本文详细介绍如何使用JavaVisualVM进行远程服务器监控,包括Linux环境下配置无需密码访问、配置jmxremote.password与jmxremote.access文件,以及客户端远程连接方法。解决连接失败、防火墙限制等问题。
一、前言
关于 Java VisualVM,想要远程,从网上找了许多资料,发现都不能实现,经过好长时间才摸索出正确连接方式。特此,记录一下,免得重蹈覆辙。下面以连接远程服务器为例。
二、环境
Linux :CentOS7 、tomcat8.5.24、jdk1.8.0_141、
Windows10:jdk1.8.0_141、idea2018.2(ultimate)
三、VisualVM Launcher
1、安装VisualVM Launcher插件
从本地jdk中选择visualvm.exe,进行配置。
idea安装完。
打开JAVA VisualVM
备注:可以从jdk的bin目录下直接执行EXE程序,
四、Linux配置
1、配置无需用户密码访问
找到tomcat\bin\catalina.sh文件,进行编辑。
在tomcat的bin目录下的catalina.sh中约308行处(搜索# ----- Execute The Requested Command --------------------------------------)
添加如下配置,然后重新启动tomcat即可。(当然不需要用户名密码,就可以访问)
[ $1 != "stop" ] && JAVA_OPTS="-Dcom.sun.management.jmxremote \
-Dcom.sun.management.jmxremote.port=9008 \
-Djava.rmi.server.hostname=192.168.1.111 \
-Dcom.sun.management.jmxremote.ssl=false \
-Dcom.sun.management.jmxremote.authenticate=false $JAVA_OPTS"
export JAVA_OPTS添加结果:
参数说明:
其中,
-Djava.rmi.server.hostname=10.32.2.24 ---------------- 10.32.2.24为tomcat所在机器的ip地址。
-Dcom.sun.management.jmxremote ----------------- 开启jmx,jdk1.5之前还要手动开启,现在已经默认开启了,可以省略
-Dcom.sun.management.jmxremote.port=1099 -------------------jmx的端口(该端口为未占用端口)
-Dcom.sun.management.jmxremote.authenticate=false ---------------- 不开启用户认证
-Dcom.sun.management.jmxremote.ssl=false ----------------------不开启ssl通信
如果-Dcom.sun.management.jmxremote.authenticate=true,则需要指定jmxremote.password与jmxremote.access
-Dcom.sun.management.jmxremote.password.file=/opt/jdk1.8.0_141_x64/jre/lib/management/jmxremote.password
-Dcom.sun.management.jmxremote.access.file=/opt/jdk1.8.0_141_x64/jre/lib/management/jmxremote.access
| Property | Description | Values |
|---|---|---|
| com.sun.management.jmxremote | Enables the JMX remote agent and local monitoring via a JMX connector published on a private interface used by JConsole and any other local JMX clients that use the Attach API. JConsole can use this connector if it is started by the same user as the user that started the agent. No password or access files are checked for requests coming via this connector. | true / false. Default is true. |
| com.sun.management.jmxremote. port | Enables the JMX remote agent and creates a remote JMX connector to listen through the specified port. By default, the SSL, password, and access file properties are used for this connector. It also enables local monitoring as described for the com.sun.management.jmxremote property. | Port number. No default. |
| com.sun.management.jmxremote. registry.ssl | Binds the RMI connector stub to an RMI registry protected by SSL. | true / false. Default is false. |
| com.sun.management.jmxremote. ssl | Enables secure monitoring via SSL. If false, then SSL is not used. | true / false. Default is true. |
| com.sun.management.jmxremote. ssl.enabled.protocols | A comma-delimited list of SSL/TLS protocol versions to enable. Used in conjunction with com.sun.management.jmxremote.ssl. | Default SSL/TLS protocol version. |
| com.sun.management.jmxremote. ssl.enabled.cipher.suites | A comma-delimited list of SSL/TLS cipher suites to enable. Used in conjunction with com.sun.management.jmxremote.ssl. | Default SSL/TLS cipher suites. |
| com.sun.management.jmxremote. ssl.need.client.auth | If this property is true and the property com.sun.management.jmxremote.ssl is also true, then client authentication will be performed. It is recommended that you set this property to true. | true / false. Default is false. |
| com.sun.management.jmxremote. authenticate | If this property is false then JMX does not use passwords or access files: all users are allowed all access. | true / false. Default is true. |
| com.sun.management.jmxremote. password.file | Specifies location for password file. If com.sun.management.jmxremote.authenticate is false, then this property and the password and access files are ignored. Otherwise, the password file must exist and be in the valid format. If the password file is empty or nonexistent, then no access is allowed. | JRE_HOME/lib/management/ jmxremote.password |
| com.sun.management.jmxremote. access.file | Specifies location for the access file. If com.sun.management.jmxremote.authenticate is false, then this property and the password and access files are ignored. Otherwise, the access file must exist and be in the valid format. If the access file is empty or nonexistent, then no access is allowed. | JRE_HOME/lib/management/ jmxremote.access |
| com.sun.management.jmxremote.login.config | Specifies the name of a Java Authentication and Authorization Service (JAAS) login configuration entry to use when the JMX agent authenticates users. When using this property to override the default login configuration, the named configuration entry must be in a file that is loaded by JAAS. In addition, the login modules specified in the configuration should use the name and password callbacks to acquire the user's credentials. For more information, see the API documentation forjavax.security.auth.callback.NameCallback and javax.security.auth.callback.PasswordCallback. | Default login configuration is a file-based password authentication. |
2、配置jmxremote.password与jmxremote.access,开启用户认证。该文件在jdk\jre\lib\management目录下。
复制 jmxremote.password.template 为新的文件jmxremote.password,并且为jmxremote.password与jmxremote.access赋予读写权限。
jmxremote.password模板:
[用户名] [密码]
mtct ct.meituan
test test
jmxremote.access模板:
[用户名] [权限]
mtct readwrite
test readonly修改完两个模板,保存即可。
五、客户端远程连接(以未开启用户认证为例)
如果开启用户认证,则选中使用安全凭证,并输入用户名,密码。
进入JAVA VisualVM
JConsole连接同理。
还有一种连接方式jstatd连接方式,就不在赘述。
六、期间遇到的问题
1、service:jmx:rmi:///jndi/rmi://10.32.2.24:1099/jmxrmi 连接到 10.32.2.24:1099
多半是Linux服务器没进行对应的配置。
2、如果连接拒绝,检查一下防火墙,是不是防火墙不允许该IP访问。
3、在启动tomcat的时候,日志提示:代理抛出异常错误: java.net.MalformedURLException: Local host name unknown: java.net.UnknownHostException:***
首先,检查 当前服务器hostname 是否为 XXX;其次,vim /etc/hosts,检查 ip 地址后面的解析是否为:XXX,没有 更新为XXX
问题发生可能原因:
tomcat 下 bin下 调整了 /catalina.sh ,开启了jmx的配置,其中有一个参数 是关于hostname 的解析 指向了 ip 导致跟tomcat 下 conf/server.xml 下的host 解析域名的冲突。故处理hostname 的解析,执行域名,该问题影响域名指向问题也可以处理掉。
也可以使用hostname 修改一下临时主机名(服务器重启后恢复),即可。
--------------------- 本文来自 maweiba163 的CSDN 博客 ,全文地址请点击:https://blog.csdn.net/maweiba163/article/details/51913055?utm_source=copy
扫一扫
1024
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
