How to have JMX bind to a specific interface?

2019-03-14 14:47发布

问题:

I am currently starting my Java VM with the com.sun.management.jmxremote.* properties so that I can connect to it via JConsole for management and monitoring. Unfortunately, it listens on all interfaces (IP addresses) on the machine.

In our environment, there are often cases where there is more than one Java VM running on a machine at the same time. While it's possible to tell JMX to listen on different TCP ports (using com.sun.management.jmxremote.port), it would be nice to instead have JMX use the standard JMX port and just bind to a specific IP address (rather than all of them).

This would make it much easier to figure out which VM we're connecting to via JConsole (since each VM effectively "owns" its own IP address). Has anyone figured out how to make JMX listen on a single IP address or hostname?

回答1:

If anyone else will be losing his nerves with this ... After 10 years, they finally fixed it!

Since Java 8u102 -Dcom.sun.management.jmxremote.host binds to the selected IP

see: https://bugs.openjdk.java.net/browse/JDK-6425769



回答2:

Fernando already provided a link to my blog post :) ..it's not trivial. You have to provide your own RMIServerSocketFactoryImpl that creates sockets on the wanted address.

If internal/external interfaces are the problem and you have local access setting up a local firewall might be easier.



回答3:

I haven't tried this but this may help.

the main nuisance here was that there is no easy way to specify the host IP address for JMX to bind to, it would always bind to all interfaces. The 'java.rmi.server.hostname' property did not work and I didn't want to pick different ports for all the different instances on the same host.

Also, I didn't want to create my own RMIServerSocketFactory with all the complexities associated with it, I was after a simple patch to the existing code.

I've fixed this by patching the default JVM RMI socket factory that is responsible for creating this server socket. It now supports the new 'com.sun.management.jmxremote.host' property.

To get this to work, save the Java code below into a file named sun/rmi/transport/proxy/RMIDirectSocketFactory.java.

Compile and create jmx_patch.jar from it and place it into the tomcat lib/ folder.

You then need to add the following line to bin/setenv.sh:

CLASSPATH=$CLASSPATH:$CATALINA_HOME/lib/mx_patch.jar

add this option in tomcat instance start up

-Dcom.sun.management.jmxremote.host=192.168.100.100"

This will then bind the JMX service only to address 192.168.100.100. The 2 other random RMI listening ports will still bind to all interfaces, but that is fine as they always pick a free port anyway.

You can now run multiple tomcat instances on a single host with all the default ports intact (e.g. 8080 for JMX for all of them).

package sun.rmi.transport.proxy;

import java.io.IOException;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.rmi.server.RMISocketFactory;

public class RMIDirectSocketFactory extends RMISocketFactory {

    public Socket createSocket(String host, int port) throws IOException
    {
     return new Socket(host, port);
    }

   public ServerSocket createServerSocket(int port) throws IOException
   {
   String jmx_host = System.getProperty("com.sun.management.jmxremote.host");
   String jmx_port = System.getProperty("com.sun.management.jmxremote.port");

  // Allow JMX to bind to specific address
  if (jmx_host != null && jmx_port != null && port != 0 && integer.toString(port).equals(jmx_port)) {
    InetAddress[] inetAddresses = InetAddress.getAllByName(jmx_host);
    if (inetAddresses.length > 0) {
    return new ServerSocket(port, 50, inetAddresses[0]);
   }
}

 return new ServerSocket(port);
  }

}



回答4:

I just tried

-Dcom.sun.management.jmxremote.host=

with openjdk 1.8, and it works well. It binds to that addess (according to netstat) and all looks right (and works).



回答5:

The accepted answer is pretty old. There are some indications that Java now provides some options to enable this. For instance I have seen:

-Djava.rmi.server.hostname=<YOUR_IP>

...as well as...

-Dcom.sun.management.jmxremote.host=<YOUR_IP>

However, at least on my system under jdk 1.7, these do not seem to have any effect - the JMX connector still binds to *. An updated answer (with specific applicable versions) would be much appreciated. This should be simple.