On Tue, Dec 10, 2019 at 11:58 AM Chris Cheshire <yahoono...@gmail.com> wrote: > > On Tue, Dec 10, 2019 at 9:42 AM Christopher Schultz > <ch...@christopherschultz.net> wrote: > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA256 > > > > Chris, > > > > On 12/9/19 17:10, Chris Cheshire wrote: > > > In CATALINA_BASE/bin/setenv.sh I have the following : > > > > > > CATALINA_OPTS="-Dcom.sun.management.jmxremote > > > -Dcom.sun.management.jmxremote.ssl=false > > > -Dcom.sun.management.jmxremote.authenticate=false" > > > > Okay. > > > > > In CATALINA_BASE/conf/server.xml I have a listener configured : > > > > > > <Listener > > > className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener" > > > rmiRegistryPortPlatform="10001" rmiServerPortPlatform="10002" > > > useLocalPorts="true" /> > > > > > > > > > Upon startup I see in logs : INFO [main] > > > org.apache.catalina.mbeans.JmxRemoteLifecycleListener.createServer > > > The JMX Remote Listener has configured the registry on port > > > [10001] and the server on port [10002] for the [Platform] server > > > > > > > > > $ netstat -an | grep 10001 tcp4 0 0 127.0.0.1.10001 > > > *.* LISTEN tcp6 0 0 ::1.10001 > > > *.* LISTEN > > > > > > On my local machine I have a tunnel set up as follows : ssh -N > > > -L10001:localhost:10001 -L10002:localhost:10002 user@remotehost > > > > > > (where user is the user tomcat is running under) > > > > > > When I try to add a remote JMX connection in VisualVM on my client > > > machine to localhost:10001 I get an error dialog after a brief > > > delay with the message "Cannot connect to localhost:10001 using > > > service:jmx:rmi:///jndi/rmi://localhost:10001/jmxrmi". If I change > > > it to port 10002 I get the same error. On the server at this time > > > : $ netstat -an | grep 10001 tcp4 0 0 127.0.0.1.10001 > > > *.* LISTEN tcp6 0 0 ::1.10001 > > > *.* LISTEN tcp4 0 0 127.0.0.1.62637 > > > 127.0.0.1.10001 TIME_WAIT > > > > > > > > > If I try to use jconsole connecting to port 10001 I get the error > > > "Connection failed: non-JRMP server at remote endpoint". Connecting > > > to port 10002 I get the error "Connection failed: no such object > > > in table" > > > > You should be using the port defined by rmiRegistryPortPlatform, so > > 10001 is the correct port to use. > > > > > I've been through the tomcat configuration documentation a couple > > > times but I can't see what else I need to configure. > > > > What you have looks good to me without reproducing it myself. Can you do > > : > > > > $ netstat -an | grep 1000[0-9] > > > > ? > > > > Just to be sure about both ports? > > > > $ netstat -an | grep 1000[0-9] > tcp6 0 0 :::10001 :::* LISTEN > tcp6 0 0 :::10002 :::* LISTEN > > > Hmmmm. Tomcat is only listening on ipv6 ports, but my tunnel is using > ipv4. After digging around [1], I added this to CATALINA_OPTS in > setenv.sh > > -Djava.net.preferIPv4Stack=true -Djava.net.preferIPv4Addresses=true > > $ netstat -an | grep 1000[0-9] > tcp 0 0 0.0.0.0:10001 0.0.0.0:* LISTEN > tcp 0 0 0.0.0.0:10002 0.0.0.0:* LISTEN > > When I try to connect with jconsole I get the same error (non-JRMP > server at remote endpoint), with the server showing > > tcp 0 0 0.0.0.0:10001 0.0.0.0:* LISTEN > tcp 0 0 0.0.0.0:10002 0.0.0.0:* LISTEN > tcp 0 0 127.0.0.1:10001 127.0.0.1:43803 TIME_WAIT > tcp 0 0 127.0.0.1:10001 127.0.0.1:43815 TIME_WAIT > > > I have also updated sshd_config with > > PermitTunnel yes > > and restarted that. Still no change. > > Chris > > > [1] > https://serverfault.com/questions/390840/how-does-one-get-tomcat-to-bind-to-ipv4-address
As a followup to take the tunnel out of the equation I downloaded jmxterm [1] on the server and tried to connect $ java -jar jmxterm-1.0.0-uber.jar Welcome to JMX terminal. Type "help" for available commands. $>open localhost:10001 #RuntimeIOException: Runtime IO exception: Failed to retrieve RMIServer stub: javax.naming.CommunicationException [Root exception is java.rmi.ConnectIOException: non-JRMP server at remote endpoint] $> Back to the tomcat documentation, I added this to CATALINA_OPTS (based on listener config and assumed defaults) -Dcom.sun.management.jmxremote.registry.ssl=false and now I get a different error : $>open localhost:10001 #RuntimeIOException: Runtime IO exception: Failed to retrieve RMIServer stub: javax.naming.CommunicationException [Root exception is java.rmi.UnmarshalException: error unmarshalling return; nested exception is: java.lang.ClassNotFoundException: org/apache/catalina/mbeans/JmxRemoteLifecycleListener$RmiClientLocalhostSocketFactory (no security manager: RMI class loader disabled)] So I enabled the security manager by adding to CATALINA_OPTS -Djava.security.manager -Djava.security.policy=$CATALINA_BASE/conf/catalina.policy And got a reminder why I turned it off in the first place. Now I have to figure out how to allow the mysql drivers to work (and probably everything else about the web app) so tomcat will start :/ Uggh. Chris --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org