VisualVM是一个以监控、显示本地或者远程服务器JVM工作情况,进行性能调优的工具。借助VisualVM,我们可以实现对JVM内存各个子池、CPU、垃圾收集器等方面进行监控,从而发现程序代码中潜在的泄露点和配置问题。
VisualVM是一个Java编写的绿色软件,属于开源范畴,官方地址为:visualvm.java.net。VisualVM是使用插件Plugin的方式提供功能,默认提供了一些基本检测功能。如果需要进行拓展,可以使用下载插件的功能进行。
VisualVM在监控本地JVM的时候是很方便的。只要应用程序运行起来,我们就可以从VisualVM里面监控出来。
远程服务器上的JVM监控就需要一些额外的配置了。目前VisualVM支持两种监控方法:Jstatd方法和基于JMX的方法。
JStatd
How to setup jstatd in linux
In order to do remote profiling, jstatd must be running on remote host. jstatd setup needs to complete in 6 steps
- Create a jstatd.sh file at any path
#!/bin/sh policy=${HOME}/jstatd.all.policy [ -r ${policy} ] || cat >${policy} <<'POLICY' grant codebase "file:/usr/lib/jvm/jre-1.6.0-openjdk.x86_64/lib/tools.jar" { permission java.security.AllPermission; }; POLICY echo ${policy} jstatd -J-Djava.security.policy=${policy} -J-Djava.rmi.server.hostname=192.169.31.224&
- Replace 192.169.31.224 with the IP address of the remote host
- Replace "/usr/lib/jvm/jre-1.6.0-openjdk.x86_64/lib/tools.jar" with the actual path of tools.jar
- To find actual path of tools.jar, if you have multiple jvm installed in linux, run following commands
- Check Java using following command
[root@31224 ~]# /usr/sbin/alternatives --config java There are 2 programs which provide 'java'. Selection Command ----------------------------------------------- 1 /usr/lib/jvm/jre-1.4.2-gcj/bin/java *+ 2 /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/java Enter to keep the current selection[+], or type selection number:
- Here current JVM path is "/usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/java" so enter this path in jstatd.sh
- Check the path to tools.jar. Here tools.jar is available at multiple locations
[root@31224 ~]# locate tools.jar /usr/java/jdk1.7.0_45/db/lib/derbytools.jar /usr/java/jdk1.7.0_45/lib/tools.jar /usr/java/jdk1.7.0_45/lib/visualvm/visualvm/modules/com-sun-tools-visualvm-tools.jar /usr/lib/jvm/java-1.4.2-gcj-1.4.2.0/lib/tools.jar /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/lib/tools.jar
- Use chmod 777 -R /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/lib
- To find running jstatd use following commands:-
[root@App31224 ~]# which jstatd /usr/bin/jstatd [root@App31224 ~]# ls -lart /usr/bin/jstatd lrwxrwxrwx 1 root root 24 Oct 16 2010 /usr/bin/jstatd -> /etc/alternatives/jstatd [root@App31224 ~]# ll /etc/alternatives/jstatd lrwxrwxrwx 1 root root 49 Oct 15 2010 /etc/alternatives/jstatd -> /usr/lib/jvm/java-1.6.0-openjdk.x86_64/bin/jstatd
- Check Java using following command
- use chmod a+x jstatd.sh to make it executable
- Finally run ./jstatd.sh
How to setup jstatd in windows
- Run the "jstatd" command in a command window:
C:Program FilesJavajdk1.7.0_45bin>jstatd.exe Could not create remote object access denied ("java.util.PropertyPermission" "java.rmi.server.ignoreSubClasses" "write") java.security.AccessControlException: access denied ("java.util.PropertyPermissi on" "java.rmi.server.ignoreSubClasses" "write") at java.security.AccessControlContext.checkPermission(AccessControlConte xt.java:372) at java.security.AccessController.checkPermission(AccessController.java: 559) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at java.lang.System.setProperty(System.java:783) at sun.tools.jstatd.Jstatd.main(Jstatd.java:139)
The "access denied" error is expected, because "jstatd" requires a security policy file specified with the "java.security.policy" system property, if there is no security manager running on my machine.
- Create the security policy file, jstatd.all.policy, that grants permissions to run "jstatd" and other tools in the tools.jar:
grant codebase "file:C:/Program Files/Java/jdk1.7.0_45/lib/tools.jar" { permission java.security.AllPermission; };
- Run "jstatd" with the security policy file, tools.policy specified to the "java.security.policy" system property:
C:Program FilesJavajdk1.7.0_45bin>jstatd.exe -J-Djava.rmi.server.hostname=127.0.0.1 -J-Djava.security.policy=jstatd.all.policy
- jVisualVM will autodetect all running java processes
JMX
连接JMX方法首先需要在Java端进行一些配置。
[root@bspdev jdk1.7.0_09]# cd $JAVA_HOME/jre/lib/management [root@bspdev management]# pwd /usr/java/jdk1.7.0_09/jre/lib/management [root@bspdev management]# ls -l total 28 -rw-r--r-- 1 root root 3998 Sep 25 2012 jmxremote.access -rw-r--r-- 1 root root 2856 Sep 25 2012 jmxremote.password.template -rw-r--r-- 1 root root 14097 Sep 25 2012 management.properties -rw-r--r-- 1 root root 3376 Sep 25 2012 snmp.acl.template
首先利用password.template文件创建jmxremote.password文件,并且设置相应的读写权限。
[root@bspdev management]# cp jmxremote.password.template jmxremote.password [root@bspdev management]# ls -l total 32 -rw-r--r-- 1 root root 3998 Sep 25 2012 jmxremote.access -rw-r--r-- 1 root root 2856 Jul 5 06:09 jmxremote.password -rw-r--r-- 1 root root 2856 Sep 25 2012 jmxremote.password.template -rw-r--r-- 1 root root 14097 Sep 25 2012 management.properties -rw-r--r-- 1 root root 3376 Sep 25 2012 snmp.acl.template [root@bspdev management]#
将jmxremote.password中的权限部分注释标记去除。
# password "QED". The "controlRole" role has password "R&D". # # monitorRole QED # controlRole R&D 修改为: monitorRole QED controlRole R&D "jmxremote.password" 64L, 2852C written
同时,在JBoss启动文件run.sh的定义环境变量部分,加入如下内容。
if [ "x$JAVA_OPTS" = "x" ]; then JAVA_OPTS=" -Dcom.sun.management.jmxremote.port=9988 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false" else JAVA_OPTS="$JAVA_OPTS -Dcom.sun.management.jmxremote.port=9988 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false" fi
下面,就可以增加JMX的9988端口的连接。显示如下界面进行监控。
使用JMX监控的功能不支持Visual GC。对JBoss的支持性比较好。
JMX也可以在启动java进程的时候启动:
JAVA_OPTS="$JAVA_OPTS -Djava.rmi.server.hostname=192.168.8.7 -Dcom.sun.management.jmxremote.port=8088 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false"
ps:JMX Management and Monitoring Properties
com.sun.management.jmxremote | true / false. Default is true |
com.sun.management.jmxremote. port | Port number. No default. |
com.sun.management.jmxremote.ssl | true / false. Default is true. |
com.sun.management.jmxremote.ssl.enabled.protocols | Default SSL/TLS protocol version. |
com.sun.management.jmxremote.ssl.enabled.cipher.suites | Default SSL/TLS cipher suites. |
com.sun.management.jmxremote.ssl.need.client.auth | true / false. Default is false |
com.sun.management.jmxremote.authenticate | true / false.Default is true |
com.sun.management.jmxremote.password.file | JRE_HOME/lib/management/jmxremote.password |
com.sun.management.jmxremote.access.file | JRE_HOME/lib/management/jmxremote.access |
com.sun.management.jmxremote.login.config | Default login configuration is a file-based password authentication. |