Configuring the eG Agent to Support JMX Authentication

If the eG agent needs to use JMX for monitoring the GemFire Cluster, and this JMX requires authentication only (and not security), then every test to be executed by such an eG agent should be configured with the credentials of a valid user to JMX, with read-write rights. The steps for creating such a user are detailed below:

  1. Login to the application host. If the application being monitored is on a Windows host, then login as a local/domain administrator to the host.
  2. Go to the <java_home>\jre\lib\management folder used by the target application to view the following files:

    • jmxremote.access
    • jmxremote.password.template
    • snmp.acl.template
  3. Copy the jmxremote.password.template file to a different location, rename it as jmxremote.password, and copy it back to the <java_home>\jre\lib\management folder.
  4. Open the jmxremote.password file and scroll down  to the end of the file. By default, you will find the commented entries indicated by Figure 1 below:

    Figure 1 : Scrolling down the jmxremote.password file to view 2 commented entries

  5. The two entries indicated by Figure 1 are sample username password pairs with access to JMX. For instance, in the first sample entry of Figure 1, monitorRole is the username and QED is the password corresponding to monitorRole. Likewise, in the second line, the controlRole user takes the password R&D.
  6. If you want to use one of these pre-defined username password pairs during test configuration, then simply uncomment the corresponding entry by removing the # symbol preceding that entry. However, prior to that, you need to determine what privileges have been granted to both these users. For that, open the jmxremote.access file in the editor.

    Figure 2 : The jmxremote.access file

  7. Scrolling down the file (as indicated by Figure 2) will reveal 2 lines, each corresponding to the sample username available in the jmxremote.password file. Each line denotes the access rights of the corresponding user. As is evident from Figure 2, the user monitorRole has only readonly rights, while user controlRole has readwrite rights. Since the eG agent requires readwrite rights to be able to pull out key JVM-related statistics using JMX, we will have to configure the test with the credentials of the user controlRole.
  8. For that, first, edit the jmxremote.password file and uncomment the controlRole <password> line as depicted by Figure 3.

    Figure 3 : Uncommending the ‘controlRole’ line

  9. Then, save the file. You can now proceed to configure the tests with the user name controlRoleand password R&D.
  10. Alternatively, instead of going with these default credentials, you can create a new username password pair in the jmxremote.password file, assign readwrite rights to this user in the jmxremote.access file, and then configure the eG tests with the credentials of this new user. For instance, let us create a user john with password john and assign readwrite rights to john.
  11. For this purpose, first, edit the jmxremote.password file, and append the following line (see Figure 4) to it:

    john   john

    Figure 4 : Appending a new username and password pair

  12. Save the jmxremote.password file.
  13. Then, edit the jmxremote.access file, and append the following line (see Figure 5) to it:

    john   readwrite

    Figure 5 : Assigning rights to the new user in the jmxremote.access file

  14. Then, save the jmxremote.access file.
  15. Finally, proceed to configure the tests with the user name and password, john and john, respectively.