RFR: 8196729: Add jstatd option to specify RMI connector port

Chris Plummer chris.plummer at oracle.com
Mon Feb 3 18:20:19 UTC 2020 

Hi Daniil,

Ok. Changes look good.

thanks,

Chris

On 1/31/20 2:14 PM, Daniil Titov wrote:
> Hi Chris,
>
> Thank you for describing this in such details!  Your description is correct.
>
> In addition, apart from jstat there is jps tool that also can communicate
> with jstatd and currently it faces the same problems if jstatd is deployed behind
> a firewall or in a container: after successful connection to RMI registry the
> further communication fails since jstatd chooses a random RMI port that is
> not published by the container or might be blocked by a firewall configuration.
>
> Best regards,
> Daniil
>
> On 1/31/20, 1:45 PM, "Chris Plummer" <chris.plummer at oracle.com> wrote:
>
>      Hi Daniil,
>      
>      Just want to make sure I understand what communications are going on
>      here. Your concern is when the jstat and jstatd processes are on
>      different sides of the firewall. When you launch jstatd, you specify the
>      socket port it will receive requests on, and when you launch jstat, you
>      must specify this same socket port, so no firewall problem there
>      assuming the firewall is configured to allow communication over that
>      port. However, once the request is received by jstatd, data can be
>      communicated via RMI rather than over the specified socket port. By
>      default jstatd was choosing a random RMI port, and I assume this RMI
>      port was communicated to the jstat process via the initial socket port.
>      This presents a problem for firewall configuration, since the firewall
>      configuration cannot know the RMI port that will be used. So now you're
>      allowing the rmi port to also be specified.
>      
>      Am I close? :)
>      
>      Chris
>      
>      On 1/31/20 1:08 PM, Daniil Titov wrote:
>      > Please review change [1] that adds a new command line option to jstatd tool to specify a RMI connector port.
>      >
>      > Currently a random port is used that prevents this tool from being used behind a firewall or in a container.
>      >
>      > New CSR [3] was created for this change and it needs to be reviewed as well.
>      >
>      > Man pages for jstatd will be updated in a separate issue.
>      >
>      > Testing: Mach5 tier1-tier3 and sun/tools/jstatd/* tests  succeeded. Mach5 tier5 tests are in progress.
>      >
>      > [1] Webrev: http://cr.openjdk.java.net/~dtitov/8196729/webrev.01/
>      > [2] Jira issue: https://bugs.openjdk.java.net/browse/JDK-8196729
>      > [3] CSR : https://bugs.openjdk.java.net/browse/JDK-8238357
>      >
>      > Thank you,
>      > Daniil
>      >
>      >
>      >
>      
>      
>
>

More information about the serviceability-dev mailing list