How to establish JMX connection to JVM running in docker

For remote monitoring of JVM processes (running in a docker container) you will have to activate remote JMX monitoring with the following JVM parameters:


        -Dcom.sun.management.jmxremote 
        -Dcom.sun.management.jmxremote.port=[RMI_PORT] 
        -Dcom.sun.management.jmxremote.rmi.port=[RMI_PORT]
        -Djava.rmi.server.hostname=[EXTERNAL_IP_OF_THE_CONTAINER]    

Both RMI_PORTs could have the same value (e.g. 9090). The EXTERNAL_IP_OF_THE_CONTAINER has to be the IP address with which the JVM process is accessible. Localhost or 127.0.0.1 won't work.

The following two parameters completely disable transport encryption and access control. They increase convenience and disable security at the same time:


        -Dcom.sun.management.jmxremote.ssl=false 
        -Dcom.sun.management.jmxremote.authenticate=false 

Given the RMI_PORT=9090, you can launch the process with docker run -p 8080:8080 -p 9090:9090 --name jmx airhacks/tomee-jmx and connect with jvisualvm, jconsole, jmc with EXTERNAL_IP_OF_THE_CONTAINER:9090.

Checkout out the instrumented TomEE dockerfile: tomee-jmx from docklands

See you at Java EE Microservices. and Tuning and troubleshooting Java EE 7 Microservices Is Munich's airport too far? Learn from home: javaeemicro.services.

Comments:

The requirement to know your external IP / hostname inside the container is a fundamental flaw of JMX i.m.h.o.

One of the few viable options I see here for containerized environments is to (contradictory to the article) always specify "localhost" as your external hostname - that at least allows you to reliably connect to your container via port forwarding (e.g. OpenShift's "oc port-forward" command).

Posted by Alex Stockinger on August 31, 2017 at 10:43 PM CEST #

Good overview on the topic.

Posted by GIRISH CHANDER on September 12, 2017 at 08:32 PM CEST #

Thanks for this really useful post. The activemq-cli is a great tool for testing JMX on the local server.

I was able to get the rmohr/activemq image to publish JMX using the following docker command.

docker run -d -e ACTIVEMQ_OPTS="-Dcom.sun.management.jmxremote.port=1616 -Dcom.sun.management.jmxremote.rmi.port=1616 -Djava.rmi.server.hostname=192.168.99.100 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote" -p 61616:61616 -p 8161:8161 -p 1616:1616 rmohr/activemq

The activemq.xml doesn't need to explicitly specify the connectorPort in the managmentContext as it controlled by com.sun.management.jmxremote.rmi.port

ActiveMQ recommendation is to set createConnector="false".

Thanks again for this excellent informative post.

David

Posted by David Kant on April 26, 2020 at 09:52 PM CEST #

Post a Comment:
  • HTML Syntax: NOT allowed
...the last 150 posts
...the last 10 comments
License