Introduction / FirstSpirit Server configuration / Configuration files (FirstSpirit Server) / FirstSpirit Server (fs-server.conf) / JMX
Area: JMX
Table of contents |
#####
# JMX
#####
# Listen host and port. If port is empty, JMX is disabled
jmx.host=${HOST}
jmx.port=
# SSL and keystore
jmx.ssl=false
jmx.ssl.needClientAuth=false
javax.net.ssl.keyStore=
javax.net.ssl.keyStorePassword=
# User authentication and access level. If password file is empty,
# authentication is disabled
jmx.password.file=
jmx.access.file=
Configuration of the JMX connector for (remote) monitoring of the FirstSpirit Server JVM (see FirstSpirit JMX Console). JMX is used to query the system status and provides current FirstSpirit Server and Java system information. For example, jconsole (contained in JDK) or other system monitors that support the JMX protocol can be used as a client.
jmx.host
This parameter instructs the FirstSpirit Server to accept incoming requests at the specified jmx.port (see below) in accordance with the host name (or IP address) defined here. By default, it accepts all IP interface connections. jmx.host has to be configured if the JMX connector is to be restricted to a specific interface for security reasons. The information is also required if no remote JMX connection can be established from jconsole, for example, as the dedicated host name of the server cannot be resolved via DNS or has only been entered in /etc/hosts using a local IP address. In this case, the dedicated IP address or dedicated host name of the server must be entered here.
jmx.port
A free port number for the JMX / RMI connection (JMX connector). If no port is specified, access to JMX is not possible.
jmx.ssl
Use of Secure Sockets Layer (SSL) is disabled by default (default value: false).
jmx.ssl.needClientAuth
Use of client SSL authentication is disabled by default (default value: false). To enable client SSL authentication for remote monitoring via JMX, this parameter must be set to true.
javax.net.ssl.keyStore
This parameter is used to specify the file system path to the keystore.
javax.net.ssl.keyStorePassword
Password for the keystore file.
jmx.password.file
Enables user authentication for JMX access to the FirstSpirit server. This parameter is used to specify the file system path to the JMX password file. The JMX password file manages different roles/users and their passwords.
Note: Since the passwords in this file are saved as plain text, the default authentication information should not be stored here; roles and passwords defined specifically for JMX access should be stored here instead (see jmx.access.file). The JRE contains a template for a password file called jmxremote.password.template. This template can be copied to JRE_HOME/lib/ Management/jmxremote.password and can be expanded to include passwords for the roles that are defined in the JMX access file. If no value is specified (default state), JMX authentication is disabled.
jmx.access.file
This parameter is used to specify the file system path to the JMX password file (jmxremote.access). The access file manages different roles/users and their access permissions. The roles managed here must match the roles in the password file. The associated value must either be readonly or “readwrite”. Therefore, a “monitorRole” can be defined, for instance, that permits only read access to monitoring, and a “controlRole” can be defined that permits read and write access to monitoring and management.
Note on the JMX configuration of cluster nodes:Cluster nodes do not have their own configuration file, which means that all properties are loaded from the master. The JMX access to the cluster node(s) must be configured in the fs-server.conf of the master server. In addition, all JMX parameters for these nodes must have the prefix cluster.<Slave-Server-Name>. The slave server name is the name of the slave server that has been stored in the server properties in the “Clustering” area for the node (see Clustering). Example:
cluster.<Slave-Server-Name>.jmx.host=castor.e-spirit.com
cluster.<Slave-Server-Name>.jmx.port=1088
For the parameter cluster.<Slave-Server-Name>.jmx.host, the fully qualified host name of the slave server or its IP address must be entered in this case.
To operate the JMX console in a production environment, user authentication and, if applicable, encrypted SSL access should always be enabled. If these parameters are disabled (default setting), access to the JMX port is not protected and unauthorized users could shut down the server via the JMX port. |
For more information on configuring JMX, see:
http://docs.oracle.com/javase/6/docs/technotes/guides/management/agent.html#gdemv