如何使用 JMX 连接到在 EC2 上运行的 Java 实例 [英] How to connect to Java instances running on EC2 using JMX
问题描述
我们在连接到在 Amazon EC2 集群中运行的 Java 应用程序时遇到问题.我们确实允许JMX 端口"(通常是 RMI 注册端口)和服务器端口(它完成大部分工作)到相关实例的安全组.Jconsole 连接但似乎挂起并且从不显示任何信息.
We are having problem connecting to our Java applications running in Amazon's EC2 cluster. We definitely have allowed both the "JMX port" (which is usually the RMI registry port) and the server port (which does most of the work) to the security-group for the instances in question. Jconsole connects but seems to hang and never show any information.
我们正在运行我们的java,如下所示:
We are running our java with something like the following:
java -server -jar foo.jar other parameters here > java.log 2>&1
我们已经尝试过:
- Telnet 到端口connect,但没有显示任何信息.
- 我们可以通过 ssh 使用 remote-X11 在实例本身上运行
jconsole,它会连接并显示信息.所以 JRE 正在在本地导出它. - 打开安全组中的所有端口.哎呀.
- 使用
tcpdump确保流量不会流向其他端口. - 在本地模拟它.我们始终可以使用相同的应用程序参数连接到本地 JRE 或运行在网络其他地方的 JRE.
- Telnets to the ports connect but no information is displayed.
- We can run
jconsoleon the instance itself using remote-X11 over ssh and it connects and shows information. So the JRE is exporting it locally. - Opening all ports in the security group. Weeee.
- Using
tcpdumpto make sure the traffic is not going to other ports. - Simulating it locally. We can always connect to our local JREs or those running elsewhere on our network using the same application parameters.
java -version 输出:
OpenJDK Runtime Environment (IcedTea6 1.11.5) (amazon-53.1.11.5.47.amzn1-x86_64)
OpenJDK 64-Bit Server VM (build 20.0-b12, mixed mode)
顺便说一句,我们正在使用我的 Simple JMX 包,它允许我们设置 RMI 注册表和服务器端口,通常由 RMI 注册表半随机选择.您还可以使用类似以下 JMX URI 的内容强制执行此操作:
As an aside, we are using my Simple JMX package which allows us to set both the RMI registry and server ports which are typically semi-randomly chosen by the RMI registry. You can also force this with something like the following JMX URI:
service:jmx:rmi://localhost:" + serverPort + "/jndi/rmi://:" + registryPort + "/jmxrmi"
如今,我们对服务器和注册表使用相同的端口.过去,我们使用 X 作为注册端口,使用 X+1 作为服务器端口,以简化安全组规则.您可以连接到 jconsole 或您正在使用的任何 JMX 客户端中的注册表端口.
These days we use the same port for both the server and the registry. In the past we have used X as the registry-port and X+1 for the server-port to make the security-group rules easy. You connect to the registry-port in jconsole or whatever JMX client you are using.
推荐答案
我们在连接到在 Amazon EC2 集群中运行的 Java 应用程序时遇到问题.
We are having problem connecting to our Java applications running in Amazon's EC2 cluster.
事实证明,问题是两个缺失设置的组合.第一个强制 JRE 更喜欢 ipv4 而不 v6.这是必要的(我猜),因为我们正在尝试通过 v4 地址连接到它:
It turns out that the problem was a combination of two missing settings. The first forces the JRE to prefer ipv4 and not v6. This was necessary (I guess) since we are trying to connect to it via a v4 address:
-Djava.net.preferIPv4Stack=true
真正的阻碍是 JMX 的工作原理是首先联系 RMI 端口,该端口响应 主机名 和 JMX 客户端连接的端口.无需额外设置,它将使用盒子的本地 IP,这是远程客户端无法路由到的 10.X.X.X 虚拟地址.我们需要添加以下设置,即服务器的 external 主机名或 IP —— 在本例中,它是服务器的弹性主机名.
The real blocker was the fact that JMX works by first contacting the RMI port which responds with the hostname and port for the JMX client to connect. With no additional settings it will use the local IP of the box which is a 10.X.X.X virtual address which a remote client cannot route to. We needed to add the following setting which is the external hostname or IP of the server -- in this case it is the elastic hostname of the server.
-Djava.rmi.server.hostname=ec2-107-X-X-X.compute-1.amazonaws.com
如果您想自动化您的 EC2 实例(以及您为什么不这样做),诀窍是如何在运行时找到此地址.为此,您需要在我们的应用程序启动脚本中添加如下内容:
The trick, if you are trying to automate your EC2 instances (and why the hell would you not), is how to find this address at runtime. To do that you need to put something like the following in our application boot script:
# get our _external_ hostname
RMI_HOST=`wget -q -O - http://169.254.169.254/latest/meta-data/public-hostname`
...
java -server
-Djava.net.preferIPv4Stack=true -Djava.rmi.server.hostname=$RMI_HOST
-jar foo.jar other parameters here > java.log 2>&1
上述 wget 命令中神秘的 169.254.169.254 IP 提供了 EC2 实例可以请求的有关自身的信息.我很失望这不包含仅在经过身份验证的调用中可用的标签.
The mysterious 169.254.169.254 IP in the wget command above provides information that the EC2 instance can request about itself. I'm disappointed that this does not include tags which are only available in an authenticated call.
我最初使用的是 extern ipv4 地址,但看起来 JDK 在启动时尝试与服务器端口建立连接.如果它使用外部 IP,那么这会减慢我们的应用程序启动时间,直到超时.public-hostname 在本地解析为 10-net 地址,在外部解析为 public-ipv4.所以应用程序现在启动速度很快,JMX 客户端仍然可以工作.呜呼!
I initially was using the extern ipv4 address but it looks like the JDK tries to make a connection to the server-port when it starts up. If it uses the external IP then this was slowing our application boot time until that timed out. The public-hostname resolves locally to the 10-net address and to the public-ipv4 externally. So the application now is starting fast and JMX clients still work. Woo hoo!
希望这对其他人有帮助.今天花了我 3 小时.
Hope this helps someone else. Cost me 3 hours today.
要强制您的 JMX 服务器在指定端口上启动服务器和 RMI 注册表,以便您可以在 EC2 安全组中阻止它们,请参阅此答案:
To force your JMX server to start the server and the RMI registry on designated ports so you can block them in the EC2 Security Groups, see this answer:
我们刚刚再次出现这个问题.似乎 Java JMX 代码正在对框的主机名进行一些主机名查找,并使用它们来尝试连接和验证 JMX 连接.
We just had this problem re-occur. It seems that the Java JMX code is doing some hostname lookups on the hostname of the box and using them to try to connect and verify the JMX connection.
问题似乎是要求盒子的本地主机名应该解析为盒子的本地 IP.例如,如果您的 /etc/sysconfig/network 有 HOSTNAME=server1.foobar.com 那么如果您在 server1.foobar.com,您应该会到达 10-NET 虚拟地址.我们正在生成自己的 /etc/hosts 文件,但文件中缺少本地主机的主机名.这导致我们的应用程序在启动时暂停或根本不启动.
The issue seems to be a requirement that the local hostname of the box should resolve to the local-ip of the box. For example, if your /etc/sysconfig/network has HOSTNAME=server1.foobar.com then if you do a DNS lookup on server1.foobar.com, you should get to the 10-NET virtual address. We were generating our own /etc/hosts file and the hostname of the local host was missing from the file. This caused our applications to either pause on startup or not startup at all.
最后
简化 JMX 创建的一种方法是使用我的 SimpleJMX 包.
One way to simplify your JMX creation is to use my SimpleJMX package.
这篇关于如何使用 JMX 连接到在 EC2 上运行的 Java 实例的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
