problems profiling through ssh tunneling

[attila]

I'm remotely profiling a machine that doesn't have a public IP address, but that is in a secure subnet I access over ssh. I run ssh with the "-L 1974:marlin:44570" ("marlin" is the host in the subnet, with profiler running on 44570) to forward traffic from my local port 1974 to the profiler in the secure subnet. Then I tell YourKit Profiler frontend (4.0.16) to connect to localhost:1974, which it does.

The problem is that the snapshot is not saved to the local machine but to the remote machine. Yet when YourKit offers me to open it, it searches for it locally. It might be a problem that YourKit believes the app is local, as it's accessed through localhost:1974. To reiterate, snapshot is saved to /home/sysadmin on the remote machine, and the profiler frontend offers to open it from c:\home\sysadmin

This requires me to manually drag the snapshots using scp to my local machine, which can be rather inconvenient.[/list]

[attila]

Sorry - I got version number wrong; it's 4.0.14

[Vladimir Kondratyev]

Unfortunately profiler cannot detect that localhost:1974 in your case is a remote machine. Can you change "localhost" on something else, for example, "localhost2" (add alias to /etc/hosts)

Regards,
Vladimir Kondratyev

[Sascha Weinreuter]

You could - theoretically - compare InetAddress.getLocalHost() on the local machine against the value on the machine the agent runs on.

Do you compare the host name directly to "localhost" and/or "127.0.0.1"? In the latter case, it should also work when using 127.x.y.z (z != 1) without any config file changes.

Sascha

[Vladimir Kondratyev]

Yes, we are checking "localhost" and "127.0.0.1", so "127.0.0.2" should work Nice suggestion!

[attila]

Ok, here's the following problem: I start up a profiled JVM on a remote machine (let's call it "executor") using java -Xrunyjpagent:port=7411

then I do SSH tunneling to it from my local machine using a gateway into the remote network (let's call it "gateway"):

ssh -l <username> -L1234:executor:7411 gateway

Then I tell the profiler frontend to connect to the remote application through the SSH tunnel by pointing it to localhost:1234

Now, if I do this with 4.0.14 (both agent .so and frontend), it works like charm. If I do it with the 4.5 EAP #634 (both agent .so and frontend), then it waits for long time -- until a TCP timeout I guess -- then tells me there's no application running on that port. The remote JVM is 1.4.2_06 server HotSpot, if it helps anything. If I point it to a bogus port, it tells me there's no application on the port immediately.

[Anton Katilin]

The difference between 4.0 and 4.5 EAP is that the latest version uses RMI for communication with the agent, while the old version directly opened a socket and used its own protocol.

[Sascha Weinreuter]

RMI? Doesn't this use multiple, randomly assigned ports for its communication? How is that supposed to be routed through firewalls?

If tunneling through SSH doesn't work any more, you basically disabled the possibility to profile applications (especially web-containers) in production environments.

[Anton Katilin]

I'm considering now this article to find out how to solve the issue: http://www.javaranch.com/newsletter/200 ... sh_p1.html

[Anton Katilin]

The RMI indeed uses 2 ports, so both of them must be tunnelled. It seems that there's a way to explicitly specify both of them to be used by RMI; then both can be specified in ssh command...

We'll make the change in the next build.

[Vladimir Kondratyev]

Latest EAP build #636 contains a fix. Please try it!

We have remove all RMI stuff from agent, so SSH tunneling should work again.

[Sascha Weinreuter]

Thanks for getting rid of RMI, I've never made any good experience with it

Sascha