You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Marcin Domański <do...@gmail.com> on 2013/09/11 20:29:48 UTC
[Tomcat-7.0.42/JmxRemoteLifecycleListener] rmiBindAddress vs localhost
Hi there!
I am trying to setup a Tomcat instance using only specific address for all
communications. This is convenient for us from the point of IPsec. I was
able to succeed in http, https, ajp, etc. but for JMX I still cannot get it
right. For this example, let's assume, my desired address is 127.2.0.1.
Currently my configuration is as follows:
- <Listener
className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener"
rmiRegistryPortPlatform="9012" rmiServerPortPlatform="9013"
useLocalPorts="true" />
Which allows to connect to the server at "service:jmx:rmi:///jndi/rmi://
127.2.0.1:9012/jmxrmi but also localhost (means I cannot run second
instance with different IP)
On the other hand,when I try following:
- <Listener
className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener"
rmiRegistryPortPlatform="9012" rmiServerPortPlatform="9013"
useLocalPorts="true" rmiBindAddress="127.2.0.1"/>
On Windows machine I get a network error basically saying there is no
server configured at localhost in JmxRemoteLifecycleListener:304.
Here's the code :
http://grepcode.com/file/repo1.maven.org/maven2/org.apache.tomcat/tomcat-catalina-jmx-remote/7.0.42/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java#304
According
to that it seems that both Tomcat RMI server and registry must be
accessible on localhost when using JmxRemoteLifecycleListener. Is it true?
Marcin
Re: [Tomcat-7.0.42/JmxRemoteLifecycleListener] rmiBindAddress vs
localhost
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Marcin,
On 9/11/13 2:29 PM, Marcin Domański wrote:
> Hi there! I am trying to setup a Tomcat instance using only
> specific address for all communications. This is convenient for us
> from the point of IPsec. I was able to succeed in http, https, ajp,
> etc. but for JMX I still cannot get it right. For this example,
> let's assume, my desired address is 127.2.0.1. Currently my
> configuration is as follows:
>
> - <Listener
> className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener"
> rmiRegistryPortPlatform="9012" rmiServerPortPlatform="9013"
> useLocalPorts="true" />
>
>
> Which allows to connect to the server at
> "service:jmx:rmi:///jndi/rmi:// 127.2.0.1:9012/jmxrmi but also
> localhost (means I cannot run second instance with different IP)
Hmm. I would have expected "useLocalPorts" to bind only to 127.0.0.1
(i.e. localhost). What does netstat tell you under this configuration?
> On the other hand,when I try following:
>
> - <Listener
> className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener"
> rmiRegistryPortPlatform="9012" rmiServerPortPlatform="9013"
> useLocalPorts="true" rmiBindAddress="127.2.0.1"/>
>
> On Windows machine I get a network error basically saying there is
> no server configured at localhost in
> JmxRemoteLifecycleListener:304.
You get this on startup? Post the full stack trace, please.
What do you have in /etc/hosts (or the win32 equivalent)?
What happens if you do rmiBindAddress="127.2.0.1" and don't specify
useLocalPorts="true" (I believe the former essentially covers the latter)?
> Here's the code :
> http://grepcode.com/file/repo1.maven.org/maven2/org.apache.tomcat/tomcat-catalina-jmx-remote/7.0.42/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java#304
>
>
According
> to that it seems that both Tomcat RMI server and registry must be
> accessible on localhost when using JmxRemoteLifecycleListener. Is
> it true?
useLocalPorts="true" means that Tomcat will use "localhost" as the
binding host address. If you don't have "localhost" defined anywhere
(usually /etc/hosts), then the IP lookup will fail.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJSMdp3AAoJEBzwKT+lPKRYNl4QAJbbOhlb4Sjj1JN5IfP9GFhj
IWACAiwnpvAnhwft86HJHzLPWP4i2+OLcRmko1txZv3xmP+KtdsFEe2g4dxhPeHd
Ud9U3vXrf4iroBy5GssTdx0yF7NHBIvmI6yM0ec72Mm/OunPHJAfsBJsKTRczM1P
mv+u40WacuyoTqMtAwpb8y3skhQXq1gAS53nrlleWM80xhx7vmdEo27S5JRk00hq
g7hyENYWHfvxnctiIlwmY1e2nnLvp8+donxDBYwuGI4mQj9U8+kcl+zrt1V1d1ZM
la4snyHhZM+VpLCDmF9xu5Qr2BC7Wu9BYZjC6jRv6EfqjkfymJd3KnasnLy62SkL
0pqka6KM1+j5kwXCLDdqnzB210pT2yGzcZN/uki+cSZHaZ1m7d+eBXmtH+FkrULN
SYEPrcd3OCtkBE7wkV5JnAuArso/Pq70My9C4J/2R5cLqgFzq2gdSAKLz9gx3Cm0
tofye1Iceci/wEIXsdvvevMImLtVaqPMFjDH9KhMx8Wa0JFBx6u50JhIlehdrwD+
j/nqwB7pyeCMwz5cN9BTWXLA42qxiRw5hQfhMqsyhwT1vmXhEhzkG2KV+mkqtB7P
FIhFmliRJLS9WXObjmpJQep13idPk/mbdLxXZIIzjpsk85gV0hndIZuszhiZGHe0
p1NjpJjVvbR7t2AHuOFr
=e0yo
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: [Tomcat-7.0.42/JmxRemoteLifecycleListener] rmiBindAddress vs
localhost
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Marcin,
On 9/18/13 8:58 AM, Marcin Domański wrote:
> 2013/9/12 <us...@tomcat.apache.org>
>> On 9/11/13 2:29 PM, Marcin Domański wrote:
>>> Hi there! I am trying to setup a Tomcat instance using only
>>> specific address for all communications. This is convenient for
>>> us from the point of IPsec. I was able to succeed in http,
>>> https, ajp, etc. but for JMX I still cannot get it right. For
>>> this example, let's assume, my desired address is 127.2.0.1.
>>> Currently my configuration is as follows:
>>>
>>> - <Listener
>>> className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener"
>>>
>>>
rmiRegistryPortPlatform="9012" rmiServerPortPlatform="9013"
>>> useLocalPorts="true" />
>>>
>>>
>>> Which allows to connect to the server at
>>> "service:jmx:rmi:///jndi/rmi:// 127.2.0.1:9012/jmxrmi but also
>>> localhost (means I cannot run second instance with different
>>> IP)
>>
>> Hmm. I would have expected "useLocalPorts" to bind only to
>> 127.0.0.1 (i.e. localhost). What does netstat tell you under this
>> configuration?
>
> I see open ports to 127.2.0.1:9012 whenever I have rmiBindAddress
> set and applied patch in JmxRemoteLifecycleListener to use
> rmiBindAddress instead of localhost around line 304, otherwise I
> get exception whenever I use rmiBindAddress=127.2.0.1 and no ports
> are open.
What patch did you apply?
> Netstat with patch and rmiBindAddress=127.0.2.1 and
> useLocalPorts=false: TCP 127.0.2.1:9012 XXX:0
> LISTENING TCP 127.0.2.1:9013 XXX:0
> LISTENING
>
> Netstat with patch and rmiBindAddress=127.0.2.1 and
> useLocalPorts=true:
>
> TCP 127.0.2.1:9012 XXX:0 LISTENING TCP
> 127.0.2.1:9013 XXX:0 LISTENING
That certainly looks like useLocalPorts is not doing anything in your
configuration. I suppose it depends upon whatever patch you applied. I
don't think you should require a patch... just don't use
useLocalPorts=true and let rmiBindAddresss do its job.
Isn't the above what you wanted? To bind on the VPN interface?
> Seems that it connects differently because I see it using localhost
> for connections to port 9013 and 127.0.2.1 for 9012 (remote
> address in netstat)
The above look identical to me (both ports are are for 127.0.2.1). Am
I missing something?
>>> On Windows machine I get a network error basically saying there
>>> is no server configured at localhost in
>>> JmxRemoteLifecycleListener:304.
>>
>> You get this on startup? Post the full stack trace, please.
>>
>
> Yes, it is a startup of Tomcat itself, not my J2EE application. You
> can try it yourself. Stack is as follows:
>
> java.io.IOException: Cannot bind to URL
> [rmi://localhost:9012/jmxrmi]:
> javax.naming.ServiceUnavailableException [Root exception is
> java.rmi.ConnectException: Connection refused to host: localhost;
> nested exception is: java.net.ConnectException: Connection refused:
> connect]
I think it's important for you to tell us what your patch does. Nobody
knows what you've done in there.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJSOesRAAoJEBzwKT+lPKRY6BMQALWgjldYM/1JGZ0Vhs5ge5bz
rV90oDZb8k+iLPQIU2X1Rf7/znWz8DauAFvAwS5ghvgljdKBtZuoA6VDVZIzb+BV
eERg8Cbe07XY38Jw65chW5YKdxxy2+bMPdAvb5xkO3LjTTJfIkB5ZL8EigvTTaKY
zlrk2SreRzSyZiYNvqSjKoUpRMfnVL4EhvXwDauXFSnLnINE4T0CTwJ5lm0Wy3lS
5SDFuAZKRHQ6phEPnRxy0b0CekW3Pucw7m+um/07P2yI3ygkSGRH1hgZPIudDH2E
98I2ei5HdRtgNEMYUbPqpSioaz309nQjb6cVmjnfdInLN0TApw9QTbQG3Yryg8Kx
YSwaiMwid2TCvj+KNine4pvmRZ9ddFyslpBO7aqVR/G4Voqgg+ToxRbkqH3pdBqy
32qv3/gLJA7Mame9+0j/X9/+MbsyJqnuHcW+290ERXe5C2gXUXxnWhuLRBqRkKyl
+Kr5zh6X5fgO7OX884PjXtvvpZfibGJO66OFTNZDMma02mCjJDnWuNX37I+FXMva
PhLqpv7kgB5KbtwG+kliyyxRY9ygfQ/xDudL6d5WCxVjzq7OOxbr+lwxvEHKYfb6
Rz8JVPcgfqmuJ7QshT7vCkUOlGgTsJGxNnXC2n2KgdqeJhhO8TrDgG+QXtChR4SW
DaE8PEM0m/u3XpKsUoBs
=a8eK
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: [Tomcat-7.0.42/JmxRemoteLifecycleListener] rmiBindAddress vs localhost
Posted by Marcin Domański <do...@gmail.com>.
Chris,
2013/9/12 <us...@tomcat.apache.org>
>
>
> Marcin,
>
> On 9/11/13 2:29 PM, Marcin Domański wrote:
> > Hi there! I am trying to setup a Tomcat instance using only
> > specific address for all communications. This is convenient for us
> > from the point of IPsec. I was able to succeed in http, https, ajp,
> > etc. but for JMX I still cannot get it right. For this example,
> > let's assume, my desired address is 127.2.0.1. Currently my
> > configuration is as follows:
> >
> > - <Listener
> > className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener"
> > rmiRegistryPortPlatform="9012" rmiServerPortPlatform="9013"
> > useLocalPorts="true" />
> >
> >
> > Which allows to connect to the server at
> > "service:jmx:rmi:///jndi/rmi:// 127.2.0.1:9012/jmxrmi but also
> > localhost (means I cannot run second instance with different IP)
>
> Hmm. I would have expected "useLocalPorts" to bind only to 127.0.0.1
> (i.e. localhost). What does netstat tell you under this configuration?
>
I see open ports to 127.2.0.1:9012 whenever I have rmiBindAddress set and
applied patch in JmxRemoteLifecycleListener to use rmiBindAddress instead
of localhost around line 304, otherwise I get exception whenever I use
rmiBindAddress=127.2.0.1 and no ports are open.
Netstat with patch and rmiBindAddress=127.0.2.1 and useLocalPorts=false:
TCP 127.0.2.1:9012 XXX:0 LISTENING
TCP 127.0.2.1:9013 XXX:0 LISTENING
Netstat with patch and rmiBindAddress=127.0.2.1 and useLocalPorts=true:
TCP 127.0.2.1:9012 XXX:0 LISTENING
TCP 127.0.2.1:9013 XXX:0 LISTENING
Seems that it connects differently because I see it using localhost for
connections to port 9013 and 127.0.2.1 for 9012 (remote address in netstat)
> > On the other hand,when I try following:
> >
> > - <Listener
> > className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener"
> > rmiRegistryPortPlatform="9012" rmiServerPortPlatform="9013"
> > useLocalPorts="true" rmiBindAddress="127.2.0.1"/>
> >
> > On Windows machine I get a network error basically saying there is
> > no server configured at localhost in
> > JmxRemoteLifecycleListener:304.
>
> You get this on startup? Post the full stack trace, please.
>
Yes, it is a startup of Tomcat itself, not my J2EE application. You can try
it yourself. Stack is as follows:
java.io.IOException: Cannot bind to URL [rmi://localhost:9012/jmxrmi]:
javax.naming.ServiceUnavailableException [Root exception is
java.rmi.ConnectException: Connection refused to host: localhost; nested
exception is:
java.net.ConnectException: Connection refused: connect]
at
javax.management.remote.rmi.RMIConnectorServer.newIOException(RMIConnectorServer.java:827)
at
javax.management.remote.rmi.RMIConnectorServer.start(RMIConnectorServer.java:432)
at
org.apache.catalina.mbeans.JmxRemoteLifecycleListener.createServer(JmxRemoteLifecycleListener.java:304)
at
org.apache.catalina.mbeans.JmxRemoteLifecycleListener.lifecycleEvent(JmxRemoteLifecycleListener.java:258)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at
org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
at
org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402)
at
org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:347)
at
org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:725)
at
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.startup.Catalina.start(Catalina.java:691)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:322)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:456)
Caused by: javax.naming.ServiceUnavailableException [Root exception is
java.rmi.ConnectException: Connection refused to host: localhost; nested
exception is:
java.net.ConnectException: Connection refused: connect]
at
com.sun.jndi.rmi.registry.RegistryContext.bind(RegistryContext.java:143)
at
com.sun.jndi.toolkit.url.GenericURLContext.bind(GenericURLContext.java:226)
at javax.naming.InitialContext.bind(InitialContext.java:419)
at
javax.management.remote.rmi.RMIConnectorServer.bind(RMIConnectorServer.java:644)
at
javax.management.remote.rmi.RMIConnectorServer.start(RMIConnectorServer.java:427)
... 15 more
Caused by: java.rmi.ConnectException: Connection refused to host:
localhost; nested exception is:
java.net.ConnectException: Connection refused: connect
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:619)
at
sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:216)
at
sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:202)
at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:340)
at sun.rmi.registry.RegistryImpl_Stub.bind(Unknown Source)
at
com.sun.jndi.rmi.registry.RegistryContext.bind(RegistryContext.java:137)
... 19 more
Caused by: java.net.ConnectException: Connection refused: connect
at java.net.DualStackPlainSocketImpl.connect0(Native Method)
at
java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:69)
at
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
at
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
at
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:157)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:391)
at java.net.Socket.connect(Socket.java:579)
at java.net.Socket.connect(Socket.java:528)
at java.net.Socket.<init>(Socket.java:425)
at java.net.Socket.<init>(Socket.java:208)
at
sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketFactory.java:40)
at
sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketFactory.java:146)
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:613)
... 24 more
>
> What do you have in /etc/hosts (or the win32 equivalent)?
>
I have all commented out in hosts file (win32):
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
As far as I remember my previous attempts, when I set useLocalPorts = true
I can access same process using 127.2.0.1:9012 and localhost:9012,
otherwise, only second method works.
> What happens if you do rmiBindAddress="127.2.0.1" and don't specify
> useLocalPorts="true" (I believe the former essentially covers the latter)?
>
Setting this to true seems to only affect server not registry (see netstat
at the top).
>
> > Here's the code:
> >
> http://grepcode.com/file/repo1.maven.org/maven2/org.apache.tomcat/tomcat-catalina-jmx-remote/7.0.42/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java#304
> >
> >
> According
> > to that it seems that both Tomcat RMI server and registry must be
> > accessible on localhost when using JmxRemoteLifecycleListener. Is
> > it true?
>
> useLocalPorts="true" means that Tomcat will use "localhost" as the
> binding host address. If you don't have "localhost" defined anywhere
> (usually /etc/hosts), then the IP lookup will fail.
>
I did some patching replacing localhost with rmiBindAddress around line 304
and now Tomcat itself initializes correctly, our beans gets registered but
our connection from separate process fails with NameNotFoundException:
jmxrmi. Seems connection is established but beans are registered somewhere
else? We are using ManagementFactory.getPlatformMBeanServer() to register
our beans.
>
> - -chris
>
>
>
>