Hi Achim,
Hmm, isn't the username/password used here to protect in this case?
IMO, the
JMX behavior should keep same as the ssh behavior, currently the
ssh is
remote accessible, we have
sshHost=0.0.0.0, of course the remote access need username/
password, it's
really weird from my point of view we enable ssh remote access by
default
but not the jmx, I don't see any real difference between the two.
Regards
Freeman
On 2012-3-28, at 下午3:08, Achim Nierbeck wrote:
I'm not sure if this is something that needs to be fixed.
I'd rather suggest to document this, cause if it's not bound to the
local interface we open a possible security hole here.
Cause anybody could be able to access and alter the Karaf server
through
JMX.
Regards, Achim
2012/3/28 Freeman Fang <[email protected]>:
Hi,
I think this is something we need fix, create KARAF-1295[1] to
track it.
[1]https://issues.apache.org/jira/browse/KARAF-1295
Regards
Freeman
On 2012-3-28, at 上午1:34, Dan Tran wrote:
karaf by default only binds its JMX listener ports to localhost and
therefor all remote access is forbidden. You need to fix up you
o.a.k.managemnt, to bind JMX listener ports to 0.0.0.0
serviceUrl =
service:jmx:rmi://0.0.0.0:${rmiServerPort}/jndi/rmi://0.0.0.0:$
{rmiRegistryPort}/karaf-${karaf.name}
-D
On Mon, Mar 26, 2012 at 3:27 PM, Nick Dimos
<[email protected]> wrote:
Hi Tiago,
I faced the same issue some time ago and I believe it is a routing
problem.
Can you please check the network interfaces of your server? In
which network
interface does the running Tomcat bind its rmi server?
In any case you can use tcpdump or other traffic monitoring tool to
check
where the problem is.
On Mon, Mar 26, 2012 at 8:38 PM, Thiago Souza
<[email protected]> wrote:
Hi Dan,
Client machine is:
Windows Server 2008 R2 Datacenter 64-bit
Java(TM) SE Runtime Environment (build 1.7.0_03-b05)
Server machine is:
Ubuntu 11.10 64-bit
OpenJDK Runtime Environment (IcedTea6 1.11pre)
(6b23~pre11-0ubuntu1.11.10.2)
There is nothing relevant in log... and I get same behavior with
jconsole...
Cheers!
On Mon, Mar 26, 2012 at 14:30, Dan Tran <[email protected]> wrote:
On Mon, Mar 26, 2012 at 10:20 AM, Thiago Souza
<[email protected]>
wrote:
Could you tell us more about yr karaf platform ( OS, jre )?
Are you able to see any thing from debug log?
How about JConsole?
-D
Hi Niko,
Thanks for your help... but this is already configured... also, I
can
successfuly connect to other jvm (running tomcat only) from the same
client
machine using this configuration... I just can't connect to karaf
based
jvm...
Thanks
On Mon, Mar 26, 2012 at 12:06, Nick Dimos <[email protected]>
wrote:
Hi Tiago,
Can you please check this:
http://stackoverflow.com/questions/834581/remote-jmx-connection
Hope that helps.
Cheers,
Nikos
On Mon, Mar 26, 2012 at 5:44 PM, Thiago Souza <[email protected]>
wrote:
Hi Mike,
Thanks for you reply! There is no firewall configured thought
=/...
Unfortunately what I really need is JVisualVM due to it's
profiling
tools...
Also, I'm quite sure user/password is correct, I'm using default
configuration....
Cheers,
Thiago Souza
On Fri, Mar 23, 2012 at 23:51, mikevan <[email protected]>
wrote:
Thiago,
So, here's some background on what's probably causing your issue.
JVisualVM
actually uses two ports when you connect to a JMX Server remotely.
We
already know about the one that configured in Karaf 1099. However,
JVisualVM
also randomly selects a port to connect to the JMX Server. If your
version
of Karaf is behind a firewall, on a highly protected VM (like in a
VMWare
cloud), or has other security concerns associated with it, you may
never
be
able to reliabley connect.
Thats' why Karaf has a sub-project for a JMX webconsole page. A
couple
of
pretty smart developers work extra hard to make that page, and I
would
suggest you use that if you're having trouble connecting to teh JMX
server
holding your Karaf mbean information.
Please let me know if that helps.
-----
Mike Van (All links open in new tabs)
Committer - Kalumet
Atraxia Technologies
Mike Van's Open Source Technologies Blog
--
View this message in context:
http://karaf.922171.n3.nabble.com/Connect-to-remote-JMX-tp3846988p3853241.html
Sent from the Karaf - User mailing list archive at Nabble.com.
---------------------------------------------
Freeman Fang
FuseSource
Email:[email protected]
Web: fusesource.com
Twitter: freemanfang
Blog: http://freemanfang.blogspot.com
--
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/>
Committer & Project Lead
blog <http://notizblog.nierbeck.de/>
---------------------------------------------
Freeman Fang
FuseSource
Email:[email protected]
Web: fusesource.com
Twitter: freemanfang
Blog: http://freemanfang.blogspot.com
