'Re: RFR: 8196729: Add jstatd option to specify RMI connector port'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openjdk-serviceability-dev
Subject:    Re: RFR: 8196729: Add jstatd option to specify RMI connector port
From:       Daniil Titov <daniil.x.titov () oracle ! com>
Date:       2020-01-31 22:14:48
Message-ID: 4B822AF4-BDA2-42B8-B3E8-F4232ECA4784 () oracle ! com
[Download RAW message or body]

Hi Chris,

Thank you for describing this in such details!  Your description is correct.

In addition, apart from jstat there is jps tool that also can communicate
with jstatd and currently it faces the same problems if jstatd is deployed behind
a firewall or in a container: after successful connection to RMI registry the
further communication fails since jstatd chooses a random RMI port that is
not published by the container or might be blocked by a firewall configuration.

Best regards,
Daniil

On 1/31/20, 1:45 PM, "Chris Plummer" <chris.plummer@oracle.com> wrote:

    Hi Daniil,
    
    Just want to make sure I understand what communications are going on 
    here. Your concern is when the jstat and jstatd processes are on 
    different sides of the firewall. When you launch jstatd, you specify the 
    socket port it will receive requests on, and when you launch jstat, you 
    must specify this same socket port, so no firewall problem there 
    assuming the firewall is configured to allow communication over that 
    port. However, once the request is received by jstatd, data can be 
    communicated via RMI rather than over the specified socket port. By 
    default jstatd was choosing a random RMI port, and I assume this RMI 
    port was communicated to the jstat process via the initial socket port. 
    This presents a problem for firewall configuration, since the firewall 
    configuration cannot know the RMI port that will be used. So now you're 
    allowing the rmi port to also be specified.
    
    Am I close? :)
    
    Chris
    
    On 1/31/20 1:08 PM, Daniil Titov wrote:
    > Please review change [1] that adds a new command line option to jstatd tool to \
specify a RMI connector port.  >
    > Currently a random port is used that prevents this tool from being used behind \
a firewall or in a container.  >
    > New CSR [3] was created for this change and it needs to be reviewed as well.
    >
    > Man pages for jstatd will be updated in a separate issue.
    >
    > Testing: Mach5 tier1-tier3 and sun/tools/jstatd/* tests  succeeded. Mach5 tier5 \
tests are in progress.  >   
    > [1] Webrev: http://cr.openjdk.java.net/~dtitov/8196729/webrev.01/
    > [2] Jira issue: https://bugs.openjdk.java.net/browse/JDK-8196729
    > [3] CSR : https://bugs.openjdk.java.net/browse/JDK-8238357
    >
    > Thank you,
    > Daniil
    >
    >
    >
    
    


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic