I am trying to connect to a remote java app using jconsole as a JMX client over ssh
I have built the CustomAgent described on https://blogs.oracle.com/jmxetc/entry/connecting_through_firewall_using_jmx
The code for the agent is here
/**
* CustomAgent.java
* https://blogs.oracle.com/jmxetc/entry/connecting_through_firewall_using_jmx
*/
package example.rmi.agent;
import java.io.IOException;
import java.lang.management.ManagementFactory;
import java.net.InetAddress;
import java.rmi.registry.LocateRegistry;
import java.util.HashMap;
import javax.management.MBeanServer;
import javax.management.remote.JMXConnectorServer;
import javax.management.remote.JMXConnectorServerFactory;
import javax.management.remote.JMXServiceURL;
/**
* This CustomAgent will start an RMI COnnector Server using only
* port "example.rmi.agent.port".
*
* @author dfuchs
*/
public class CustomAgent {
private CustomAgent() { }
public static void premain(String agentArgs)
throws IOException {
// Ensure cryptographically strong random number generator used
// to choose the object number - see java.rmi.server.ObjID
//
System.setProperty("java.rmi.server.randomIDs", "true");
// Start an RMI registry on port specified by example.rmi.agent.port
// (default 3000).
//
final int port= Integer.parseInt(
System.getProperty("example.rmi.agent.port","3000"));
System.out.println("Create RMI registry on port "+port);
LocateRegistry.createRegistry(port);
// Retrieve the PlatformMBeanServer.
//
System.out.println("Get the platform's MBean server");
MBeanServer mbs = ManagementFactory.getPlatformMBeanServer();
// Environment map.
//
System.out.println("Initialize the environment map");
HashMap<String,Object> env = new HashMap<String,Object>();
// This where we would enable security - left out of this
// for the sake of the example....
//
// Create an RMI connector server.
//
// As specified in the JMXServiceURL the RMIServer stub will be
// registered in the RMI registry running in the local host on
// port 3000 with the name "jmxrmi". This is the same name the
// out-of-the-box management agent uses to register the RMIServer
// stub too.
//
// The port specified in "service:jmx:rmi://"+hostname+":"+port
// is the second port, where RMI connection objects will be exported.
// Here we use the same port as that we choose for the RMI registry.
// The port for the RMI registry is specified in the second part
// of the URL, in "rmi://"+hostname+":"+port
//
System.out.println("Create an RMI connector server");
final String hostname = InetAddress.getLocalHost().getHostName();
//JMXServiceURL url =
// new JMXServiceURL("service:jmx:rmi://"+hostname+
// ":"+port+"/jndi/rmi://"+hostname+":"+port+"/jmxrmi");
//Added to allow connection through a firewall
// We use (port+1) to export the RMI connection objects
JMXServiceURL url =
new JMXServiceURL("service:jmx:rmi://"+hostname+
":"+(port+1)+"/jndi/rmi://"+hostname+":"+port+"/jmxrmi");
// Now create the server from the JMXServiceURL
//
JMXConnectorServer cs =
JMXConnectorServerFactory.newJMXConnectorServer(url, env, mbs);
// Start the RMI connector server.
//
System.out.println("Start the RMI connector server on port "+port);
cs.start();
}
}
The build script is here
<project name="Agent" basedir="." default="main">
<property name="src.dir" value="src"/>
<property name="build.dir" value="build"/>
<property name="classes.dir" value="${build.dir}/classes"/>
<property name="jar.dir" value="${build.dir}/jar"/>
<property name="main-class" value="example.rmi.agent.CustomAgent"/>
<target name="clean">
<delete dir="${build.dir}"/>
</target>
<target name="compile">
<mkdir dir="${classes.dir}"/>
<javac srcdir="${src.dir}" destdir="${classes.dir}"/>
</target>
<target name="jar" depends="compile">
<mkdir dir="${jar.dir}"/>
<jar destfile="${jar.dir}/${ant.project.name}.jar" basedir="${classes.dir}">
<manifest>
<attribute name="Main-Class" value="${main-class}"/>
</manifest>
</jar>
</target>
<target name="run" depends="jar">
<java jar="${jar.dir}/${ant.project.name}.jar" fork="true"/>
</target>
<target name="clean-build" depends="clean,jar"/>
<target name="main" depends="clean,run"/>
<!-- Builds dist.agent.jar -->
<target name="build-agent-jar" description="build an agent jar that can be used with -javaagent" depends="compile">
<mkdir dir="${jar.dir}"/>
<jar basedir="${classes.dir}" destfile="${jar.dir}/${ant.project.name}.jar">
<manifest>
<attribute name="Premain-Class" value="example.rmi.agent.CustomAgent"/>
</manifest>
</jar>
<echo>To use this application with agent try:</echo>
<echo>java -Dexample.rmi.port=3000 -javaagent:${dist.agent.jar} -classpath [application-classpath] [application-classpath] [application-main-class]</echo>
</target>
</project>
I start the application on the remote machine using
java -javaagent:agents/build/jar/Agent.jar -Dexample.rmi.agent.port=6004 -server -server -Dcom.sun.management.jmxremote.authenticate="false" -Dcom.sun.management.jmxremote="true" -Dcom.sun.management.jmxremote.ssl="false" -Dcom.sun.management.jmxremote.local.only="false" -jar path-to-my-app/app.jar
Two ports open on the host machine, 6004 and 6005 and I can connect to the application through jconsole if the jconsole is local to the application.
I then create 2 ssh tunnels
ssh tunnels ssh -L 6004:localhost:6004 foo@server ssh tunnels ssh -L 6005:localhost:6005 foo@server
The tunnels are created successfully. I can telnet in on these ports.
Now the problem is that I can not connect remotely using Jconsole though
service:jmx:rmi://localhost:6005/jndi/rmi://localhost:6004/jmxrmi
jconsole was started by:
jconsole -J-Djava.util.logging.config.file=logging.properties -debug
The error log is:
Dec 18, 2011 4:57:46 PM RMIConnector connect FINER: [javax.management.remote.rmi.RMIConnector: jmxServiceURL=service:jmx:rmi://localhost:6005/jndi/rmi://localhost:6004/jmxrmi]
connecting... Dec 18, 2011 4:57:46 PM RMIConnector connect FINER: [javax.management.remote.rmi.RMIConnector: jmxServiceURL=service:jmx:rmi://localhost:6005/jndi/rmi://localhost:6004/jmxrmi] finding stub... Dec 18, 2011 4:58:49 PM RMIConnector connect FINER: [javax.management.remote.rmi.RMIConnector: jmxServiceURL=service:jmx:rmi://localhost:6005/jndi/rmi://localhost:6004/jmxrmi] connecting stub... Dec 18, 2011 4:58:49 PM RMIConnector connect FINER: [javax.management.remote.rmi.RMIConnector: jmxServiceURL=service:jmx:rmi://localhost:6005/jndi/rmi://localhost:6004/jmxrmi] getting connection... Dec 18, 2011 4:59:52 PM RMIConnector connect FINER: [javax.management.remote.rmi.RMIConnector: jmxServiceURL=service:jmx:rmi://localhost:6005/jndi/rmi://localhost:6004/jmxrmi] failed to connect: java.rmi.ConnectException: Connection refused to host: 172.16.0.111; nested exception is: java.net.ConnectException: Connection timed out java.rmi.ConnectException: Connection refused to host: 172.16.0.111; nested exception is: java.net.ConnectException: Connection timed out at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:619) at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:216) at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:202) at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:128) at javax.management.remote.rmi.RMIServerImpl_Stub.newClient(Unknown Source) at javax.management.remote.rmi.RMIConnector.getConnection(RMIConnector.java:2343) at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:296) at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:267) at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:226) at sun.tools.jconsole.ProxyClient.tryConnect(ProxyClient.java:366) at sun.tools.jconsole.ProxyClient.connect(ProxyClient.java:316) at sun.tools.jconsole.VMPanel$2.run(VMPanel.java:298) Caused by: java.net.ConnectException: Connection timed out at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:327) at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:193) at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:180) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:384) at java.net.Socket.connect(Socket.java:546) at java.net.Socket.connect(Socket.java:495) at java.net.Socket.(Socket.java:392) at java.net.Socket.(Socket.java:206) at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketFactory.java:40) at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketFactory.java:146) at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:613) ... 11 more