如何连接到使用JMX在EC2上运行Java实例 [英] How to connect to Java instances running on EC2 using JMX

问题描述

我们是有问题，连接到我们在亚马逊的EC2集群上运行的Java应用程序。我们绝对有让无论是JMX端口（这通常是RMI注册的端口）的和的服务器端口（由它来完成工作的大多数）的安全组有问题的情况下。 JConsole的连接，但似乎挂起，从来没有显示任何信息。

我们正在运行我们的Java有类似如下：

 的java -server这里＆GT的罐子foo.jar中的其它参数; java.log 2  - ;＆安培; 1
 

我们已经尝试过：

• Telnet到端口的连接的，但是不显示任何信息。
• 我们可以运行 JConsole的使用远程-X11通过SSH实例本身和它连接，并显示信息。因此，JRE的是的本地出口吧。
• 在打开的所有端口的安全组。 Weeee。
• 使用 tcpdump的，以确保交通不会到其他端口。
• 在本地模拟它。我们可以随时连接到我们当地的JRE或那些使用相同的应用参数，我们的网络上运行的其他位置。

Java的版本输出：

  OpenJDK的运行时环境（IcedTea6 1.11.5）（亚马逊53.1.11.5.47.amzn1-x86_64的）
OpenJDK的64位服务器虚拟机（建设20.0  -  B12，混合模式）
 

顺便说一句，我们使用的是我的简单的JMX 包，它允许我们设置的两个的这是典型的半随机的RMI注册所选择的RMI注册和服务器端口。您也可以强制使用的东西，如下面的JMX URI：

 服务：JMX：RMI：//本地主机：+ serverPort +/ JNDI / RMI：//+ registryPort +/ jmxrmi
 

我们通常使用类似 X 作为注册端口和 X + 1 的服务器端口使安全组的规则容易。您连接到注册表，端口 JConsole的或任何JMX客户端所使用。

呵呵，最后，亚马逊EC2 的岩石。考虑检查出来，如果​​你还没有准备好。云++。期待与 DynamoDB 旁边玩。

解决方案

  

我们是有问题，连接到我们在亚马逊的EC2集群上运行的Java应用程序。

事实证明，这个问题是两名失踪设置的组合。第一势力JRE以preFER IPv4和的没有的V6发动机。这是必要的（我猜），因为我们正试图通过V4地址连接到它：

  -Djava.net。preferIPv4Stack =真
 

真正阻滞剂是JMX通过首先接触的RMI端口其中响应所述的主机名的和端口JMX客户端进行连接的事实。由于没有额外的设置，将使用中的本地IP是一个 10.XXX 的虚拟地址，远程客户端无法路由。我们需要添加以下设置也就是外部的服务器的主机名或IP - 在这种情况下，它是在服务器的弹性主机名。

  -Djava.rmi.server.hostname = ec2-107-XXX.compute-1.amazonaws.com
 

诀窍，如果你正在尝试自动化您的EC2实例（为什么地狱，你会不会），是如何找到这个地址在运行时。要做到这一点，你需要把类似的东西在我们的应用程序的启动脚本如下：

 ＃让我们_external_主机名
RMI_HOST =`的wget -q -O  -  HTTP：// 169.254.169.254 /最新/元数据/公共hostname`
...
java的-server \
    -Djava.net。preferIPv4Stack =真-Djava.rmi.server.hostname = $ RMI_HOST \
    罐子foo.jar中其他的参数这里＆GT; java.log 2  - ;＆安培; 1
 

神秘的 169.254.169.254 IP在的wget 上面的命令也是名实例data.ec2.internal 并提供相关信息的EC2实例可以请求有关自身。由于所有的AWS文档中使用的IP的而不是的名字，我们决定发挥它的安全。我很失望，这样做的没有的包括标记它们只适用于经过身份验证的调用。

我最初用的是EXTERN的IPv4地址，但它看起来像JDK试图在启动时使该服务器端口的连接。如果使用外部IP那么这是减缓我们的应用程序的启动时间，直到超时。公共主机名本地解析到10网络地址和公众IPv4的外部。所以，现在的应用程序启动速度快，JMX客户端仍然可以工作。宇豪！

希望这可以帮助别人。费用我3今日营业时间。

要强迫你的JMX服务器来启动服务器的和的RMI注册在指定的端口，所以你可以阻止他们在EC2安全组，看到这样的回答：

  

<一个href="http://stackoverflow.com/questions/8386001/how-to-close-rmiregistry-running-on-particular-port/8386052#8386052">How关闭rmiregistry的特定端口上运行？

编辑：

我们只是有这个问题再发生。看来，Java的JMX code做一些主机名查找在包装盒上的主机名，并用它们来尝试连接并验证JMX连接。

的问题似乎是盒子的本地主机名应解析到本地-IP的一个箱子的一个要求。例如，如果你的的/ etc / sysconfig / network中的 HOSTNAME = server1.foobar.com 那么，如果你做一个在 server1.foobar.com DNS查找，你应该得到的10-NET的虚拟地址。我们产生了我们自己的 / etc / hosts中文件和本地主机的主机名是从文件丢失。这引起了我们的应用程序要么停留在启动时或不能启动的。

最后

要简化你的JMX创作的一种方法是用我的 SimpleJMX包。

We are having problem connecting to our Java applications running in Amazon's EC2 cluster. We definitely have allowed both the "JMX port" (which is usually the RMI registry port) and the server port (which does most of the work) to the security-group for the instances in question. Jconsole connects but seems to hang and never show any information.

We are running our java with something like the following:

java -server -jar foo.jar other parameters here > java.log 2>&1

We have tried:

• Telnets to the ports connect but no information is displayed.
• We can run jconsole on the instance itself using remote-X11 over ssh and it connects and shows information. So the JRE is exporting it locally.
• Opening all ports in the security group. Weeee.
• Using tcpdump to make sure the traffic is not going to other ports.
• Simulating it locally. We can always connect to our local JREs or those running elsewhere on our network using the same application parameters.

java -version outputs:

OpenJDK Runtime Environment (IcedTea6 1.11.5) (amazon-53.1.11.5.47.amzn1-x86_64)
OpenJDK 64-Bit Server VM (build 20.0-b12, mixed mode)

As an aside, we are using my Simple JMX package which allows us to set both the RMI registry and server ports which are typically semi-randomly chosen by the RMI registry. You can also force this with something like the following JMX URI:

service:jmx:rmi://localhost:" + serverPort + "/jndi/rmi://:" + registryPort + "/jmxrmi"

We usually use something like X as the registry-port and X+1 for the server-port to make the security-group rules easy. You connect to the registry-port in jconsole or whatever JMX client you are using.

Oh, and lastly, Amazon EC2 rocks. Considering checking it out if you haven't already. Cloud++. Looking forward to playing with DynamoDB next.

解决方案

We are having problem connecting to our Java applications running in Amazon's EC2 cluster.

It turns out that the problem was a combination of two missing settings. The first forces the JRE to prefer ipv4 and not v6. This was necessary (I guess) since we are trying to connect to it via a v4 address:

-Djava.net.preferIPv4Stack=true

The real blocker was the fact that JMX works by first contacting the RMI port which responds with the hostname and port for the JMX client to connect. With no additional settings it will use the local IP of the box which is a 10.X.X.X virtual address which a remote client cannot route to. We needed to add the following setting which is the external hostname or IP of the server -- in this case it is the elastic hostname of the server.

-Djava.rmi.server.hostname=ec2-107-X-X-X.compute-1.amazonaws.com

The trick, if you are trying to automate your EC2 instances (and why the hell would you not), is how to find this address at runtime. To do that you need to put something like the following in our application boot script:

# get our _external_ hostname
RMI_HOST=`wget -q -O - http://169.254.169.254/latest/meta-data/public-hostname`
...
java -server \
    -Djava.net.preferIPv4Stack=true -Djava.rmi.server.hostname=$RMI_HOST \
    -jar foo.jar other parameters here > java.log 2>&1

The mysterious 169.254.169.254 IP in the wget command above is also the name instance-data.ec2.internal and provides information that the EC2 instance can request about itself. Since all of the AWS docs use the IP instead of the name, we decided to play it safe. I'm disappointed that this does not include tags which are only available in an authenticated call.

I initially was using the extern ipv4 address but it looks like the JDK tries to make a connection to the server-port when it starts up. If it uses the external IP then this was slowing our application boot time until that timed out. The public-hostname resolves locally to the 10-net address and to the public-ipv4 externally. So the application now is starting fast and JMX clients still work. Woo hoo!

Hope this helps someone else. Cost me 3 hours today.

To force your JMX server to start the server and the RMI registry on designated ports so you can block them in the EC2 Security Groups, see this answer:

How to close rmiregistry running on particular port?

Edit:

We just had this problem re-occur. It seems that the Java JMX code is doing some hostname lookups on the hostname of the box and using them to try to connect and verify the JMX connection.

The issue seems to be a requirement that the local hostname of the box should resolve to the local-ip of the box. For example, if your /etc/sysconfig/network has HOSTNAME=server1.foobar.com then if you do a DNS lookup on server1.foobar.com, you should get to the 10-NET virtual address. We were generating our own /etc/hosts file and the hostname of the local host was missing from the file. This caused our applications to either pause on startup or not startup at all.

Lastly

One way to simplify your JMX creation is to use my SimpleJMX package.

这篇关于如何连接到使用JMX在EC2上运行Java实例的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！