DC/OS JMX Access to java application

Question

I'm new to docker and dc/os. I have deployed dc/os cluster in the microsoft azure. I need to set access via a jmx to my java applications but I can't. Let's take the example of deploying a standart tomcat image. I have docker installed on my local machine. To run a tomcat container with jmx access I use this command:

docker run -e 
     JAVA_OPTS= "-Dcom.sun.management.jmxremote 
                -Djava.rmi.server.hostname=127.0.0.1 
                -Dcom.sun.management.jmxremote.port=8081 
                -Dcom.sun.management.jmxremote.rmi.port=8081 
                -Dcom.sun.management.jmxremote.local.only=false 
                -Dcom.sun.management.jmxremote.authenticate=false 
                -Dcom.sun.management.jmxremote.ssl=false" 
     -p 8080:8080 -p 8081:8081 tomcat:8.0   

And I can connect to Tomcat via port 8081.

I try to do the same in dc/os cluster. I use the below json configuration to deploy:

{
  "id": "/tomcat",
  "instances": 1,
  "cpus": 1,
  "mem": 512,
  "container": {
    "type": "DOCKER",
    "docker": {
      "image": "tomcat:8.0",
      "network": "BRIDGE",
      "portMappings": [
        { "protocol": "tcp", "hostPort": 8080, "containerPort": 8080 },
        { "protocol": "tcp", "hostPort": 8081, "containerPort": 8081 }
      ]
    }
  },
  "requirePorts": true,
  "acceptedResourceRoles": [
    "slave_public"
  ],
  "env": {      
    "JAVA_OPTS": "-Dcom.sun.management.jmxremote -Djava.rmi.server.hostname=10.0.0.4 -Dcom.sun.management.jmxremote.port=8081 -Dcom.sun.management.jmxremote.rmi.port=8081 -Dcom.sun.management.jmxremote.local.only=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false"
  },
  "healthChecks": [
    {
      "gracePeriodSeconds": 120,
      "intervalSeconds": 30,
      "maxConsecutiveFailures": 3,
      "path": "/",
      "portIndex": 0,
      "protocol": "HTTP",
      "timeoutSeconds": 5
    }
  ]
}

After that I have access to tomcat webconsole but I can't connnect via jmx. I tried variouse values for "-Djava.rmi.server.hostname": 127.0.0.1, 10.0.0.4( agent ip ), agents.westeurope.cloudapp.azure.com. Please help me understand what I do wrong.

UPDATE: Thank Walter - MSFT who pointed out a fact which ports are opened by default on azure. I really forgot about it. But an issue with connecting via jmx is still actual for me. I opened new discussion where I give more details. DC/OS JMX Access

Answer 1

You could read Azure official article:

Any DC/OS container in the ACS public agent pool is automatically exposed to the internet. By default, ports 80, 443, 8080 are opened, and any (public) container listening on those ports are accessible.

According to your description, it seems that port 8081 is not open. You could open port 8081 on Azure Portal.

More information about please refer to this link: Enable public access to an Azure Container Service application.

Update:

I test in my lab with your json file, it works for me, you don't change it. You should open port on Azure NSG and Load Balance.

NSG:

LoadBalncer

I test in my lab, I could open 8080 Web UI. When I test port 8081, I notice that the port is listening, I could access the port with Public IP.

azureuser@dcos-master-01234567-0:~$ netcat -z -v 13.84.176.235 8081
Connection to 13.84.176.235 8081 port [tcp/tproxy] succeeded!

You also could use curl to test, I get the following result.

azureuser@dcos-master-01234567-0:~$ curl 13.84.176.235:8081
curl: (52) Empty reply from server

If you could not access 8081 Web UI, I suggest you had better check docker container.