1 2 3 Previous Next 32 Replies Latest reply on Jul 15, 2009 5:30 PM by mazz Go to original post
      • 15. Re: How to monitor a MBean on WebSphere
        mazz

        Greg has been traveling this week - so he's not been online much. I'll ping him to get him to reply here as soon as he can.

        • 16. Re: How to monitor a MBean on WebSphere
          rafaelri

          Tks a lot Mazz!

          I would never guess he was travelling :D
          This week I'll be doing final tests with the changes I did and I am also planning to compile a step-by-step tutorial on how to monitor a secured WebSphere installation since it requires fetching server certificates and importing into the VM that is running the agent and also some other tips.
          As a person that knows more RHQ/Jopr code than me, is there a custom trust provider registered on RHQ/Jopr that we could use for storing this certificate or you think for now we should use JVM one?

          best regards,

          • 17. Re: How to monitor a MBean on WebSphere
            mazz

             

            is there a custom trust provider registered on RHQ/Jopr that we could use for storing this certificate


            Not for what you want to do (but read the below "Side Note", as I go off on a tangent related to truststores). But - what you can do is just put your truststore in the agent's /data directory and have the JMX plugin contain an additional plugin configuration setting (<plugin-configuration> in the plugin descriptor) so you can tell the plugin component where to find the truststore. You don't have to do this, but if you do, you will make it possible to be able to keep your truststore intact even after an agent auto-updates itself (a new feature I just added - see RHQ-110 JIRA). This is because during an agent update, the update code will make sure it keeps any files that match the regex "data/*truststore*" (and "data/*keystore*"). So, that's the only caveat I have for you - if you name your truststore something like "data/websphere-truststore.dat", you'll be able to keep your agent continually monitoring your websphere app, even after the agent auto-upates itself.

            Of course, your plugin code needs to ensure its ssl connection uses that truststore.

            Side note: the agent does not create truststores but you can tell it to use one for those times when it talks to the Jopr server over a secure transport (like the "sslservlet" transport). That's what the "rhq.communications.connector.security.truststore.file" and "rhq.agent.client.security.truststore.file" settings are for (the former is the truststore used to verify the remote Jopr server when incoming messages come into the agent, and the latter is the truststore used to verify the remote Jopr server when the agent sends outgoing messages *to* the server). This is all mentioned in the communications pages in the docs. But all that said, these truststores are only used for when the agent sends/receives messages to the Jopr server - so its different for what you need your truststore for. I only mention it because it is the only place in the agent that relates to truststores and I wanted to avoid any confusion with that versus what you need to do.

            • 18. Re: How to monitor a MBean on WebSphere
              rafaelri

              If anyone is interested in a step-by-step guide I've tried to document everything I went through to have a secured WAS installation export an MBean to JOPR in a blog post:
              http://itdevworld.wordpress.com/2009/02/01/monitoring-a-secured-websphere-installation-through-joprrhq/[/url]

              • 19. Re: How to monitor a MBean on WebSphere
                cmorgan

                Excellent!

                • 20. Re: How to monitor a MBean on WebSphere
                  rafaelri

                  Hi Mazz!

                  I just saw that version 2.2 is out. Any news about the fix for enabling WebSphere support?

                  best regards,

                  • 21. Re: How to monitor a MBean on WebSphere
                    rafaelri

                    Hi Mazz!!!

                    Just saw that JIRA RHQ-1296 got integrated! Tks a lot!
                    By the way, have you heard anything from Greg about the changes for the WebsphereConnectionProvider class in MC4J?
                    After having this integrated into MC4J we would have out of the box 100% working support for WebSphere installations!

                    cheers!

                    • 22. Re: How to monitor a MBean on WebSphere
                      mazz

                      I thought for sure Greg put in that stuff in EMS trunk. I don't know specifically what you needed, can you find it in here?

                      http://mc4j.svn.sourceforge.net/viewvc/mc4j/trunk/mc4j/modules/ems/src/

                      • 23. Re: How to monitor a MBean on WebSphere
                        mazz

                        Hmmm.. perhaps not:

                        http://mc4j.svn.sourceforge.net/viewvc/mc4j/trunk/mc4j/modules/ems/src/ems-impl/org/mc4j/ems/impl/jmx/connection/support/providers/WebsphereConnectionProvider.java?view=markup

                        Is that the file you need tweeked? That hasn't changed in a while. I'll ping Greg on this, I'd like to get this in.

                        • 24. Re: How to monitor a MBean on WebSphere
                          pilhuhn

                          Or add a WebsphereConnectionProvider2 with the needed functionality, so that other projects can still use the old semantics.

                          • 25. Re: How to monitor a MBean on WebSphere
                            rafaelri

                            Yes, that's exactly the file! And I did the same as you did, checked the last update date ;)

                            I've also pasted the changed file to a message post on MC4J forum since I guess I dont have the rights to file a bug on MC4J bug system@SF.net
                            here is the changed file http://sourceforge.net/forum/message.php?msg_id=5865601

                            tks a lot Mazz!!!

                            • 26. Re: How to monitor a MBean on WebSphere
                              mazz

                              Rafael, Was it a big change? Can you post the actually patch/diff here (if its not too large - which I suspect it isn't).

                              • 27. Re: How to monitor a MBean on WebSphere
                                rafaelri

                                Hi Mazz!

                                you're right it was a slight change, there goes the diff:

                                119c119
                                < if (serverUrl.getScheme().equalsIgnoreCase("http")) {
                                ---
                                > if (serverUrl.getScheme().equalsIgnoreCase("http") || serverUrl.getScheme().equalsIgnoreCase("https")) {
                                132,133c132,139
                                < props.setProperty(
                                < getConstant(adminClientClass, "CONNECTOR_SECURITY_ENABLED"), "false");
                                ---
                                > String username = connectionSettings.getPrincipal();
                                > String password = connectionSettings.getCredentials();
                                > boolean security = ((username != null) && (!"".equals(username)));
                                > if (security) {
                                > props.setProperty(getConstant(adminClientClass, "CONNECTOR_SECURITY_ENABLED"), Boolean.toString(security));
                                > props.setProperty(getConstant(adminClientClass, "USERNAME"), username);
                                > props.setProperty(getConstant(adminClientClass, "PASSWORD"), password);
                                > }
                                206c212
                                < }
                                ---
                                > }
                                


                                • 28. Re: How to monitor a MBean on WebSphere
                                  rafaelri

                                  I'd also risk saying that the chance of breaking backwards compatibility is minimal not to say that it does not exist ;)

                                  • 29. Re: How to monitor a MBean on WebSphere
                                    mazz

                                    wouldn't you need an "else" clause to set the security property to false if security==false?

                                    String username = connectionSettings.getPrincipal();
                                     String password = connectionSettings.getCredentials();
                                     boolean security = ((username != null) && (!"".equals(username)));
                                     if (security) {
                                     props.setProperty(getConstant(adminClientClass, "CONNECTOR_SECURITY_ENABLED"), "true");
                                     props.setProperty(getConstant(adminClientClass, "USERNAME"), username);
                                     props.setProperty(getConstant(adminClientClass, "PASSWORD"), password);
                                     } else { // DON'T YOU NEED THIS ELSE?
                                     props.setProperty(getConstant(adminClientClass, "CONNECTOR_SECURITY_ENABLED"), "false");
                                     }