hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Qiang Tian (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (HBASE-10289) Avoid random port usage by default JMX Server. Create Custome JMX server
Date Fri, 25 Apr 2014 06:08:20 GMT

    [ https://issues.apache.org/jira/browse/HBASE-10289?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13979398#comment-13979398
] 

Qiang Tian edited comment on HBASE-10289 at 4/25/14 6:07 AM:
-------------------------------------------------------------

hi [~nijel],
/proc/sys/net/ipv4/ip_local_port_range looks not so good as it limits port resource.

I just happen to find  when "com.sun.management.jmxremote.local.only=false" is set, there
is only 1 random port, i.e.:
export HBASE_MASTER_OPTS="$HBASE_JMX_BASE -Dcom.sun.management.jmxremote.port=61100 -Dcom.sun.management
.jmxremote.local.only=false "

without "com.sun.management.jmxremote.local.only=false":

[root@test tmp]# netstat -nltp |grep 61100  
tcp        0      0 :::61100                    :::*                        LISTEN      1989249/java
       
[root@test tmp]# netstat -nltp |grep 1989249
tcp        0      0 :::61100                    :::*                        LISTEN      1989249/java
       
tcp        0      0 :::4159                     :::*                        LISTEN      1989249/java
       
tcp        0      0 ::ffff:192.168.1.101:60000   :::*                        LISTEN      1989249/java
       
tcp        0      0 :::61320                    :::*                        LISTEN      1989249/java
       
tcp        0      0 :::60010                    :::*                        LISTEN      1989249/java
    

with "com.sun.management.jmxremote.local.only=false"
   
[root@test tmp]# netstat -nltp |grep 61100  
tcp        0      0 :::61100                    :::*                        LISTEN      2021776/java
       
[root@test tmp]# netstat -nltp |grep 2021776
tcp        0      0 :::61100                    :::*                        LISTEN      2021776/java
       
tcp        0      0 :::2174                     :::*                        LISTEN      2021776/java
       
tcp        0      0 ::ffff:192.168.1.101:60000   :::*                        LISTEN      2021776/java
       
tcp        0      0 :::60010                    :::*                        LISTEN      2021776/java
   

I tried jconsole can work locally and remotely. could you also have a try?


ps below is the description:
http://www.oracle.com/technetwork/java/javase/compatibility-417013.html
Area: JMX
Synopsis: New Property for JMX RMI Connector Server
Description: The new property, com.sun.management.jmxremote.local.only, when true (the default)
indicates that the local JMX RMI connector will only accept connection requests from local
interfaces. Setting this property to false restores JDK 6 behavior, but is not recommended
because the local JMX RMI connector server will accept connection requests from both local
and remote interfaces. For remote management, the remote JMX RMI connector server should be
used with authentication and SLL/TLS encyrption enabled.
Nature of Incompatibility: behavioral


Regarding to the RMI server port, we could:
a)using parameter "com.sun.management.jmxremote.rmi.port" after upgrade to jdk7. this is the
simplest way.
b)using existing artifcat catalina-jmx-remote.jar
c)implement by ourselves as you mentioned.









was (Author: tianq):
hi [~nijel],
/proc/sys/net/ipv4/ip_local_port_range looks not good solution as it limits port resource.

I just happen to find  when "com.sun.management.jmxremote.local.only=false" is set, there
is only 1 random port, i.e.:
export HBASE_MASTER_OPTS="$HBASE_JMX_BASE -Dcom.sun.management.jmxremote.port=61100 -Dcom.sun.management
.jmxremote.local.only=false "

without "com.sun.management.jmxremote.local.only=false":

[root@test tmp]# netstat -nltp |grep 61100  
tcp        0      0 :::61100                    :::*                        LISTEN      1989249/java
       
[root@test tmp]# netstat -nltp |grep 1989249
tcp        0      0 :::61100                    :::*                        LISTEN      1989249/java
       
tcp        0      0 :::4159                     :::*                        LISTEN      1989249/java
       
tcp        0      0 ::ffff:9.181.64.235:60000   :::*                        LISTEN      1989249/java
       
tcp        0      0 :::61320                    :::*                        LISTEN      1989249/java
       
tcp        0      0 :::60010                    :::*                        LISTEN      1989249/java
    

with "com.sun.management.jmxremote.local.only=false"
   
[root@test tmp]# netstat -nltp |grep 61100  
tcp        0      0 :::61100                    :::*                        LISTEN      2021776/java
       
[root@test tmp]# netstat -nltp |grep 2021776
tcp        0      0 :::61100                    :::*                        LISTEN      2021776/java
       
tcp        0      0 :::2174                     :::*                        LISTEN      2021776/java
       
tcp        0      0 ::ffff:9.181.64.235:60000   :::*                        LISTEN      2021776/java
       
tcp        0      0 :::60010                    :::*                        LISTEN      2021776/java
   

I tried jconsole can work locally and remotely. could you also have a try?


ps below is the description:
http://www.oracle.com/technetwork/java/javase/compatibility-417013.html
Area: JMX
Synopsis: New Property for JMX RMI Connector Server
Description: The new property, com.sun.management.jmxremote.local.only, when true (the default)
indicates that the local JMX RMI connector will only accept connection requests from local
interfaces. Setting this property to false restores JDK 6 behavior, but is not recommended
because the local JMX RMI connector server will accept connection requests from both local
and remote interfaces. For remote management, the remote JMX RMI connector server should be
used with authentication and SLL/TLS encyrption enabled.
Nature of Incompatibility: behavioral


Regarding to the RMI server port, we could:
a)using parameter "com.sun.management.jmxremote.rmi.port" after upgrade to jdk7. this is the
simplest way.
b)using existing artifcat catalina-jmx-remote.jar
c)implement by ourselves as you mentioned.








> Avoid random port usage by default JMX Server. Create Custome JMX server
> ------------------------------------------------------------------------
>
>                 Key: HBASE-10289
>                 URL: https://issues.apache.org/jira/browse/HBASE-10289
>             Project: HBase
>          Issue Type: Improvement
>            Reporter: nijel
>            Priority: Minor
>              Labels: stack
>             Fix For: 0.99.0
>
>         Attachments: HBASE-10289-v4.patch, HBASE-10289.patch, HBASE-10289_1.patch, HBASE-10289_2.patch,
HBASE-10289_3.patch
>
>
> If we enable JMX MBean server for HMaster or Region server  through VM arguments, the
process will use one random which we cannot configure.
> This can be a problem if that random port is configured for some other service.
> This issue can be avoided by supporting  a custom JMX Server.
> The ports can be configured. If there is no ports configured, it will continue the same
way as now.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message