Mailing-List: contact issues-help@hbase.apache.org; run by ezmlm
Precedence: bulk
Date: Fri, 25 Apr 2014 06:08:20 +0000 (UTC)
From: "Qiang Tian (JIRA)" <jira@apache.org>
To: issues@hbase.apache.org
Message-ID: <JIRA.12687676.1389112251206.179105.1398406100382@arcas>
In-Reply-To: <JIRA.12687676.1389112251206@arcas>
References: <JIRA.12687676.1389112251206@arcas>
Subject: [jira] [Comment Edited] (HBASE-10289) Avoid random port usage by
 default JMX Server. Create Custome JMX server
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit


    [ https://issues.apache.org/jira/browse/HBASE-10289?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13979398#comment-13979398 ] 

Qiang Tian edited comment on HBASE-10289 at 4/25/14 6:07 AM:
-------------------------------------------------------------

hi [~nijel],
/proc/sys/net/ipv4/ip_local_port_range looks not so good as it limits port resource.

I just happen to find  when "com.sun.management.jmxremote.local.only=false" is set, there is only 1 random port, i.e.:
export HBASE_MASTER_OPTS="$HBASE_JMX_BASE -Dcom.sun.management.jmxremote.port=61100 -Dcom.sun.management
.jmxremote.local.only=false "

without "com.sun.management.jmxremote.local.only=false":

[root@test tmp]# netstat -nltp |grep 61100  
tcp        0      0 :::61100                    :::*                        LISTEN      1989249/java        
[root@test tmp]# netstat -nltp |grep 1989249
tcp        0      0 :::61100                    :::*                        LISTEN      1989249/java        
tcp        0      0 :::4159                     :::*                        LISTEN      1989249/java        
tcp        0      0 ::ffff:192.168.1.101:60000   :::*                        LISTEN      1989249/java        
tcp        0      0 :::61320                    :::*                        LISTEN      1989249/java        
tcp        0      0 :::60010                    :::*                        LISTEN      1989249/java     

with "com.sun.management.jmxremote.local.only=false"
   
[root@test tmp]# netstat -nltp |grep 61100  
tcp        0      0 :::61100                    :::*                        LISTEN      2021776/java        
[root@test tmp]# netstat -nltp |grep 2021776
tcp        0      0 :::61100                    :::*                        LISTEN      2021776/java        
tcp        0      0 :::2174                     :::*                        LISTEN      2021776/java        
tcp        0      0 ::ffff:192.168.1.101:60000   :::*                        LISTEN      2021776/java        
tcp        0      0 :::60010                    :::*                        LISTEN      2021776/java    

I tried jconsole can work locally and remotely. could you also have a try?


ps below is the description:
http://www.oracle.com/technetwork/java/javase/compatibility-417013.html
Area: JMX
Synopsis: New Property for JMX RMI Connector Server
Description: The new property, com.sun.management.jmxremote.local.only, when true (the default) indicates that the local JMX RMI connector will only accept connection requests from local interfaces. Setting this property to false restores JDK 6 behavior, but is not recommended because the local JMX RMI connector server will accept connection requests from both local and remote interfaces. For remote management, the remote JMX RMI connector server should be used with authentication and SLL/TLS encyrption enabled.
Nature of Incompatibility: behavioral


Regarding to the RMI server port, we could:
a)using parameter "com.sun.management.jmxremote.rmi.port" after upgrade to jdk7. this is the simplest way.
b)using existing artifcat catalina-jmx-remote.jar
c)implement by ourselves as you mentioned.


was (Author: tianq):
hi [~nijel],
/proc/sys/net/ipv4/ip_local_port_range looks not good solution as it limits port resource.

I just happen to find  when "com.sun.management.jmxremote.local.only=false" is set, there is only 1 random port, i.e.:
export HBASE_MASTER_OPTS="$HBASE_JMX_BASE -Dcom.sun.management.jmxremote.port=61100 -Dcom.sun.management
.jmxremote.local.only=false "

without "com.sun.management.jmxremote.local.only=false":

[root@test tmp]# netstat -nltp |grep 61100  
tcp        0      0 :::61100                    :::*                        LISTEN      1989249/java        
[root@test tmp]# netstat -nltp |grep 1989249
tcp        0      0 :::61100                    :::*                        LISTEN      1989249/java        
tcp        0      0 :::4159                     :::*                        LISTEN      1989249/java        
tcp        0      0 ::ffff:9.181.64.235:60000   :::*                        LISTEN      1989249/java        
tcp        0      0 :::61320                    :::*                        LISTEN      1989249/java        
tcp        0      0 :::60010                    :::*                        LISTEN      1989249/java     

with "com.sun.management.jmxremote.local.only=false"
   
[root@test tmp]# netstat -nltp |grep 61100  
tcp        0      0 :::61100                    :::*                        LISTEN      2021776/java        
[root@test tmp]# netstat -nltp |grep 2021776
tcp        0      0 :::61100                    :::*                        LISTEN      2021776/java        
tcp        0      0 :::2174                     :::*                        LISTEN      2021776/java        
tcp        0      0 ::ffff:9.181.64.235:60000   :::*                        LISTEN      2021776/java        
tcp        0      0 :::60010                    :::*                        LISTEN      2021776/java    

I tried jconsole can work locally and remotely. could you also have a try?


ps below is the description:
http://www.oracle.com/technetwork/java/javase/compatibility-417013.html
Area: JMX
Synopsis: New Property for JMX RMI Connector Server
Description: The new property, com.sun.management.jmxremote.local.only, when true (the default) indicates that the local JMX RMI connector will only accept connection requests from local interfaces. Setting this property to false restores JDK 6 behavior, but is not recommended because the local JMX RMI connector server will accept connection requests from both local and remote interfaces. For remote management, the remote JMX RMI connector server should be used with authentication and SLL/TLS encyrption enabled.
Nature of Incompatibility: behavioral


Regarding to the RMI server port, we could:
a)using parameter "com.sun.management.jmxremote.rmi.port" after upgrade to jdk7. this is the simplest way.
b)using existing artifcat catalina-jmx-remote.jar
c)implement by ourselves as you mentioned.


> Avoid random port usage by default JMX Server. Create Custome JMX server
> ------------------------------------------------------------------------
>
>                 Key: HBASE-10289
>                 URL: https://issues.apache.org/jira/browse/HBASE-10289
>             Project: HBase
>          Issue Type: Improvement
>            Reporter: nijel
>            Priority: Minor
>              Labels: stack
>             Fix For: 0.99.0
>
>         Attachments: HBASE-10289-v4.patch, HBASE-10289.patch, HBASE-10289_1.patch, HBASE-10289_2.patch, HBASE-10289_3.patch
>
>
> If we enable JMX MBean server for HMaster or Region server  through VM arguments, the process will use one random which we cannot configure.
> This can be a problem if that random port is configured for some other service.
> This issue can be avoided by supporting  a custom JMX Server.
> The ports can be configured. If there is no ports configured, it will continue the same way as now.


--
This message was sent by Atlassian JIRA
(v6.2#6252)