Using SSH Proxying with Jconsole to remote Cassandra instances

This guide leans heavily on the work of http://simplygenius.com/2010/08/jconsole-via-socks-ssh-tunnel.html — what I’ve done is collect his work into something a little more manageable for my environment.  In here, I will go over the shell commands that can be used to make doing this easy.

Prerequisites

This guide assumes a few things are set up:

  1. That you’ve got ssh keys pushed around to do passwordless logins between your machine and your intermediate client machine
  2. That you’ve got cassandra up and running remotely
  3. That cassandra is listening on 8080 for it’s JMX service port

The Meat

This hunk of bash script is the meat of making this work.  Put the following in your .bashrc.  Make sure to edit proxy_host= to match your environment.

function jc {
    # set this to the host you'll proxy through.
    proxy_host="remoteuser@remotehost -p 22"    host=$1

    jmxport=8080
    proxy_port=${2:-8123}

    if [ "x$host" = "x" ]; then
        echo "Usage: jc <remote server> [proxy port]"
        return 1
    fi 

    # start up a background ssh tunnel on the desired port
    ssh -N -f -D$proxy_port $proxy_host 

    # if the tunnel failed to come up, fail gracefully.
    if [ $? -ne 0 ]; then
        echo "Ssh tunnel failed"
        return 1
    fi

    ssh_pid=`ps awwwx | grep "[s]sh -N -f -D$proxy_port" | awk '{print $1}'`
    echo "ssh pid = $ssh_pid"

    # Fire up jconsole to your remote host
    jconsole -J-DsocksProxyHost=localhost -J-DsocksProxyPort=$proxy_port \
        service:jmx:rmi:///jndi/rmi://${host}:${jmxport}/jmxrmi

    # tear down the tunnel
    kill $ssh_pid
}

Then, either close your shell, or source your .bashrc.  Then you should be able simply to call your function like so:

    host$ jc cassandra-host01

Jconsole will pop up, and log you in.

Be Sociable, Share!

7 thoughts on “Using SSH Proxying with Jconsole to remote Cassandra instances”

  1. Yeah, I believe you could do that… is that because perhaps you have a firewall in place that’s allowing ssh, but disallowing access to the java console?

  2. Yeah, I ran in EC2 and wanted to proxy the connection through my localhost using ssh but don’t want to open up the jmx port (on EC2). I don’t think it’s possible though.

    I followed this instructions: http://hansonchar.blogspot.com/2007/03/ssh-tunnelling-fun.html
    but it doesn’t seem to work.

    Your instructions work if I open the jmx_port in EC2 but that means I need to secure the connection on the jmx/server side.

    How do you handle the authentication ? Am I missing something ?

  3. I think that if you call jconsole this way, it might work:

    ssh $REMOTEHOST -L 8123:$REMOTEHOST:$jmxport -N -f

    jconsole service:jmx:rmi:///jndi/rmi://localhost:8123/jmxrmi

  4. Doesn’t seem to work. Cannot connect to host specified at -Djava.rmi.server.hostname.

    do you have any recommendation for the content of /etc/hosts ?

    currently I have:
    127.0.0.1 localhost
    staging

  5. I’m afraid I don’t. I haven’t been messing around with jconsole for a whie. Your hosts file looks like the staging entry is wrong. No IP address. Good luck!

Comments are closed.