JMX

Java Management Extensions (JMX) can provide the OpsClarity agent with important JVM and Application metrics.

Enabling JMX on the application

When you start the Java Application, you can open a new port for other applications such as the OpsClarity agent to collect JMX data. Here’s an example of the flags needed to open port 9999

-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.port=9999

If doing this locally, you should be able to run jconsole, connect to the jmx port, and browser the jmx dictionary.

Configuring OpsClarity

On the OpsClarity side, you may need to add a JMX data source for your application if one hasn’t been added automatically.

Select your application in the Application Map, then click on Configure.  Under the Configure Data Sources tab, click on the Source Type drop down selector to add the JMX data source.

Here you will see three required fields:

  • JMX URL
  • JAVAHOME
  • Service Name

JMX URL

This is the URL used by any Java client that might attach to the port you’ve provided. In the example above, we have a port on 9999 and we would use

service:jmx:rmi:///jndi/rmi://localhost:9999/jmxrmi

Note that if your application is in a container or advertising on some network other than “localhost” you can use this _HOST:PORT_ notation and the OpsClarity agent will fill in the right host for you:

service:jmx:rmi:///jndi/rmi://_HOST:9999_:9999/jmxrmi

JAVAHOME

JAVAHOME tells the agent where to find a suitable Java installed locally such that it can start up a small jvm client to your jmx port. JAVAHOME should be the directory that contains bin/java and a folder jre/lib/.

eg:

/usr/lib/jvm/java-8-openjdk-amd64

In DC/OS a useful host-level JAVAHOME is:

/opt/mesosphere/active/java/usr/java

Service Name

This is some unique identifier for your application, to distinguish it from other JMX data sources you might want to use elsewhere. Give it a simple one word name, like myapp.

SSL Setup

Optionally, you can run JMX with additional security measures, to ensure that unauthorized applications do not access the port. If you have enabled SSL for your application, then you have a keystore for the application. Using that keystore, you can install an OpsClarity truststore, so that the OpsClarity agent can connect. To do that, you will need some information from your original keystore.

Let’s say you had generated the application keystore like so:

keytool -genkey -alias ${app.alias} -keystore ${app.keystore} -storepass ${app.storepass} -keypass ${app.keypass} -keyalg RSA -validity 365 -dname "CN=First Last, OU=OrganizationUnit, O=Organization, L=Locality, S=State, C=US"

you would then 1. export a certificate:

keytool -export -alias ${app.alias} -keystore ${app.keystore} -storepass ${app.password} -file /tmp/opsclarity.cert

then 2. install the truststore for OpsClarity:

mkdir -p /opt/opsclarity/agent/shared/
keytool -import -alias opsclarity -file /tmp/opsclarity.cert -keystore /opt/opsclarity/agent/shared/jmx.truststore -storepass ${opsclarity.password}

and 3. restart the agent if needed:

service opsclarity-agent restart