Tomcat Web Hosting Blog - Java, JSP, EJB, Hibernate

Chapter 16: Monitoring and Managing Tomcat with JMX Figure 16-16: Remote monitoring for Tomcat via jconsole To enable user authentication and SSL transport, modify the setenv.batfile to contain: set CATALINA_OPTS=-Dcom.sun.management.jmxremote -Djava.rmi.server.hostname=192.168.23.2 -Dcom.sun.management.jmxremote.port=8999 -Dcom.sun.management.jmxremote.ssl=true -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.password.file=..confpassword.txt -Dcom.sun.management.jmxremote.access.file=..confaccess.txt You can define roles for monitoring and management in the access control file confaccess.txt: monitorRole readonly controlRole readwrite The monitorRole can read only the value of attributes exposed by the manageable components. The controlRole can read and modify any writable attributes. For each role, you need to specify the password in the corresponding password file confpassword.txt: monitorRole monpass controlRole ctrl1@pass

For high quality java hosting services please check tomcat web hosting website.

Chapter 16: Monitoring and Managing Tomcat with JMX Configuring Tomcat for Remote Monitoring For security reasons, the default Tomcat server configuration has remote JMX based monitoring disabled. To enable remote monitoring, edit the setenv.bat file that you ve created in the bin directory to contain the following: set CATALINA_OPTS=-Dcom.sun.management.jmxremote -Djava.rmi.server.hostname=192.168.23.2 -Dcom.sun.management.jmxremote.port=8999 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false Type all of the preceding code on one single line, and be very careful to avoid typos. You need to replace the java.rmi.server.hostname property with your own IP address or host name. On a machine with multiple network connections, you must specify the IP address or host name of the network connection that you are remote managing from. It can be useful to restrict remote management to a specific network connection for example, the internal intranet only. You can also select an available port for use on your specified connection. While the previous configuration allows for remote monitoring, it is wide open and insecure. Anyone can connect to the server over the network, if they know the port, using any JMX client. The previous configuration should be enabled only in a test network and never for production. Please be aware that the Manager JMXProxy is by definition remotely accessible because it works through a browser-based interface. In fact, enabling the Manager application in a production environment is a security risk in itself. See Chapter 14 for more information on disabling the Manager application. To connect and manage the Tomcat server configured previously, on your client machine start jconsole, select Remote Process, and type 192.168.23.2:8999 (replace with your own host name/ip and management port that you have specified). (See Figure 16-6 .) Once connected, you can view all the Tomcat exposed management components and their attributes and modify the value of writable properties. Jconsole works in exactly the same way remotely as it does with local JVMs. When using Windows, Tomcat must be running on an NTFS formatted volume because of a known bug related to file access permissions. Securing the Remote Management Connection with SSL and User Authentication For maximum security, remote management should not be enabled in production. However, if you must enable remote management, you should at least: . Restrict the remote management connection to be within the internal network (or VPN) only . Enable authentication . Enable SSL transport You restrict the remote management connection by specifying the java.rmi.server.hostname property on the Tomcat instance being managed (shown in the last section).

If you looking for unlimited one inclusive web hosting plan please check cheap web hosting website.

Chapter 16: Monitoring and Managing Tomcat with JMX In Figure 16-14 , you will notice that users of the Tomcat server are exposed under the Users key. All the currently active users on the server, including their passwords and role information, are accessible through this jconsole connection. This is clearly a potential security loop-hole. For this reason, remote management and monitoring are disabled by default. The last section of this chapter shows you how to enable remote Tomcat monitoring and management via jconsole. Changing Component Attribute Values via jconsole The writable attributes from the JMX managed component can be changed through the jconsole GUI. As an example, you can change the maxThreads property of the http-8080 threadpool from the default of 150 to 200. In jconsole s MBean tab, look under the Catalina key for the ThreadPool components. Expand the http8080 component s attributes and then click the maxThreads property. You should see the current value of maxThreads, as shown in Figure 16-15 . Figure 16-15: Using jconsole to change the value of attributes on a JMX managed component To change the maxThreads value, simply place the cursor on the current value and then change it. Try changing it from the default 150 to 200. After you ve changed the value, click the Refresh button to confirm that the change has been made.

For reliable and cheap web hosting services please check javaweb hosting website.

Chapter 16: Monitoring and Managing Tomcat with JMX Click the Connect button after selecting the Tomcat JVM. jconsole connects to the Tomcat JVM and displays all sorts of JMX data exposed by the Java VM itself. Locating the Tomcat 6 Exposed MB eans The jconsole displays a lot of exposed metrics courtesy of the fully instrumented JVM. You can find a lot more information about jconsole and the other management and monitoring tools in the JDK by visiting the following URL: http://java.sun.com/javase/6/docs/technotes/guides/management/jconsole.html To locate the MBeans exposed by Tomcat in the jconsole GUI, click the MBeans tab. In this tab, you see JVM MBeans as well as those associated with Tomcat. Those exposed by Tomcat 6 are under the keys named Catalinaand Users. Figure 16-14 shows jconsole with the Tomcat 6 exposed ThreadPool information. Note the http-8080 and jk-8009 threadpools, the same as the one you saw earlier in the Manager JMXProxy example. jconosle just provides a way to access the same set of Tomcat 6 JMX MBeans. Figure 16-14: Tomcat Exposed MB eans viewed through the jconsole utility If you examine the list of exposed manageable elements under the Catalinakey in jconsole, you see that it correspond to the list of JMX manageable elements documented in this chapter. Using jconsole, you can find and monitor the current values of their attributes.

For high quality java hosting services please check java web hosting website.

Chapter 16: Monitoring and Managing Tomcat with JMX Using jconsole GUI to Monitor Tomcat Most administrators create their own script files to perform routine tasks, and the HTML-based access of the Manager application JMX Proxy, as well as the supported Ant tasks, lend themselves well to scripting. For those who would like to monitor and see JMX exposed values in real time, you can use the jconsole utility that is distributed with the JDK since Java 5. The version of jconsole covered in this section is the one distributed with Java SE 6. You must enable the JMX support inside the Tomcat server. To enable this, in the /bin directory, add a file called setenv.bat(or setenv.shin Linux) containing the following line: set CATALINA_OPTS=-Dcom.sun.management.jmxremote You ll need to change the syntax of the environment variable assignment if you are using a Linux shell. If you don t specify the preceding system property, a Java SE 5 jconsole will not be able to connect to Tomcat at all. In Tomcat 6, jconsole can connect to the JVM but does not see any of the Tomcat-exposed MBeans if the preceding system property is not set. Connecting to the Local Running Tomcat Instance With Tomcat 6 running, when you start the jconsole command, you will be prompted to select the JVM to monitor. Look for the local process name of org.apache.catalina.startup.Bootstrap.start. The startup screen for jconsole is shown in Figure 16-13 . Figure 16-13: Attaching to the Tomcat 6 JVM via jconsole

For reliable and cheap web hosting services please check cheap web hosting website.

Chapter 16: Monitoring and Managing Tomcat with JMX Figure 16-11: Increasing the maxThreads attribute of Tomcat 6 s ThreadPool object If you perform another query for the ThreadPool information, you will see the change, as shown in Figure 16-12 . Figure 16-12: Verifying the new value of the maxThreads attribute The capability to peek into Tomcat internals during runtime and tweak the running server is an extremely attractive feature. Tomcat 6 s support for JMX is essential in carrying out these tasks. The JMX proxy accesses the MBean server within the same JVM. Typical network-management scenarios call for the management application to run on an external JVM, and often on another machine over the network. Chapter 8 explains how to perform management tasks in an external JVM running Ant. The next section examines the rich tools support provided by Java SE 6 and how you can take advantage of them in monitoring and managing Tomcat servers.

If you looking for unlimited one inclusive web hosting plan please check web hosting plan website.

Chapter 16: Monitoring and Managing Tomcat with JMX The output of the query will be similar to what is shown in Figure 16-10 . Figure 16-10: Querying for Tomcat 6 s ThreadPool MB ean name The current value of the maxThreadsattribute for the first ThreadPoolis 150. It will be changed to 200. Now, the full name of the MBean for this first threadpool is visible from the query output as follows: Catalina:type=ThreadPool,name=http-8080 Next, by consulting the Tomcat 6 MBeans description listing in this chapter, you can determine that the maxThreads attribute is a writable property. Finally, the URL for the set operation is as follows (type the entire URL on one line): http://:
/manager/jmxproxy/?set= Catalina: type=ThreadPool,name=http-8080&att=maxThreads&val=200 Upon successful operation, the output is similar to what is shown in Figure 16-11 . If you try to modify a read-only attribute, you will receive a message reporting an attribute not found exception.

If you looking for unlimited one inclusive web hosting plan please check unlimited web hosting website.

Chapter 16: Monitoring and Managing Tomcat with JMX As another example, you can get a listing of all the connector MBeans using the following query: http://:
/manager/jmxproxy/?qry=*:type=Connector,* The result will be similar to what is shown in Figure 16-9 . Figure 16-9: Listing of all Connector MB eans Modifying MB ean Attributes Another operation you can perform with the JMX proxy is to change the attribute of an MBean. The general syntax for this operation is as follows: http://:
/manager/jmxproxy/?set=&att=&val= For example, the following procedure can be used during performance tuning to change the maximum number of threads managed by Tomcat 6 s threadpool in real time. You first need to query for the full MBean name of the exposed threadpool, as shown in the following example: http://:
/manager/jmxproxy/?qry=*:type=ThreadPool,*

For reliable and cheap web hosting services please check tomcat web hosting website.

Chapter 16: Monitoring and Managing Tomcat with JMX The general form for a query operation using the JMX proxy is as follows: ?qry= For example, you can get a complete listing of all the available MBeans using the following wildcard query: http://localhost:8080/manager/jmxproxy/?qry=*:* You must enable access to the Tomcat Manager application before this will work. To enable access to the Tomcat Manager, perform the following steps: 1. Shut down the Tomcat server if it is running. 2. Change the directory to $CATALINA_HOME/conf. 3. Open the tomcat_users.xmlfile with a text editor and modify the line with the tomcatuser: 4. Start the Tomcat server. When prompted for a user and password, you can use tomcatand tompassrespectively. The result will be similar to what is shown in Figure 16-8 . Figure 16-8: Listing of all the MB eans in Tomcat 6

For reliable and cheap web hosting services please check tomcat web hosting website.

Chapter 16: Monitoring and Managing Tomcat with JMX Manager (web application) User access manager application via web browser MBeans exposed by Tomcat Tomcat MBean Server Tomcat JMXProxy Figure 16-7: The Manager application s JMX proxy Working with the JMX Proxy The URL for accessing the JMX proxy using a browser is as follows: http://:
/manager/jmxproxy/ If Tomcat is running locally with the default configuration, the URL is as follows: http://localhost:8080/manager/jmxproxy/ No stylized HTML Web pages or tables are displayed by this proxy. However, it is capable of performing the following operations against the Tomcat 6 agent (MBean Server) implementation: . Query for MBeans and current attribute values . Set MBean attribute values WARNING: Modifying the value of a Tomcat internal MBean during production operation can potentially cause problems that may result in an application and/or system crash. Use this feature at your own risk.

For high quality website hosting services please check tomcat web hosting website.