RedHat Jboss 6.4 JMX Unable to connect JConsole to remote slave

0
votes

I'm trying to get JConsole connected to the remote Slave EAP instance. It runs in Domain mode.

I'm able to connect to the Master Host Controller and Slave Host Controller through the native management ports , but not the Slave instance through port 4447+offset.

I created Application User with role SuperUser (and superuser too)

I set JMX subsystem in domain.xml as

<subsystem xmlns="urn:jboss:domain:jmx:1.3">
   <expose-resolved-model/>
   <expose-expression-model/>
   <remoting-connector use-management-endpoint="false"/>
   <sensitivity non-core-mbeans="true"/>
</subsystem>

with no success.

Then I tried tu se simple JMX client and was able to see that user is authenticated and connection established, but when I tried to get a count of MBeans it returns 0.

I can see available JMX Domains from the connection, but not any MBeans.

Code snippet from Java client:

JMXConnector jmxConnector = JMXConnectorFactory
            .connect(serviceURL, env);
    MBeanServerConnection connection = jmxConnector
            .getMBeanServerConnection();

    // Invoke on the JBoss AS MBean server
    int count = connection.getMBeanCount();

    System.out.println("MBeanCount:" + count);
    System.out.println("Domains:" + Arrays.toString(connection.getDomains()));

Output:

MBeanCount:0
Domains:[jboss.as, jboss.as.expr, jboss.jsr77, java.util.logging, org.switchyard.admin, jboss.ws, jboss.msc, jboss.jta, java.nio, jgroups, JMImplementation, com.oracle.jdbc, java.lang, com.sun.management, org.apache.camel, jboss.infinispan, jboss.modules]

What step did I miss in configuration?

Thanks.

1
jbossredhatjmxjboss6.x

1 Answers

1
votes

I found a solution which I was not able to see in any resources I googled and searched over JBoos and RedHat sites.

All resources tell: To connect to the jmx:remoting-jmx subssytem user must be in ApplicationRealm and must have SuperUser role. but actually...

I opened another port/connector in jboss:domain:remoting subsystem assigned to ManagementRealm and I got what I need. So my solution looks like:

  • User for jmx connection in mgmt-users.properties file:

    jmxadmin=...pasword hash...

management groups in mgmt-groups.properties file

     jmxadmin=SuperUser

  • domain.xml file

    1. <management> element:

      <management>
  <access-control provider="rbac">
    <role-mapping>
      ...
      <role name="SuperUser">
          <include>
            <user name="jmxadmin"/>
            ...
          </include>
      </role>
      ...
    </role-mapping>
  </access-control>
</management>

    2. <subsystem xmlns="urn:jboss:domain:jmx:1.3"> element

      <subsystem xmlns="urn:jboss:domain:jmx:1.3">
    <expose-resolved-model/>
    <expose-expression-model/>
    <remoting-connector use-management-endpoint="false"/>
    <sensitivity non-core-mbeans="true"/>
</subsystem>

    3. <subsystem xmlns="urn:jboss:domain:remoting:1.2"> element

      <subsystem xmlns="urn:jboss:domain:remoting:1.2">
    <connector name="remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm"/>
    <connector name="remoting-mgmt-connector" socket-binding="mgmt-remoting" security-realm="ManagementRealm"/>
</subsystem>

    4. <socket-binding-groups> element

      <socket-binding-groups>
    <socket-binding-group name="full-ha-sockets" default-interface="public">
...
<socket-binding name="remoting" port="4447"/>
<socket-binding name="mgmt-remoting" port="4457"/>
...

After all I'm able to connect JConsole or use Custom JMX connection to see all MBeans I'd like to see by using ManagementRealm connection as:

service:jmx:remoting-jmx://jboss_slave_host:4457+${jboss.socket.binding.port-offset}

not through ApplicationRealm port at 4447+${jboss.socket.binding.port-offset}