org.apache.brooklyn.util.jmx.jmxmp

Class JmxmpAgent

java.lang.Object

org.apache.brooklyn.util.jmx.jmxmp.JmxmpAgent

public class JmxmpAgent
extends java.lang.Object

This exposes JMX access over JMXMP, suitable for high-security environments, with support for going through firewalls as well as encrypting and authenticating securely.

Listens on 11099 unless overridden by system property brooklyn.jmxmp.port.

Use the usual com.sun.management.jmxremote.ssl to enable both SSL _and_ authentication (setting brooklyn.jmxmp.ssl.authenticate false if you need to disable authentication for some reason); unless you disable client-side server authentication you will need to supply brooklyn.jmxmp.ssl.keyStore, and similarly unless server-side client auth is off you'll need the corresponding trustStore (both pointing to files on the local file system).

Service comes up on: service:jmx:jmxmp://${HOSTNAME}:${PORT}

If RMI_REGISTRY_PORT_PROPERTY is also set, this agent will start a normal JMX/RMI server bound to all interfaces, which is contactable on: service:jmx:rmi:///jndi/rmi://${HOSTNAME}:${RMI_REGISTRY_PORT}/jmxrmi

NB: To use JConsole with this endpoing, you need the jmxremote_optional JAR, and the following command (even more complicated if using SSL): java -classpath $JAVA_HOME/lib/jconsole.jar:$HOME/.m2/repository/javax/management/jmxremote_optional/1.0.1_04/jmxremote_optional-1.0.1_04.jar sun.tools.jconsole.JConsole

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	AUTHENTICATE_CLIENTS_PROPERTY whether to use SSL (TLS) certificates to authenticate the client; requires a truststore to be set, and requires USE_SSL_PROPERTY true (different to 'com.sun.management.jmxremote.authenticate' because something else insists on intercepting that and uses it for passwords); defaults to true iff USE_SSL_PROPERTY is set because who wouldn't want client authentication if you're encrypting the link
static java.lang.String	JMX_SERVER_ADDRESS_WILDCARD_PROPERTY whether JMX should bind to all interfaces
static int	JMXMP_DEFAULT_PORT
static java.lang.String	JMXMP_KEYSTORE_FILE_PROPERTY
static java.lang.String	JMXMP_KEYSTORE_KEY_PASSWORD_PROPERTY
static java.lang.String	JMXMP_KEYSTORE_PASSWORD_PROPERTY
static java.lang.String	JMXMP_KEYSTORE_TYPE_PROPERTY
static java.lang.String	JMXMP_PORT_PROPERTY port to listen on; default to JMXMP_DEFAULT_PORT
static java.lang.String	JMXMP_TRUSTSTORE_FILE_PROPERTY
static java.lang.String	JMXMP_TRUSTSTORE_PASSWORD_PROPERTY
static java.lang.String	JMXMP_TRUSTSTORE_TYPE_PROPERTY
static java.lang.String	RMI_HOSTNAME_PROPERTY hostname to advertise, and if "jmx.remote.server.address.wildcard" is false also the hostname/interface to bind to
static java.lang.String	RMI_REGISTRY_PORT_PROPERTY optional port for RMI registry to listen on; if not supplied, RMI is disabled.
static java.lang.String	TLS_JMX_REMOTE_PROFILES
static java.lang.String	TLS_NEED_AUTHENTICATE_CLIENTS_PROPERTY
static java.lang.String	TLS_SOCKET_FACTORY_PROPERTY
static java.lang.String	TLS_WANT_AUTHENTICATE_CLIENTS_PROPERTY
static java.lang.String	USE_SSL_PROPERTY whether to use SSL (TLS) encryption; requires a keystore to be set

Constructor Summary

Constructors

Constructor and Description
JmxmpAgent()

Method Summary

Modifier and Type	Method and Description
static void	agentmain(java.lang.String agentArgs)
static void	doMain(java.lang.String agentArgs)
static void	doMainForeground(java.lang.String agentArgs)
static java.lang.String	getLocalhostHostname(java.util.Properties properties)
static void	main(java.lang.String[] args)
static javax.net.ssl.TrustManager	newInspectAllTrustManager(javax.net.ssl.X509TrustManager delegate)
static void	premain(java.lang.String agentArgs)
void	setSslEnvFromProperties(java.util.Map<java.lang.String,java.lang.Object> env, java.util.Properties properties)
java.util.List<javax.management.remote.JMXConnectorServer>	startConnectors(java.util.Properties properties)
javax.management.remote.JMXConnectorServer	startJmxmpConnector(java.util.Properties properties)
javax.management.remote.JMXConnectorServer	startNormalJmxRmiConnectorIfRequested(java.util.Properties properties) optionally starts a normal JMXRMI connector in addition

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

JMXMP_PORT_PROPERTY

public static final java.lang.String JMXMP_PORT_PROPERTY

port to listen on; default to JMXMP_DEFAULT_PORT

See Also:

Constant Field Values

RMI_HOSTNAME_PROPERTY

public static final java.lang.String RMI_HOSTNAME_PROPERTY

hostname to advertise, and if "jmx.remote.server.address.wildcard" is false also the hostname/interface to bind to

See Also:

Constant Field Values

JMX_SERVER_ADDRESS_WILDCARD_PROPERTY

public static final java.lang.String JMX_SERVER_ADDRESS_WILDCARD_PROPERTY

whether JMX should bind to all interfaces

See Also:

Constant Field Values

RMI_REGISTRY_PORT_PROPERTY

public static final java.lang.String RMI_REGISTRY_PORT_PROPERTY

optional port for RMI registry to listen on; if not supplied, RMI is disabled. 1099 is a common choice. it will *always* use an anonymous high-numbered port as the rmi server it redirects to (ie it behaves like the default JMX agent, not the custom JmxRmiAgent).

See Also:

Constant Field Values

USE_SSL_PROPERTY

public static final java.lang.String USE_SSL_PROPERTY

whether to use SSL (TLS) encryption; requires a keystore to be set

See Also:

Constant Field Values

AUTHENTICATE_CLIENTS_PROPERTY

public static final java.lang.String AUTHENTICATE_CLIENTS_PROPERTY

whether to use SSL (TLS) certificates to authenticate the client; requires a truststore to be set, and requires USE_SSL_PROPERTY true (different to 'com.sun.management.jmxremote.authenticate' because something else insists on intercepting that and uses it for passwords); defaults to true iff USE_SSL_PROPERTY is set because who wouldn't want client authentication if you're encrypting the link

See Also:

Constant Field Values

JMXMP_KEYSTORE_FILE_PROPERTY

public static final java.lang.String JMXMP_KEYSTORE_FILE_PROPERTY

See Also:

Constant Field Values

JMXMP_KEYSTORE_PASSWORD_PROPERTY

public static final java.lang.String JMXMP_KEYSTORE_PASSWORD_PROPERTY

See Also:

Constant Field Values

JMXMP_KEYSTORE_KEY_PASSWORD_PROPERTY

public static final java.lang.String JMXMP_KEYSTORE_KEY_PASSWORD_PROPERTY

See Also:

Constant Field Values

JMXMP_KEYSTORE_TYPE_PROPERTY

public static final java.lang.String JMXMP_KEYSTORE_TYPE_PROPERTY

See Also:

Constant Field Values

JMXMP_TRUSTSTORE_FILE_PROPERTY

public static final java.lang.String JMXMP_TRUSTSTORE_FILE_PROPERTY

See Also:

Constant Field Values

JMXMP_TRUSTSTORE_PASSWORD_PROPERTY

public static final java.lang.String JMXMP_TRUSTSTORE_PASSWORD_PROPERTY

See Also:

Constant Field Values

JMXMP_TRUSTSTORE_TYPE_PROPERTY

public static final java.lang.String JMXMP_TRUSTSTORE_TYPE_PROPERTY

See Also:

Constant Field Values

TLS_NEED_AUTHENTICATE_CLIENTS_PROPERTY

public static final java.lang.String TLS_NEED_AUTHENTICATE_CLIENTS_PROPERTY

See Also:

Constant Field Values

TLS_WANT_AUTHENTICATE_CLIENTS_PROPERTY

public static final java.lang.String TLS_WANT_AUTHENTICATE_CLIENTS_PROPERTY

See Also:

Constant Field Values

TLS_SOCKET_FACTORY_PROPERTY

public static final java.lang.String TLS_SOCKET_FACTORY_PROPERTY

See Also:

Constant Field Values

TLS_JMX_REMOTE_PROFILES

public static final java.lang.String TLS_JMX_REMOTE_PROFILES

See Also:

Constant Field Values

JMXMP_DEFAULT_PORT

public static final int JMXMP_DEFAULT_PORT

See Also:

Constant Field Values

Constructor Detail

JmxmpAgent

public JmxmpAgent()

Method Detail

premain

public static void premain(java.lang.String agentArgs)

agentmain

public static void agentmain(java.lang.String agentArgs)

doMain

public static void doMain(java.lang.String agentArgs)

doMainForeground

public static void doMainForeground(java.lang.String agentArgs)

startConnectors

public java.util.List<javax.management.remote.JMXConnectorServer> startConnectors(java.util.Properties properties)

startJmxmpConnector

public javax.management.remote.JMXConnectorServer startJmxmpConnector(java.util.Properties properties)

startNormalJmxRmiConnectorIfRequested

public javax.management.remote.JMXConnectorServer startNormalJmxRmiConnectorIfRequested(java.util.Properties properties)

optionally starts a normal JMXRMI connector in addition

getLocalhostHostname

public static java.lang.String getLocalhostHostname(java.util.Properties properties)
                                             throws java.net.UnknownHostException

Throws:

java.net.UnknownHostException

setSslEnvFromProperties

public void setSslEnvFromProperties(java.util.Map<java.lang.String,java.lang.Object> env,
                                    java.util.Properties properties)
                             throws java.lang.Exception

Throws:

java.lang.Exception

newInspectAllTrustManager

public static final javax.net.ssl.TrustManager newInspectAllTrustManager(javax.net.ssl.X509TrustManager delegate)

main

public static void main(java.lang.String[] args)