2018年6月4日 星期一

Tomcat Jmx 設定與 jmx.password "必須限制密碼檔案讀取存取" 錯誤


1. What is JMX?

JMX(Java Management Extensions,即Java管理擴充功能)是Java平台上為應用程式、裝置、系統等植入管理功能的框架。JMX可以跨越一系列異構作業系統平台、系統體系結構和網路傳輸協定,靈活的開發無縫整合的系統、網路和服務管理應用。

JMX 是 Java Management Extensions 的簡寫,它的主要目的為了管理在 JVM 上運行的應用程式試想今天你需要管理在不同機器執行的5個 Services,監控它的執行情況,還要監控機器上的記憶體,CPU,執行緒數量...等,你該怎麼做?
你可能會一台台登入下指令去看 Linux 的 memory,cpu 情況。那應用程式執行情況呢?寫程式將資訊透過網路傳出來?那假如程式是別人寫的呢?那你就需要知道它的溝通方式, 不同 application 就像說著不同語言的人,你需要為每一個 application 寫一個translator,轉成共同的格式,然後透過網路傳給你的 Client 端 不然你的 Client 就需要自己做這個翻譯的工作,它需要懂 N 種不同的溝通方式,哪天需要多監控一個新的application 的時候,Client 就必須修改...
想到就累不是嗎 ? JMX 就是為了解決這個難題而被發明的

ref 1


2.  架構圖:




3. Tomcat Error Message 

ref 1
barchart-oracle-study/oracle-jdk-7.21-rt/src/main/java/sun/management/resources/agent_zh_HK.java
  */ package sun.management.resources;
/*   */ 
/*   */ import java.util.ListResourceBundle;
/*   */ 
/*   */ public final class agent_zh_HK extends ListResourceBundle
/*   */ {
/*   */   protected final Object[][] getContents()
/*   */   {
/* 7 */     return new Object[][] { { "agent.err.access.file.not.readable", "存取檔案無法讀取" }, { "agent.err.access.file.notfound", "找不到存取檔案" }, { "agent.err.access.file.notset", "未指定存取檔案,但 com.sun.management.jmxremote.authenticate=true" }, { "agent.err.access.file.read.failed", "無法讀取存取檔案" }, { "agent.err.acl.file.access.notrestricted", "必須限制密碼檔案讀取存取" }, { "agent.err.acl.file.not.readable", "SNMP ACL 檔案無法讀取" }, { "agent.err.acl.file.notfound", "找不到 SNMP ACL 檔案" }, { "agent.err.acl.file.notset", "未指定 SNMP ACL 檔案,但 com.sun.management.snmp.acl=true" }, { "agent.err.acl.file.read.failed", "無法讀取 SNMP ACL 檔案" }, { "agent.err.agentclass.access.denied", "存取 premain(String) 遭到拒絕" }, { "agent.err.agentclass.failed", "管理代理程式類別失敗 " }, { "agent.err.agentclass.notfound", "找不到管理代理程式類別" }, { "agent.err.configfile.access.denied", "存取配置檔案遭到拒絕" }, { "agent.err.configfile.closed.failed", "無法關閉配置檔案" }, { "agent.err.configfile.failed", "無法讀取配置檔案" }, { "agent.err.configfile.notfound", "找不到配置檔案" }, { "agent.err.connector.server.io.error", "JMX 連接器伺服器通訊錯誤" }, { "agent.err.error", "錯誤" }, { "agent.err.exception", "代理程式發生異常 " }, { "agent.err.exportaddress.failed", "將 JMX 連接器位址匯出至設備緩衝區失敗" }, { "agent.err.file.access.not.restricted", "必須限制檔案讀取存取權" }, { "agent.err.file.not.found", "找不到檔案" }, { "agent.err.file.not.readable", "檔案無法讀取" }, { "agent.err.file.not.set", "未指定檔案" }, { "agent.err.file.read.failed", "無法讀取檔案" }, { "agent.err.invalid.agentclass", "com.sun.management.agent.class 屬性值無效" }, { "agent.err.invalid.jmxremote.port", "com.sun.management.jmxremote.port 號碼無效" }, { "agent.err.invalid.jmxremote.rmi.port", "com.sun.management.jmxremote.rmi.port 號碼無效" }, { "agent.err.invalid.option", "指定的選項無效" }, { "agent.err.invalid.snmp.port", "com.sun.management.snmp.port 號碼無效" }, { "agent.err.invalid.snmp.trap.port", "com.sun.management.snmp.trap 編號無效" }, { "agent.err.invalid.state", "無效的代理程式狀態" }, { "agent.err.password.file.access.notrestricted", "必須限制密碼檔案讀取存取" }, { "agent.err.password.file.not.readable", "密碼檔案無法讀取" }, { "agent.err.password.file.notfound", "找不到密碼檔案" }, { "agent.err.password.file.notset", "未指定密碼檔案,但 com.sun.management.jmxremote.authenticate=true" }, { "agent.err.password.file.read.failed", "無法讀取密碼檔案" }, { "agent.err.premain.notfound", "代理程式類別中不存在 premain(String)" }, { "agent.err.snmp.adaptor.start.failed", "無法使用位址啟動 SNMP 配接卡" }, { "agent.err.snmp.mib.init.failed", "無法初始化 SNMP MIB,出現錯誤" }, { "agent.err.unknown.snmp.interface", "不明的 SNMP 介面" }, { "agent.err.warning", "警告" }, { "jmxremote.AdaptorBootstrap.getTargetList.adding", "正在新增目標: {0}" }, { "jmxremote.AdaptorBootstrap.getTargetList.initialize1", "配接卡就緒。" }, { "jmxremote.AdaptorBootstrap.getTargetList.initialize2", "SNMP 配接卡就緒,位於: {0}:{1}" }, { "jmxremote.AdaptorBootstrap.getTargetList.processing", "正在處理 ACL" }, { "jmxremote.AdaptorBootstrap.getTargetList.starting", "正在啟動配接卡伺服器:" }, { "jmxremote.AdaptorBootstrap.getTargetList.terminate", "終止 {0}" }, { "jmxremote.ConnectorBootstrap.file.readonly", "必須限制檔案讀取存取權: {0}" }, { "jmxremote.ConnectorBootstrap.noAuthentication", "無認證" }, { "jmxremote.ConnectorBootstrap.password.readonly", "必須限制密碼檔案讀取存取: {0}" }, { "jmxremote.ConnectorBootstrap.ready", "JMX 連接器就緒,位於: {0}" }, { "jmxremote.ConnectorBootstrap.starting", "正在啟動 JMX 連接器伺服器:" } };
/*   */   }

/*   */ }

4. Key word file

jmx.password 



5.  How to solved? ref 1 from oracle  ref 2 3

  1. In Windows Explorer, navigate to the directory containing the jmxremote.password file.
  2. Right-click on the jmxremote.password file and select the Properties option.
    Displaying the jmxremote.password file properties
  3. Select the Security tab
    Displaying the jmxremote.password file's security properties
    If you are using Windows XP Professional Edition and the computer is not part of a domain, then the Security tab will not be automatically visible. To reveal the Security tab, you must perform the following steps.
  1. Select the Advanced button in the Security tab.
    Displaying advanced security properties.
  1. Select the Owner tab to check if the file owner matches the user under which the Java VM is running.
    Checking who owns the password file.
  2. Select the Permissions tab to set the permissions.
    If there are permission entries inherited from a parent directory that allow users or groups other than the owner access to the file, then clear the "Inherit from parent the permission entries that apply to child objects" checkbox.

    Blocking inheritance of file permissions from parent objects.




6. appending JMX setting 


1 .   https://gist.github.com/buonzz/7ba34958a029df19a2a6
setenv.sh
export CATALINA_OPTS="$CATALINA_OPTS -Dcom.sun.management.jmxremote"
export CATALINA_OPTS="$CATALINA_OPTS -Dcom.sun.management.jmxremote.port=9999"
export CATALINA_OPTS="$CATALINA_OPTS -Dcom.sun.management.jmxremote.rmi.port=9999"
export CATALINA_OPTS="$CATALINA_OPTS -Dcom.sun.management.jmxremote.authenticate=false"
export CATALINA_OPTS="$CATALINA_OPTS -Dcom.sun.management.jmxremote.ssl=false"
export CATALINA_OPTS="$CATALINA_OPTS -Djava.rmi.server.hostname=your ip"
export CATALINA_OPTS="$CATALINA_OPTS -Dcom.sun.management.jmxremote.local.only=false"



2.   http://www.andowson.com/posts/list/424.page
1.修改setenv.sh,加上下列設定 
view source
print?
1CATALINA_OPTS="-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=${JMX_PORT} -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false"

修改後的完整內容如下: 
1JAVA_HOME="/usr/java/latest"
2JAVA_OPTS="-server -XX:NewSize=503m -XX:MaxNewSize=503m -XX:SurvivorRatio=8 -XX:MaxPermSize=128m -Xss768k -Xms2013m -Xmx2013m -Djava.net.preferIPv4Stack=true -Djava.awt.headless=true"
3CATALINA_OPTS="-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=${JMX_PORT} -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false"


3.  apache http://tomcat.apache.org/tomcat-6.0-doc/monitoring.html





4. Start using the content , good link : 1
in Tomcat8w.exe -> Java -> Java Options

set CATALINA_OPTS=-Dcom.sun.management.jmxremote
  -Dcom.sun.management.jmxremote.port=%my.jmx.port%
  -Dcom.sun.management.jmxremote.ssl=false
  -Dcom.sun.management.jmxremote.authenticate=false




7. Windows Authoritor
1. https://ithelp.ithome.com.tw/questions/10080019
2. tomcat install  http://fecbob.pixnet.net/blog/post/38258323-tomcat%E9%85%8D%E7%BD%AE%E7%9A%8410%E5%80%8B%E6%8A%80%E5%B7%A7-





張貼者:
標籤:

沒有留言:

張貼留言

訂閱: 張貼留言 (Atom)