java jmx/jstatd 通过 ssh 隧道访问远程机器
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/12825117/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
jmx/jstatd access to remote machine through an ssh tunnel
提问by fodon
I'd like to use visualvm app through an ssh tunnel (to an EC2 machine) using jmx OR jstatd. How do I do this? Here is a list of what has been tried (and failed): (BTW: if visual vm is not appropriate, how do I find memory leaks on a remote machine?)
我想使用 jmx 或 jstatd 通过 ssh 隧道(到 EC2 机器)使用 visualvm 应用程序。我该怎么做呢?这是已尝试(和失败)的列表:(顺便说一句:如果视觉虚拟机不合适,我如何在远程机器上找到内存泄漏?)
jstatd: attempt:
jstatd:尝试:
I set up the jstatd server on the EC2 machine (app was already running on it) Then I set up a tunnel mapping local port 3333 to remote port 1099 In VisualVM I tried to connect using jstatd on port 3333 ... none of the processes on EC2 showed up
我在 EC2 机器上设置了 jstatd 服务器(应用程序已经在上面运行)然后我设置了一个隧道,将本地端口 3333 映射到远程端口 1099 在 VisualVM 中,我尝试在端口 3333 上使用 jstatd 进行连接......没有任何进程在 EC2 上出现
This link says that jstatd opens up another port: http://rukuro-blog.heroku.com/2011/06/30/monitoring-remote-java-applications-with-visualvm... so I tunneled that port from local host to remote. I restarted visual vm ... still nothing
这个链接说 jstatd 打开了另一个端口:http: //rukuro-blog.heroku.com/2011/06/30/monitoring-remote-java-applications-with-visualvm......所以我从本地主机隧道连接了那个端口到远程。我重新启动了视觉虚拟机......仍然没有
When I tried listing processes running from EC2 using the folloing command:
当我尝试使用以下命令列出从 EC2 运行的进程时:
jps -l -m -v rmi://localhost
... I got a list of processes
...我得到了一个进程列表
When I listed it on my home machine using
当我在我的家用机器上列出它时使用
jps -l -m -v rmi://localhost:3333
.... I got none ! So, is the rmi port not being tunnelled with jstatd port (3333) ... ?
....我没有!那么,rmi 端口是否没有通过 jstatd 端口 (3333) ... 进行隧道传输?
the jmx attempt:
jmx 尝试:
I started the application on the remote machine with the following command:
我使用以下命令在远程机器上启动了应用程序:
java -Dcom.sun.management.jmxremote.port=3333 \
-Dcom.sun.management.jmxremote.ssl=false \
-Dcom.sun.management.jmxremote.authenticate=false\
-cp :post/* <appName>
... the app works so I tunnelled local port 3333 to remote 3333
...该应用程序可以正常工作,因此我将本地端口 3333 通过隧道传输到远程 3333
Then I tried setting up a jmx link to localhost:3333 from visual vm interface: ... it pops up an error saying:
然后我尝试从可视化虚拟机界面设置一个到 localhost:3333 的 jmx 链接:...它弹出一个错误说:
cannot connect to localhost:3333 using service:jmx:rmi:///jndi/rmi://localhost:3333/jmxrmi
If I need to set up a link to the remove RMI server I'm not sure how to do it.
如果我需要设置一个到删除 RMI 服务器的链接,我不知道该怎么做。
JMXMP attempt:
JMXMP 尝试:
This holds promise but something is not quite right:
这很有希望,但有些地方不太对劲:
First I added the jmx_remote jar to the classpath and started the application on the remote machine using the same command as in the JMX case I showed above. I found the jar at oracle download link
首先,我将 jmx_remote jar 添加到类路径中,并使用与上面显示的 JMX 案例相同的命令在远程机器上启动应用程序。我在oracle 下载链接中找到了 jar
I setup up an ssh tunnel from local port 3333 to remote port 3333. Then I started up visualvm with the same jmx_remote file in the calsspath.
我设置了一个从本地端口 3333 到远程端口 3333 的 ssh 隧道。然后我在 calsspath 中使用相同的 jmx_remote 文件启动了visualvm。
visualvm -cp:a ~/jmx/jmxremote_optional.jar
Then I tried to connect visualvm to the remote server with:
然后我尝试使用以下命令将visualvm连接到远程服务器:
service:jmx:jmxmp://localhost:3333
Now visual vm seems to try to connect indefinitely. It shows "Adding service:jmx:jmxp://localhost:3333" in the status bar ... and continutes to do so till I shutdown the application on the remote end at which time it throws a popup saying that it couldnt' connect with the server.
现在,visual vm 似乎尝试无限期地连接。它在状态栏中显示“添加服务:jmx:jmxp:// localhost:3333”......并继续这样做,直到我关闭远程端的应用程序,此时它会抛出一个弹出窗口,说它无法连接与服务器。
On using SOCKS:
关于使用袜子:
My attempts at using both JMX and jstatd failed.
我尝试同时使用 JMX 和 jstatd 失败了。
I'm not sure the SOCKS proxy is working, so here is how I tried to connect:
我不确定 SOCKS 代理是否正常工作,所以这是我尝试连接的方式:
ssh -i ~/.ssh/starter.pem -v -D 9696 user@host
Just for completeness, I started the command on the other end with:
为了完整起见,我在另一端启动了命令:
java -Dcom.sun.management.jmxremote\
-Dcom.sun.management.jmxremote.ssl=false\
-Dcom.sun.management.jmxremote.authenticate=false\
-Dcom.sun.management.jmxremote.port=3333 <app>
And on the local end I set up the visualvm connection as per this LINK to VisualVm help page.
在本地,我按照这个链接到 VisualVm 帮助页面设置了visualvm连接。
With the JMX connection, I set the machine name and the port by right clicking the host on visualvm and fillng in the host port when it prompts me. At this point the status bar at the bottom shows visualvm is trying to connect to the remote machine and after a couple of minutes it fails.
使用 JMX 连接,我通过在visualvm 上右键单击主机并在提示我时填写主机端口来设置机器名称和端口。此时底部的状态栏显示 visualvm 正在尝试连接到远程机器,几分钟后它失败了。
With jstatd connection, I expected the remote processes to show up automatically. This didn't happen ... there were not error messages or anything.
使用 jstatd 连接,我希望远程进程自动显示。这没有发生......没有错误消息或任何东西。
On the socks side the following messages repeat cyclically:
在socks端,以下消息循环重复:
debug1: Connection to port 9696 forwarding to socks port 0 requested.
debug1: channel 2: new [dynamic-tcpip]
channel 3: open failed: connect failed: Connection timed out
debug1: channel 3: free: direct-tcpip: listening port 9696 for 50.16.35.69 port 3333, connect from 127.0.0.1 port 43909, nchannels 4
debug1: Connection to port 9696 forwarding to socks port 0 requested.
debug1: channel 3: new [dynamic-tcpip]
channel 2: open failed: connect failed: Connection timed out
debug1: channel 2: free: direct-tcpip: listening port 9696 for 50.16.35.69 port 1099, connect from 127.0.0.1 port 44644, nchannels 4
I wonder if this has to do with the socks channel. I have tunnelled single ports to the remote machine before, so I cant imagine it being a configuration issue for tunneling. I'm running ubuntu linux on both sides.
我想知道这是否与socks频道有关。我之前已经将单个端口隧道连接到远程机器,所以我无法想象这是隧道的配置问题。我在两边都运行 ubuntu linux。
Thanks for reading :)
谢谢阅读 :)
采纳答案by Nicholas
JMX/RMI is hard to tunnel directly because if RMI. Basically the server creates an RMI stub definition which is armed with directions to connect back to the server from whence it came, but when you're tunelling, the stubs come down from the server, but their directions are all wrong, and they can't get there from here.
JMX/RMI 很难直接隧道,因为如果 RMI. 基本上,服务器创建了一个 RMI 存根定义,该定义配备了从它来的地方连接回服务器的方向,但是当您进行调谐时,存根从服务器上下来,但是它们的方向都是错误的,并且它们可以'从这里到达那里。
The waaayeasiest way to resolve this is to ditch the RMI connector and use JMXMP. The underlying protocol is pure sockets so it's perfectly adapted for tunneling.
该waaay解决这个最简单的办法就是沟RMI连接器,并使用JMXMP。底层协议是纯套接字,因此它非常适合隧道。
回答by Tomas Hurka
回答by blank
I just did this two minutes ago ...
我两分钟前刚做的...
- Remote server with jmx on port 8686 - this port is locked down
- sshd_config on the remote box should have 'AllowTcpForwarding yes' or commented out
- Open a putty ssh session with port forwarding local port 8686 (or whatever) to localhost:8686
- Add a local jmx connection in VisualVm pointing at your local forwarded port
- VisualVm automagically sees the jvm and starts monitoring
- 端口 8686 上带有 jmx 的远程服务器 - 此端口被锁定
- 远程盒子上的 sshd_config 应该有“AllowTcpForwarding yes”或注释掉
- 打开一个 putty ssh 会话,端口转发本地端口 8686(或其他)到 localhost:8686
- 在 VisualVm 中添加一个指向本地转发端口的本地 jmx 连接
- VisualVm 自动看到 jvm 并开始监控
回答by Anthony O.
Here are the steps that worked for me:
以下是对我有用的步骤:
- Launch an ejstatdin your remote host this way (in ejstatd folder):
mvn exec:java -Dexec.args="-pr 2000 -ph 2001 -pv 2002"(used for "jstatd" type connection) - Launch your Java application with those additional Java parameters:
-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.port=2003 -Dcom.sun.management.jmxremote.rmi.port=2003(used for "JMX" type connection) - Open an SSH session to the remote host tunneling those 4 ports (from 2000 to 2003 included). For example with OpenSSH client, you must add those parameters:
-L2000:localhost:2000 -L2001:localhost:2001 -L2002:localhost:2002 -L2003:localhost:2003 - Launch JVisualVM
- Right-click on "Local" > "Add jstatd Connection..." > "Add Custom" and enter "
2000" in "Port" selection; - Right-click on "Local" > "Add JMX Connection..." and enter "
localhost:2003" in "Connection" input, and check "Do not require SSL connection" - Your Java process will appear twice: one from the "jstatd" connection type, and one from the "JMX" connection type.
- Right-click on "Local" > "Add jstatd Connection..." > "Add Custom" and enter "
- 以这种方式在远程主机中启动ejstatd(在 ejstatd 文件夹中):(
mvn exec:java -Dexec.args="-pr 2000 -ph 2001 -pv 2002"用于“jstatd”类型连接) - 使用这些附加的 Java 参数启动您的 Java 应用程序:(
-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.port=2003 -Dcom.sun.management.jmxremote.rmi.port=2003用于“JMX”类型连接) - 打开到远程主机的 SSH 会话,通过这 4 个端口(包括 2000 年到 2003 年)建立隧道。例如对于 OpenSSH 客户端,您必须添加这些参数:
-L2000:localhost:2000 -L2001:localhost:2001 -L2002:localhost:2002 -L2003:localhost:2003 - 启动 JVisualVM
- 右键单击“本地”>“添加jstatd连接...”>“添加自定义”并
2000在“端口”选择中输入“ ”; - 右键单击“本地”>“添加 JMX 连接...”并
localhost:2003在“连接”输入中输入“ ”,并选中“不需要 SSL 连接” - 您的 Java 进程将出现两次:一次来自“jstatd”连接类型,另一次来自“JMX”连接类型。
- 右键单击“本地”>“添加jstatd连接...”>“添加自定义”并
Disclaimer: I'm the author of the open source ejstatdtool.
免责声明:我是开源ejstatd工具的作者。
