >
> > bin/start (under root)
> >
> > - what are your jmx port, adn your registry port?
> >
> > defaults, 1099 and 44444
> >
> > - Can you run Xwindow to your ubuntu box and run Jconsole from there?
> >
> > unfortunately not...
> >
> > On Mon, Apr 2, 2012 at 16:55, Dan Tran <da...@gmail.com> wrote:
> >>
> >> On Mon, Apr 2, 2012 at 11:38 AM, Thiago Souza <tc...@gmail.com>
> >> wrote:
> >> > Hi Dan,
> >> >
> >> > Here it is:
> >> >
> >> > - What karaf distribution did you use?
> >> > Latest 2.2.5
> >>
> >> Minimum, standard, or enterprise?
> >>
> >> >
> >> > - What is your host and OS type?
> >> > Linux Ubuntu 10.11 64-bits
> >>
> >> how do you invoke karaf?
> >>
> >> >
> >> > - What did you change?
> >> > The change I made was in org.apache.karaf.management.cfg. I've
> >> > changed
> >> > the serviceUrl from "localhost" to "0.0.0.0"
> >>
> >> what are your jmx port, adn your registry port?
> >>
> >> >
> >> > - Are you able to to connect to karaf locally via same URL??
> >> > I don't know how to test JMX from a shell console, but I can telnet
> >> > to
> >> > localhost 1099.
> >> >
> >>
> >> Can you run Xwindow to your ubuntu box and run Jconsole from there?
> >>
> >>
> >> >
> >> > On Mon, Apr 2, 2012 at 14:29, Dan Tran <da...@gmail.com> wrote:
> >> >>
> >> >> Your URL is wrong jmx:rmi:///jndi/rmi://<host>:1099/karaf-root using
> >> >> service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root"
> >> >>
> >> >> you will need to give more details:
> >> >>
> >> >> - What karaf distribution did you use?
> >> >>
> >> >> - What is your host and OS type?
> >> >>
> >> >> - What did you change?
> >> >>
> >> >> - Are you able to to connect to karaf locally via same URL??
> >> >>
> >> >>
> >> >> -Dan
> >> >>
> >> >> On Mon, Apr 2, 2012 at 10:16 AM, Thiago Souza <tcostasouza@gmail.com
> >
> >> >> wrote:
> >> >> > Hello all,
> >> >> >
> >> >> > Well, I still can not connect to JMX. I tried everything. I can
> >> >> > even
> >> >> > telnet to port 1099 from the client, but yet can't connect to JMX.
> I
> >> >> > always
> >> >> > get: "Cannot connect
> >> >> > to service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root
> >> >> > using service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root".
> >> >> > That's really bad, hope I can convince the production team to
> >> >> > support my
> >> >> > system without JMX, that won't be an easy task...
> >> >> >
> >> >> > Thank you all,
> >> >> > Thiago Souza
> >> >> >
> >> >> >
> >> >> > On Wed, Mar 28, 2012 at 18:45, Achim Nierbeck
> >> >> > <bc...@googlemail.com>
> >> >> > wrote:
> >> >> >>
> >> >> >> Hi Reuben,
> >> >> >>
> >> >> >> I'd say this is less part of wisdom then of comfort or personal
> >> >> >> taste
> >> >> >> ;)
> >> >> >> From my experience with deploying any type of server in a
> production
> >> >> >> environment I'm personally in favor of closing everything up and
> >> >> >> add extra documentation on how to enable wanted "security
> breaches"
> >> >> >> for
> >> >> >> development or operation where needed.
> >> >> >>
> >> >> >> But again this is my personal feeling for it, and if disabling SSH
> >> >> >> is a
> >> >> >> regression we surely don't want to do it for the 2.2.x line
> >> >> >> but should consider it for the 3.0 line.
> >> >> >>
> >> >> >> Regards, Achim
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >> Am 28.03.2012 22:37, schrieb Reuben Garrett:
> >> >> >>
> >> >> >>> with due respect for those more experienced than i am, i feel
> it's
> >> >> >>> best
> >> >> >>> to disable by default any remote access, along the lines of
> >> >> >>> "security
> >> >> >>> is
> >> >> >>> mandatory" [1]. sure, the deployer of an instance is responsible
> >> >> >>> for
> >> >> >>> tuning
> >> >> >>> security - but it's nice to help people avoid mistakes. if
> >> >> >>> necessary,
> >> >> >>> it
> >> >> >>> could even be deferred to a major release if there's a real
> >> >> >>> backwards-compatibility issue.
> >> >> >>>
> >> >> >>> that being said, i am still a fledgling, and i defer to the
> >> >> >>> committers'
> >> >> >>> wisdom.
> >> >> >>>
> >> >> >>> ~ Reuben
> >> >> >>>
> >> >> >>> [1]:
> http://www.apache.org/foundation/how-it-works.html#management
> >> >> >>> (below "Philosophy")
> >> >> >>>
> >> >> >>
> >> >> >>
> >> >> >> --
> >> >> >> - Apache Karaf<http://karaf.apache.org/> Committer& PMC
> >> >> >> - OPS4J Pax Web<http://wiki.ops4j.org/display/paxweb/Pax+Web/>
> >> >> >> Committer& Project Lead
> >> >> >> - Blog<http://notizblog.nierbeck.de/>
> >> >> >>
> >> >> >
> >> >
> >> >
> >
> >
>
RE: Connect to remote JMX?
Posted by PAC Kieffer Guillaume <Gu...@panalpina.com>.
...
PS. and restart the instance (even if the change seems reflected in the config properties) it is not taken into account till you restart.
-----Original Message-----
From: PAC Kieffer Guillaume [mailto:Guillaume.Kieffer@panalpina.com]
Sent: Tuesday, April 03, 2012 08:54
To: user@karaf.apache.org
Subject: RE: Connect to remote JMX?
Hi,
I got JMX working yesterday, thanks to this post :)
You have to:
- Copy exactly the URL provided in the "serviceUrl" from the org.apache.karaf.management.cfg
- Replace the jmxRegistryPort, jmxServerPort and karaf.name with the correct values
- Paste the exact full URL in the "JMX Connection Field" of JVisualvm
You really have to use the full service URL / not only the host and port that seems requested.
Regards,
Guillaume.
-----Original Message-----
From: Dan Tran [mailto:dantran@gmail.com]
Sent: Tuesday, April 03, 2012 03:12
To: user@karaf.apache.org
Subject: Re: Connect to remote JMX?
service:jmx:rmi://your.karaf.host:1099/jndi/rmi://your.karaf.host:4444/karaf-root
does not work?
Can you telnet to your.karaf.host:1099 and your.karaf.host:4444?
-D
On Mon, Apr 2, 2012 at 2:18 PM, Thiago Souza <tc...@gmail.com> wrote:
> Hi Dan,
>
> - Minimum, standard, or enterprise?
>
> Standard
>
> - how do you invoke karaf?
>
> bin/start (under root)
>
> - what are your jmx port, adn your registry port?
>
> defaults, 1099 and 44444
>
> - Can you run Xwindow to your ubuntu box and run Jconsole from there?
>
> unfortunately not...
>
> On Mon, Apr 2, 2012 at 16:55, Dan Tran <da...@gmail.com> wrote:
>>
>> On Mon, Apr 2, 2012 at 11:38 AM, Thiago Souza <tc...@gmail.com>
>> wrote:
>> > Hi Dan,
>> >
>> > Here it is:
>> >
>> > - What karaf distribution did you use?
>> > Latest 2.2.5
>>
>> Minimum, standard, or enterprise?
>>
>> >
>> > - What is your host and OS type?
>> > Linux Ubuntu 10.11 64-bits
>>
>> how do you invoke karaf?
>>
>> >
>> > - What did you change?
>> > The change I made was in org.apache.karaf.management.cfg. I've
>> > changed
>> > the serviceUrl from "localhost" to "0.0.0.0"
>>
>> what are your jmx port, adn your registry port?
>>
>> >
>> > - Are you able to to connect to karaf locally via same URL??
>> > I don't know how to test JMX from a shell console, but I can telnet
>> > to
>> > localhost 1099.
>> >
>>
>> Can you run Xwindow to your ubuntu box and run Jconsole from there?
>>
>>
>> >
>> > On Mon, Apr 2, 2012 at 14:29, Dan Tran <da...@gmail.com> wrote:
>> >>
>> >> Your URL is wrong jmx:rmi:///jndi/rmi://<host>:1099/karaf-root using
>> >> service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root"
>> >>
>> >> you will need to give more details:
>> >>
>> >> - What karaf distribution did you use?
>> >>
>> >> - What is your host and OS type?
>> >>
>> >> - What did you change?
>> >>
>> >> - Are you able to to connect to karaf locally via same URL??
>> >>
>> >>
>> >> -Dan
>> >>
>> >> On Mon, Apr 2, 2012 at 10:16 AM, Thiago Souza <tc...@gmail.com>
>> >> wrote:
>> >> > Hello all,
>> >> >
>> >> > Well, I still can not connect to JMX. I tried everything. I can
>> >> > even
>> >> > telnet to port 1099 from the client, but yet can't connect to JMX. I
>> >> > always
>> >> > get: "Cannot connect
>> >> > to service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root
>> >> > using service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root".
>> >> > That's really bad, hope I can convince the production team to
>> >> > support my
>> >> > system without JMX, that won't be an easy task...
>> >> >
>> >> > Thank you all,
>> >> > Thiago Souza
>> >> >
>> >> >
>> >> > On Wed, Mar 28, 2012 at 18:45, Achim Nierbeck
>> >> > <bc...@googlemail.com>
>> >> > wrote:
>> >> >>
>> >> >> Hi Reuben,
>> >> >>
>> >> >> I'd say this is less part of wisdom then of comfort or personal
>> >> >> taste
>> >> >> ;)
>> >> >> From my experience with deploying any type of server in a production
>> >> >> environment I'm personally in favor of closing everything up and
>> >> >> add extra documentation on how to enable wanted "security breaches"
>> >> >> for
>> >> >> development or operation where needed.
>> >> >>
>> >> >> But again this is my personal feeling for it, and if disabling SSH
>> >> >> is a
>> >> >> regression we surely don't want to do it for the 2.2.x line
>> >> >> but should consider it for the 3.0 line.
>> >> >>
>> >> >> Regards, Achim
>> >> >>
>> >> >>
>> >> >>
>> >> >> Am 28.03.2012 22:37, schrieb Reuben Garrett:
>> >> >>
>> >> >>> with due respect for those more experienced than i am, i feel it's
>> >> >>> best
>> >> >>> to disable by default any remote access, along the lines of
>> >> >>> "security
>> >> >>> is
>> >> >>> mandatory" [1]. sure, the deployer of an instance is responsible
>> >> >>> for
>> >> >>> tuning
>> >> >>> security - but it's nice to help people avoid mistakes. if
>> >> >>> necessary,
>> >> >>> it
>> >> >>> could even be deferred to a major release if there's a real
>> >> >>> backwards-compatibility issue.
>> >> >>>
>> >> >>> that being said, i am still a fledgling, and i defer to the
>> >> >>> committers'
>> >> >>> wisdom.
>> >> >>>
>> >> >>> ~ Reuben
>> >> >>>
>> >> >>> [1]: http://www.apache.org/foundation/how-it-works.html#management
>> >> >>> (below "Philosophy")
>> >> >>>
>> >> >>
>> >> >>
>> >> >> --
>> >> >> - Apache Karaf<http://karaf.apache.org/> Committer& PMC
>> >> >> - OPS4J Pax Web<http://wiki.ops4j.org/display/paxweb/Pax+Web/>
>> >> >> Committer& Project Lead
>> >> >> - Blog<http://notizblog.nierbeck.de/>
>> >> >>
>> >> >
>> >
>> >
>
>
RE: Connect to remote JMX?
Posted by PAC Kieffer Guillaume <Gu...@panalpina.com>.
Hi,
I got JMX working yesterday, thanks to this post :)
You have to:
- Copy exactly the URL provided in the "serviceUrl" from the org.apache.karaf.management.cfg
- Replace the jmxRegistryPort, jmxServerPort and karaf.name with the correct values
- Paste the exact full URL in the "JMX Connection Field" of JVisualvm
You really have to use the full service URL / not only the host and port that seems requested.
Regards,
Guillaume.
-----Original Message-----
From: Dan Tran [mailto:dantran@gmail.com]
Sent: Tuesday, April 03, 2012 03:12
To: user@karaf.apache.org
Subject: Re: Connect to remote JMX?
service:jmx:rmi://your.karaf.host:1099/jndi/rmi://your.karaf.host:4444/karaf-root
does not work?
Can you telnet to your.karaf.host:1099 and your.karaf.host:4444?
-D
On Mon, Apr 2, 2012 at 2:18 PM, Thiago Souza <tc...@gmail.com> wrote:
> Hi Dan,
>
> - Minimum, standard, or enterprise?
>
> Standard
>
> - how do you invoke karaf?
>
> bin/start (under root)
>
> - what are your jmx port, adn your registry port?
>
> defaults, 1099 and 44444
>
> - Can you run Xwindow to your ubuntu box and run Jconsole from there?
>
> unfortunately not...
>
> On Mon, Apr 2, 2012 at 16:55, Dan Tran <da...@gmail.com> wrote:
>>
>> On Mon, Apr 2, 2012 at 11:38 AM, Thiago Souza <tc...@gmail.com>
>> wrote:
>> > Hi Dan,
>> >
>> > Here it is:
>> >
>> > - What karaf distribution did you use?
>> > Latest 2.2.5
>>
>> Minimum, standard, or enterprise?
>>
>> >
>> > - What is your host and OS type?
>> > Linux Ubuntu 10.11 64-bits
>>
>> how do you invoke karaf?
>>
>> >
>> > - What did you change?
>> > The change I made was in org.apache.karaf.management.cfg. I've
>> > changed
>> > the serviceUrl from "localhost" to "0.0.0.0"
>>
>> what are your jmx port, adn your registry port?
>>
>> >
>> > - Are you able to to connect to karaf locally via same URL??
>> > I don't know how to test JMX from a shell console, but I can telnet
>> > to
>> > localhost 1099.
>> >
>>
>> Can you run Xwindow to your ubuntu box and run Jconsole from there?
>>
>>
>> >
>> > On Mon, Apr 2, 2012 at 14:29, Dan Tran <da...@gmail.com> wrote:
>> >>
>> >> Your URL is wrong jmx:rmi:///jndi/rmi://<host>:1099/karaf-root using
>> >> service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root"
>> >>
>> >> you will need to give more details:
>> >>
>> >> - What karaf distribution did you use?
>> >>
>> >> - What is your host and OS type?
>> >>
>> >> - What did you change?
>> >>
>> >> - Are you able to to connect to karaf locally via same URL??
>> >>
>> >>
>> >> -Dan
>> >>
>> >> On Mon, Apr 2, 2012 at 10:16 AM, Thiago Souza <tc...@gmail.com>
>> >> wrote:
>> >> > Hello all,
>> >> >
>> >> > Well, I still can not connect to JMX. I tried everything. I can
>> >> > even
>> >> > telnet to port 1099 from the client, but yet can't connect to JMX. I
>> >> > always
>> >> > get: "Cannot connect
>> >> > to service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root
>> >> > using service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root".
>> >> > That's really bad, hope I can convince the production team to
>> >> > support my
>> >> > system without JMX, that won't be an easy task...
>> >> >
>> >> > Thank you all,
>> >> > Thiago Souza
>> >> >
>> >> >
>> >> > On Wed, Mar 28, 2012 at 18:45, Achim Nierbeck
>> >> > <bc...@googlemail.com>
>> >> > wrote:
>> >> >>
>> >> >> Hi Reuben,
>> >> >>
>> >> >> I'd say this is less part of wisdom then of comfort or personal
>> >> >> taste
>> >> >> ;)
>> >> >> From my experience with deploying any type of server in a production
>> >> >> environment I'm personally in favor of closing everything up and
>> >> >> add extra documentation on how to enable wanted "security breaches"
>> >> >> for
>> >> >> development or operation where needed.
>> >> >>
>> >> >> But again this is my personal feeling for it, and if disabling SSH
>> >> >> is a
>> >> >> regression we surely don't want to do it for the 2.2.x line
>> >> >> but should consider it for the 3.0 line.
>> >> >>
>> >> >> Regards, Achim
>> >> >>
>> >> >>
>> >> >>
>> >> >> Am 28.03.2012 22:37, schrieb Reuben Garrett:
>> >> >>
>> >> >>> with due respect for those more experienced than i am, i feel it's
>> >> >>> best
>> >> >>> to disable by default any remote access, along the lines of
>> >> >>> "security
>> >> >>> is
>> >> >>> mandatory" [1]. sure, the deployer of an instance is responsible
>> >> >>> for
>> >> >>> tuning
>> >> >>> security - but it's nice to help people avoid mistakes. if
>> >> >>> necessary,
>> >> >>> it
>> >> >>> could even be deferred to a major release if there's a real
>> >> >>> backwards-compatibility issue.
>> >> >>>
>> >> >>> that being said, i am still a fledgling, and i defer to the
>> >> >>> committers'
>> >> >>> wisdom.
>> >> >>>
>> >> >>> ~ Reuben
>> >> >>>
>> >> >>> [1]: http://www.apache.org/foundation/how-it-works.html#management
>> >> >>> (below "Philosophy")
>> >> >>>
>> >> >>
>> >> >>
>> >> >> --
>> >> >> - Apache Karaf<http://karaf.apache.org/> Committer& PMC
>> >> >> - OPS4J Pax Web<http://wiki.ops4j.org/display/paxweb/Pax+Web/>
>> >> >> Committer& Project Lead
>> >> >> - Blog<http://notizblog.nierbeck.de/>
>> >> >>
>> >> >
>> >
>> >
>
>
Re: Connect to remote JMX?
Posted by Dan Tran <da...@gmail.com>.
service:jmx:rmi://your.karaf.host:1099/jndi/rmi://your.karaf.host:4444/karaf-root
does not work?
Can you telnet to your.karaf.host:1099 and your.karaf.host:4444?
-D
On Mon, Apr 2, 2012 at 2:18 PM, Thiago Souza <tc...@gmail.com> wrote:
> Hi Dan,
>
> - Minimum, standard, or enterprise?
>
> Standard
>
> - how do you invoke karaf?
>
> bin/start (under root)
>
> - what are your jmx port, adn your registry port?
>
> defaults, 1099 and 44444
>
> - Can you run Xwindow to your ubuntu box and run Jconsole from there?
>
> unfortunately not...
>
> On Mon, Apr 2, 2012 at 16:55, Dan Tran <da...@gmail.com> wrote:
>>
>> On Mon, Apr 2, 2012 at 11:38 AM, Thiago Souza <tc...@gmail.com>
>> wrote:
>> > Hi Dan,
>> >
>> > Here it is:
>> >
>> > - What karaf distribution did you use?
>> > Latest 2.2.5
>>
>> Minimum, standard, or enterprise?
>>
>> >
>> > - What is your host and OS type?
>> > Linux Ubuntu 10.11 64-bits
>>
>> how do you invoke karaf?
>>
>> >
>> > - What did you change?
>> > The change I made was in org.apache.karaf.management.cfg. I've
>> > changed
>> > the serviceUrl from "localhost" to "0.0.0.0"
>>
>> what are your jmx port, adn your registry port?
>>
>> >
>> > - Are you able to to connect to karaf locally via same URL??
>> > I don't know how to test JMX from a shell console, but I can telnet
>> > to
>> > localhost 1099.
>> >
>>
>> Can you run Xwindow to your ubuntu box and run Jconsole from there?
>>
>>
>> >
>> > On Mon, Apr 2, 2012 at 14:29, Dan Tran <da...@gmail.com> wrote:
>> >>
>> >> Your URL is wrong jmx:rmi:///jndi/rmi://<host>:1099/karaf-root using
>> >> service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root"
>> >>
>> >> you will need to give more details:
>> >>
>> >> - What karaf distribution did you use?
>> >>
>> >> - What is your host and OS type?
>> >>
>> >> - What did you change?
>> >>
>> >> - Are you able to to connect to karaf locally via same URL??
>> >>
>> >>
>> >> -Dan
>> >>
>> >> On Mon, Apr 2, 2012 at 10:16 AM, Thiago Souza <tc...@gmail.com>
>> >> wrote:
>> >> > Hello all,
>> >> >
>> >> > Well, I still can not connect to JMX. I tried everything. I can
>> >> > even
>> >> > telnet to port 1099 from the client, but yet can't connect to JMX. I
>> >> > always
>> >> > get: "Cannot connect
>> >> > to service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root
>> >> > using service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root".
>> >> > That's really bad, hope I can convince the production team to
>> >> > support my
>> >> > system without JMX, that won't be an easy task...
>> >> >
>> >> > Thank you all,
>> >> > Thiago Souza
>> >> >
>> >> >
>> >> > On Wed, Mar 28, 2012 at 18:45, Achim Nierbeck
>> >> > <bc...@googlemail.com>
>> >> > wrote:
>> >> >>
>> >> >> Hi Reuben,
>> >> >>
>> >> >> I'd say this is less part of wisdom then of comfort or personal
>> >> >> taste
>> >> >> ;)
>> >> >> From my experience with deploying any type of server in a production
>> >> >> environment I'm personally in favor of closing everything up and
>> >> >> add extra documentation on how to enable wanted "security breaches"
>> >> >> for
>> >> >> development or operation where needed.
>> >> >>
>> >> >> But again this is my personal feeling for it, and if disabling SSH
>> >> >> is a
>> >> >> regression we surely don't want to do it for the 2.2.x line
>> >> >> but should consider it for the 3.0 line.
>> >> >>
>> >> >> Regards, Achim
>> >> >>
>> >> >>
>> >> >>
>> >> >> Am 28.03.2012 22:37, schrieb Reuben Garrett:
>> >> >>
>> >> >>> with due respect for those more experienced than i am, i feel it's
>> >> >>> best
>> >> >>> to disable by default any remote access, along the lines of
>> >> >>> "security
>> >> >>> is
>> >> >>> mandatory" [1]. sure, the deployer of an instance is responsible
>> >> >>> for
>> >> >>> tuning
>> >> >>> security - but it's nice to help people avoid mistakes. if
>> >> >>> necessary,
>> >> >>> it
>> >> >>> could even be deferred to a major release if there's a real
>> >> >>> backwards-compatibility issue.
>> >> >>>
>> >> >>> that being said, i am still a fledgling, and i defer to the
>> >> >>> committers'
>> >> >>> wisdom.
>> >> >>>
>> >> >>> ~ Reuben
>> >> >>>
>> >> >>> [1]: http://www.apache.org/foundation/how-it-works.html#management
>> >> >>> (below "Philosophy")
>> >> >>>
>> >> >>
>> >> >>
>> >> >> --
>> >> >> - Apache Karaf<http://karaf.apache.org/> Committer& PMC
>> >> >> - OPS4J Pax Web<http://wiki.ops4j.org/display/paxweb/Pax+Web/>
>> >> >> Committer& Project Lead
>> >> >> - Blog<http://notizblog.nierbeck.de/>
>> >> >>
>> >> >
>> >
>> >
>
>
Re: Connect to remote JMX?
Posted by Thiago Souza <tc...@gmail.com>.
Hi Dan,
*- Minimum, standard, or enterprise? *
*
*
Standard
*- how do you invoke karaf? *
*
*
bin/start (under root)
*- what are your jmx port, adn your registry port?*
*
*
defaults, 1099 and 44444
*- Can you run Xwindow to your ubuntu box and run Jconsole from there?*
*
*
unfortunately not...
On Mon, Apr 2, 2012 at 16:55, Dan Tran <da...@gmail.com> wrote:
> On Mon, Apr 2, 2012 at 11:38 AM, Thiago Souza <tc...@gmail.com>
> wrote:
> > Hi Dan,
> >
> > Here it is:
> >
> > - What karaf distribution did you use?
> > Latest 2.2.5
>
> Minimum, standard, or enterprise?
>
> >
> > - What is your host and OS type?
> > Linux Ubuntu 10.11 64-bits
>
> how do you invoke karaf?
>
> >
> > - What did you change?
> > The change I made was in org.apache.karaf.management.cfg. I've changed
> > the serviceUrl from "localhost" to "0.0.0.0"
>
> what are your jmx port, adn your registry port?
>
> >
> > - Are you able to to connect to karaf locally via same URL??
> > I don't know how to test JMX from a shell console, but I can telnet to
> > localhost 1099.
> >
>
> Can you run Xwindow to your ubuntu box and run Jconsole from there?
>
>
> >
> > On Mon, Apr 2, 2012 at 14:29, Dan Tran <da...@gmail.com> wrote:
> >>
> >> Your URL is wrong jmx:rmi:///jndi/rmi://<host>:1099/karaf-root using
> >> service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root"
> >>
> >> you will need to give more details:
> >>
> >> - What karaf distribution did you use?
> >>
> >> - What is your host and OS type?
> >>
> >> - What did you change?
> >>
> >> - Are you able to to connect to karaf locally via same URL??
> >>
> >>
> >> -Dan
> >>
> >> On Mon, Apr 2, 2012 at 10:16 AM, Thiago Souza <tc...@gmail.com>
> >> wrote:
> >> > Hello all,
> >> >
> >> > Well, I still can not connect to JMX. I tried everything. I can
> even
> >> > telnet to port 1099 from the client, but yet can't connect to JMX. I
> >> > always
> >> > get: "Cannot connect
> >> > to service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root
> >> > using service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root".
> >> > That's really bad, hope I can convince the production team to
> >> > support my
> >> > system without JMX, that won't be an easy task...
> >> >
> >> > Thank you all,
> >> > Thiago Souza
> >> >
> >> >
> >> > On Wed, Mar 28, 2012 at 18:45, Achim Nierbeck <
> bcanhome@googlemail.com>
> >> > wrote:
> >> >>
> >> >> Hi Reuben,
> >> >>
> >> >> I'd say this is less part of wisdom then of comfort or personal taste
> >> >> ;)
> >> >> From my experience with deploying any type of server in a production
> >> >> environment I'm personally in favor of closing everything up and
> >> >> add extra documentation on how to enable wanted "security breaches"
> for
> >> >> development or operation where needed.
> >> >>
> >> >> But again this is my personal feeling for it, and if disabling SSH
> is a
> >> >> regression we surely don't want to do it for the 2.2.x line
> >> >> but should consider it for the 3.0 line.
> >> >>
> >> >> Regards, Achim
> >> >>
> >> >>
> >> >>
> >> >> Am 28.03.2012 22:37, schrieb Reuben Garrett:
> >> >>
> >> >>> with due respect for those more experienced than i am, i feel it's
> >> >>> best
> >> >>> to disable by default any remote access, along the lines of
> "security
> >> >>> is
> >> >>> mandatory" [1]. sure, the deployer of an instance is responsible
> for
> >> >>> tuning
> >> >>> security - but it's nice to help people avoid mistakes. if
> necessary,
> >> >>> it
> >> >>> could even be deferred to a major release if there's a real
> >> >>> backwards-compatibility issue.
> >> >>>
> >> >>> that being said, i am still a fledgling, and i defer to the
> >> >>> committers'
> >> >>> wisdom.
> >> >>>
> >> >>> ~ Reuben
> >> >>>
> >> >>> [1]: http://www.apache.org/foundation/how-it-works.html#management
> >> >>> (below "Philosophy")
> >> >>>
> >> >>
> >> >>
> >> >> --
> >> >> - Apache Karaf<http://karaf.apache.org/> Committer& PMC
> >> >> - OPS4J Pax Web<http://wiki.ops4j.org/display/paxweb/Pax+Web/>
> >> >> Committer& Project Lead
> >> >> - Blog<http://notizblog.nierbeck.de/>
> >> >>
> >> >
> >
> >
>
Re: Connect to remote JMX?
Posted by Dan Tran <da...@gmail.com>.
On Mon, Apr 2, 2012 at 11:38 AM, Thiago Souza <tc...@gmail.com> wrote:
> Hi Dan,
>
> Here it is:
>
> - What karaf distribution did you use?
> Latest 2.2.5
Minimum, standard, or enterprise?
>
> - What is your host and OS type?
> Linux Ubuntu 10.11 64-bits
how do you invoke karaf?
>
> - What did you change?
> The change I made was in org.apache.karaf.management.cfg. I've changed
> the serviceUrl from "localhost" to "0.0.0.0"
what are your jmx port, adn your registry port?
>
> - Are you able to to connect to karaf locally via same URL??
> I don't know how to test JMX from a shell console, but I can telnet to
> localhost 1099.
>
Can you run Xwindow to your ubuntu box and run Jconsole from there?
>
> On Mon, Apr 2, 2012 at 14:29, Dan Tran <da...@gmail.com> wrote:
>>
>> Your URL is wrong jmx:rmi:///jndi/rmi://<host>:1099/karaf-root using
>> service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root"
>>
>> you will need to give more details:
>>
>> - What karaf distribution did you use?
>>
>> - What is your host and OS type?
>>
>> - What did you change?
>>
>> - Are you able to to connect to karaf locally via same URL??
>>
>>
>> -Dan
>>
>> On Mon, Apr 2, 2012 at 10:16 AM, Thiago Souza <tc...@gmail.com>
>> wrote:
>> > Hello all,
>> >
>> > Well, I still can not connect to JMX. I tried everything. I can even
>> > telnet to port 1099 from the client, but yet can't connect to JMX. I
>> > always
>> > get: "Cannot connect
>> > to service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root
>> > using service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root".
>> > That's really bad, hope I can convince the production team to
>> > support my
>> > system without JMX, that won't be an easy task...
>> >
>> > Thank you all,
>> > Thiago Souza
>> >
>> >
>> > On Wed, Mar 28, 2012 at 18:45, Achim Nierbeck <bc...@googlemail.com>
>> > wrote:
>> >>
>> >> Hi Reuben,
>> >>
>> >> I'd say this is less part of wisdom then of comfort or personal taste
>> >> ;)
>> >> From my experience with deploying any type of server in a production
>> >> environment I'm personally in favor of closing everything up and
>> >> add extra documentation on how to enable wanted "security breaches" for
>> >> development or operation where needed.
>> >>
>> >> But again this is my personal feeling for it, and if disabling SSH is a
>> >> regression we surely don't want to do it for the 2.2.x line
>> >> but should consider it for the 3.0 line.
>> >>
>> >> Regards, Achim
>> >>
>> >>
>> >>
>> >> Am 28.03.2012 22:37, schrieb Reuben Garrett:
>> >>
>> >>> with due respect for those more experienced than i am, i feel it's
>> >>> best
>> >>> to disable by default any remote access, along the lines of "security
>> >>> is
>> >>> mandatory" [1]. sure, the deployer of an instance is responsible for
>> >>> tuning
>> >>> security - but it's nice to help people avoid mistakes. if necessary,
>> >>> it
>> >>> could even be deferred to a major release if there's a real
>> >>> backwards-compatibility issue.
>> >>>
>> >>> that being said, i am still a fledgling, and i defer to the
>> >>> committers'
>> >>> wisdom.
>> >>>
>> >>> ~ Reuben
>> >>>
>> >>> [1]: http://www.apache.org/foundation/how-it-works.html#management
>> >>> (below "Philosophy")
>> >>>
>> >>
>> >>
>> >> --
>> >> - Apache Karaf<http://karaf.apache.org/> Committer& PMC
>> >> - OPS4J Pax Web<http://wiki.ops4j.org/display/paxweb/Pax+Web/>
>> >> Committer& Project Lead
>> >> - Blog<http://notizblog.nierbeck.de/>
>> >>
>> >
>
>
Re: Connect to remote JMX?
Posted by Thiago Souza <tc...@gmail.com>.
Hi Dan,
Here it is:
* - What karaf distribution did you use?*
Latest 2.2.5
* - What is your host and OS type? *
Linux Ubuntu 10.11 64-bits
* - What did you change? *
* *The change I made was in org.apache.karaf.management.cfg. I've changed
the serviceUrl from "localhost" to "0.0.0.0"
* - Are you able to to connect to karaf locally via same URL?? *
* *I don't know how to test JMX from a shell console, but I can telnet to
localhost 1099.
On Mon, Apr 2, 2012 at 14:29, Dan Tran <da...@gmail.com> wrote:
> Your URL is wrong jmx:rmi:///jndi/rmi://<host>:1099/karaf-root using
> service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root"
>
> you will need to give more details:
>
> - What karaf distribution did you use?
>
> - What is your host and OS type?
>
> - What did you change?
>
> - Are you able to to connect to karaf locally via same URL??
>
>
> -Dan
>
> On Mon, Apr 2, 2012 at 10:16 AM, Thiago Souza <tc...@gmail.com>
> wrote:
> > Hello all,
> >
> > Well, I still can not connect to JMX. I tried everything. I can even
> > telnet to port 1099 from the client, but yet can't connect to JMX. I
> always
> > get: "Cannot connect
> to service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root
> > using service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root".
> > That's really bad, hope I can convince the production team to
> support my
> > system without JMX, that won't be an easy task...
> >
> > Thank you all,
> > Thiago Souza
> >
> >
> > On Wed, Mar 28, 2012 at 18:45, Achim Nierbeck <bc...@googlemail.com>
> > wrote:
> >>
> >> Hi Reuben,
> >>
> >> I'd say this is less part of wisdom then of comfort or personal taste ;)
> >> From my experience with deploying any type of server in a production
> >> environment I'm personally in favor of closing everything up and
> >> add extra documentation on how to enable wanted "security breaches" for
> >> development or operation where needed.
> >>
> >> But again this is my personal feeling for it, and if disabling SSH is a
> >> regression we surely don't want to do it for the 2.2.x line
> >> but should consider it for the 3.0 line.
> >>
> >> Regards, Achim
> >>
> >>
> >>
> >> Am 28.03.2012 22:37, schrieb Reuben Garrett:
> >>
> >>> with due respect for those more experienced than i am, i feel it's best
> >>> to disable by default any remote access, along the lines of "security
> is
> >>> mandatory" [1]. sure, the deployer of an instance is responsible for
> tuning
> >>> security - but it's nice to help people avoid mistakes. if necessary,
> it
> >>> could even be deferred to a major release if there's a real
> >>> backwards-compatibility issue.
> >>>
> >>> that being said, i am still a fledgling, and i defer to the committers'
> >>> wisdom.
> >>>
> >>> ~ Reuben
> >>>
> >>> [1]: http://www.apache.org/foundation/how-it-works.html#management
> >>> (below "Philosophy")
> >>>
> >>
> >>
> >> --
> >> - Apache Karaf<http://karaf.apache.org/> Committer& PMC
> >> - OPS4J Pax Web<http://wiki.ops4j.org/display/paxweb/Pax+Web/>
> >> Committer& Project Lead
> >> - Blog<http://notizblog.nierbeck.de/>
> >>
> >
>
Re: Connect to remote JMX?
Posted by Dan Tran <da...@gmail.com>.
Your URL is wrong jmx:rmi:///jndi/rmi://<host>:1099/karaf-root using
service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root"
you will need to give more details:
- What karaf distribution did you use?
- What is your host and OS type?
- What did you change?
- Are you able to to connect to karaf locally via same URL??
-Dan
On Mon, Apr 2, 2012 at 10:16 AM, Thiago Souza <tc...@gmail.com> wrote:
> Hello all,
>
> Well, I still can not connect to JMX. I tried everything. I can even
> telnet to port 1099 from the client, but yet can't connect to JMX. I always
> get: "Cannot connect to service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root
> using service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root".
> That's really bad, hope I can convince the production team to support my
> system without JMX, that won't be an easy task...
>
> Thank you all,
> Thiago Souza
>
>
> On Wed, Mar 28, 2012 at 18:45, Achim Nierbeck <bc...@googlemail.com>
> wrote:
>>
>> Hi Reuben,
>>
>> I'd say this is less part of wisdom then of comfort or personal taste ;)
>> From my experience with deploying any type of server in a production
>> environment I'm personally in favor of closing everything up and
>> add extra documentation on how to enable wanted "security breaches" for
>> development or operation where needed.
>>
>> But again this is my personal feeling for it, and if disabling SSH is a
>> regression we surely don't want to do it for the 2.2.x line
>> but should consider it for the 3.0 line.
>>
>> Regards, Achim
>>
>>
>>
>> Am 28.03.2012 22:37, schrieb Reuben Garrett:
>>
>>> with due respect for those more experienced than i am, i feel it's best
>>> to disable by default any remote access, along the lines of "security is
>>> mandatory" [1]. sure, the deployer of an instance is responsible for tuning
>>> security - but it's nice to help people avoid mistakes. if necessary, it
>>> could even be deferred to a major release if there's a real
>>> backwards-compatibility issue.
>>>
>>> that being said, i am still a fledgling, and i defer to the committers'
>>> wisdom.
>>>
>>> ~ Reuben
>>>
>>> [1]: http://www.apache.org/foundation/how-it-works.html#management
>>> (below "Philosophy")
>>>
>>
>>
>> --
>> - Apache Karaf<http://karaf.apache.org/> Committer& PMC
>> - OPS4J Pax Web<http://wiki.ops4j.org/display/paxweb/Pax+Web/>
>> Committer& Project Lead
>> - Blog<http://notizblog.nierbeck.de/>
>>
>