Turbo Tip: Adding Tomcat as a Target

Document created by anson.mccook Expert on Aug 28, 2015Last modified by Ben Yemini on Aug 16, 2016
Version 6Show Document
  • View in full screen mode

***The following documentation is only applicable to users with the Application Control Module or Application Edition running on 5.2 or higher***

 

If you do not have the Application Control Module or Application Edition, please contact your Customer Experience representative or your Account Executive for licensing.

 

Ensure your appliance is running 5.2 or higher. Follow these instructions to update:

VMTurbo Latest Update Links & How To Perform an Operations Manager "Offline Update"

 

Turbonomic extends its control from the infrastructure and VM level into the applications. By collecting data from application targets Turbonomic is able to understand the application demand for resources AND make intelligent decisions to ensure that the demand is always being met by your infrastructure.

 

In this setup we will review how to setup Tomcat control for Linux servers. If you require setup instructions for Tomcat running on Windows OS, please request using the comment feature below.

 

 

1) Prerequisites for Adding Tomcat Targets to Turbonomic

 

  • At least one VM with JDK 7/8 and Tomcat server running has to be configured and started on a target that will be discovered.
  • To check the current Java Virtual Machine in use, execute the following command on the target VM:

 

#java –version

 

  • JDK can be downloaded from [2] and Tomcat 6 and 7 installers (the supported versions) can be found at [3].

Make sure Tomcat is not started using OpenJDK runtime environment because that will cause issues while collecting the server metrics (e.g. CPU Load) using JMX protocol.

 

  • To check Tomcat server version, please execute version.sh script, located in CATALINA_HOME/bin directory:

 

tomcat1:/tomcat-7.0.56/bin # ./version.sh

 

  • JAVA_HOME and CATALINA_HOME environment variables have to be set. They can be added in /etc/profile file by user root, such as:

 

JAVA_HOME=/jdk1.8.0_25

export JAVA_HOME

 

CATALINA_HOME=/tomcat-7.0.56

export CATALINA_HOME

 

Note: JAVA_HOME and CATALINA_HOME can also be set in CATALINA_HOME/bin/setenv.sh startup script for Tomcat server.

 

  • If Tomcat server runs behind a firewall, this will have to be configured to accept inbound TCP connections to JMX/RMI registry and RMI server ports respectively. For more details about the RMI ports, please refer to section 2.2.

 

  • Another important aspect is to add the actual IP address and the hostname of the virtual machine to /etc/hosts file. For a VM running SUSE Linux with IP address set to 10.10.172.25, this might look similar to this:

 

 

127.0.0.1        localhost

10.10.172.25     tomcat1.site

 

  • For VMware environments, please make sure that VMWare Tools are installed for all VMs running Tomcat.

 

 

2) Running Tomcat with JMX support on a target VM

 

  • As an example, let’s look at VM called “Tomcat-1”, running SUSE 13.1
  • Let’s assume the IP address of Tomcat-1 VM is 10.10.172.25. The next step is to connect to that VM as user root and check if Tomcat process is already running.
  • Open up the console or ssh session to the VM Default credentials are root/vmturbo.
  • Check if the Tomcat process is running:

 

#ps –ef | grep tomcat

 

  • Currently, $CATALINA_HOME environment variable is set to /tomcat-7.0.56 which is the installation directory for Tomcat. If the process is not running, please start it as follows:

 

#cd $CATALINA_HOME/bin

#catalina.sh run &

 

  • For remote JMX access to Tomcat server, we need to specify the port used by the JMX/RMI registry for the Platform MBeans. This can be configured as a system property (named com.sun.management.jmxremote.port) or as a parameter for the JMX remote lifecycle listener in the server.xml file [4]. The first option is simpler but doesn’t require specifying the RMI server port, which will be randomly selected. For Tomcat processes running behind a firewall, the second approach is the preferred one, because the RMI server port can be defined as an attribute of the remote lifecycle listener (fixed value).

 

 

2.1) Specifying the JMX/RMI registry port as a system property

 

    • The port is the value of com.sun.management.jmxremote.port system property, configured for Tomcat process.
    • The system property can be appended to CATALINA_OPTS environment variable in a configuration script (e.g. setenv.sh script).
    • Simpler configuration setup, but the RMI server port will be dynamically chosen when connecting to Tomcat over JMX and firewall might block the connection.

 

 

2.2) Configuring a JMX remote lifecycle listener for Tomcat

 

    • The JMX listener is configured in $CATALINA_HOME/conf/server.xml file as follows:

 

<Listener className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener" rmiRegistryPortPlatform="8050" rmiServerPortPlatform="8051"/>

 

    • The listener requires catalina-jmx-remote.jar file to be placed in $CATALINA_HOME/lib directory. This jar file can be found in the Extras section of Tomcat download page (e.g. for Tomcat 7, download page is: https://tomcat.apache.org/download-70.cgi)

 

    • The advantage of the JMX listener approach is: the RMI server port can also be specified as a fixed value, thus the firewall can be configured in advanced to allow TCP access.

 

 

2.3) Configuring authenticated and non-authenticated JMX user access to Tomcat

 

    • Tomcat start-up parameters can be configured in setenv.sh file, from $CATALINA_HOME/conf/ directory. In the example below, the JMX port is 8050 (set as a system property) and JMX doesn’t require user authentication, with SSL option disabled [1]:

 

CATALINA_OPTS="-Dcom.sun.management.jmxremote

-Dcom.sun.management.jmxremote.port=8050

-Dcom.sun.management.jmxremote.ssl=false

-Dcom.sun.management.jmxremote.authenticate=false

 

    • If user authentication is required, the CATALINA_OPTS environment variable, in setenv.sh file, should be defined similar to:

 

tomcat1:/tomcat-7.0.56/bin # cat setenv.sh

# Set CATALINA_OPTS for JMX remote access

CATALINA_OPTS="-Dcom.sun.management.jmxremote

-Dcom.sun.management.jmxremote.port=8050

-Dcom.sun.management.jmxremote.ssl=false

-Dcom.sun.management.jmxremote.authenticate=true

-Dcom.sun.management.jmxremote.password.file=../conf/jmxremote.pwd

-Dcom.sun.management.jmxremote.access.file=../conf/jmxremote.access"

CATALINA_OPTS="$CATALINA_OPTS -Xms512M -Xmx2048M"

 

# Set JAVA_HOME and JRE_HOME environment variables

JAVA_HOME="/jdk1.8.0_25"

JRE_HOME="$JAVA_HOME"

tomcat1:/tomcat-7.0.56/bin #

 

    • The following steps are required for authenticated JMX access to Tomcat server, using text files for storing the user credentials and the access rights respectively:

 

      • To specify/modify the user access parameters, please add/edit jmxremote.access file, as user root, in $CATALINA_HOME/conf/ directory (in the example below, the user tomcat has read-only access, while user1 user has read-write access):

 

tomcat1:/tomcat-7.0.56/conf # cat jmxremote.access

tomcat readonly

user1 readwrite

tomcat1:/tomcat-7.0.56/conf #

 

      • Also, the credentials file, named jmxremote.pwd, has to be created in the same directory (in the example below, tomcat/tomcat is a valid user/password entry):

 

tomcat1:/tomcat-7.0.56/conf # cat jmxremote.pwd

tomcat tomcat

user1 password1

tomcat1:/tomcat-7.0.56/conf #

 

      • In addition, make sure that user root is the only one who can read/write the jmxremote.pwd and jmxremote.access files located in $CATALINA_HOME/conf directory:

 

tomcat1:/tomcat-7.0.56/conf # chmod 600 jmxremote.*

 

tomcat1:/tomcat-7.0.56/conf # ls -al jmxremote.*

-rw------- 1 root root 32 Jan  8 17:03 jmxremote.access

-rw------- 1 root root 30 Jan  8 17:02 jmxremote.pwd

tomcat1:/tomcat-7.0.56/conf #

 

      • In addition to file based authentication and authorization, Tomcat supports JAAS too. As an example, the system properties can be specified such as:

 

tomcat1:/tomcat-7.0.56/bin # cat setenv.sh

# Set CATALINA_OPTS for JMX remote access

CATALINA_OPTS="-Dcom.sun.management.jmxremote

-Dcom.sun.management.jmxremote.login.config=Tomcat

-Djava.security.auth.login.config=$CATALINA_HOME/conf/login.config

-Dcom.sun.management.jmxremote.access.file=../conf/jmxremote.access

-Dcom.sun.management.jmxremote.ssl=false"

CATALINA_OPTS="$CATALINA_OPTS -Xms512M -Xmx2048M"

 

where the jmxremote.access file is similar to the above listed one, while login.config file will contain the user choice of JAAS LoginModule implementation, for example:

 

Tomcat {/*the com.sun.management.jmxremote.login.config property name*/

  com.sun.security.auth.module.LdapLoginModule REQUIRED

  userProvider="ldap://ldap-server/ou=people,dc=example,dc=com"

  userFilter="(&(uid={USERNAME})(objectClass=inetOrgPerson))"

  authzIdentity="admin"

  debug=true;

};

 

    • Before adding Tomcat VM as a new target in OpsMgr, please try to remotely connect to that Tomcat server using JConsole application (note jconsole application comes with a full JDK installation only, and not with JRE), as per the following screen shot:

 

Note: The JMX connection URL is: service:jmx:rmi:///jndi/rmi://10.10.172.25:8050/jmxrmi where 10.10.172.25 is the IP of the VM running Tomcat and 8050 is the JMX access port.

 

3) Adding the Tomcat target to Turbonomic:

 

1) Create a custom group that includes just your Turbonomic instance.

 

2) Go to the Admin Tab > Workflows > Target Configuration > Application Server > Tomcat

 

3) Set the Scope to the custom group you created in Step 1.

If you configured JMX without user authentication, you can type any characters into the username and password fields.

 

Port Number: 7050

Username: <username>

Password: <password>

tomcat13.png

 

4) Select “Save” and “Rediscover”

 

5) You will eventually be able to see your Tomcat application discovered in the Inventory tab. From here, you will be able to see decisions based on the demand of the application from the virtual machine. Metrics collected include:

- Heap

- Thread Count

- Transactions

- Garbage Collection

- Response Time

 

tomcat14.png

 

 

4) References

 

[1] Monitoring and managing Tomcat 7 with JMX

Apache Tomcat 7 (7.0.64) - Monitoring and Managing Tomcat

 

[2] Java SE Downloads

http://www.oracle.com/technetwork/java/javase/downloads/index.html

 

[3] Apache Tomcat

Apache Tomcat - Which Version Do I Want?

 

[4] Configuring a JMX Remote Lifecycle Listener for Tomcat 7

Apache Tomcat 7 Configuration Reference (7.0.64) - The LifeCycle Listener Component

Attachments

    Outcomes