JConsole is a Java Management eXtension (JMX) compliant GUI tool that can be used to connect to a running Geronimo server instance. In JConsole, you will be able to monitor the JVM memory usage, threads stack trace, loaded classes and VM information as well as Geronimo MBeans
Monitoring Geronimo in JConsole
To make Geronimo accessible to JConsole you can simply deactive both password authentication and secure socket layer (SSL) encryption:
- If you are running the server with IBM JDK 5 or IBM JDK 6, you have to add the following Java options to disable password authentication and SSL connection. Note that the command should be typed on a single line.
${renderedContent}
set JAVA_OPTS=-Dcom.sun.management.jmxremote.port=<port> -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false
${renderedContent}where <port> is a free port on which you would like to enable this connection.export JAVA_OPTS="-Dcom.sun.management.jmxremote.port=<port> -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false"
- Start the server.
- Then, run the command
jconsole
from<JDK_HOME>\bin
directory. - In the dialog New connection of JConsole, input the connection information in the Remote Process field.
<ipaddr>:<port>
for monitoring local server overall information, for example memories, threads, and VM summaries.service:jmx:rmi:///jndi/rmi://<ipaddr>:1099/JMXConnector
for monitoring Geronimo information in MBeans tab. In this case, tabs other than MBeans are inactive.
where- <ipaddr> can be localhost if you are monitoring the local server, and can be host name if the monitoring remote machine can access the Geronimo server via
ping
command. - <port> is the port number you specified in Java options.
- 1099 is the default naming port for Geronimo.
- <ipaddr> can be localhost if you are monitoring the local server, and can be host name if the monitoring remote machine can access the Geronimo server via
- Then click OK. Note that information may vary when you are using IBM SDK or Sun SDK.
Monitor Geronimo in JConsole with secure JMX connection enabled
Password authentication over secure sockets layer (SSL) can be used to ensure that unauthorized persons cannot control or monitor your server. Before connecting to the secure JMX server in JConsole, you have to make a few configuration steps to disable the non-secure JMX server and start the jmx-security module.
- In directory of
<Geronimo_HOME>/var/config
, you can find the fileconfig.xml
. Take Geronimo 3.0 as an example, make modifications listed below.Elements by default
Elements modified
<gbean name="JMXService">
<gbean name="JMXService" load="false">
<module name="org.apache.geronimo.configs/clustering/3.0/car">
<module name="org.apache.geronimo.configs/clustering/3.0/car" load="false">
<module name="org.apache.geronimo.configs/tomcat6-clustering-builder-wadi/3.0/car">
<module name="org.apache.geronimo.configs/tomcat6-clustering-builder-wadi/3.0/car" load="false">
<module name="org.apache.geronimo.framework/jmx-security/3.0/car" load="false">
<module name="org.apache.geronimo.framework/jmx-security/3.0/car">
- Save the changes, and start the server with the JMX-security module loaded. (After the configuration of secure JMX server, the JMX-security module will be loaded at server start time automatically.)
- Then, open a command window and set environment variable.
${renderedContent}
set GERONIMO_HOME=<Geronimo_HOME>
${renderedContent}where <Geronimo_HOME> is the installation directory of the Geronimo serverexport GERONIMO_HOME=<Geronimo_HOME>
- Run
<JDK_HOME>/bin/jconsole
via the following command. Note that the command has been split across several lines for readability. The command must be typed on a single line.${renderedContent}jconsole \-J-D-Dorg.apache.geronimo.keyStoreTrustStorePasswordFile=%myDir%/KeystoreTrustSotrePasswordFile.key
${renderedContent}jconsole \-J-D-Dorg.apache.geronimo.keyStoreTrustStorePasswordFile=$myDir/KeystoreTrustSotrePasswordFile.key
${renderedContent}*Where*${renderedContent}
${renderedContent}_myDir_ is the location of your trusted keystore file. By default, the content of file is from/var/config/config-substitutions.properties
file. See Creating your keystorefile for SSL authentication for more details. - In the dialog Connect to Agent of JConsole, click Advanced, and input the information:
- JMX URL:
service:jmx:rmi:///jndi/rmi://<ipaddr>:1099/JMXSecureConnector
- User Name: system (or user name you set)
- Password: manager (or password you set)
where- <ipaddr> can be localhost if you are monitoring the local server, and can be host name if the monitoring remote machine can access the Geronimo server via
ping
command. - 1099 is the default naming port for Geronimo.
- <ipaddr> can be localhost if you are monitoring the local server, and can be host name if the monitoring remote machine can access the Geronimo server via
- JMX URL:
- Then click OK. JConsole will connect to geronimo MBeans management interface. Switch to Means tab for server-wide information. In this case, tabs other than MBeans are inactive. Note that information may vary when you are using IBM SDK or Sun SDK.