You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@karaf.apache.org by Thiago Souza <tc...@gmail.com> on 2012/03/21 23:06:09 UTC
Connect to remote JMX?
Hi,
On Apache Karaf 2.2.5 I'm trying to connect to remote JMX
using: service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root, but with or
without password (karaf/karaf) I can not connect to it using jvisualvm.
I can successfully telnet to port 1099 from client. I'm using default
configurantion, is there any extra configuration for this to work?
Thanks,
Thiago Souza
Re: Connect to remote JMX?
Posted by Dan Tran <da...@gmail.com>.
Your url looks right
Did you passing user/password? ( karaf/karaf) by deault
do you have management feature enable? What apache-karaf package are
you using? platform?
-D
On Fri, Mar 23, 2012 at 1:40 PM, Thiago Souza <tc...@gmail.com> wrote:
> What registry port? It's configured as default (1099)
>
> I also tried the whole serviceUrl
> service:jmx:rmi://<host>:44444/jndi/rmi://<host>:1099/karaf-root with no
> success
>
> I already checked tons of docs, can't find any helpful =/
>
> Cheers
>
>
> On Thu, Mar 22, 2012 at 00:29, Dan Tran <da...@gmail.com> wrote:
>>
>> you miss the registry port. See o.p.karaf.management.cfg for details
>>
>> also check the doc
>>
>> -D
>>
>> On Wed, Mar 21, 2012 at 3:06 PM, Thiago Souza <tc...@gmail.com>
>> wrote:
>> > Hi,
>> >
>> > On Apache Karaf 2.2.5 I'm trying to connect to remote JMX
>> > using: service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root, but with or
>> > without password (karaf/karaf) I can not connect to it using jvisualvm.
>> >
>> > I can successfully telnet to port 1099 from client. I'm using
>> > default
>> > configurantion, is there any extra configuration for this to work?
>> >
>> > Thanks,
>> > Thiago Souza
>
>
Re: Connect to remote JMX?
Posted by Łukasz Dywicki <lu...@code-house.org>.
FYI there is also a jmx plugin for felix web console. It is attached to some jira issue.
Łukasz Dywicki
--
Code-House
http://code-house.org
Dnia 24 mar 2012 o godz. 03:51 mikevan <mv...@comcast.net> napisał(a):
> Thiago,
>
> So, here's some background on what's probably causing your issue. JVisualVM
> actually uses two ports when you connect to a JMX Server remotely. We
> already know about the one that configured in Karaf 1099. However, JVisualVM
> also randomly selects a port to connect to the JMX Server. If your version
> of Karaf is behind a firewall, on a highly protected VM (like in a VMWare
> cloud), or has other security concerns associated with it, you may never be
> able to reliabley connect.
>
> Thats' why Karaf has a sub-project for a JMX webconsole page. A couple of
> pretty smart developers work extra hard to make that page, and I would
> suggest you use that if you're having trouble connecting to teh JMX server
> holding your Karaf mbean information.
>
> Please let me know if that helps.
>
> -----
> Mike Van (All links open in new tabs)
> Committer - Kalumet
>
> Atraxia Technologies
>
> Mike Van's Open Source Technologies Blog
> --
> View this message in context: http://karaf.922171.n3.nabble.com/Connect-to-remote-JMX-tp3846988p3853241.html
> Sent from the Karaf - User mailing list archive at Nabble.com.
Re: Connect to remote JMX?
Posted by Thiago Souza <tc...@gmail.com>.
Hi Guillaume,
That's exactly what I did. I can also telnet to port 1099 and 44444
from the client.
But still, can't connect (with or without credentials).
Cheers...
On Tue, Apr 3, 2012 at 03:54, PAC Kieffer Guillaume <
Guillaume.Kieffer@panalpina.com> wrote:
> Hi,
>
> I got JMX working yesterday, thanks to this post :)
>
> You have to:
> - Copy exactly the URL provided in the "serviceUrl" from the
> org.apache.karaf.management.cfg
> - Replace the jmxRegistryPort, jmxServerPort and karaf.name with the
> correct values
> - Paste the exact full URL in the "JMX Connection Field" of JVisualvm
>
> You really have to use the full service URL / not only the host and port
> that seems requested.
>
> Regards,
> Guillaume.
>
> -----Original Message-----
> From: Dan Tran [mailto:dantran@gmail.com]
> Sent: Tuesday, April 03, 2012 03:12
> To: user@karaf.apache.org
> Subject: Re: Connect to remote JMX?
>
>
> service:jmx:rmi://your.karaf.host:1099/jndi/rmi://your.karaf.host:4444/karaf-root
> does not work?
>
> Can you telnet to your.karaf.host:1099 and your.karaf.host:4444?
>
> -D
>
>
>
>
>
> On Mon, Apr 2, 2012 at 2:18 PM, Thiago Souza <tc...@gmail.com>
> wrote:
> > Hi Dan,
> >
> > - Minimum, standard, or enterprise?
> >
> > Standard
> >
> > - how do you invoke karaf?
> >
> > bin/start (under root)
> >
> > - what are your jmx port, adn your registry port?
> >
> > defaults, 1099 and 44444
> >
> > - Can you run Xwindow to your ubuntu box and run Jconsole from there?
> >
> > unfortunately not...
> >
> > On Mon, Apr 2, 2012 at 16:55, Dan Tran <da...@gmail.com> wrote:
> >>
> >> On Mon, Apr 2, 2012 at 11:38 AM, Thiago Souza <tc...@gmail.com>
> >> wrote:
> >> > Hi Dan,
> >> >
> >> > Here it is:
> >> >
> >> > - What karaf distribution did you use?
> >> > Latest 2.2.5
> >>
> >> Minimum, standard, or enterprise?
> >>
> >> >
> >> > - What is your host and OS type?
> >> > Linux Ubuntu 10.11 64-bits
> >>
> >> how do you invoke karaf?
> >>
> >> >
> >> > - What did you change?
> >> > The change I made was in org.apache.karaf.management.cfg. I've
> >> > changed
> >> > the serviceUrl from "localhost" to "0.0.0.0"
> >>
> >> what are your jmx port, adn your registry port?
> >>
> >> >
> >> > - Are you able to to connect to karaf locally via same URL??
> >> > I don't know how to test JMX from a shell console, but I can telnet
> >> > to
> >> > localhost 1099.
> >> >
> >>
> >> Can you run Xwindow to your ubuntu box and run Jconsole from there?
> >>
> >>
> >> >
> >> > On Mon, Apr 2, 2012 at 14:29, Dan Tran <da...@gmail.com> wrote:
> >> >>
> >> >> Your URL is wrong jmx:rmi:///jndi/rmi://<host>:1099/karaf-root using
> >> >> service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root"
> >> >>
> >> >> you will need to give more details:
> >> >>
> >> >> - What karaf distribution did you use?
> >> >>
> >> >> - What is your host and OS type?
> >> >>
> >> >> - What did you change?
> >> >>
> >> >> - Are you able to to connect to karaf locally via same URL??
> >> >>
> >> >>
> >> >> -Dan
> >> >>
> >> >> On Mon, Apr 2, 2012 at 10:16 AM, Thiago Souza <tcostasouza@gmail.com
> >
> >> >> wrote:
> >> >> > Hello all,
> >> >> >
> >> >> > Well, I still can not connect to JMX. I tried everything. I can
> >> >> > even
> >> >> > telnet to port 1099 from the client, but yet can't connect to JMX.
> I
> >> >> > always
> >> >> > get: "Cannot connect
> >> >> > to service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root
> >> >> > using service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root".
> >> >> > That's really bad, hope I can convince the production team to
> >> >> > support my
> >> >> > system without JMX, that won't be an easy task...
> >> >> >
> >> >> > Thank you all,
> >> >> > Thiago Souza
> >> >> >
> >> >> >
> >> >> > On Wed, Mar 28, 2012 at 18:45, Achim Nierbeck
> >> >> > <bc...@googlemail.com>
> >> >> > wrote:
> >> >> >>
> >> >> >> Hi Reuben,
> >> >> >>
> >> >> >> I'd say this is less part of wisdom then of comfort or personal
> >> >> >> taste
> >> >> >> ;)
> >> >> >> From my experience with deploying any type of server in a
> production
> >> >> >> environment I'm personally in favor of closing everything up and
> >> >> >> add extra documentation on how to enable wanted "security
> breaches"
> >> >> >> for
> >> >> >> development or operation where needed.
> >> >> >>
> >> >> >> But again this is my personal feeling for it, and if disabling SSH
> >> >> >> is a
> >> >> >> regression we surely don't want to do it for the 2.2.x line
> >> >> >> but should consider it for the 3.0 line.
> >> >> >>
> >> >> >> Regards, Achim
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >> Am 28.03.2012 22:37, schrieb Reuben Garrett:
> >> >> >>
> >> >> >>> with due respect for those more experienced than i am, i feel
> it's
> >> >> >>> best
> >> >> >>> to disable by default any remote access, along the lines of
> >> >> >>> "security
> >> >> >>> is
> >> >> >>> mandatory" [1]. sure, the deployer of an instance is responsible
> >> >> >>> for
> >> >> >>> tuning
> >> >> >>> security - but it's nice to help people avoid mistakes. if
> >> >> >>> necessary,
> >> >> >>> it
> >> >> >>> could even be deferred to a major release if there's a real
> >> >> >>> backwards-compatibility issue.
> >> >> >>>
> >> >> >>> that being said, i am still a fledgling, and i defer to the
> >> >> >>> committers'
> >> >> >>> wisdom.
> >> >> >>>
> >> >> >>> ~ Reuben
> >> >> >>>
> >> >> >>> [1]:
> http://www.apache.org/foundation/how-it-works.html#management
> >> >> >>> (below "Philosophy")
> >> >> >>>
> >> >> >>
> >> >> >>
> >> >> >> --
> >> >> >> - Apache Karaf<http://karaf.apache.org/> Committer& PMC
> >> >> >> - OPS4J Pax Web<http://wiki.ops4j.org/display/paxweb/Pax+Web/>
> >> >> >> Committer& Project Lead
> >> >> >> - Blog<http://notizblog.nierbeck.de/>
> >> >> >>
> >> >> >
> >> >
> >> >
> >
> >
>
RE: Connect to remote JMX?
Posted by PAC Kieffer Guillaume <Gu...@panalpina.com>.
...
PS. and restart the instance (even if the change seems reflected in the config properties) it is not taken into account till you restart.
-----Original Message-----
From: PAC Kieffer Guillaume [mailto:Guillaume.Kieffer@panalpina.com]
Sent: Tuesday, April 03, 2012 08:54
To: user@karaf.apache.org
Subject: RE: Connect to remote JMX?
Hi,
I got JMX working yesterday, thanks to this post :)
You have to:
- Copy exactly the URL provided in the "serviceUrl" from the org.apache.karaf.management.cfg
- Replace the jmxRegistryPort, jmxServerPort and karaf.name with the correct values
- Paste the exact full URL in the "JMX Connection Field" of JVisualvm
You really have to use the full service URL / not only the host and port that seems requested.
Regards,
Guillaume.
-----Original Message-----
From: Dan Tran [mailto:dantran@gmail.com]
Sent: Tuesday, April 03, 2012 03:12
To: user@karaf.apache.org
Subject: Re: Connect to remote JMX?
service:jmx:rmi://your.karaf.host:1099/jndi/rmi://your.karaf.host:4444/karaf-root
does not work?
Can you telnet to your.karaf.host:1099 and your.karaf.host:4444?
-D
On Mon, Apr 2, 2012 at 2:18 PM, Thiago Souza <tc...@gmail.com> wrote:
> Hi Dan,
>
> - Minimum, standard, or enterprise?
>
> Standard
>
> - how do you invoke karaf?
>
> bin/start (under root)
>
> - what are your jmx port, adn your registry port?
>
> defaults, 1099 and 44444
>
> - Can you run Xwindow to your ubuntu box and run Jconsole from there?
>
> unfortunately not...
>
> On Mon, Apr 2, 2012 at 16:55, Dan Tran <da...@gmail.com> wrote:
>>
>> On Mon, Apr 2, 2012 at 11:38 AM, Thiago Souza <tc...@gmail.com>
>> wrote:
>> > Hi Dan,
>> >
>> > Here it is:
>> >
>> > - What karaf distribution did you use?
>> > Latest 2.2.5
>>
>> Minimum, standard, or enterprise?
>>
>> >
>> > - What is your host and OS type?
>> > Linux Ubuntu 10.11 64-bits
>>
>> how do you invoke karaf?
>>
>> >
>> > - What did you change?
>> > The change I made was in org.apache.karaf.management.cfg. I've
>> > changed
>> > the serviceUrl from "localhost" to "0.0.0.0"
>>
>> what are your jmx port, adn your registry port?
>>
>> >
>> > - Are you able to to connect to karaf locally via same URL??
>> > I don't know how to test JMX from a shell console, but I can telnet
>> > to
>> > localhost 1099.
>> >
>>
>> Can you run Xwindow to your ubuntu box and run Jconsole from there?
>>
>>
>> >
>> > On Mon, Apr 2, 2012 at 14:29, Dan Tran <da...@gmail.com> wrote:
>> >>
>> >> Your URL is wrong jmx:rmi:///jndi/rmi://<host>:1099/karaf-root using
>> >> service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root"
>> >>
>> >> you will need to give more details:
>> >>
>> >> - What karaf distribution did you use?
>> >>
>> >> - What is your host and OS type?
>> >>
>> >> - What did you change?
>> >>
>> >> - Are you able to to connect to karaf locally via same URL??
>> >>
>> >>
>> >> -Dan
>> >>
>> >> On Mon, Apr 2, 2012 at 10:16 AM, Thiago Souza <tc...@gmail.com>
>> >> wrote:
>> >> > Hello all,
>> >> >
>> >> > Well, I still can not connect to JMX. I tried everything. I can
>> >> > even
>> >> > telnet to port 1099 from the client, but yet can't connect to JMX. I
>> >> > always
>> >> > get: "Cannot connect
>> >> > to service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root
>> >> > using service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root".
>> >> > That's really bad, hope I can convince the production team to
>> >> > support my
>> >> > system without JMX, that won't be an easy task...
>> >> >
>> >> > Thank you all,
>> >> > Thiago Souza
>> >> >
>> >> >
>> >> > On Wed, Mar 28, 2012 at 18:45, Achim Nierbeck
>> >> > <bc...@googlemail.com>
>> >> > wrote:
>> >> >>
>> >> >> Hi Reuben,
>> >> >>
>> >> >> I'd say this is less part of wisdom then of comfort or personal
>> >> >> taste
>> >> >> ;)
>> >> >> From my experience with deploying any type of server in a production
>> >> >> environment I'm personally in favor of closing everything up and
>> >> >> add extra documentation on how to enable wanted "security breaches"
>> >> >> for
>> >> >> development or operation where needed.
>> >> >>
>> >> >> But again this is my personal feeling for it, and if disabling SSH
>> >> >> is a
>> >> >> regression we surely don't want to do it for the 2.2.x line
>> >> >> but should consider it for the 3.0 line.
>> >> >>
>> >> >> Regards, Achim
>> >> >>
>> >> >>
>> >> >>
>> >> >> Am 28.03.2012 22:37, schrieb Reuben Garrett:
>> >> >>
>> >> >>> with due respect for those more experienced than i am, i feel it's
>> >> >>> best
>> >> >>> to disable by default any remote access, along the lines of
>> >> >>> "security
>> >> >>> is
>> >> >>> mandatory" [1]. sure, the deployer of an instance is responsible
>> >> >>> for
>> >> >>> tuning
>> >> >>> security - but it's nice to help people avoid mistakes. if
>> >> >>> necessary,
>> >> >>> it
>> >> >>> could even be deferred to a major release if there's a real
>> >> >>> backwards-compatibility issue.
>> >> >>>
>> >> >>> that being said, i am still a fledgling, and i defer to the
>> >> >>> committers'
>> >> >>> wisdom.
>> >> >>>
>> >> >>> ~ Reuben
>> >> >>>
>> >> >>> [1]: http://www.apache.org/foundation/how-it-works.html#management
>> >> >>> (below "Philosophy")
>> >> >>>
>> >> >>
>> >> >>
>> >> >> --
>> >> >> - Apache Karaf<http://karaf.apache.org/> Committer& PMC
>> >> >> - OPS4J Pax Web<http://wiki.ops4j.org/display/paxweb/Pax+Web/>
>> >> >> Committer& Project Lead
>> >> >> - Blog<http://notizblog.nierbeck.de/>
>> >> >>
>> >> >
>> >
>> >
>
>
RE: Connect to remote JMX?
Posted by PAC Kieffer Guillaume <Gu...@panalpina.com>.
Hi,
I got JMX working yesterday, thanks to this post :)
You have to:
- Copy exactly the URL provided in the "serviceUrl" from the org.apache.karaf.management.cfg
- Replace the jmxRegistryPort, jmxServerPort and karaf.name with the correct values
- Paste the exact full URL in the "JMX Connection Field" of JVisualvm
You really have to use the full service URL / not only the host and port that seems requested.
Regards,
Guillaume.
-----Original Message-----
From: Dan Tran [mailto:dantran@gmail.com]
Sent: Tuesday, April 03, 2012 03:12
To: user@karaf.apache.org
Subject: Re: Connect to remote JMX?
service:jmx:rmi://your.karaf.host:1099/jndi/rmi://your.karaf.host:4444/karaf-root
does not work?
Can you telnet to your.karaf.host:1099 and your.karaf.host:4444?
-D
On Mon, Apr 2, 2012 at 2:18 PM, Thiago Souza <tc...@gmail.com> wrote:
> Hi Dan,
>
> - Minimum, standard, or enterprise?
>
> Standard
>
> - how do you invoke karaf?
>
> bin/start (under root)
>
> - what are your jmx port, adn your registry port?
>
> defaults, 1099 and 44444
>
> - Can you run Xwindow to your ubuntu box and run Jconsole from there?
>
> unfortunately not...
>
> On Mon, Apr 2, 2012 at 16:55, Dan Tran <da...@gmail.com> wrote:
>>
>> On Mon, Apr 2, 2012 at 11:38 AM, Thiago Souza <tc...@gmail.com>
>> wrote:
>> > Hi Dan,
>> >
>> > Here it is:
>> >
>> > - What karaf distribution did you use?
>> > Latest 2.2.5
>>
>> Minimum, standard, or enterprise?
>>
>> >
>> > - What is your host and OS type?
>> > Linux Ubuntu 10.11 64-bits
>>
>> how do you invoke karaf?
>>
>> >
>> > - What did you change?
>> > The change I made was in org.apache.karaf.management.cfg. I've
>> > changed
>> > the serviceUrl from "localhost" to "0.0.0.0"
>>
>> what are your jmx port, adn your registry port?
>>
>> >
>> > - Are you able to to connect to karaf locally via same URL??
>> > I don't know how to test JMX from a shell console, but I can telnet
>> > to
>> > localhost 1099.
>> >
>>
>> Can you run Xwindow to your ubuntu box and run Jconsole from there?
>>
>>
>> >
>> > On Mon, Apr 2, 2012 at 14:29, Dan Tran <da...@gmail.com> wrote:
>> >>
>> >> Your URL is wrong jmx:rmi:///jndi/rmi://<host>:1099/karaf-root using
>> >> service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root"
>> >>
>> >> you will need to give more details:
>> >>
>> >> - What karaf distribution did you use?
>> >>
>> >> - What is your host and OS type?
>> >>
>> >> - What did you change?
>> >>
>> >> - Are you able to to connect to karaf locally via same URL??
>> >>
>> >>
>> >> -Dan
>> >>
>> >> On Mon, Apr 2, 2012 at 10:16 AM, Thiago Souza <tc...@gmail.com>
>> >> wrote:
>> >> > Hello all,
>> >> >
>> >> > Well, I still can not connect to JMX. I tried everything. I can
>> >> > even
>> >> > telnet to port 1099 from the client, but yet can't connect to JMX. I
>> >> > always
>> >> > get: "Cannot connect
>> >> > to service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root
>> >> > using service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root".
>> >> > That's really bad, hope I can convince the production team to
>> >> > support my
>> >> > system without JMX, that won't be an easy task...
>> >> >
>> >> > Thank you all,
>> >> > Thiago Souza
>> >> >
>> >> >
>> >> > On Wed, Mar 28, 2012 at 18:45, Achim Nierbeck
>> >> > <bc...@googlemail.com>
>> >> > wrote:
>> >> >>
>> >> >> Hi Reuben,
>> >> >>
>> >> >> I'd say this is less part of wisdom then of comfort or personal
>> >> >> taste
>> >> >> ;)
>> >> >> From my experience with deploying any type of server in a production
>> >> >> environment I'm personally in favor of closing everything up and
>> >> >> add extra documentation on how to enable wanted "security breaches"
>> >> >> for
>> >> >> development or operation where needed.
>> >> >>
>> >> >> But again this is my personal feeling for it, and if disabling SSH
>> >> >> is a
>> >> >> regression we surely don't want to do it for the 2.2.x line
>> >> >> but should consider it for the 3.0 line.
>> >> >>
>> >> >> Regards, Achim
>> >> >>
>> >> >>
>> >> >>
>> >> >> Am 28.03.2012 22:37, schrieb Reuben Garrett:
>> >> >>
>> >> >>> with due respect for those more experienced than i am, i feel it's
>> >> >>> best
>> >> >>> to disable by default any remote access, along the lines of
>> >> >>> "security
>> >> >>> is
>> >> >>> mandatory" [1]. sure, the deployer of an instance is responsible
>> >> >>> for
>> >> >>> tuning
>> >> >>> security - but it's nice to help people avoid mistakes. if
>> >> >>> necessary,
>> >> >>> it
>> >> >>> could even be deferred to a major release if there's a real
>> >> >>> backwards-compatibility issue.
>> >> >>>
>> >> >>> that being said, i am still a fledgling, and i defer to the
>> >> >>> committers'
>> >> >>> wisdom.
>> >> >>>
>> >> >>> ~ Reuben
>> >> >>>
>> >> >>> [1]: http://www.apache.org/foundation/how-it-works.html#management
>> >> >>> (below "Philosophy")
>> >> >>>
>> >> >>
>> >> >>
>> >> >> --
>> >> >> - Apache Karaf<http://karaf.apache.org/> Committer& PMC
>> >> >> - OPS4J Pax Web<http://wiki.ops4j.org/display/paxweb/Pax+Web/>
>> >> >> Committer& Project Lead
>> >> >> - Blog<http://notizblog.nierbeck.de/>
>> >> >>
>> >> >
>> >
>> >
>
>
Re: Connect to remote JMX?
Posted by Dan Tran <da...@gmail.com>.
service:jmx:rmi://your.karaf.host:1099/jndi/rmi://your.karaf.host:4444/karaf-root
does not work?
Can you telnet to your.karaf.host:1099 and your.karaf.host:4444?
-D
On Mon, Apr 2, 2012 at 2:18 PM, Thiago Souza <tc...@gmail.com> wrote:
> Hi Dan,
>
> - Minimum, standard, or enterprise?
>
> Standard
>
> - how do you invoke karaf?
>
> bin/start (under root)
>
> - what are your jmx port, adn your registry port?
>
> defaults, 1099 and 44444
>
> - Can you run Xwindow to your ubuntu box and run Jconsole from there?
>
> unfortunately not...
>
> On Mon, Apr 2, 2012 at 16:55, Dan Tran <da...@gmail.com> wrote:
>>
>> On Mon, Apr 2, 2012 at 11:38 AM, Thiago Souza <tc...@gmail.com>
>> wrote:
>> > Hi Dan,
>> >
>> > Here it is:
>> >
>> > - What karaf distribution did you use?
>> > Latest 2.2.5
>>
>> Minimum, standard, or enterprise?
>>
>> >
>> > - What is your host and OS type?
>> > Linux Ubuntu 10.11 64-bits
>>
>> how do you invoke karaf?
>>
>> >
>> > - What did you change?
>> > The change I made was in org.apache.karaf.management.cfg. I've
>> > changed
>> > the serviceUrl from "localhost" to "0.0.0.0"
>>
>> what are your jmx port, adn your registry port?
>>
>> >
>> > - Are you able to to connect to karaf locally via same URL??
>> > I don't know how to test JMX from a shell console, but I can telnet
>> > to
>> > localhost 1099.
>> >
>>
>> Can you run Xwindow to your ubuntu box and run Jconsole from there?
>>
>>
>> >
>> > On Mon, Apr 2, 2012 at 14:29, Dan Tran <da...@gmail.com> wrote:
>> >>
>> >> Your URL is wrong jmx:rmi:///jndi/rmi://<host>:1099/karaf-root using
>> >> service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root"
>> >>
>> >> you will need to give more details:
>> >>
>> >> - What karaf distribution did you use?
>> >>
>> >> - What is your host and OS type?
>> >>
>> >> - What did you change?
>> >>
>> >> - Are you able to to connect to karaf locally via same URL??
>> >>
>> >>
>> >> -Dan
>> >>
>> >> On Mon, Apr 2, 2012 at 10:16 AM, Thiago Souza <tc...@gmail.com>
>> >> wrote:
>> >> > Hello all,
>> >> >
>> >> > Well, I still can not connect to JMX. I tried everything. I can
>> >> > even
>> >> > telnet to port 1099 from the client, but yet can't connect to JMX. I
>> >> > always
>> >> > get: "Cannot connect
>> >> > to service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root
>> >> > using service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root".
>> >> > That's really bad, hope I can convince the production team to
>> >> > support my
>> >> > system without JMX, that won't be an easy task...
>> >> >
>> >> > Thank you all,
>> >> > Thiago Souza
>> >> >
>> >> >
>> >> > On Wed, Mar 28, 2012 at 18:45, Achim Nierbeck
>> >> > <bc...@googlemail.com>
>> >> > wrote:
>> >> >>
>> >> >> Hi Reuben,
>> >> >>
>> >> >> I'd say this is less part of wisdom then of comfort or personal
>> >> >> taste
>> >> >> ;)
>> >> >> From my experience with deploying any type of server in a production
>> >> >> environment I'm personally in favor of closing everything up and
>> >> >> add extra documentation on how to enable wanted "security breaches"
>> >> >> for
>> >> >> development or operation where needed.
>> >> >>
>> >> >> But again this is my personal feeling for it, and if disabling SSH
>> >> >> is a
>> >> >> regression we surely don't want to do it for the 2.2.x line
>> >> >> but should consider it for the 3.0 line.
>> >> >>
>> >> >> Regards, Achim
>> >> >>
>> >> >>
>> >> >>
>> >> >> Am 28.03.2012 22:37, schrieb Reuben Garrett:
>> >> >>
>> >> >>> with due respect for those more experienced than i am, i feel it's
>> >> >>> best
>> >> >>> to disable by default any remote access, along the lines of
>> >> >>> "security
>> >> >>> is
>> >> >>> mandatory" [1]. sure, the deployer of an instance is responsible
>> >> >>> for
>> >> >>> tuning
>> >> >>> security - but it's nice to help people avoid mistakes. if
>> >> >>> necessary,
>> >> >>> it
>> >> >>> could even be deferred to a major release if there's a real
>> >> >>> backwards-compatibility issue.
>> >> >>>
>> >> >>> that being said, i am still a fledgling, and i defer to the
>> >> >>> committers'
>> >> >>> wisdom.
>> >> >>>
>> >> >>> ~ Reuben
>> >> >>>
>> >> >>> [1]: http://www.apache.org/foundation/how-it-works.html#management
>> >> >>> (below "Philosophy")
>> >> >>>
>> >> >>
>> >> >>
>> >> >> --
>> >> >> - Apache Karaf<http://karaf.apache.org/> Committer& PMC
>> >> >> - OPS4J Pax Web<http://wiki.ops4j.org/display/paxweb/Pax+Web/>
>> >> >> Committer& Project Lead
>> >> >> - Blog<http://notizblog.nierbeck.de/>
>> >> >>
>> >> >
>> >
>> >
>
>
Re: Connect to remote JMX?
Posted by Thiago Souza <tc...@gmail.com>.
Hi Dan,
*- Minimum, standard, or enterprise? *
*
*
Standard
*- how do you invoke karaf? *
*
*
bin/start (under root)
*- what are your jmx port, adn your registry port?*
*
*
defaults, 1099 and 44444
*- Can you run Xwindow to your ubuntu box and run Jconsole from there?*
*
*
unfortunately not...
On Mon, Apr 2, 2012 at 16:55, Dan Tran <da...@gmail.com> wrote:
> On Mon, Apr 2, 2012 at 11:38 AM, Thiago Souza <tc...@gmail.com>
> wrote:
> > Hi Dan,
> >
> > Here it is:
> >
> > - What karaf distribution did you use?
> > Latest 2.2.5
>
> Minimum, standard, or enterprise?
>
> >
> > - What is your host and OS type?
> > Linux Ubuntu 10.11 64-bits
>
> how do you invoke karaf?
>
> >
> > - What did you change?
> > The change I made was in org.apache.karaf.management.cfg. I've changed
> > the serviceUrl from "localhost" to "0.0.0.0"
>
> what are your jmx port, adn your registry port?
>
> >
> > - Are you able to to connect to karaf locally via same URL??
> > I don't know how to test JMX from a shell console, but I can telnet to
> > localhost 1099.
> >
>
> Can you run Xwindow to your ubuntu box and run Jconsole from there?
>
>
> >
> > On Mon, Apr 2, 2012 at 14:29, Dan Tran <da...@gmail.com> wrote:
> >>
> >> Your URL is wrong jmx:rmi:///jndi/rmi://<host>:1099/karaf-root using
> >> service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root"
> >>
> >> you will need to give more details:
> >>
> >> - What karaf distribution did you use?
> >>
> >> - What is your host and OS type?
> >>
> >> - What did you change?
> >>
> >> - Are you able to to connect to karaf locally via same URL??
> >>
> >>
> >> -Dan
> >>
> >> On Mon, Apr 2, 2012 at 10:16 AM, Thiago Souza <tc...@gmail.com>
> >> wrote:
> >> > Hello all,
> >> >
> >> > Well, I still can not connect to JMX. I tried everything. I can
> even
> >> > telnet to port 1099 from the client, but yet can't connect to JMX. I
> >> > always
> >> > get: "Cannot connect
> >> > to service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root
> >> > using service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root".
> >> > That's really bad, hope I can convince the production team to
> >> > support my
> >> > system without JMX, that won't be an easy task...
> >> >
> >> > Thank you all,
> >> > Thiago Souza
> >> >
> >> >
> >> > On Wed, Mar 28, 2012 at 18:45, Achim Nierbeck <
> bcanhome@googlemail.com>
> >> > wrote:
> >> >>
> >> >> Hi Reuben,
> >> >>
> >> >> I'd say this is less part of wisdom then of comfort or personal taste
> >> >> ;)
> >> >> From my experience with deploying any type of server in a production
> >> >> environment I'm personally in favor of closing everything up and
> >> >> add extra documentation on how to enable wanted "security breaches"
> for
> >> >> development or operation where needed.
> >> >>
> >> >> But again this is my personal feeling for it, and if disabling SSH
> is a
> >> >> regression we surely don't want to do it for the 2.2.x line
> >> >> but should consider it for the 3.0 line.
> >> >>
> >> >> Regards, Achim
> >> >>
> >> >>
> >> >>
> >> >> Am 28.03.2012 22:37, schrieb Reuben Garrett:
> >> >>
> >> >>> with due respect for those more experienced than i am, i feel it's
> >> >>> best
> >> >>> to disable by default any remote access, along the lines of
> "security
> >> >>> is
> >> >>> mandatory" [1]. sure, the deployer of an instance is responsible
> for
> >> >>> tuning
> >> >>> security - but it's nice to help people avoid mistakes. if
> necessary,
> >> >>> it
> >> >>> could even be deferred to a major release if there's a real
> >> >>> backwards-compatibility issue.
> >> >>>
> >> >>> that being said, i am still a fledgling, and i defer to the
> >> >>> committers'
> >> >>> wisdom.
> >> >>>
> >> >>> ~ Reuben
> >> >>>
> >> >>> [1]: http://www.apache.org/foundation/how-it-works.html#management
> >> >>> (below "Philosophy")
> >> >>>
> >> >>
> >> >>
> >> >> --
> >> >> - Apache Karaf<http://karaf.apache.org/> Committer& PMC
> >> >> - OPS4J Pax Web<http://wiki.ops4j.org/display/paxweb/Pax+Web/>
> >> >> Committer& Project Lead
> >> >> - Blog<http://notizblog.nierbeck.de/>
> >> >>
> >> >
> >
> >
>
Re: Connect to remote JMX?
Posted by Dan Tran <da...@gmail.com>.
On Mon, Apr 2, 2012 at 11:38 AM, Thiago Souza <tc...@gmail.com> wrote:
> Hi Dan,
>
> Here it is:
>
> - What karaf distribution did you use?
> Latest 2.2.5
Minimum, standard, or enterprise?
>
> - What is your host and OS type?
> Linux Ubuntu 10.11 64-bits
how do you invoke karaf?
>
> - What did you change?
> The change I made was in org.apache.karaf.management.cfg. I've changed
> the serviceUrl from "localhost" to "0.0.0.0"
what are your jmx port, adn your registry port?
>
> - Are you able to to connect to karaf locally via same URL??
> I don't know how to test JMX from a shell console, but I can telnet to
> localhost 1099.
>
Can you run Xwindow to your ubuntu box and run Jconsole from there?
>
> On Mon, Apr 2, 2012 at 14:29, Dan Tran <da...@gmail.com> wrote:
>>
>> Your URL is wrong jmx:rmi:///jndi/rmi://<host>:1099/karaf-root using
>> service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root"
>>
>> you will need to give more details:
>>
>> - What karaf distribution did you use?
>>
>> - What is your host and OS type?
>>
>> - What did you change?
>>
>> - Are you able to to connect to karaf locally via same URL??
>>
>>
>> -Dan
>>
>> On Mon, Apr 2, 2012 at 10:16 AM, Thiago Souza <tc...@gmail.com>
>> wrote:
>> > Hello all,
>> >
>> > Well, I still can not connect to JMX. I tried everything. I can even
>> > telnet to port 1099 from the client, but yet can't connect to JMX. I
>> > always
>> > get: "Cannot connect
>> > to service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root
>> > using service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root".
>> > That's really bad, hope I can convince the production team to
>> > support my
>> > system without JMX, that won't be an easy task...
>> >
>> > Thank you all,
>> > Thiago Souza
>> >
>> >
>> > On Wed, Mar 28, 2012 at 18:45, Achim Nierbeck <bc...@googlemail.com>
>> > wrote:
>> >>
>> >> Hi Reuben,
>> >>
>> >> I'd say this is less part of wisdom then of comfort or personal taste
>> >> ;)
>> >> From my experience with deploying any type of server in a production
>> >> environment I'm personally in favor of closing everything up and
>> >> add extra documentation on how to enable wanted "security breaches" for
>> >> development or operation where needed.
>> >>
>> >> But again this is my personal feeling for it, and if disabling SSH is a
>> >> regression we surely don't want to do it for the 2.2.x line
>> >> but should consider it for the 3.0 line.
>> >>
>> >> Regards, Achim
>> >>
>> >>
>> >>
>> >> Am 28.03.2012 22:37, schrieb Reuben Garrett:
>> >>
>> >>> with due respect for those more experienced than i am, i feel it's
>> >>> best
>> >>> to disable by default any remote access, along the lines of "security
>> >>> is
>> >>> mandatory" [1]. sure, the deployer of an instance is responsible for
>> >>> tuning
>> >>> security - but it's nice to help people avoid mistakes. if necessary,
>> >>> it
>> >>> could even be deferred to a major release if there's a real
>> >>> backwards-compatibility issue.
>> >>>
>> >>> that being said, i am still a fledgling, and i defer to the
>> >>> committers'
>> >>> wisdom.
>> >>>
>> >>> ~ Reuben
>> >>>
>> >>> [1]: http://www.apache.org/foundation/how-it-works.html#management
>> >>> (below "Philosophy")
>> >>>
>> >>
>> >>
>> >> --
>> >> - Apache Karaf<http://karaf.apache.org/> Committer& PMC
>> >> - OPS4J Pax Web<http://wiki.ops4j.org/display/paxweb/Pax+Web/>
>> >> Committer& Project Lead
>> >> - Blog<http://notizblog.nierbeck.de/>
>> >>
>> >
>
>
Re: Connect to remote JMX?
Posted by Thiago Souza <tc...@gmail.com>.
Hi Dan,
Here it is:
* - What karaf distribution did you use?*
Latest 2.2.5
* - What is your host and OS type? *
Linux Ubuntu 10.11 64-bits
* - What did you change? *
* *The change I made was in org.apache.karaf.management.cfg. I've changed
the serviceUrl from "localhost" to "0.0.0.0"
* - Are you able to to connect to karaf locally via same URL?? *
* *I don't know how to test JMX from a shell console, but I can telnet to
localhost 1099.
On Mon, Apr 2, 2012 at 14:29, Dan Tran <da...@gmail.com> wrote:
> Your URL is wrong jmx:rmi:///jndi/rmi://<host>:1099/karaf-root using
> service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root"
>
> you will need to give more details:
>
> - What karaf distribution did you use?
>
> - What is your host and OS type?
>
> - What did you change?
>
> - Are you able to to connect to karaf locally via same URL??
>
>
> -Dan
>
> On Mon, Apr 2, 2012 at 10:16 AM, Thiago Souza <tc...@gmail.com>
> wrote:
> > Hello all,
> >
> > Well, I still can not connect to JMX. I tried everything. I can even
> > telnet to port 1099 from the client, but yet can't connect to JMX. I
> always
> > get: "Cannot connect
> to service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root
> > using service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root".
> > That's really bad, hope I can convince the production team to
> support my
> > system without JMX, that won't be an easy task...
> >
> > Thank you all,
> > Thiago Souza
> >
> >
> > On Wed, Mar 28, 2012 at 18:45, Achim Nierbeck <bc...@googlemail.com>
> > wrote:
> >>
> >> Hi Reuben,
> >>
> >> I'd say this is less part of wisdom then of comfort or personal taste ;)
> >> From my experience with deploying any type of server in a production
> >> environment I'm personally in favor of closing everything up and
> >> add extra documentation on how to enable wanted "security breaches" for
> >> development or operation where needed.
> >>
> >> But again this is my personal feeling for it, and if disabling SSH is a
> >> regression we surely don't want to do it for the 2.2.x line
> >> but should consider it for the 3.0 line.
> >>
> >> Regards, Achim
> >>
> >>
> >>
> >> Am 28.03.2012 22:37, schrieb Reuben Garrett:
> >>
> >>> with due respect for those more experienced than i am, i feel it's best
> >>> to disable by default any remote access, along the lines of "security
> is
> >>> mandatory" [1]. sure, the deployer of an instance is responsible for
> tuning
> >>> security - but it's nice to help people avoid mistakes. if necessary,
> it
> >>> could even be deferred to a major release if there's a real
> >>> backwards-compatibility issue.
> >>>
> >>> that being said, i am still a fledgling, and i defer to the committers'
> >>> wisdom.
> >>>
> >>> ~ Reuben
> >>>
> >>> [1]: http://www.apache.org/foundation/how-it-works.html#management
> >>> (below "Philosophy")
> >>>
> >>
> >>
> >> --
> >> - Apache Karaf<http://karaf.apache.org/> Committer& PMC
> >> - OPS4J Pax Web<http://wiki.ops4j.org/display/paxweb/Pax+Web/>
> >> Committer& Project Lead
> >> - Blog<http://notizblog.nierbeck.de/>
> >>
> >
>
Re: Connect to remote JMX?
Posted by Dan Tran <da...@gmail.com>.
Your URL is wrong jmx:rmi:///jndi/rmi://<host>:1099/karaf-root using
service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root"
you will need to give more details:
- What karaf distribution did you use?
- What is your host and OS type?
- What did you change?
- Are you able to to connect to karaf locally via same URL??
-Dan
On Mon, Apr 2, 2012 at 10:16 AM, Thiago Souza <tc...@gmail.com> wrote:
> Hello all,
>
> Well, I still can not connect to JMX. I tried everything. I can even
> telnet to port 1099 from the client, but yet can't connect to JMX. I always
> get: "Cannot connect to service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root
> using service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root".
> That's really bad, hope I can convince the production team to support my
> system without JMX, that won't be an easy task...
>
> Thank you all,
> Thiago Souza
>
>
> On Wed, Mar 28, 2012 at 18:45, Achim Nierbeck <bc...@googlemail.com>
> wrote:
>>
>> Hi Reuben,
>>
>> I'd say this is less part of wisdom then of comfort or personal taste ;)
>> From my experience with deploying any type of server in a production
>> environment I'm personally in favor of closing everything up and
>> add extra documentation on how to enable wanted "security breaches" for
>> development or operation where needed.
>>
>> But again this is my personal feeling for it, and if disabling SSH is a
>> regression we surely don't want to do it for the 2.2.x line
>> but should consider it for the 3.0 line.
>>
>> Regards, Achim
>>
>>
>>
>> Am 28.03.2012 22:37, schrieb Reuben Garrett:
>>
>>> with due respect for those more experienced than i am, i feel it's best
>>> to disable by default any remote access, along the lines of "security is
>>> mandatory" [1]. sure, the deployer of an instance is responsible for tuning
>>> security - but it's nice to help people avoid mistakes. if necessary, it
>>> could even be deferred to a major release if there's a real
>>> backwards-compatibility issue.
>>>
>>> that being said, i am still a fledgling, and i defer to the committers'
>>> wisdom.
>>>
>>> ~ Reuben
>>>
>>> [1]: http://www.apache.org/foundation/how-it-works.html#management
>>> (below "Philosophy")
>>>
>>
>>
>> --
>> - Apache Karaf<http://karaf.apache.org/> Committer& PMC
>> - OPS4J Pax Web<http://wiki.ops4j.org/display/paxweb/Pax+Web/>
>> Committer& Project Lead
>> - Blog<http://notizblog.nierbeck.de/>
>>
>
Re: Connect to remote JMX?
Posted by Thiago Souza <tc...@gmail.com>.
Hello all,
Well, I still can not connect to JMX. I tried everything. I can even
telnet to port 1099 from the client, but yet can't connect to JMX. I always
get: "Cannot connect
to service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root
using service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root".
That's really bad, hope I can convince the production team to support
my system without JMX, that won't be an easy task...
Thank you all,
Thiago Souza
On Wed, Mar 28, 2012 at 18:45, Achim Nierbeck <bc...@googlemail.com>wrote:
> Hi Reuben,
>
> I'd say this is less part of wisdom then of comfort or personal taste ;)
> From my experience with deploying any type of server in a production
> environment I'm personally in favor of closing everything up and
> add extra documentation on how to enable wanted "security breaches" for
> development or operation where needed.
>
> But again this is my personal feeling for it, and if disabling SSH is a
> regression we surely don't want to do it for the 2.2.x line
> but should consider it for the 3.0 line.
>
> Regards, Achim
>
>
>
> Am 28.03.2012 22:37, schrieb Reuben Garrett:
>
> with due respect for those more experienced than i am, i feel it's best
>> to disable by default any remote access, along the lines of "security is
>> mandatory" [1]. sure, the deployer of an instance is responsible for
>> tuning security - but it's nice to help people avoid mistakes. if
>> necessary, it could even be deferred to a major release if there's a real
>> backwards-compatibility issue.
>>
>> that being said, i am still a fledgling, and i defer to the committers'
>> wisdom.
>>
>> ~ Reuben
>>
>> [1]: http://www.apache.org/**foundation/how-it-works.html#**management<http://www.apache.org/foundation/how-it-works.html#management> (below "Philosophy")
>>
>>
>
> --
> - Apache Karaf<http://karaf.apache.org/**> Committer& PMC
> - OPS4J Pax Web<http://wiki.ops4j.org/**display/paxweb/Pax+Web/<http://wiki.ops4j.org/display/paxweb/Pax+Web/>>
> Committer& Project Lead
> - Blog<http://notizblog.**nierbeck.de/ <http://notizblog.nierbeck.de/>>
>
>
Re: Connect to remote JMX?
Posted by Achim Nierbeck <bc...@googlemail.com>.
Hi Reuben,
I'd say this is less part of wisdom then of comfort or personal taste ;)
From my experience with deploying any type of server in a production
environment I'm personally in favor of closing everything up and
add extra documentation on how to enable wanted "security breaches" for
development or operation where needed.
But again this is my personal feeling for it, and if disabling SSH is a
regression we surely don't want to do it for the 2.2.x line
but should consider it for the 3.0 line.
Regards, Achim
Am 28.03.2012 22:37, schrieb Reuben Garrett:
> with due respect for those more experienced than i am, i feel it's
> best to disable by default any remote access, along the lines of
> "security is mandatory" [1]. sure, the deployer of an instance is
> responsible for tuning security - but it's nice to help people avoid
> mistakes. if necessary, it could even be deferred to a major release
> if there's a real backwards-compatibility issue.
>
> that being said, i am still a fledgling, and i defer to the
> committers' wisdom.
>
> ~ Reuben
>
> [1]: http://www.apache.org/foundation/how-it-works.html#management
> (below "Philosophy")
>
--
- Apache Karaf<http://karaf.apache.org/> Committer& PMC
- OPS4J Pax Web<http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer& Project Lead
- Blog<http://notizblog.nierbeck.de/>
Re: Connect to remote JMX?
Posted by Reuben Garrett <re...@gmail.com>.
with due respect for those more experienced than i am, i feel it's best to
disable by default any remote access, along the lines of "security is
mandatory" [1]. sure, the deployer of an instance is responsible for
tuning security - but it's nice to help people avoid mistakes. if
necessary, it could even be deferred to a major release if there's a real
backwards-compatibility issue.
that being said, i am still a fledgling, and i defer to the committers'
wisdom.
~ Reuben
[1]: http://www.apache.org/foundation/how-it-works.html#management
(below "Philosophy")
Re: Connect to remote JMX?
Posted by Dan Tran <da...@gmail.com>.
I would prefer to disable remote access to both ssh and jmx and
document it clearly.
I once accidentally left ssh enable by default in production, and had
to scramble to to disable it
-D
On Wed, Mar 28, 2012 at 1:27 AM, Freeman Fang <fr...@gmail.com> wrote:
> Hi Achim,
>
> Disable ssh remote access by default will break backward compatibility, and
> as we do have credentials configured by default, I believe it's fine for us
> to enable SSH/JMX remote access , and I think a lot of users just start
> Karaf on server machine and they maintain it daily from remote console(SSH
> or JMX), so it's should be more convenient for end user if they need less
> configuration, just my 0.02$
>
> Regards
> Freeman
>
>
> On 2012-3-28, at 下午4:01, Achim Nierbeck wrote:
>
> Hi,
>
> it's just something I learned in the past working with the Operating
> departments.
> Actually I think it would also be better to not open the SSH port as
> default configuration and document how to do it if in need.
> I favor a behavior like Tomcat does, the administration console is not
> "enabled" cause no credentials are configured.
> That's why I think we should start with a "secured" default
> configuration and document how to weaken it if needed :)
>
> regards, Achim
>
> 2012/3/28 Freeman Fang <fr...@gmail.com>:
>
> Hi Achim,
>
> Hmm, isn't the username/password used here to protect in this case? IMO, the
>
> JMX behavior should keep same as the ssh behavior, currently the ssh is
>
> remote accessible, we have
>
> sshHost=0.0.0.0, of course the remote access need username/password, it's
>
> really weird from my point of view we enable ssh remote access by default
>
> but not the jmx, I don't see any real difference between the two.
>
>
> Regards
>
> Freeman
>
>
> On 2012-3-28, at 下午3:08, Achim Nierbeck wrote:
>
>
> I'm not sure if this is something that needs to be fixed.
>
> I'd rather suggest to document this, cause if it's not bound to the
>
> local interface we open a possible security hole here.
>
> Cause anybody could be able to access and alter the Karaf server through
>
> JMX.
>
>
> Regards, Achim
>
>
> 2012/3/28 Freeman Fang <fr...@gmail.com>:
>
>
> Hi,
>
>
>
> I think this is something we need fix, create KARAF-1295[1] to track it.
>
>
>
> [1]https://issues.apache.org/jira/browse/KARAF-1295
>
>
>
> Regards
>
>
> Freeman
>
>
>
> On 2012-3-28, at 上午1:34, Dan Tran wrote:
>
>
>
> karaf by default only binds its JMX listener ports to localhost and
>
>
> therefor all remote access is forbidden. You need to fix up you
>
>
> o.a.k.managemnt, to bind JMX listener ports to 0.0.0.0
>
>
>
> serviceUrl =
>
>
> service:jmx:rmi://0.0.0.0:${rmiServerPort}/jndi/rmi://0.0.0.0:${rmiRegistryPort}/karaf-${karaf.name}
>
>
>
> -D
>
>
>
>
>
> On Mon, Mar 26, 2012 at 3:27 PM, Nick Dimos <ni...@googlemail.com> wrote:
>
>
>
> Hi Tiago,
>
>
>
>
> I faced the same issue some time ago and I believe it is a routing problem.
>
>
>
> Can you please check the network interfaces of your server? In which network
>
>
>
> interface does the running Tomcat bind its rmi server?
>
>
>
> In any case you can use tcpdump or other traffic monitoring tool to check
>
>
>
> where the problem is.
>
>
>
>
>
> On Mon, Mar 26, 2012 at 8:38 PM, Thiago Souza <tc...@gmail.com> wrote:
>
>
>
>
> Hi Dan,
>
>
>
>
> Client machine is:
>
>
>
> Windows Server 2008 R2 Datacenter 64-bit
>
>
>
> Java(TM) SE Runtime Environment (build 1.7.0_03-b05)
>
>
>
>
> Server machine is:
>
>
>
> Ubuntu 11.10 64-bit
>
>
>
> OpenJDK Runtime Environment (IcedTea6 1.11pre)
>
>
>
> (6b23~pre11-0ubuntu1.11.10.2)
>
>
>
>
> There is nothing relevant in log... and I get same behavior with
>
>
>
> jconsole...
>
>
>
>
> Cheers!
>
>
>
>
> On Mon, Mar 26, 2012 at 14:30, Dan Tran <da...@gmail.com> wrote:
>
>
>
>
> On Mon, Mar 26, 2012 at 10:20 AM, Thiago Souza <tc...@gmail.com>
>
>
>
> wrote:
>
>
>
> Could you tell us more about yr karaf platform ( OS, jre )?
>
>
>
>
> Are you able to see any thing from debug log?
>
>
>
>
> How about JConsole?
>
>
>
>
> -D
>
>
>
>
>
> Hi Niko,
>
>
>
>
> Thanks for your help... but this is already configured... also, I
>
>
>
> can
>
>
>
> successfuly connect to other jvm (running tomcat only) from the same
>
>
>
> client
>
>
>
> machine using this configuration... I just can't connect to karaf based
>
>
>
> jvm...
>
>
>
>
> Thanks
>
>
>
>
> On Mon, Mar 26, 2012 at 12:06, Nick Dimos <ni...@googlemail.com>
>
>
>
> wrote:
>
>
>
>
> Hi Tiago,
>
>
>
>
> Can you please check this:
>
>
>
> http://stackoverflow.com/questions/834581/remote-jmx-connection
>
>
>
>
> Hope that helps.
>
>
>
> Cheers,
>
>
>
> Nikos
>
>
>
>
>
> On Mon, Mar 26, 2012 at 5:44 PM, Thiago Souza <tc...@gmail.com>
>
>
>
> wrote:
>
>
>
>
> Hi Mike,
>
>
>
>
> Thanks for you reply! There is no firewall configured thought
>
>
>
> =/...
>
>
>
> Unfortunately what I really need is JVisualVM due to it's
>
>
>
> profiling
>
>
>
> tools...
>
>
>
>
> Also, I'm quite sure user/password is correct, I'm using default
>
>
>
> configuration....
>
>
>
>
> Cheers,
>
>
>
> Thiago Souza
>
>
>
>
>
> On Fri, Mar 23, 2012 at 23:51, mikevan <mv...@comcast.net>
>
>
>
> wrote:
>
>
>
>
> Thiago,
>
>
>
>
> So, here's some background on what's probably causing your issue.
>
>
>
> JVisualVM
>
>
>
> actually uses two ports when you connect to a JMX Server remotely.
>
>
>
> We
>
>
>
> already know about the one that configured in Karaf 1099. However,
>
>
>
> JVisualVM
>
>
>
> also randomly selects a port to connect to the JMX Server. If your
>
>
>
> version
>
>
>
> of Karaf is behind a firewall, on a highly protected VM (like in a
>
>
>
> VMWare
>
>
>
> cloud), or has other security concerns associated with it, you may
>
>
>
> never
>
>
>
> be
>
>
>
> able to reliabley connect.
>
>
>
>
> Thats' why Karaf has a sub-project for a JMX webconsole page. A
>
>
>
> couple
>
>
>
> of
>
>
>
> pretty smart developers work extra hard to make that page, and I
>
>
>
> would
>
>
>
> suggest you use that if you're having trouble connecting to teh JMX
>
>
>
> server
>
>
>
> holding your Karaf mbean information.
>
>
>
>
> Please let me know if that helps.
>
>
>
>
> -----
>
>
>
> Mike Van (All links open in new tabs)
>
>
>
> Committer - Kalumet
>
>
>
>
> Atraxia Technologies
>
>
>
>
> Mike Van's Open Source Technologies Blog
>
>
>
> --
>
>
>
> View this message in context:
>
>
>
>
> http://karaf.922171.n3.nabble.com/Connect-to-remote-JMX-tp3846988p3853241.html
>
>
>
> Sent from the Karaf - User mailing list archive at Nabble.com.
>
>
>
>
>
>
>
>
>
>
>
> ---------------------------------------------
>
>
> Freeman Fang
>
>
>
> FuseSource
>
>
> Email:ffang@fusesource.com
>
>
> Web: fusesource.com
>
>
> Twitter: freemanfang
>
>
> Blog: http://freemanfang.blogspot.com
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> --
>
>
> Apache Karaf <http://karaf.apache.org/> Committer & PMC
>
> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/>
>
> Committer & Project Lead
>
> blog <http://notizblog.nierbeck.de/>
>
>
>
> ---------------------------------------------
>
> Freeman Fang
>
>
> FuseSource
>
> Email:ffang@fusesource.com
>
> Web: fusesource.com
>
> Twitter: freemanfang
>
> Blog: http://freemanfang.blogspot.com
>
>
>
>
>
>
>
>
>
>
>
>
>
> --
>
> Apache Karaf <http://karaf.apache.org/> Committer & PMC
> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/>
> Committer & Project Lead
> blog <http://notizblog.nierbeck.de/>
>
>
> ---------------------------------------------
> Freeman Fang
>
> FuseSource
> Email:ffang@fusesource.com
> Web: fusesource.com
> Twitter: freemanfang
> Blog: http://freemanfang.blogspot.com
>
>
>
>
>
>
>
>
>
Re: Connect to remote JMX?
Posted by Freeman Fang <fr...@gmail.com>.
Hi Achim,
Disable ssh remote access by default will break backward
compatibility, and as we do have credentials configured by default, I
believe it's fine for us to enable SSH/JMX remote access , and I think
a lot of users just start Karaf on server machine and they maintain it
daily from remote console(SSH or JMX), so it's should be more
convenient for end user if they need less configuration, just my 0.02$
Regards
Freeman
On 2012-3-28, at 下午4:01, Achim Nierbeck wrote:
> Hi,
>
> it's just something I learned in the past working with the Operating
> departments.
> Actually I think it would also be better to not open the SSH port as
> default configuration and document how to do it if in need.
> I favor a behavior like Tomcat does, the administration console is not
> "enabled" cause no credentials are configured.
> That's why I think we should start with a "secured" default
> configuration and document how to weaken it if needed :)
>
> regards, Achim
>
> 2012/3/28 Freeman Fang <fr...@gmail.com>:
>> Hi Achim,
>> Hmm, isn't the username/password used here to protect in this case?
>> IMO, the
>> JMX behavior should keep same as the ssh behavior, currently the
>> ssh is
>> remote accessible, we have
>> sshHost=0.0.0.0, of course the remote access need username/
>> password, it's
>> really weird from my point of view we enable ssh remote access by
>> default
>> but not the jmx, I don't see any real difference between the two.
>>
>> Regards
>> Freeman
>>
>> On 2012-3-28, at 下午3:08, Achim Nierbeck wrote:
>>
>> I'm not sure if this is something that needs to be fixed.
>> I'd rather suggest to document this, cause if it's not bound to the
>> local interface we open a possible security hole here.
>> Cause anybody could be able to access and alter the Karaf server
>> through
>> JMX.
>>
>> Regards, Achim
>>
>> 2012/3/28 Freeman Fang <fr...@gmail.com>:
>>
>> Hi,
>>
>>
>> I think this is something we need fix, create KARAF-1295[1] to
>> track it.
>>
>>
>> [1]https://issues.apache.org/jira/browse/KARAF-1295
>>
>>
>> Regards
>>
>> Freeman
>>
>>
>> On 2012-3-28, at 上午1:34, Dan Tran wrote:
>>
>>
>> karaf by default only binds its JMX listener ports to localhost and
>>
>> therefor all remote access is forbidden. You need to fix up you
>>
>> o.a.k.managemnt, to bind JMX listener ports to 0.0.0.0
>>
>>
>> serviceUrl =
>>
>> service:jmx:rmi://0.0.0.0:${rmiServerPort}/jndi/rmi://0.0.0.0:$
>> {rmiRegistryPort}/karaf-${karaf.name}
>>
>>
>> -D
>>
>>
>>
>>
>> On Mon, Mar 26, 2012 at 3:27 PM, Nick Dimos
>> <ni...@googlemail.com> wrote:
>>
>>
>> Hi Tiago,
>>
>>
>>
>> I faced the same issue some time ago and I believe it is a routing
>> problem.
>>
>>
>> Can you please check the network interfaces of your server? In
>> which network
>>
>>
>> interface does the running Tomcat bind its rmi server?
>>
>>
>> In any case you can use tcpdump or other traffic monitoring tool to
>> check
>>
>>
>> where the problem is.
>>
>>
>>
>>
>> On Mon, Mar 26, 2012 at 8:38 PM, Thiago Souza
>> <tc...@gmail.com> wrote:
>>
>>
>>
>> Hi Dan,
>>
>>
>>
>> Client machine is:
>>
>>
>> Windows Server 2008 R2 Datacenter 64-bit
>>
>>
>> Java(TM) SE Runtime Environment (build 1.7.0_03-b05)
>>
>>
>>
>> Server machine is:
>>
>>
>> Ubuntu 11.10 64-bit
>>
>>
>> OpenJDK Runtime Environment (IcedTea6 1.11pre)
>>
>>
>> (6b23~pre11-0ubuntu1.11.10.2)
>>
>>
>>
>> There is nothing relevant in log... and I get same behavior with
>>
>>
>> jconsole...
>>
>>
>>
>> Cheers!
>>
>>
>>
>> On Mon, Mar 26, 2012 at 14:30, Dan Tran <da...@gmail.com> wrote:
>>
>>
>>
>> On Mon, Mar 26, 2012 at 10:20 AM, Thiago Souza
>> <tc...@gmail.com>
>>
>>
>> wrote:
>>
>>
>> Could you tell us more about yr karaf platform ( OS, jre )?
>>
>>
>>
>> Are you able to see any thing from debug log?
>>
>>
>>
>> How about JConsole?
>>
>>
>>
>> -D
>>
>>
>>
>>
>> Hi Niko,
>>
>>
>>
>> Thanks for your help... but this is already configured... also, I
>>
>>
>> can
>>
>>
>> successfuly connect to other jvm (running tomcat only) from the same
>>
>>
>> client
>>
>>
>> machine using this configuration... I just can't connect to karaf
>> based
>>
>>
>> jvm...
>>
>>
>>
>> Thanks
>>
>>
>>
>> On Mon, Mar 26, 2012 at 12:06, Nick Dimos <ni...@googlemail.com>
>>
>>
>> wrote:
>>
>>
>>
>> Hi Tiago,
>>
>>
>>
>> Can you please check this:
>>
>>
>> http://stackoverflow.com/questions/834581/remote-jmx-connection
>>
>>
>>
>> Hope that helps.
>>
>>
>> Cheers,
>>
>>
>> Nikos
>>
>>
>>
>>
>> On Mon, Mar 26, 2012 at 5:44 PM, Thiago Souza <tc...@gmail.com>
>>
>>
>> wrote:
>>
>>
>>
>> Hi Mike,
>>
>>
>>
>> Thanks for you reply! There is no firewall configured thought
>>
>>
>> =/...
>>
>>
>> Unfortunately what I really need is JVisualVM due to it's
>>
>>
>> profiling
>>
>>
>> tools...
>>
>>
>>
>> Also, I'm quite sure user/password is correct, I'm using default
>>
>>
>> configuration....
>>
>>
>>
>> Cheers,
>>
>>
>> Thiago Souza
>>
>>
>>
>>
>> On Fri, Mar 23, 2012 at 23:51, mikevan <mv...@comcast.net>
>>
>>
>> wrote:
>>
>>
>>
>> Thiago,
>>
>>
>>
>> So, here's some background on what's probably causing your issue.
>>
>>
>> JVisualVM
>>
>>
>> actually uses two ports when you connect to a JMX Server remotely.
>>
>>
>> We
>>
>>
>> already know about the one that configured in Karaf 1099. However,
>>
>>
>> JVisualVM
>>
>>
>> also randomly selects a port to connect to the JMX Server. If your
>>
>>
>> version
>>
>>
>> of Karaf is behind a firewall, on a highly protected VM (like in a
>>
>>
>> VMWare
>>
>>
>> cloud), or has other security concerns associated with it, you may
>>
>>
>> never
>>
>>
>> be
>>
>>
>> able to reliabley connect.
>>
>>
>>
>> Thats' why Karaf has a sub-project for a JMX webconsole page. A
>>
>>
>> couple
>>
>>
>> of
>>
>>
>> pretty smart developers work extra hard to make that page, and I
>>
>>
>> would
>>
>>
>> suggest you use that if you're having trouble connecting to teh JMX
>>
>>
>> server
>>
>>
>> holding your Karaf mbean information.
>>
>>
>>
>> Please let me know if that helps.
>>
>>
>>
>> -----
>>
>>
>> Mike Van (All links open in new tabs)
>>
>>
>> Committer - Kalumet
>>
>>
>>
>> Atraxia Technologies
>>
>>
>>
>> Mike Van's Open Source Technologies Blog
>>
>>
>> --
>>
>>
>> View this message in context:
>>
>>
>>
>> http://karaf.922171.n3.nabble.com/Connect-to-remote-JMX-tp3846988p3853241.html
>>
>>
>> Sent from the Karaf - User mailing list archive at Nabble.com.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> ---------------------------------------------
>>
>> Freeman Fang
>>
>>
>> FuseSource
>>
>> Email:ffang@fusesource.com
>>
>> Web: fusesource.com
>>
>> Twitter: freemanfang
>>
>> Blog: http://freemanfang.blogspot.com
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> --
>>
>> Apache Karaf <http://karaf.apache.org/> Committer & PMC
>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/>
>> Committer & Project Lead
>> blog <http://notizblog.nierbeck.de/>
>>
>>
>> ---------------------------------------------
>> Freeman Fang
>>
>> FuseSource
>> Email:ffang@fusesource.com
>> Web: fusesource.com
>> Twitter: freemanfang
>> Blog: http://freemanfang.blogspot.com
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
>
> --
>
> Apache Karaf <http://karaf.apache.org/> Committer & PMC
> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/>
> Committer & Project Lead
> blog <http://notizblog.nierbeck.de/>
---------------------------------------------
Freeman Fang
FuseSource
Email:ffang@fusesource.com
Web: fusesource.com
Twitter: freemanfang
Blog: http://freemanfang.blogspot.com
Re: Connect to remote JMX?
Posted by Achim Nierbeck <bc...@googlemail.com>.
Hi,
it's just something I learned in the past working with the Operating
departments.
Actually I think it would also be better to not open the SSH port as
default configuration and document how to do it if in need.
I favor a behavior like Tomcat does, the administration console is not
"enabled" cause no credentials are configured.
That's why I think we should start with a "secured" default
configuration and document how to weaken it if needed :)
regards, Achim
2012/3/28 Freeman Fang <fr...@gmail.com>:
> Hi Achim,
> Hmm, isn't the username/password used here to protect in this case? IMO, the
> JMX behavior should keep same as the ssh behavior, currently the ssh is
> remote accessible, we have
> sshHost=0.0.0.0, of course the remote access need username/password, it's
> really weird from my point of view we enable ssh remote access by default
> but not the jmx, I don't see any real difference between the two.
>
> Regards
> Freeman
>
> On 2012-3-28, at 下午3:08, Achim Nierbeck wrote:
>
> I'm not sure if this is something that needs to be fixed.
> I'd rather suggest to document this, cause if it's not bound to the
> local interface we open a possible security hole here.
> Cause anybody could be able to access and alter the Karaf server through
> JMX.
>
> Regards, Achim
>
> 2012/3/28 Freeman Fang <fr...@gmail.com>:
>
> Hi,
>
>
> I think this is something we need fix, create KARAF-1295[1] to track it.
>
>
> [1]https://issues.apache.org/jira/browse/KARAF-1295
>
>
> Regards
>
> Freeman
>
>
> On 2012-3-28, at 上午1:34, Dan Tran wrote:
>
>
> karaf by default only binds its JMX listener ports to localhost and
>
> therefor all remote access is forbidden. You need to fix up you
>
> o.a.k.managemnt, to bind JMX listener ports to 0.0.0.0
>
>
> serviceUrl =
>
> service:jmx:rmi://0.0.0.0:${rmiServerPort}/jndi/rmi://0.0.0.0:${rmiRegistryPort}/karaf-${karaf.name}
>
>
> -D
>
>
>
>
> On Mon, Mar 26, 2012 at 3:27 PM, Nick Dimos <ni...@googlemail.com> wrote:
>
>
> Hi Tiago,
>
>
>
> I faced the same issue some time ago and I believe it is a routing problem.
>
>
> Can you please check the network interfaces of your server? In which network
>
>
> interface does the running Tomcat bind its rmi server?
>
>
> In any case you can use tcpdump or other traffic monitoring tool to check
>
>
> where the problem is.
>
>
>
>
> On Mon, Mar 26, 2012 at 8:38 PM, Thiago Souza <tc...@gmail.com> wrote:
>
>
>
> Hi Dan,
>
>
>
> Client machine is:
>
>
> Windows Server 2008 R2 Datacenter 64-bit
>
>
> Java(TM) SE Runtime Environment (build 1.7.0_03-b05)
>
>
>
> Server machine is:
>
>
> Ubuntu 11.10 64-bit
>
>
> OpenJDK Runtime Environment (IcedTea6 1.11pre)
>
>
> (6b23~pre11-0ubuntu1.11.10.2)
>
>
>
> There is nothing relevant in log... and I get same behavior with
>
>
> jconsole...
>
>
>
> Cheers!
>
>
>
> On Mon, Mar 26, 2012 at 14:30, Dan Tran <da...@gmail.com> wrote:
>
>
>
> On Mon, Mar 26, 2012 at 10:20 AM, Thiago Souza <tc...@gmail.com>
>
>
> wrote:
>
>
> Could you tell us more about yr karaf platform ( OS, jre )?
>
>
>
> Are you able to see any thing from debug log?
>
>
>
> How about JConsole?
>
>
>
> -D
>
>
>
>
> Hi Niko,
>
>
>
> Thanks for your help... but this is already configured... also, I
>
>
> can
>
>
> successfuly connect to other jvm (running tomcat only) from the same
>
>
> client
>
>
> machine using this configuration... I just can't connect to karaf based
>
>
> jvm...
>
>
>
> Thanks
>
>
>
> On Mon, Mar 26, 2012 at 12:06, Nick Dimos <ni...@googlemail.com>
>
>
> wrote:
>
>
>
> Hi Tiago,
>
>
>
> Can you please check this:
>
>
> http://stackoverflow.com/questions/834581/remote-jmx-connection
>
>
>
> Hope that helps.
>
>
> Cheers,
>
>
> Nikos
>
>
>
>
> On Mon, Mar 26, 2012 at 5:44 PM, Thiago Souza <tc...@gmail.com>
>
>
> wrote:
>
>
>
> Hi Mike,
>
>
>
> Thanks for you reply! There is no firewall configured thought
>
>
> =/...
>
>
> Unfortunately what I really need is JVisualVM due to it's
>
>
> profiling
>
>
> tools...
>
>
>
> Also, I'm quite sure user/password is correct, I'm using default
>
>
> configuration....
>
>
>
> Cheers,
>
>
> Thiago Souza
>
>
>
>
> On Fri, Mar 23, 2012 at 23:51, mikevan <mv...@comcast.net>
>
>
> wrote:
>
>
>
> Thiago,
>
>
>
> So, here's some background on what's probably causing your issue.
>
>
> JVisualVM
>
>
> actually uses two ports when you connect to a JMX Server remotely.
>
>
> We
>
>
> already know about the one that configured in Karaf 1099. However,
>
>
> JVisualVM
>
>
> also randomly selects a port to connect to the JMX Server. If your
>
>
> version
>
>
> of Karaf is behind a firewall, on a highly protected VM (like in a
>
>
> VMWare
>
>
> cloud), or has other security concerns associated with it, you may
>
>
> never
>
>
> be
>
>
> able to reliabley connect.
>
>
>
> Thats' why Karaf has a sub-project for a JMX webconsole page. A
>
>
> couple
>
>
> of
>
>
> pretty smart developers work extra hard to make that page, and I
>
>
> would
>
>
> suggest you use that if you're having trouble connecting to teh JMX
>
>
> server
>
>
> holding your Karaf mbean information.
>
>
>
> Please let me know if that helps.
>
>
>
> -----
>
>
> Mike Van (All links open in new tabs)
>
>
> Committer - Kalumet
>
>
>
> Atraxia Technologies
>
>
>
> Mike Van's Open Source Technologies Blog
>
>
> --
>
>
> View this message in context:
>
>
>
> http://karaf.922171.n3.nabble.com/Connect-to-remote-JMX-tp3846988p3853241.html
>
>
> Sent from the Karaf - User mailing list archive at Nabble.com.
>
>
>
>
>
>
>
>
>
>
> ---------------------------------------------
>
> Freeman Fang
>
>
> FuseSource
>
> Email:ffang@fusesource.com
>
> Web: fusesource.com
>
> Twitter: freemanfang
>
> Blog: http://freemanfang.blogspot.com
>
>
>
>
>
>
>
>
>
>
>
>
>
> --
>
> Apache Karaf <http://karaf.apache.org/> Committer & PMC
> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/>
> Committer & Project Lead
> blog <http://notizblog.nierbeck.de/>
>
>
> ---------------------------------------------
> Freeman Fang
>
> FuseSource
> Email:ffang@fusesource.com
> Web: fusesource.com
> Twitter: freemanfang
> Blog: http://freemanfang.blogspot.com
>
>
>
>
>
>
>
>
>
--
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/>
Committer & Project Lead
blog <http://notizblog.nierbeck.de/>
Re: Connect to remote JMX?
Posted by Freeman Fang <fr...@gmail.com>.
Hi Achim,
Hmm, isn't the username/password used here to protect in this case?
IMO, the JMX behavior should keep same as the ssh behavior, currently
the ssh is remote accessible, we have
sshHost=0.0.0.0, of course the remote access need username/password,
it's really weird from my point of view we enable ssh remote access by
default but not the jmx, I don't see any real difference between the
two.
Regards
Freeman
On 2012-3-28, at 下午3:08, Achim Nierbeck wrote:
> I'm not sure if this is something that needs to be fixed.
> I'd rather suggest to document this, cause if it's not bound to the
> local interface we open a possible security hole here.
> Cause anybody could be able to access and alter the Karaf server
> through JMX.
>
> Regards, Achim
>
> 2012/3/28 Freeman Fang <fr...@gmail.com>:
>> Hi,
>>
>> I think this is something we need fix, create KARAF-1295[1] to
>> track it.
>>
>> [1]https://issues.apache.org/jira/browse/KARAF-1295
>>
>> Regards
>> Freeman
>>
>> On 2012-3-28, at 上午1:34, Dan Tran wrote:
>>
>> karaf by default only binds its JMX listener ports to localhost and
>> therefor all remote access is forbidden. You need to fix up you
>> o.a.k.managemnt, to bind JMX listener ports to 0.0.0.0
>>
>> serviceUrl =
>> service:jmx:rmi://0.0.0.0:${rmiServerPort}/jndi/rmi://0.0.0.0:$
>> {rmiRegistryPort}/karaf-${karaf.name}
>>
>> -D
>>
>>
>>
>> On Mon, Mar 26, 2012 at 3:27 PM, Nick Dimos
>> <ni...@googlemail.com> wrote:
>>
>> Hi Tiago,
>>
>>
>> I faced the same issue some time ago and I believe it is a routing
>> problem.
>>
>> Can you please check the network interfaces of your server? In
>> which network
>>
>> interface does the running Tomcat bind its rmi server?
>>
>> In any case you can use tcpdump or other traffic monitoring tool to
>> check
>>
>> where the problem is.
>>
>>
>>
>> On Mon, Mar 26, 2012 at 8:38 PM, Thiago Souza
>> <tc...@gmail.com> wrote:
>>
>>
>> Hi Dan,
>>
>>
>> Client machine is:
>>
>> Windows Server 2008 R2 Datacenter 64-bit
>>
>> Java(TM) SE Runtime Environment (build 1.7.0_03-b05)
>>
>>
>> Server machine is:
>>
>> Ubuntu 11.10 64-bit
>>
>> OpenJDK Runtime Environment (IcedTea6 1.11pre)
>>
>> (6b23~pre11-0ubuntu1.11.10.2)
>>
>>
>> There is nothing relevant in log... and I get same behavior with
>>
>> jconsole...
>>
>>
>> Cheers!
>>
>>
>> On Mon, Mar 26, 2012 at 14:30, Dan Tran <da...@gmail.com> wrote:
>>
>>
>> On Mon, Mar 26, 2012 at 10:20 AM, Thiago Souza
>> <tc...@gmail.com>
>>
>> wrote:
>>
>> Could you tell us more about yr karaf platform ( OS, jre )?
>>
>>
>> Are you able to see any thing from debug log?
>>
>>
>> How about JConsole?
>>
>>
>> -D
>>
>>
>>
>> Hi Niko,
>>
>>
>> Thanks for your help... but this is already configured... also, I
>>
>> can
>>
>> successfuly connect to other jvm (running tomcat only) from the same
>>
>> client
>>
>> machine using this configuration... I just can't connect to karaf
>> based
>>
>> jvm...
>>
>>
>> Thanks
>>
>>
>> On Mon, Mar 26, 2012 at 12:06, Nick Dimos <ni...@googlemail.com>
>>
>> wrote:
>>
>>
>> Hi Tiago,
>>
>>
>> Can you please check this:
>>
>> http://stackoverflow.com/questions/834581/remote-jmx-connection
>>
>>
>> Hope that helps.
>>
>> Cheers,
>>
>> Nikos
>>
>>
>>
>> On Mon, Mar 26, 2012 at 5:44 PM, Thiago Souza <tc...@gmail.com>
>>
>> wrote:
>>
>>
>> Hi Mike,
>>
>>
>> Thanks for you reply! There is no firewall configured thought
>>
>> =/...
>>
>> Unfortunately what I really need is JVisualVM due to it's
>>
>> profiling
>>
>> tools...
>>
>>
>> Also, I'm quite sure user/password is correct, I'm using default
>>
>> configuration....
>>
>>
>> Cheers,
>>
>> Thiago Souza
>>
>>
>>
>> On Fri, Mar 23, 2012 at 23:51, mikevan <mv...@comcast.net>
>>
>> wrote:
>>
>>
>> Thiago,
>>
>>
>> So, here's some background on what's probably causing your issue.
>>
>> JVisualVM
>>
>> actually uses two ports when you connect to a JMX Server remotely.
>>
>> We
>>
>> already know about the one that configured in Karaf 1099. However,
>>
>> JVisualVM
>>
>> also randomly selects a port to connect to the JMX Server. If your
>>
>> version
>>
>> of Karaf is behind a firewall, on a highly protected VM (like in a
>>
>> VMWare
>>
>> cloud), or has other security concerns associated with it, you may
>>
>> never
>>
>> be
>>
>> able to reliabley connect.
>>
>>
>> Thats' why Karaf has a sub-project for a JMX webconsole page. A
>>
>> couple
>>
>> of
>>
>> pretty smart developers work extra hard to make that page, and I
>>
>> would
>>
>> suggest you use that if you're having trouble connecting to teh JMX
>>
>> server
>>
>> holding your Karaf mbean information.
>>
>>
>> Please let me know if that helps.
>>
>>
>> -----
>>
>> Mike Van (All links open in new tabs)
>>
>> Committer - Kalumet
>>
>>
>> Atraxia Technologies
>>
>>
>> Mike Van's Open Source Technologies Blog
>>
>> --
>>
>> View this message in context:
>>
>>
>> http://karaf.922171.n3.nabble.com/Connect-to-remote-JMX-tp3846988p3853241.html
>>
>> Sent from the Karaf - User mailing list archive at Nabble.com.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> ---------------------------------------------
>> Freeman Fang
>>
>> FuseSource
>> Email:ffang@fusesource.com
>> Web: fusesource.com
>> Twitter: freemanfang
>> Blog: http://freemanfang.blogspot.com
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
>
> --
>
> Apache Karaf <http://karaf.apache.org/> Committer & PMC
> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/>
> Committer & Project Lead
> blog <http://notizblog.nierbeck.de/>
---------------------------------------------
Freeman Fang
FuseSource
Email:ffang@fusesource.com
Web: fusesource.com
Twitter: freemanfang
Blog: http://freemanfang.blogspot.com
Re: Connect to remote JMX?
Posted by Achim Nierbeck <bc...@googlemail.com>.
I'm not sure if this is something that needs to be fixed.
I'd rather suggest to document this, cause if it's not bound to the
local interface we open a possible security hole here.
Cause anybody could be able to access and alter the Karaf server through JMX.
Regards, Achim
2012/3/28 Freeman Fang <fr...@gmail.com>:
> Hi,
>
> I think this is something we need fix, create KARAF-1295[1] to track it.
>
> [1]https://issues.apache.org/jira/browse/KARAF-1295
>
> Regards
> Freeman
>
> On 2012-3-28, at 上午1:34, Dan Tran wrote:
>
> karaf by default only binds its JMX listener ports to localhost and
> therefor all remote access is forbidden. You need to fix up you
> o.a.k.managemnt, to bind JMX listener ports to 0.0.0.0
>
> serviceUrl =
> service:jmx:rmi://0.0.0.0:${rmiServerPort}/jndi/rmi://0.0.0.0:${rmiRegistryPort}/karaf-${karaf.name}
>
> -D
>
>
>
> On Mon, Mar 26, 2012 at 3:27 PM, Nick Dimos <ni...@googlemail.com> wrote:
>
> Hi Tiago,
>
>
> I faced the same issue some time ago and I believe it is a routing problem.
>
> Can you please check the network interfaces of your server? In which network
>
> interface does the running Tomcat bind its rmi server?
>
> In any case you can use tcpdump or other traffic monitoring tool to check
>
> where the problem is.
>
>
>
> On Mon, Mar 26, 2012 at 8:38 PM, Thiago Souza <tc...@gmail.com> wrote:
>
>
> Hi Dan,
>
>
> Client machine is:
>
> Windows Server 2008 R2 Datacenter 64-bit
>
> Java(TM) SE Runtime Environment (build 1.7.0_03-b05)
>
>
> Server machine is:
>
> Ubuntu 11.10 64-bit
>
> OpenJDK Runtime Environment (IcedTea6 1.11pre)
>
> (6b23~pre11-0ubuntu1.11.10.2)
>
>
> There is nothing relevant in log... and I get same behavior with
>
> jconsole...
>
>
> Cheers!
>
>
> On Mon, Mar 26, 2012 at 14:30, Dan Tran <da...@gmail.com> wrote:
>
>
> On Mon, Mar 26, 2012 at 10:20 AM, Thiago Souza <tc...@gmail.com>
>
> wrote:
>
> Could you tell us more about yr karaf platform ( OS, jre )?
>
>
> Are you able to see any thing from debug log?
>
>
> How about JConsole?
>
>
> -D
>
>
>
> Hi Niko,
>
>
> Thanks for your help... but this is already configured... also, I
>
> can
>
> successfuly connect to other jvm (running tomcat only) from the same
>
> client
>
> machine using this configuration... I just can't connect to karaf based
>
> jvm...
>
>
> Thanks
>
>
> On Mon, Mar 26, 2012 at 12:06, Nick Dimos <ni...@googlemail.com>
>
> wrote:
>
>
> Hi Tiago,
>
>
> Can you please check this:
>
> http://stackoverflow.com/questions/834581/remote-jmx-connection
>
>
> Hope that helps.
>
> Cheers,
>
> Nikos
>
>
>
> On Mon, Mar 26, 2012 at 5:44 PM, Thiago Souza <tc...@gmail.com>
>
> wrote:
>
>
> Hi Mike,
>
>
> Thanks for you reply! There is no firewall configured thought
>
> =/...
>
> Unfortunately what I really need is JVisualVM due to it's
>
> profiling
>
> tools...
>
>
> Also, I'm quite sure user/password is correct, I'm using default
>
> configuration....
>
>
> Cheers,
>
> Thiago Souza
>
>
>
> On Fri, Mar 23, 2012 at 23:51, mikevan <mv...@comcast.net>
>
> wrote:
>
>
> Thiago,
>
>
> So, here's some background on what's probably causing your issue.
>
> JVisualVM
>
> actually uses two ports when you connect to a JMX Server remotely.
>
> We
>
> already know about the one that configured in Karaf 1099. However,
>
> JVisualVM
>
> also randomly selects a port to connect to the JMX Server. If your
>
> version
>
> of Karaf is behind a firewall, on a highly protected VM (like in a
>
> VMWare
>
> cloud), or has other security concerns associated with it, you may
>
> never
>
> be
>
> able to reliabley connect.
>
>
> Thats' why Karaf has a sub-project for a JMX webconsole page. A
>
> couple
>
> of
>
> pretty smart developers work extra hard to make that page, and I
>
> would
>
> suggest you use that if you're having trouble connecting to teh JMX
>
> server
>
> holding your Karaf mbean information.
>
>
> Please let me know if that helps.
>
>
> -----
>
> Mike Van (All links open in new tabs)
>
> Committer - Kalumet
>
>
> Atraxia Technologies
>
>
> Mike Van's Open Source Technologies Blog
>
> --
>
> View this message in context:
>
>
> http://karaf.922171.n3.nabble.com/Connect-to-remote-JMX-tp3846988p3853241.html
>
> Sent from the Karaf - User mailing list archive at Nabble.com.
>
>
>
>
>
>
>
>
>
> ---------------------------------------------
> Freeman Fang
>
> FuseSource
> Email:ffang@fusesource.com
> Web: fusesource.com
> Twitter: freemanfang
> Blog: http://freemanfang.blogspot.com
>
>
>
>
>
>
>
>
>
--
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/>
Committer & Project Lead
blog <http://notizblog.nierbeck.de/>
Re: Connect to remote JMX?
Posted by Freeman Fang <fr...@gmail.com>.
Hi,
I think this is something we need fix, create KARAF-1295[1] to track it.
[1]https://issues.apache.org/jira/browse/KARAF-1295
Regards
Freeman
On 2012-3-28, at 上午1:34, Dan Tran wrote:
> karaf by default only binds its JMX listener ports to localhost and
> therefor all remote access is forbidden. You need to fix up you
> o.a.k.managemnt, to bind JMX listener ports to 0.0.0.0
>
> serviceUrl = service:jmx:rmi://0.0.0.0:${rmiServerPort}/jndi/rmi://
> 0.0.0.0:${rmiRegistryPort}/karaf-${karaf.name}
>
> -D
>
>
>
> On Mon, Mar 26, 2012 at 3:27 PM, Nick Dimos
> <ni...@googlemail.com> wrote:
>> Hi Tiago,
>>
>> I faced the same issue some time ago and I believe it is a routing
>> problem.
>> Can you please check the network interfaces of your server? In
>> which network
>> interface does the running Tomcat bind its rmi server?
>> In any case you can use tcpdump or other traffic monitoring tool to
>> check
>> where the problem is.
>>
>>
>> On Mon, Mar 26, 2012 at 8:38 PM, Thiago Souza
>> <tc...@gmail.com> wrote:
>>>
>>> Hi Dan,
>>>
>>> Client machine is:
>>> Windows Server 2008 R2 Datacenter 64-bit
>>> Java(TM) SE Runtime Environment (build 1.7.0_03-b05)
>>>
>>> Server machine is:
>>> Ubuntu 11.10 64-bit
>>> OpenJDK Runtime Environment (IcedTea6 1.11pre)
>>> (6b23~pre11-0ubuntu1.11.10.2)
>>>
>>> There is nothing relevant in log... and I get same behavior
>>> with
>>> jconsole...
>>>
>>> Cheers!
>>>
>>> On Mon, Mar 26, 2012 at 14:30, Dan Tran <da...@gmail.com> wrote:
>>>>
>>>> On Mon, Mar 26, 2012 at 10:20 AM, Thiago Souza <tcostasouza@gmail.com
>>>> >
>>>> wrote:
>>>> Could you tell us more about yr karaf platform ( OS, jre )?
>>>>
>>>> Are you able to see any thing from debug log?
>>>>
>>>> How about JConsole?
>>>>
>>>> -D
>>>>
>>>>
>>>>> Hi Niko,
>>>>>
>>>>> Thanks for your help... but this is already configured...
>>>>> also, I
>>>>> can
>>>>> successfuly connect to other jvm (running tomcat only) from the
>>>>> same
>>>>> client
>>>>> machine using this configuration... I just can't connect to
>>>>> karaf based
>>>>> jvm...
>>>>>
>>>>> Thanks
>>>>>
>>>>> On Mon, Mar 26, 2012 at 12:06, Nick Dimos
>>>>> <ni...@googlemail.com>
>>>>> wrote:
>>>>>>
>>>>>> Hi Tiago,
>>>>>>
>>>>>> Can you please check this:
>>>>>> http://stackoverflow.com/questions/834581/remote-jmx-connection
>>>>>>
>>>>>> Hope that helps.
>>>>>> Cheers,
>>>>>> Nikos
>>>>>>
>>>>>>
>>>>>> On Mon, Mar 26, 2012 at 5:44 PM, Thiago Souza <tcostasouza@gmail.com
>>>>>> >
>>>>>> wrote:
>>>>>>>
>>>>>>> Hi Mike,
>>>>>>>
>>>>>>> Thanks for you reply! There is no firewall configured
>>>>>>> thought
>>>>>>> =/...
>>>>>>> Unfortunately what I really need is JVisualVM due to it's
>>>>>>> profiling
>>>>>>> tools...
>>>>>>>
>>>>>>> Also, I'm quite sure user/password is correct, I'm using
>>>>>>> default
>>>>>>> configuration....
>>>>>>>
>>>>>>> Cheers,
>>>>>>> Thiago Souza
>>>>>>>
>>>>>>>
>>>>>>> On Fri, Mar 23, 2012 at 23:51, mikevan
>>>>>>> <mv...@comcast.net>
>>>>>>> wrote:
>>>>>>>>
>>>>>>>> Thiago,
>>>>>>>>
>>>>>>>> So, here's some background on what's probably causing your
>>>>>>>> issue.
>>>>>>>> JVisualVM
>>>>>>>> actually uses two ports when you connect to a JMX Server
>>>>>>>> remotely.
>>>>>>>> We
>>>>>>>> already know about the one that configured in Karaf 1099.
>>>>>>>> However,
>>>>>>>> JVisualVM
>>>>>>>> also randomly selects a port to connect to the JMX Server. If
>>>>>>>> your
>>>>>>>> version
>>>>>>>> of Karaf is behind a firewall, on a highly protected VM (like
>>>>>>>> in a
>>>>>>>> VMWare
>>>>>>>> cloud), or has other security concerns associated with it,
>>>>>>>> you may
>>>>>>>> never
>>>>>>>> be
>>>>>>>> able to reliabley connect.
>>>>>>>>
>>>>>>>> Thats' why Karaf has a sub-project for a JMX webconsole page. A
>>>>>>>> couple
>>>>>>>> of
>>>>>>>> pretty smart developers work extra hard to make that page,
>>>>>>>> and I
>>>>>>>> would
>>>>>>>> suggest you use that if you're having trouble connecting to
>>>>>>>> teh JMX
>>>>>>>> server
>>>>>>>> holding your Karaf mbean information.
>>>>>>>>
>>>>>>>> Please let me know if that helps.
>>>>>>>>
>>>>>>>> -----
>>>>>>>> Mike Van (All links open in new tabs)
>>>>>>>> Committer - Kalumet
>>>>>>>>
>>>>>>>> Atraxia Technologies
>>>>>>>>
>>>>>>>> Mike Van's Open Source Technologies Blog
>>>>>>>> --
>>>>>>>> View this message in context:
>>>>>>>>
>>>>>>>> http://karaf.922171.n3.nabble.com/Connect-to-remote-JMX-tp3846988p3853241.html
>>>>>>>> Sent from the Karaf - User mailing list archive at Nabble.com.
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>
>>>
>>
---------------------------------------------
Freeman Fang
FuseSource
Email:ffang@fusesource.com
Web: fusesource.com
Twitter: freemanfang
Blog: http://freemanfang.blogspot.com
Re: Connect to remote JMX?
Posted by Dan Tran <da...@gmail.com>.
karaf by default only binds its JMX listener ports to localhost and
therefor all remote access is forbidden. You need to fix up you
o.a.k.managemnt, to bind JMX listener ports to 0.0.0.0
serviceUrl = service:jmx:rmi://0.0.0.0:${rmiServerPort}/jndi/rmi://0.0.0.0:${rmiRegistryPort}/karaf-${karaf.name}
-D
On Mon, Mar 26, 2012 at 3:27 PM, Nick Dimos <ni...@googlemail.com> wrote:
> Hi Tiago,
>
> I faced the same issue some time ago and I believe it is a routing problem.
> Can you please check the network interfaces of your server? In which network
> interface does the running Tomcat bind its rmi server?
> In any case you can use tcpdump or other traffic monitoring tool to check
> where the problem is.
>
>
> On Mon, Mar 26, 2012 at 8:38 PM, Thiago Souza <tc...@gmail.com> wrote:
>>
>> Hi Dan,
>>
>> Client machine is:
>> Windows Server 2008 R2 Datacenter 64-bit
>> Java(TM) SE Runtime Environment (build 1.7.0_03-b05)
>>
>> Server machine is:
>> Ubuntu 11.10 64-bit
>> OpenJDK Runtime Environment (IcedTea6 1.11pre)
>> (6b23~pre11-0ubuntu1.11.10.2)
>>
>> There is nothing relevant in log... and I get same behavior with
>> jconsole...
>>
>> Cheers!
>>
>> On Mon, Mar 26, 2012 at 14:30, Dan Tran <da...@gmail.com> wrote:
>>>
>>> On Mon, Mar 26, 2012 at 10:20 AM, Thiago Souza <tc...@gmail.com>
>>> wrote:
>>> Could you tell us more about yr karaf platform ( OS, jre )?
>>>
>>> Are you able to see any thing from debug log?
>>>
>>> How about JConsole?
>>>
>>> -D
>>>
>>>
>>> > Hi Niko,
>>> >
>>> > Thanks for your help... but this is already configured... also, I
>>> > can
>>> > successfuly connect to other jvm (running tomcat only) from the same
>>> > client
>>> > machine using this configuration... I just can't connect to karaf based
>>> > jvm...
>>> >
>>> > Thanks
>>> >
>>> > On Mon, Mar 26, 2012 at 12:06, Nick Dimos <ni...@googlemail.com>
>>> > wrote:
>>> >>
>>> >> Hi Tiago,
>>> >>
>>> >> Can you please check this:
>>> >> http://stackoverflow.com/questions/834581/remote-jmx-connection
>>> >>
>>> >> Hope that helps.
>>> >> Cheers,
>>> >> Nikos
>>> >>
>>> >>
>>> >> On Mon, Mar 26, 2012 at 5:44 PM, Thiago Souza <tc...@gmail.com>
>>> >> wrote:
>>> >>>
>>> >>> Hi Mike,
>>> >>>
>>> >>> Thanks for you reply! There is no firewall configured thought
>>> >>> =/...
>>> >>> Unfortunately what I really need is JVisualVM due to it's
>>> >>> profiling
>>> >>> tools...
>>> >>>
>>> >>> Also, I'm quite sure user/password is correct, I'm using default
>>> >>> configuration....
>>> >>>
>>> >>> Cheers,
>>> >>> Thiago Souza
>>> >>>
>>> >>>
>>> >>> On Fri, Mar 23, 2012 at 23:51, mikevan <mv...@comcast.net>
>>> >>> wrote:
>>> >>>>
>>> >>>> Thiago,
>>> >>>>
>>> >>>> So, here's some background on what's probably causing your issue.
>>> >>>> JVisualVM
>>> >>>> actually uses two ports when you connect to a JMX Server remotely.
>>> >>>> We
>>> >>>> already know about the one that configured in Karaf 1099. However,
>>> >>>> JVisualVM
>>> >>>> also randomly selects a port to connect to the JMX Server. If your
>>> >>>> version
>>> >>>> of Karaf is behind a firewall, on a highly protected VM (like in a
>>> >>>> VMWare
>>> >>>> cloud), or has other security concerns associated with it, you may
>>> >>>> never
>>> >>>> be
>>> >>>> able to reliabley connect.
>>> >>>>
>>> >>>> Thats' why Karaf has a sub-project for a JMX webconsole page. A
>>> >>>> couple
>>> >>>> of
>>> >>>> pretty smart developers work extra hard to make that page, and I
>>> >>>> would
>>> >>>> suggest you use that if you're having trouble connecting to teh JMX
>>> >>>> server
>>> >>>> holding your Karaf mbean information.
>>> >>>>
>>> >>>> Please let me know if that helps.
>>> >>>>
>>> >>>> -----
>>> >>>> Mike Van (All links open in new tabs)
>>> >>>> Committer - Kalumet
>>> >>>>
>>> >>>> Atraxia Technologies
>>> >>>>
>>> >>>> Mike Van's Open Source Technologies Blog
>>> >>>> --
>>> >>>> View this message in context:
>>> >>>>
>>> >>>> http://karaf.922171.n3.nabble.com/Connect-to-remote-JMX-tp3846988p3853241.html
>>> >>>> Sent from the Karaf - User mailing list archive at Nabble.com.
>>> >>>
>>> >>>
>>> >>
>>> >
>>
>>
>
Re: Connect to remote JMX?
Posted by Nick Dimos <ni...@googlemail.com>.
Hi Tiago,
I faced the same issue some time ago and I believe it is a routing problem.
Can you please check the network interfaces of your server? In which
network interface does the running Tomcat bind its rmi server?
In any case you can use tcpdump or other traffic monitoring tool to check
where the problem is.
On Mon, Mar 26, 2012 at 8:38 PM, Thiago Souza <tc...@gmail.com> wrote:
> Hi Dan,
>
> Client machine is:
> Windows Server 2008 R2 Datacenter 64-bit
> Java(TM) SE Runtime Environment (build 1.7.0_03-b05)
>
> Server machine is:
> Ubuntu 11.10 64-bit
> OpenJDK Runtime Environment (IcedTea6 1.11pre)
> (6b23~pre11-0ubuntu1.11.10.2)
>
> There is nothing relevant in log... and I get same behavior with
> jconsole...
>
> Cheers!
>
> On Mon, Mar 26, 2012 at 14:30, Dan Tran <da...@gmail.com> wrote:
>
>> On Mon, Mar 26, 2012 at 10:20 AM, Thiago Souza <tc...@gmail.com>
>> wrote:
>> Could you tell us more about yr karaf platform ( OS, jre )?
>>
>> Are you able to see any thing from debug log?
>>
>> How about JConsole?
>>
>> -D
>>
>>
>> > Hi Niko,
>> >
>> > Thanks for your help... but this is already configured... also, I
>> can
>> > successfuly connect to other jvm (running tomcat only) from the same
>> client
>> > machine using this configuration... I just can't connect to karaf based
>> > jvm...
>> >
>> > Thanks
>> >
>> > On Mon, Mar 26, 2012 at 12:06, Nick Dimos <ni...@googlemail.com>
>> wrote:
>> >>
>> >> Hi Tiago,
>> >>
>> >> Can you please check this:
>> >> http://stackoverflow.com/questions/834581/remote-jmx-connection
>> >>
>> >> Hope that helps.
>> >> Cheers,
>> >> Nikos
>> >>
>> >>
>> >> On Mon, Mar 26, 2012 at 5:44 PM, Thiago Souza <tc...@gmail.com>
>> >> wrote:
>> >>>
>> >>> Hi Mike,
>> >>>
>> >>> Thanks for you reply! There is no firewall configured thought
>> =/...
>> >>> Unfortunately what I really need is JVisualVM due to it's
>> profiling
>> >>> tools...
>> >>>
>> >>> Also, I'm quite sure user/password is correct, I'm using default
>> >>> configuration....
>> >>>
>> >>> Cheers,
>> >>> Thiago Souza
>> >>>
>> >>>
>> >>> On Fri, Mar 23, 2012 at 23:51, mikevan <mv...@comcast.net>
>> wrote:
>> >>>>
>> >>>> Thiago,
>> >>>>
>> >>>> So, here's some background on what's probably causing your issue.
>> >>>> JVisualVM
>> >>>> actually uses two ports when you connect to a JMX Server remotely. We
>> >>>> already know about the one that configured in Karaf 1099. However,
>> >>>> JVisualVM
>> >>>> also randomly selects a port to connect to the JMX Server. If your
>> >>>> version
>> >>>> of Karaf is behind a firewall, on a highly protected VM (like in a
>> >>>> VMWare
>> >>>> cloud), or has other security concerns associated with it, you may
>> never
>> >>>> be
>> >>>> able to reliabley connect.
>> >>>>
>> >>>> Thats' why Karaf has a sub-project for a JMX webconsole page. A
>> couple
>> >>>> of
>> >>>> pretty smart developers work extra hard to make that page, and I
>> would
>> >>>> suggest you use that if you're having trouble connecting to teh JMX
>> >>>> server
>> >>>> holding your Karaf mbean information.
>> >>>>
>> >>>> Please let me know if that helps.
>> >>>>
>> >>>> -----
>> >>>> Mike Van (All links open in new tabs)
>> >>>> Committer - Kalumet
>> >>>>
>> >>>> Atraxia Technologies
>> >>>>
>> >>>> Mike Van's Open Source Technologies Blog
>> >>>> --
>> >>>> View this message in context:
>> >>>>
>> http://karaf.922171.n3.nabble.com/Connect-to-remote-JMX-tp3846988p3853241.html
>> >>>> Sent from the Karaf - User mailing list archive at Nabble.com.
>> >>>
>> >>>
>> >>
>> >
>>
>
>
Re: Connect to remote JMX?
Posted by Thiago Souza <tc...@gmail.com>.
Hi Dan,
Client machine is:
Windows Server 2008 R2 Datacenter 64-bit
Java(TM) SE Runtime Environment (build 1.7.0_03-b05)
Server machine is:
Ubuntu 11.10 64-bit
OpenJDK Runtime Environment (IcedTea6 1.11pre)
(6b23~pre11-0ubuntu1.11.10.2)
There is nothing relevant in log... and I get same behavior with
jconsole...
Cheers!
On Mon, Mar 26, 2012 at 14:30, Dan Tran <da...@gmail.com> wrote:
> On Mon, Mar 26, 2012 at 10:20 AM, Thiago Souza <tc...@gmail.com>
> wrote:
> Could you tell us more about yr karaf platform ( OS, jre )?
>
> Are you able to see any thing from debug log?
>
> How about JConsole?
>
> -D
>
>
> > Hi Niko,
> >
> > Thanks for your help... but this is already configured... also, I can
> > successfuly connect to other jvm (running tomcat only) from the same
> client
> > machine using this configuration... I just can't connect to karaf based
> > jvm...
> >
> > Thanks
> >
> > On Mon, Mar 26, 2012 at 12:06, Nick Dimos <ni...@googlemail.com>
> wrote:
> >>
> >> Hi Tiago,
> >>
> >> Can you please check this:
> >> http://stackoverflow.com/questions/834581/remote-jmx-connection
> >>
> >> Hope that helps.
> >> Cheers,
> >> Nikos
> >>
> >>
> >> On Mon, Mar 26, 2012 at 5:44 PM, Thiago Souza <tc...@gmail.com>
> >> wrote:
> >>>
> >>> Hi Mike,
> >>>
> >>> Thanks for you reply! There is no firewall configured thought =/...
> >>> Unfortunately what I really need is JVisualVM due to it's profiling
> >>> tools...
> >>>
> >>> Also, I'm quite sure user/password is correct, I'm using default
> >>> configuration....
> >>>
> >>> Cheers,
> >>> Thiago Souza
> >>>
> >>>
> >>> On Fri, Mar 23, 2012 at 23:51, mikevan <mv...@comcast.net>
> wrote:
> >>>>
> >>>> Thiago,
> >>>>
> >>>> So, here's some background on what's probably causing your issue.
> >>>> JVisualVM
> >>>> actually uses two ports when you connect to a JMX Server remotely. We
> >>>> already know about the one that configured in Karaf 1099. However,
> >>>> JVisualVM
> >>>> also randomly selects a port to connect to the JMX Server. If your
> >>>> version
> >>>> of Karaf is behind a firewall, on a highly protected VM (like in a
> >>>> VMWare
> >>>> cloud), or has other security concerns associated with it, you may
> never
> >>>> be
> >>>> able to reliabley connect.
> >>>>
> >>>> Thats' why Karaf has a sub-project for a JMX webconsole page. A couple
> >>>> of
> >>>> pretty smart developers work extra hard to make that page, and I would
> >>>> suggest you use that if you're having trouble connecting to teh JMX
> >>>> server
> >>>> holding your Karaf mbean information.
> >>>>
> >>>> Please let me know if that helps.
> >>>>
> >>>> -----
> >>>> Mike Van (All links open in new tabs)
> >>>> Committer - Kalumet
> >>>>
> >>>> Atraxia Technologies
> >>>>
> >>>> Mike Van's Open Source Technologies Blog
> >>>> --
> >>>> View this message in context:
> >>>>
> http://karaf.922171.n3.nabble.com/Connect-to-remote-JMX-tp3846988p3853241.html
> >>>> Sent from the Karaf - User mailing list archive at Nabble.com.
> >>>
> >>>
> >>
> >
>
Re: Connect to remote JMX?
Posted by Dan Tran <da...@gmail.com>.
On Mon, Mar 26, 2012 at 10:20 AM, Thiago Souza <tc...@gmail.com> wrote:
Could you tell us more about yr karaf platform ( OS, jre )?
Are you able to see any thing from debug log?
How about JConsole?
-D
> Hi Niko,
>
> Thanks for your help... but this is already configured... also, I can
> successfuly connect to other jvm (running tomcat only) from the same client
> machine using this configuration... I just can't connect to karaf based
> jvm...
>
> Thanks
>
> On Mon, Mar 26, 2012 at 12:06, Nick Dimos <ni...@googlemail.com> wrote:
>>
>> Hi Tiago,
>>
>> Can you please check this:
>> http://stackoverflow.com/questions/834581/remote-jmx-connection
>>
>> Hope that helps.
>> Cheers,
>> Nikos
>>
>>
>> On Mon, Mar 26, 2012 at 5:44 PM, Thiago Souza <tc...@gmail.com>
>> wrote:
>>>
>>> Hi Mike,
>>>
>>> Thanks for you reply! There is no firewall configured thought =/...
>>> Unfortunately what I really need is JVisualVM due to it's profiling
>>> tools...
>>>
>>> Also, I'm quite sure user/password is correct, I'm using default
>>> configuration....
>>>
>>> Cheers,
>>> Thiago Souza
>>>
>>>
>>> On Fri, Mar 23, 2012 at 23:51, mikevan <mv...@comcast.net> wrote:
>>>>
>>>> Thiago,
>>>>
>>>> So, here's some background on what's probably causing your issue.
>>>> JVisualVM
>>>> actually uses two ports when you connect to a JMX Server remotely. We
>>>> already know about the one that configured in Karaf 1099. However,
>>>> JVisualVM
>>>> also randomly selects a port to connect to the JMX Server. If your
>>>> version
>>>> of Karaf is behind a firewall, on a highly protected VM (like in a
>>>> VMWare
>>>> cloud), or has other security concerns associated with it, you may never
>>>> be
>>>> able to reliabley connect.
>>>>
>>>> Thats' why Karaf has a sub-project for a JMX webconsole page. A couple
>>>> of
>>>> pretty smart developers work extra hard to make that page, and I would
>>>> suggest you use that if you're having trouble connecting to teh JMX
>>>> server
>>>> holding your Karaf mbean information.
>>>>
>>>> Please let me know if that helps.
>>>>
>>>> -----
>>>> Mike Van (All links open in new tabs)
>>>> Committer - Kalumet
>>>>
>>>> Atraxia Technologies
>>>>
>>>> Mike Van's Open Source Technologies Blog
>>>> --
>>>> View this message in context:
>>>> http://karaf.922171.n3.nabble.com/Connect-to-remote-JMX-tp3846988p3853241.html
>>>> Sent from the Karaf - User mailing list archive at Nabble.com.
>>>
>>>
>>
>
Re: Connect to remote JMX?
Posted by Thiago Souza <tc...@gmail.com>.
Hi Niko,
Thanks for your help... but this is already configured... also, I can
successfuly connect to other jvm (running tomcat only) from the same client
machine using this configuration... I just can't connect to karaf based
jvm...
Thanks
On Mon, Mar 26, 2012 at 12:06, Nick Dimos <ni...@googlemail.com> wrote:
> Hi Tiago,
>
> Can you please check this:
> http://stackoverflow.com/questions/834581/remote-jmx-connection
>
> Hope that helps.
> Cheers,
> Nikos
>
>
> On Mon, Mar 26, 2012 at 5:44 PM, Thiago Souza <tc...@gmail.com>wrote:
>
>> Hi Mike,
>>
>> Thanks for you reply! There is no firewall configured thought =/...
>> Unfortunately what I really need is JVisualVM due to it's profiling
>> tools...
>>
>> Also, I'm quite sure user/password is correct, I'm using default
>> configuration....
>>
>> Cheers,
>> Thiago Souza
>>
>>
>> On Fri, Mar 23, 2012 at 23:51, mikevan <mv...@comcast.net> wrote:
>>
>>> Thiago,
>>>
>>> So, here's some background on what's probably causing your issue.
>>> JVisualVM
>>> actually uses two ports when you connect to a JMX Server remotely. We
>>> already know about the one that configured in Karaf 1099. However,
>>> JVisualVM
>>> also randomly selects a port to connect to the JMX Server. If your
>>> version
>>> of Karaf is behind a firewall, on a highly protected VM (like in a VMWare
>>> cloud), or has other security concerns associated with it, you may never
>>> be
>>> able to reliabley connect.
>>>
>>> Thats' why Karaf has a sub-project for a JMX webconsole page. A couple of
>>> pretty smart developers work extra hard to make that page, and I would
>>> suggest you use that if you're having trouble connecting to teh JMX
>>> server
>>> holding your Karaf mbean information.
>>>
>>> Please let me know if that helps.
>>>
>>> -----
>>> Mike Van (All links open in new tabs)
>>> Committer - Kalumet
>>>
>>> Atraxia Technologies
>>>
>>> Mike Van's Open Source Technologies Blog
>>> --
>>> View this message in context:
>>> http://karaf.922171.n3.nabble.com/Connect-to-remote-JMX-tp3846988p3853241.html
>>> Sent from the Karaf - User mailing list archive at Nabble.com.
>>>
>>
>>
>
Re: Connect to remote JMX?
Posted by Nick Dimos <ni...@googlemail.com>.
Hi Tiago,
Can you please check this:
http://stackoverflow.com/questions/834581/remote-jmx-connection
Hope that helps.
Cheers,
Nikos
On Mon, Mar 26, 2012 at 5:44 PM, Thiago Souza <tc...@gmail.com> wrote:
> Hi Mike,
>
> Thanks for you reply! There is no firewall configured thought =/...
> Unfortunately what I really need is JVisualVM due to it's profiling
> tools...
>
> Also, I'm quite sure user/password is correct, I'm using default
> configuration....
>
> Cheers,
> Thiago Souza
>
>
> On Fri, Mar 23, 2012 at 23:51, mikevan <mv...@comcast.net> wrote:
>
>> Thiago,
>>
>> So, here's some background on what's probably causing your issue.
>> JVisualVM
>> actually uses two ports when you connect to a JMX Server remotely. We
>> already know about the one that configured in Karaf 1099. However,
>> JVisualVM
>> also randomly selects a port to connect to the JMX Server. If your version
>> of Karaf is behind a firewall, on a highly protected VM (like in a VMWare
>> cloud), or has other security concerns associated with it, you may never
>> be
>> able to reliabley connect.
>>
>> Thats' why Karaf has a sub-project for a JMX webconsole page. A couple of
>> pretty smart developers work extra hard to make that page, and I would
>> suggest you use that if you're having trouble connecting to teh JMX server
>> holding your Karaf mbean information.
>>
>> Please let me know if that helps.
>>
>> -----
>> Mike Van (All links open in new tabs)
>> Committer - Kalumet
>>
>> Atraxia Technologies
>>
>> Mike Van's Open Source Technologies Blog
>> --
>> View this message in context:
>> http://karaf.922171.n3.nabble.com/Connect-to-remote-JMX-tp3846988p3853241.html
>> Sent from the Karaf - User mailing list archive at Nabble.com.
>>
>
>
Re: Connect to remote JMX?
Posted by Thiago Souza <tc...@gmail.com>.
Hi Mike,
Thanks for you reply! There is no firewall configured thought =/...
Unfortunately what I really need is JVisualVM due to it's profiling
tools...
Also, I'm quite sure user/password is correct, I'm using default
configuration....
Cheers,
Thiago Souza
On Fri, Mar 23, 2012 at 23:51, mikevan <mv...@comcast.net> wrote:
> Thiago,
>
> So, here's some background on what's probably causing your issue.
> JVisualVM
> actually uses two ports when you connect to a JMX Server remotely. We
> already know about the one that configured in Karaf 1099. However,
> JVisualVM
> also randomly selects a port to connect to the JMX Server. If your version
> of Karaf is behind a firewall, on a highly protected VM (like in a VMWare
> cloud), or has other security concerns associated with it, you may never be
> able to reliabley connect.
>
> Thats' why Karaf has a sub-project for a JMX webconsole page. A couple of
> pretty smart developers work extra hard to make that page, and I would
> suggest you use that if you're having trouble connecting to teh JMX server
> holding your Karaf mbean information.
>
> Please let me know if that helps.
>
> -----
> Mike Van (All links open in new tabs)
> Committer - Kalumet
>
> Atraxia Technologies
>
> Mike Van's Open Source Technologies Blog
> --
> View this message in context:
> http://karaf.922171.n3.nabble.com/Connect-to-remote-JMX-tp3846988p3853241.html
> Sent from the Karaf - User mailing list archive at Nabble.com.
>
Re: Connect to remote JMX?
Posted by mikevan <mv...@comcast.net>.
Thiago,
So, here's some background on what's probably causing your issue. JVisualVM
actually uses two ports when you connect to a JMX Server remotely. We
already know about the one that configured in Karaf 1099. However, JVisualVM
also randomly selects a port to connect to the JMX Server. If your version
of Karaf is behind a firewall, on a highly protected VM (like in a VMWare
cloud), or has other security concerns associated with it, you may never be
able to reliabley connect.
Thats' why Karaf has a sub-project for a JMX webconsole page. A couple of
pretty smart developers work extra hard to make that page, and I would
suggest you use that if you're having trouble connecting to teh JMX server
holding your Karaf mbean information.
Please let me know if that helps.
-----
Mike Van (All links open in new tabs)
Committer - Kalumet
Atraxia Technologies
Mike Van's Open Source Technologies Blog
--
View this message in context: http://karaf.922171.n3.nabble.com/Connect-to-remote-JMX-tp3846988p3853241.html
Sent from the Karaf - User mailing list archive at Nabble.com.
Re: Connect to remote JMX?
Posted by Thiago Souza <tc...@gmail.com>.
What registry port? It's configured as default (1099)
I also tried the whole serviceUrl
service:jmx:rmi://<host>:44444/jndi/rmi://<host>:1099/karaf-root with no
success
I already checked tons of docs, can't find any helpful =/
Cheers
On Thu, Mar 22, 2012 at 00:29, Dan Tran <da...@gmail.com> wrote:
> you miss the registry port. See o.p.karaf.management.cfg for details
>
> also check the doc
>
> -D
>
> On Wed, Mar 21, 2012 at 3:06 PM, Thiago Souza <tc...@gmail.com>
> wrote:
> > Hi,
> >
> > On Apache Karaf 2.2.5 I'm trying to connect to remote JMX
> > using: service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root, but with or
> > without password (karaf/karaf) I can not connect to it using jvisualvm.
> >
> > I can successfully telnet to port 1099 from client. I'm using
> default
> > configurantion, is there any extra configuration for this to work?
> >
> > Thanks,
> > Thiago Souza
>
Re: Connect to remote JMX?
Posted by Dan Tran <da...@gmail.com>.
you miss the registry port. See o.p.karaf.management.cfg for details
also check the doc
-D
On Wed, Mar 21, 2012 at 3:06 PM, Thiago Souza <tc...@gmail.com> wrote:
> Hi,
>
> On Apache Karaf 2.2.5 I'm trying to connect to remote JMX
> using: service:jmx:rmi:///jndi/rmi://<host>:1099/karaf-root, but with or
> without password (karaf/karaf) I can not connect to it using jvisualvm.
>
> I can successfully telnet to port 1099 from client. I'm using default
> configurantion, is there any extra configuration for this to work?
>
> Thanks,
> Thiago Souza