jmx/jstatd通过ssh隧道访问远程计算机 [英] jmx/jstatd access to remote machine through an ssh tunnel
问题描述
我想使用jmx或jstatd通过ssh隧道(连接到EC2计算机)使用visualvm app.我该怎么做呢?以下是已尝试(失败)的内容的列表: (顺便说一句:如果视觉虚拟机不合适,我如何找到远程计算机上的内存泄漏?)
jstatd:尝试:
我在EC2机器上设置了jstatd服务器(应用已在其上运行) 然后,我建立了一个将本地端口3333映射到远程端口1099的隧道 在VisualVM中,我尝试在端口3333上使用jstatd进行连接 ... EC2上没有任何进程
此链接表明jstatd打开了另一个端口: http://rukuro-blog.heroku .com/2011/06/30/monitoring-remote-java-applications-with-visualvm ...所以我将该端口从本地主机隧道传输到远程主机. 我重新启动了视觉虚拟机...还是没什么
当我尝试使用以下命令列出从EC2运行的进程时:
jps -l -m -v rmi://localhost
...我有一个进程列表
当我使用列出它在我的家用计算机上
jps -l -m -v rmi://localhost:3333
....我什么也没有!那么,rmi端口是否未与jstatd端口(3333)隧道连接?
jmx尝试:
我使用以下命令在远程计算机上启动了应用程序:
java -Dcom.sun.management.jmxremote.port=3333 \
-Dcom.sun.management.jmxremote.ssl=false \
-Dcom.sun.management.jmxremote.authenticate=false\
-cp :post/* <appName>
...该应用程序正常运行,因此我将本地端口3333隧穿到远程3333
然后我尝试从可视vm界面设置到localhost:3333的jmx链接: ...它弹出一个错误,说:
cannot connect to localhost:3333 using service:jmx:rmi:///jndi/rmi://localhost:3333/jmxrmi
如果我需要设置指向删除RMI服务器的链接,则不确定如何操作.
JMXMP尝试:
这很有希望,但是有些不对劲:
首先,我将jmx_remote jar添加到类路径,并使用与上面显示的JMX情况相同的命令在远程计算机上启动应用程序.我在 oracle下载中找到了jar链接
我设置了从本地端口3333到远程端口3333的ssh隧道.然后,我在calsspath中使用相同的jmx_remote文件启动了visualvm.
visualvm -cp:a ~/jmx/jmxremote_optional.jar
然后,我尝试使用以下方法将visualvm连接到远程服务器:
service:jmx:jmxmp://localhost:3333
现在,视觉虚拟机似乎尝试无限期地连接.它在状态栏中显示正在添加服务:jmx:jmxp://localhost:3333" ...并继续这样做,直到我关闭远程端的应用程序为止,此时它抛出一个弹出窗口,表明无法连接与服务器.
使用SOCKS时:
我同时使用JMX和jstatd的尝试失败.
我不确定SOCKS代理是否正常工作,所以这是我尝试连接的方式:
ssh -i ~/.ssh/starter.pem -v -D 9696 user@host
为了完整起见,我在另一端启动了命令:
java -Dcom.sun.management.jmxremote\
-Dcom.sun.management.jmxremote.ssl=false\
-Dcom.sun.management.jmxremote.authenticate=false\
-Dcom.sun.management.jmxremote.port=3333 <app>
在本地端,我按照解决方案
JMX/RMI很难直接建立隧道,因为如果使用RMI.基本上,服务器会创建一个RMI存根定义,该定义带有从其到达服务器后再连接回服务器的指示,但是,当您进行调整时,存根从服务器上下来,但是它们的方向都是错误的,并且它们可以做到这一点.不能从这里到达那里.
解决方法最简单的方法是放弃RMI连接器并使用http://rukuro-blog.heroku.com/2011/06/30/monitoring-remote-java-applications-with-visualvm ... so I tunneled that port from local host to remote. I restarted visual vm ... still nothing
When I tried listing processes running from EC2 using the folloing command:
jps -l -m -v rmi://localhost
... I got a list of processes
When I listed it on my home machine using
jps -l -m -v rmi://localhost:3333
.... I got none ! So, is the rmi port not being tunnelled with jstatd port (3333) ... ?
the jmx attempt:
I started the application on the remote machine with the following command:
java -Dcom.sun.management.jmxremote.port=3333 \
-Dcom.sun.management.jmxremote.ssl=false \
-Dcom.sun.management.jmxremote.authenticate=false\
-cp :post/* <appName>
... the app works so I tunnelled local port 3333 to remote 3333
Then I tried setting up a jmx link to localhost:3333 from visual vm interface: ... it pops up an error saying:
cannot connect to localhost:3333 using service:jmx:rmi:///jndi/rmi://localhost:3333/jmxrmi
If I need to set up a link to the remove RMI server I'm not sure how to do it.
JMXMP attempt:
This holds promise but something is not quite right:
First I added the jmx_remote jar to the classpath and started the application on the remote machine using the same command as in the JMX case I showed above. I found the jar at oracle download link
I setup up an ssh tunnel from local port 3333 to remote port 3333. Then I started up visualvm with the same jmx_remote file in the calsspath.
visualvm -cp:a ~/jmx/jmxremote_optional.jar
Then I tried to connect visualvm to the remote server with:
service:jmx:jmxmp://localhost:3333
Now visual vm seems to try to connect indefinitely. It shows "Adding service:jmx:jmxp://localhost:3333" in the status bar ... and continutes to do so till I shutdown the application on the remote end at which time it throws a popup saying that it couldnt' connect with the server.
On using SOCKS:
My attempts at using both JMX and jstatd failed.
I'm not sure the SOCKS proxy is working, so here is how I tried to connect:
ssh -i ~/.ssh/starter.pem -v -D 9696 user@host
Just for completeness, I started the command on the other end with:
java -Dcom.sun.management.jmxremote\
-Dcom.sun.management.jmxremote.ssl=false\
-Dcom.sun.management.jmxremote.authenticate=false\
-Dcom.sun.management.jmxremote.port=3333 <app>
And on the local end I set up the visualvm connection as per this LINK to VisualVm help page.
With the JMX connection, I set the machine name and the port by right clicking the host on visualvm and fillng in the host port when it prompts me. At this point the status bar at the bottom shows visualvm is trying to connect to the remote machine and after a couple of minutes it fails.
With jstatd connection, I expected the remote processes to show up automatically. This didn't happen ... there were not error messages or anything.
On the socks side the following messages repeat cyclically:
debug1: Connection to port 9696 forwarding to socks port 0 requested.
debug1: channel 2: new [dynamic-tcpip]
channel 3: open failed: connect failed: Connection timed out
debug1: channel 3: free: direct-tcpip: listening port 9696 for 50.16.35.69 port 3333, connect from 127.0.0.1 port 43909, nchannels 4
debug1: Connection to port 9696 forwarding to socks port 0 requested.
debug1: channel 3: new [dynamic-tcpip]
channel 2: open failed: connect failed: Connection timed out
debug1: channel 2: free: direct-tcpip: listening port 9696 for 50.16.35.69 port 1099, connect from 127.0.0.1 port 44644, nchannels 4
I wonder if this has to do with the socks channel. I have tunnelled single ports to the remote machine before, so I cant imagine it being a configuration issue for tunneling. I'm running ubuntu linux on both sides.
Thanks for reading :)
JMX/RMI is hard to tunnel directly because if RMI. Basically the server creates an RMI stub definition which is armed with directions to connect back to the server from whence it came, but when you're tunelling, the stubs come down from the server, but their directions are all wrong, and they can't get there from here.
The waaay easiest way to resolve this is to ditch the RMI connector and use JMXMP. The underlying protocol is pure sockets so it's perfectly adapted for tunneling.
这篇关于jmx/jstatd通过ssh隧道访问远程计算机的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
