1. The current environment
The monitored terminal 192.168.153.191
/usr/local/tomcat
Downloaded catalina-jmx-remote.jar and put it in the lib directory of the tomcat installation directory. So far, this jar package has not come in handy.
/usr/local/jdk1.7.0_79
A setenv.sh script has been added to the bin directory of tomcat (can be written in one line, which can be found under Baidu)
CATALINA_OPTS="${CATALINA_OPTS} -Djava.rmi.server.hostname=192.168.153.191" CATALINA_OPTS="${CATALINA_OPTS} -Djavax.management.builder.initial=" CATALINA_OPTS="${CATALINA_OPTS} -Dcom.sun.management.jmxremote=true" CATALINA_OPTS="${CATALINA_OPTS} -Dcom.sun.management.jmxremote.port=12345" CATALINA_OPTS="${CATALINA_OPTS} -Dcom.sun.management.jmxremote.ssl=false" CATALINA_OPTS="${CATALINA_OPTS} -Dcom.sun.management.jmxremote.authenticate=false"
According to the usual thinking: It stands to reason that as long as a port 12345 is opened in iptables
Zabbix_Server及Zabbix_Java_Gateway端192.168.153.181
The installation directory is not explained, generally it can be found in /usr/local/zabbix_server,/usr/local/zabbix_java_gateway
Mainly want to explain two configuration files
zabbix_server.conf
ListenPort=10051 LogFile=/tmp/zabbix_server.log DBName=zabbix DBUser=zabbix DBPassword=zabbix DBPort=3306 JavaGateway=127.0.0.1 JavaGatewayPort=10052 StartJavaPollers = 5
Configuration file of zabbix_java_gateway (zabbix_java_gateway installation directory/zabbix_java/sbin/setting.sh)
LISTEN_IP="0.0.0.0" LISTEN_PORT=10052 PID_FILE="/tmp/zabbix_java.pid" START_POLLERS=5
illustrate
1) The IP address of Zabbix_Server and Zabbix_Java_Gateway on one machine is 192.168.153.181
On the monitored machine, tomcat is installed, and the IP address is 192.168.153.191
The system on both machines is CentOS 6.5
2) JMX has been configured on the monitored machine (192.168.153.191) through the previous article, and the firewall (iptable) has opened port 12345.
# Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 12345 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
2. There are problems
Telnet 192.168.153.191 12345 can be connected, but jconsole can't connect, and the hosts item on the zabbix web page can't be connected.
3. Find the cause of the problem
I have never encountered such a strange situation before, so I started to google and baidu all the way. I have searched dozens of articles, but I can't find it. Some articles point out the use of (org.apache.catalina.mbeans.JmxRemoteLifecycleListener This class is in the catalina-jmx.remote.jar package, and a Listener is configured in server.xml. I have not tried it. I think this is a solution. ).
I came across an article by Little Japan that made me stunned. The article website: http://www.checksite.jp/jconsole-jmx-tomcat/
The configuration is as follows:
setenv.sh file content
The settings are as follows. This setting allows you to monitor Tomcat's Java VM from a remote node using JMX (without authentication).
1
2
3
4
5
6
7
8
|
# cat setenv.sh
#!/bin/sh
export CATALINA_OPTS="-Dcom.sun.management.jmxremote=true
-Dcom.sun.management.jmxremote.port=10080
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false"
#
|
The port is set to "10080", but there is no problem even if you use a port number that matches your environment.
Give execute permission as follows.
The configuration of iptable is as follows:
In order to be able to connect using JMX from a remote node, use FireWall to open the connection to the JMX port specified in setenv.sh earlier.
Since I am using iptables in my environment, the settings in iptables are described below.
# iptables --list --line-number (← number confirmation) # iptables --insert INPUT (number) -p tcp -s (source IP) --dport 10080: 65535 -j ACCEPT # iptables --list --line-number (← additional confirmation) # / sbin / service iptables save (← save to file) # cat / etc / sysconfig / iptables (← Check the saved file)