JMX监控JVM

boulcheng 2018-06-14

云栖社区 Java核心技术 java 监控 jvm class Create file Access

一.介绍 jconsole

jconsole is a JMX-compliant tool
Using jconsole

二.JMX监控JVM运行jar

1.现在/Users/zlb/IdeaProjects/elastic-job-study/target目录下有一jar包
elastic-job-study-0.0.1-SNAPSHOT.jar
2.修改JDK中JMX授权文件jmxremote.access和jmxremote.password

zhenglubiaodeMacBook-Pro:target zlb$ 
zhenglubiaodeMacBook-Pro:target zlb$ cd /Library/Java/JavaVirtualMachines/jdk1.8.0_171.jdk/Contents/Home/jre/lib/management 
zhenglubiaodeMacBook-Pro:management zlb$ 
zhenglubiaodeMacBook-Pro:management zlb$ 
zhenglubiaodeMacBook-Pro:management zlb$ ls -l
total 72
-rw-------  1 root  wheel   3998  3 29 04:11 jmxremote.access
-rw-------  1 root  wheel   2891  6 14 20:21 jmxremote.password
-r--r--r--  1 root  wheel   2856  3 29 04:11 jmxremote.password.template
-rw-r--r--  1 root  wheel   3998  6 14 15:14 jmxremotebak.access
-rw-r--r--  1 root  wheel  14630  3 29 04:11 management.properties
-r--r--r--  1 root  wheel   3376  3 29 04:11 snmp.acl.template
zhenglubiaodeMacBook-Pro:management zlb$ 

/Library/Java/JavaVirtualMachines/jdk1.8.0_171.jdk/Contents/Home/jre/lib/management 目录下原来只有jmxremote.password.template、jmxremote.access、management.properties、snmp.acl.template文件,
jmxremote.access文件内容不需要修改,但文件访问权限必须由原来的
-rw-r--r--修改为-rw-------
jmxremotebak.access是原来jmxremote.access文件的备份;
jmxremote.password由jmxremote.password.template修改而来,内容增加

monitorRole 1234
controlRole 123456

并把访问权限修改为-rw-------

zhenglubiaodeMacBook-Pro:management zlb$ 
zhenglubiaodeMacBook-Pro:management zlb$ sudo cat jmxremote.password
# ----------------------------------------------------------------------
#           Template for jmxremote.password
#
# o Copy this template to jmxremote.password
# o Set the user/password entries in jmxremote.password
# o Change the permission of jmxremote.password to read-only
#   by the owner.
#
# See below for the location of jmxremote.password file.
# ----------------------------------------------------------------------

##############################################################
#        Password File for Remote JMX Monitoring
##############################################################
#
# Password file for Remote JMX API access to monitoring.  This
# file defines the different roles and their passwords.  The access
# control file (jmxremote.access by default) defines the allowed
# access for each role.  To be functional, a role must have an entry
# in both the password and the access files.
#
# Default location of this file is $JRE/lib/management/jmxremote.password
# You can specify an alternate location by specifying a property in 
# the management config file $JRE/lib/management/management.properties
# or by specifying a system property (See that file for details).


##############################################################
#    File permissions of the jmxremote.password file
##############################################################
#      Since there are cleartext passwords stored in this file,
#      this file must be readable by ONLY the owner,
#      otherwise the program will exit with an error. 
#
# The file format for password and access files is syntactically the same
# as the Properties file format.  The syntax is described in the Javadoc
# for java.util.Properties.load.
# Typical password file has multiple  lines, where each line is blank,
# a comment (like this one), or a password entry.
#
#
# A password entry consists of a role name and an associated
# password.  The role name is any string that does not itself contain
# spaces or tabs.  The password is again any string that does not
# contain spaces or tabs.  Note that passwords appear in the clear in
# this file, so it is a good idea not to use valuable passwords.
#
# A given role should have at most one entry in this file.  If a role
# has no entry, it has no access.
# If multiple entries are found for the same role name, then the last one
# is used.
#
# In a typical installation, this file can be read by anybody on the
# local machine, and possibly by people on other machines.
# For # security, you should either restrict the access to this file,
# or specify another, less accessible file in the management config file
# as described above.
#
# Following are two commented-out entries.  The "measureRole" role has
# password "QED".  The "controlRole" role has password "R&D".
#
# monitorRole  QED
# controlRole   R&D
monitorRole 1234
controlRole 123456
zhenglubiaodeMacBook-Pro:management zlb$ 
zhenglubiaodeMacBook-Pro:management zlb$ 
zhenglubiaodeMacBook-Pro:management zlb$ sudo cat jmxremote.access 
######################################################################
#     Default Access Control File for Remote JMX(TM) Monitoring
######################################################################
#
# Access control file for Remote JMX API access to monitoring.
# This file defines the allowed access for different roles.  The
# password file (jmxremote.password by default) defines the roles and their
# passwords.  To be functional, a role must have an entry in
# both the password and the access files.
#
# The default location of this file is $JRE/lib/management/jmxremote.access
# You can specify an alternate location by specifying a property in 
# the management config file $JRE/lib/management/management.properties
# (See that file for details)
#
# The file format for password and access files is syntactically the same
# as the Properties file format.  The syntax is described in the Javadoc
# for java.util.Properties.load.
# A typical access file has multiple lines, where each line is blank,
# a comment (like this one), or an access control entry.
#
# An access control entry consists of a role name, and an
# associated access level.  The role name is any string that does not
# itself contain spaces or tabs.  It corresponds to an entry in the
# password file (jmxremote.password).  The access level is one of the
# following:
#       "readonly" grants access to read attributes of MBeans.
#                   For monitoring, this means that a remote client in this
#                   role can read measurements but cannot perform any action
#                   that changes the environment of the running program.
#       "readwrite" grants access to read and write attributes of MBeans,
#                   to invoke operations on them, and optionally
#                   to create or remove them. This access should be granted
#                   only to trusted clients, since they can potentially
#                   interfere with the smooth operation of a running program.
#
# The "readwrite" access level can optionally be followed by the "create" and/or
# "unregister" keywords.  The "unregister" keyword grants access to unregister
# (delete) MBeans.  The "create" keyword grants access to create MBeans of a
# particular class or of any class matching a particular pattern.  Access
# should only be granted to create MBeans of known and trusted classes.
#
# For example, the following entry would grant readwrite access
# to "controlRole", as well as access to create MBeans of the class
# javax.management.monitor.CounterMonitor and to unregister any MBean:
#  controlRole readwrite \
#              create javax.management.monitor.CounterMonitorMBean \
#              unregister
# or equivalently:
#  controlRole readwrite unregister create javax.management.monitor.CounterMBean
#
# The following entry would grant readwrite access as well as access to create
# MBeans of any class in the packages javax.management.monitor and
# javax.management.timer:
#  controlRole readwrite \
#              create javax.management.monitor.*,javax.management.timer.* \
#              unregister
#
# The \ character is defined in the Properties file syntax to allow continuation
# lines as shown here.  A * in a class pattern matches a sequence of characters
# other than dot (.), so javax.management.monitor.* matches
# javax.management.monitor.CounterMonitor but not
# javax.management.monitor.foo.Bar.
#
# A given role should have at most one entry in this file.  If a role
# has no entry, it has no access.
# If multiple entries are found for the same role name, then the last
# access entry is used.
#
#
# Default access control entries:
# o The "monitorRole" role has readonly access.  
# o The "controlRole" role has readwrite access and can create the standard
#   Timer and Monitor MBeans defined by the JMX API.

monitorRole   readonly
controlRole   readwrite \
              create javax.management.monitor.*,javax.management.timer.* \
              unregister
zhenglubiaodeMacBook-Pro:management zlb$ 

3.运行jar包


zhenglubiaodeMacBook-Pro:management zlb$ 
zhenglubiaodeMacBook-Pro:management zlb$ 
zhenglubiaodeMacBook-Pro:management zlb$ cd /Users/zlb/IdeaProjects/elastic-job-study/target 
zhenglubiaodeMacBook-Pro:target zlb$ 
zhenglubiaodeMacBook-Pro:target zlb$ 
zhenglubiaodeMacBook-Pro:target zlb$ sudo java -Dcom.sun.management.jmxremote -Djava.rmi.server.hostname=127.0.0.1 -Dcom.sun.management.jmxremote.local.only=false -Dcom.sun.management.jmxremote.port=8099 -Dcom.sun.managent.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.access.file=/Library/Java/JavaVirtualMachines/jdk1.8.0_171.jdk/Contents/Home/jre/lib/management/jmxremote.access -Dcom.sun.management.jmxremote.password.file=/Library/Java/JavaVirtualMachines/jdk1.8.0_171.jdk/Contents/Home/jre/lib/management/jmxremote.password -jar elastic-job-study-0.0.1-SNAPSHOT.jar

java系统参数设置参考博客

4.终端运行jconsole
image

image

切换tag查看指标
image

三.JMX监控JVM运行简单java文件(可跳过)

有一java文件:/Users/zlb/IdeaProjects/child/study-demo2/jdk/src/main/java/com/zlb/JConsoleTest.java

package com.zlb;

public class JConsoleTest {

    public static void main(String[] args) {
        int i = 0;
        while (true) {
            System.out.println(i++);
            try {
                Thread.sleep(30000);
            } catch (InterruptedException e) {
                e.printStackTrace();
            }
        }
    }
}

注:
使用“终端”运行程序时出现“找不到或无法加载主类”; 程序中含有package关键字;
例如JConsoleTest.java文件,含有package com.zlb;
而包位于/Users/zlb/IdeaProjects/child/study-demo2/jdk/src/main/java目录下,
应该在java文件所在的目录运行javac指令,
即/Users/zlb/IdeaProjects/child/study-demo2/jdk/src/main/java/com/zlb目录下运行 javac JConsoleTest.java
再在包所在的目录运行java指令,
即/Users/zlb/IdeaProjects/child/study-demo2/jdk/src/main/java/目录下运行 java com.zlb.JConsoleTest

编译运行:

zhenglubiaodeMacBook-Pro:zlb zlb$ 
zhenglubiaodeMacBook-Pro:zlb zlb$ 
zhenglubiaodeMacBook-Pro:zlb zlb$ cd /Users/zlb/IdeaProjects/child/study-demo2/jdk/src/main/java/com/zlb
zhenglubiaodeMacBook-Pro:zlb zlb$ javac JConsoleTest.java
zhenglubiaodeMacBook-Pro:zlb zlb$ cd /Users/zlb/IdeaProjects/child/study-demo2/jdk/src/main/java/
zhenglubiaodeMacBook-Pro:java zlb$ java com.zlb.JConsoleTest
0
1
2
3
4
5
6
7
8

启动JVM时启用JMX代理(MBean服务器)


zhenglubiaodeMacBook-Pro:java zlb$ 
zhenglubiaodeMacBook-Pro:java zlb$ cd /Users/zlb/IdeaProjects/child/study-demo2/jdk/src/main/java/
zhenglubiaodeMacBook-Pro:java zlb$ sudo java -Dcom.sun.management.jmxremote -Djava.rmi.server.hostname=127.0.0.1 -Dcom.sun.management.jmxremote.local.only=false -Dcom.sun.management.jmxremote.port=8090 -Dcom.sun.managent.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.access.file=/Library/Java/JavaVirtualMachines/jdk1.8.0_171.jdk/Contents/Home/jre/lib/management/jmxremote.access -Dcom.sun.management.jmxremote.password.file=/Library/Java/JavaVirtualMachines/jdk1.8.0_171.jdk/Contents/Home/jre/lib/management/jmxremote.password com.zlb.JConsoleTest
0
1
2
3
4
5

启动jconsole
image
image

四.参考

Java ™平台的监视和管理
使用JMX监视和管理
Java HotSpot VM支持的语法和命令

登录 后评论
下一篇
我是小助手
29005人浏览
2019-07-31
相关推荐
JVM理解及zabbix监控tomcat
1380人浏览
2017-11-15 20:27:00
jmx的简单学习
2322人浏览
2016-03-30 14:03:24
kafka监控系统
1345人浏览
2017-05-02 11:46:00
HBase 集群监控
2944人浏览
2017-10-21 21:22:30
JVM调优
591人浏览
2014-04-28 14:16:04
zabbix jmx监控
868人浏览
2017-11-15 11:18:00
0
0
0
1334