Jolokia
Summary: This article tells you to use Jolokia, a JMX bridge, that is available vom AppSuite v7.4.0 on.
How to interact with Jolokia for Open-Xchange
Open-Xchange does support Jolokia as a remote JMX-Bridge over HTTP.
By Version 7.4.0 ongoing, it is located inside Open-Xchange Bundle and configured by jolokia.properties
Additional information can be found at http://www.jolokia.org/ .
jolokia.properties
Key | Default value | Comment |
---|---|---|
com.openexchange.jolokia.start | false | start switch for jolokia |
com.openexchange.jolokia.servlet.name | /monitoring/jolokia | Under what servlet name jolokia will be published, please bear in mind that this should not be forwarded by apache and kept internal |
com.openexchange.jolokia.user | User used for authentication with HTTP Basic Authentication. If not given, Jolokia will not start! | |
com.openexchange.jolokia.password | Password used for authentification, if not set "secret" is used. | |
com.openexchange.jolokia.restrict.to.localhost | true | This setting will restrict jolokia access to localhost. It is completly ignored when a jolokia-access.xml is present |
Keep in mind that Jolokia will not start unless you set com.openexchange.jolokia.start = true
, com.openexchange.jolokia.user = yourUser
and to com.openexchange.jolokia.password = yourPassword
.
When using Munin-Scripts with Jolokia, this user and password also need to be changed.
Running Jolokia
As Jolokia represents a JMX-Interface it is highly recommended not to forward it to the internet!
This is by default set through the use of com.openexchange.jolokia.restrict.to.localhost = true
and can be changed by either setting it to false
or providing a jolokia-access.xml
inside /opt/open-xchange/etc/
For further information how to setup this file, http://www.jolokia.org/reference/html/security.html is a good start as all those settings are usable.
Jolokia with Grizzly
When using Grizzly and munin scripts on the same machine, you can connect to jolokia directly with the servers address, e.g.: http://localhost:8009/monitoring/jolokia
.
When connecting through another machine, a best practise is to use the same forwarding as described below.
Jolokia with AJP
When using AJP, you need to enable forwarding for each server, keep in mind that those should be only accessable inside your intranet.
An Apache proxy_ajp.conf could look like this:
<Location /internal>
# restrict access to internal
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
# you might add more ip addresses / networks here
# if the apache is not on the same machine as the OX-server
# Allow from 192.168 10 172.16
</Location>
...
<Proxy /internal/ox1/monitoring>
ProxyPass ajp://oxhost1:8009/monitoring
</Proxy>
...
Jolokia on oxhost1 is accessable by http://apacheaddress/internal/ox1/monitoring/jolokia
.