I'd like to use visualvm app through an ssh tunnel (to an EC2 machine) using jmx OR jstatd. How do I do this? Here is a list of what has been tried (and failed):
(BTW: if visual vm is not appropriate, how do I find memory leaks on a remote machine?)
jstatd: attempt:
I set up the jstatd server on the EC2 machine (app was already running on it)
Then I set up a tunnel mapping local port 3333 to remote port 1099
In VisualVM I tried to connect using jstatd on port 3333
… none of the processes on EC2 showed up
This link says that jstatd opens up another port:
http://rukuro-blog.heroku.com/2011/06/30/monitoring-remote-java-applications-with-visualvm
… so I tunneled that port from local host to remote.
I restarted visual vm … still nothing
When I tried listing processes running from EC2 using the folloing command:
jps -l -m -v rmi://localhost
… I got a list of processes
When I listed it on my home machine using
jps -l -m -v rmi://localhost:3333
…. I got none ! So, is the rmi port not being tunnelled with jstatd port (3333) … ?
the jmx attempt:
I started the application on the remote machine with the following command:
java -Dcom.sun.management.jmxremote.port=3333 \
-Dcom.sun.management.jmxremote.ssl=false \
-Dcom.sun.management.jmxremote.authenticate=false\
-cp :post/* <appName>
… the app works so I tunnelled local port 3333 to remote 3333
Then I tried setting up a jmx link to localhost:3333 from visual vm interface:
… it pops up an error saying:
cannot connect to localhost:3333 using service:jmx:rmi:///jndi/rmi://localhost:3333/jmxrmi
If I need to set up a link to the remove RMI server I'm not sure how to do it.
JMXMP attempt:
This holds promise but something is not quite right:
First I added the jmx_remote jar to the classpath and started the application on the remote machine using the same command as in the JMX case I showed above. I found the jar at oracle download link
I setup up an ssh tunnel from local port 3333 to remote port 3333. Then I started up visualvm with the same jmx_remote file in the calsspath.
visualvm -cp:a ~/jmx/jmxremote_optional.jar
Then I tried to connect visualvm to the remote server with:
service:jmx:jmxmp://localhost:3333
Now visual vm seems to try to connect indefinitely. It shows "Adding service:jmx:jmxp://localhost:3333" in the status bar … and continutes to do so till I shutdown the application on the remote end at which time it throws a popup saying that it couldnt' connect with the server.
On using SOCKS:
My attempts at using both JMX and jstatd failed.
I'm not sure the SOCKS proxy is working, so here is how I tried to connect:
ssh -i ~/.ssh/starter.pem -v -D 9696 user@host
Just for completeness, I started the command on the other end with:
java -Dcom.sun.management.jmxremote\
-Dcom.sun.management.jmxremote.ssl=false\
-Dcom.sun.management.jmxremote.authenticate=false\
-Dcom.sun.management.jmxremote.port=3333 <app>
And on the local end I set up the visualvm connection as per this LINK to VisualVm help page.
With the JMX connection, I set the machine name and the port by right clicking the host on visualvm and fillng in the host port when it prompts me. At this point the status bar at the bottom shows visualvm is trying to connect to the remote machine and after a couple of minutes it fails.
With jstatd connection, I expected the remote processes to show up automatically. This didn't happen … there were not error messages or anything.
On the socks side the following messages repeat cyclically:
debug1: Connection to port 9696 forwarding to socks port 0 requested.
debug1: channel 2: new [dynamic-tcpip]
channel 3: open failed: connect failed: Connection timed out
debug1: channel 3: free: direct-tcpip: listening port 9696 for 50.16.35.69 port 3333, connect from 127.0.0.1 port 43909, nchannels 4
debug1: Connection to port 9696 forwarding to socks port 0 requested.
debug1: channel 3: new [dynamic-tcpip]
channel 2: open failed: connect failed: Connection timed out
debug1: channel 2: free: direct-tcpip: listening port 9696 for 50.16.35.69 port 1099, connect from 127.0.0.1 port 44644, nchannels 4
I wonder if this has to do with the socks channel. I have tunnelled single ports to the remote machine before, so I cant imagine it being a configuration issue for tunneling. I'm running ubuntu linux on both sides.
Thanks for reading 🙂
Best Answer
Use SSH tunnel with SOCKS proxy. See this post for more details.