Hi Daniil,
Just want to make sure I understand what communications are going on
here. Your concern is when the jstat and jstatd processes are on
different sides of the firewall. When you launch jstatd, you specify the
socket port it will receive requests on, and when you launch jstat, you
must specify this same socket port, so no firewall problem there
assuming the firewall is configured to allow communication over that
port. However, once the request is received by jstatd, data can be
communicated via RMI rather than over the specified socket port. By
default jstatd was choosing a random RMI port, and I assume this RMI
port was communicated to the jstat process via the initial socket port.
This presents a problem for firewall configuration, since the firewall
configuration cannot know the RMI port that will be used. So now you're
allowing the rmi port to also be specified.
Am I close? :)
Chris
On 1/31/20 1:08 PM, Daniil Titov wrote:
Please review change [1] that adds a new command line option to jstatd tool to
specify a RMI connector port.
Currently a random port is used that prevents this tool from being used behind
a firewall or in a container.
New CSR [3] was created for this change and it needs to be reviewed as well.
Man pages for jstatd will be updated in a separate issue.
Testing: Mach5 tier1-tier3 and sun/tools/jstatd/* tests succeeded. Mach5 tier5
tests are in progress.
[1] Webrev: http://cr.openjdk.java.net/~dtitov/8196729/webrev.01/
[2] Jira issue: https://bugs.openjdk.java.net/browse/JDK-8196729
[3] CSR : https://bugs.openjdk.java.net/browse/JDK-8238357
Thank you,
Daniil
