How Does eG Enterprise Monitor Mule ESB?
eG Enterprise monitors Mule ESB in both agent-based and agentless manners. In case of the agentless approach, the remote agent used to monitor Mule ESB should be deployed on a remote Windows host in the environment. The eG agent should be configured to connect to the JRE used by Mule ESB for pulling out the metrics pertaining to its performance. To enable the eG agent to connect to JRE of the Mule ESB, a set of pre-requisites should be fulfilled. These requirements are provided in the following section.
Pre-requisites for Monitoring the Mule ESB
The eG agent should be configured to use JMX to connect to the JRE of the Mule ESB and collect the metrics of interest. To enable the eG agent to collect metrics on performance, availability, and usage status of Mule ESB instances, the following pre-requisite should be fulfilled:
-
Enable JMX support with or without authentication and SSL for the Mule ESB, so that the eG agent can connect to the JRE of the server and pull out performance metrics.
Enable JMX without authentication and SSL
By default, JMX support is not enabled on Mule ESB. However, to enable the eG agent to use JMX, the tests that the eG agent runs should be configured with a JMX Remote Port - this is the port at which the JMX listens for requests from remote hosts. You need to determine the correct JMX remote port to configure. By default, JMX requires no authentication or security (SSL). In this case therefore, to use JMX for pulling out metrics from a target application, the following will have to be done:
-
To enable JMX, we will need to update the wrapper.conf, available at ${MULE_HOME}/conf/wrapper.conf with the following lines:
wrapper.java.additional.n=-Dcom.sun.management.jmxremote=true
wrapper.java.additional.n=-Dcom.sun.management.jmxremote.port=portnumber
wrapper.java.additional.n=-Djava.rmi.server.hostname=hostname
wrapper.java.additional.n=-Dcom.sun.management.jmxremote.authenticate=false
wrapper.java.additional.n=-Dcom.sun.management.jmxremote.ssl=false
-
For instance, if the JMX listens on port 1099, then the second line of the above specification would be:
wrapper.java.additional.n=-Dcom.sun.management.jmxremote.port=1099
-
Where "n" is a numeric value, starting with 1 for the first additional parameter, and then incrementing by one for each consecutive parameter. Hence, make sure to replace "n" with the next available integer among the wrapper.java.additional parameters already in the wrapper.conf file, if any. The numbers serve to identify each Java Additional Parameter in the file.
Enable JMX with authentication and SSL
If the eG agent needs to use JMX for monitoring Mule ESB, and this JMX requires to enable both authentication and SSL, then to use JMX for pulling out metrics from a target application, the following will have to be done:
-
On the Mule runtime server, execute the following commands:
mkdir ${MULE_HOME}/ssl
cd ${MULE_HOME}/ssl
Then, run the following command to generate a keystore and a certificate.
keytool -genkey -alias tc401 -keyalg RSA -keystore tc401_keystore.jks
Enter the below command to export the certificate so that it can be added to the Truststore.
keytool -export alias tc401 -file tc401_cert -keystore tc401_keystore.jks
Then, execute the following command to create a truststore and import the keystore certificate into the truststore.
keytool -import -alias tc401 -keystore tc401_truststore.jks -file tc401_cert
-
The above commands will create keystore and truststore, which will be used by Mule Runtimes. The keystore contains the server's key pair, and the truststore containing the client certificates. To instruct a Mule Runtime to use the keystore and truststore, you have to update the wrapper.conf, available at ${MULE_HOME}/conf/wrapper.conf with the following lines:
wrapper.java.additional.n=-Dcom.sun.management.jmxremote=true
wrapper.java.additional.n=-Dcom.sun.management.jmxremote.port=portnumber
wrapper.java.additional.n=-Dcom.sun.management.jmxremote.access.file=%MULE_HOME%/conf/jmxremote.access
wrapper.java.additional.n=-Dcom.sun.management.jmxremote.password.file=%MULE_HOME%/conf/jmxremote.password
wrapper.java.additional.n=-Dcom.sun.management.jmxremote.authenticate=true
wrapper.java.additional.n=-Dcom.sun.management.jmxremote.ssl=true
wrapper.java.additional.n=-Djavax.net.ssl.keyStore=%MULE_HOME%/ssl/tc401_keystore.jks
wrapper.java.additional.n=-Djavax.net.ssl.keyStorePassword=changeme
wrapper.java.additional.n=-Djavax.net.ssl.trustStore=%MULE_HOME%/ssl/tc401_truststore.jks
wrapper.java.additional.n=-Djavax.net.ssl.trustStorePassword=changeme
-
The above configuration requires to create two files: jmxremote.access and jmxremote.password for the user permission and authentication available in ${MULE_HOME}/conf. The jmxremote.access file defines the allowed access for different roles and the jmxremote.password file defines the roles and their passwords. To be functional, a role must have an entry in both the password and the access files. For that,
-
Edit the file jmxremote.access available in ${MULE_HOME}/conf in a text editor with the roles and their access levels and save the changes. For example:
admin readwrite
monitor readonly
By doing so, you are granting readwrite access to the admins for monitoring and management, and readonly access to users for monitoring. Since the eG agent requires readonly rights to be able to pull out metrics using JMX, we will have to configure the tests with the credentials of the user monitor given in the above example.
-
Edit the file jmxremote.password available in ${MULE_HOME}/conf in a text editor and define a password of your choice for the users mentioned in jmxremote.access file. For example:
admin adminpass
monitor monitorpass
Here monitor is the username and monitorpass is the password corresponding to monitor.
-
The role name cannot contain spaces or tabs and must correspond to an entry in the password file.
-
-
Open the jmxremote.access and jmxremote.password in an editor and copy the user name specified against the readonly privilege on the jmxremote.access file and configure it as the JMX User, and the Password of that user on the jmxremote.password can be specified against JMX Password to configure the eG tests.
