Search in sources :

Example 1 with FORGEROCK_OPENAM_POLICY_MIBImpl

use of org.forgerock.openam.monitoring.policy.FORGEROCK_OPENAM_POLICY_MIBImpl in project OpenAM by OpenRock.

the class Agent method startAgent.

/**
     *  This method starts up the monitoring agent from the
     *  common/ConfigMonitoring module (load-on-startup or at the
     *  end of AMSetupServlet/configuration).  Since web-app startup
     *  is sensitive to exceptions in load-on-startup stuff, this has
     *  quite a few try/catch blocks.
     *
     *  If any of HTML, SNMP, or RMI adaptors has a problem getting created
     *  or started, attempts to create/start the others will be made; If
     *  at least one adaptor is started, monitoring will be "active"
     *  (Agent.isRunning() will return true).
     *
     *  @param monConfig SSOServerMonConfig structure of OpenAM configuration
     *  @return 0 (zero) if at least one of HTML/SNMP/RMI adaptors started up;
     *     MON_CONFIG_DISABLED:
     *       if monitoring configured as disabled
     *     MON_MBEANSRVR_PROBLEM:
     *       if MBeanServer problem encountered
     *     MON_RMICONNECTOR_PROBLEM:
     *       if RMI connector problem
     *             (MIB not registered with MBeanServer)
     *     MON_CREATEMIB_PROBLEM:
     *       if problem creating/registering MIB
     */
public static int startAgent(SSOServerMonConfig monConfig) {
    monHtmlPort = monConfig.htmlPort;
    monSnmpPort = monConfig.snmpPort;
    monRmiPort = monConfig.rmiPort;
    monitoringEnabled = monConfig.monitoringEnabled;
    monHtmlPortEnabled = monConfig.monHtmlPortEnabled;
    monSnmpPortEnabled = monConfig.monSnmpPortEnabled;
    monRmiPortEnabled = monConfig.monRmiPortEnabled;
    monAuthFilePath = monConfig.monAuthFilePath;
    policyWindow = monConfig.policyWindow;
    sessionWindow = monConfig.sessionWindow;
    String classMethod = "Agent.startAgent:";
    // OpenAM server port comes from WebtopNaming.siteAndServerInfo
    String serverPort = agentSvrInfo.serverPort;
    // Check for Legacy MonAuthFile.
    if ((monAuthFilePath != null) && (monAuthFilePath.endsWith("opensso_mon_auth"))) {
        // Perform a rename of the old filename to the latest naming.
        File monAuthFile = new File(monAuthFilePath);
        File newMonAuthFile = new File(monAuthFile.getParentFile() + "/" + "openam_mon_auth");
        if (monAuthFile.renameTo(newMonAuthFile)) {
            monAuthFilePath = newMonAuthFile.getAbsolutePath();
        }
    }
    /*
         *  there are a lot of exception checks in this method, as
         *  it's invoked from a load-on-startup servlet.  if it
         *  chokes in here, OpenAM won't start up.
         */
    if (debug.messageEnabled()) {
        debug.message(classMethod + "entry:\n" + "    htmlPort = " + monHtmlPort + "\n" + "    authFilePath = " + monAuthFilePath + "\n" + "    snmpPort = " + monSnmpPort + "\n" + "    rmiPort = " + monRmiPort + "\n" + "    monEna = " + monitoringEnabled + "\n" + "    htmlEna = " + monHtmlPortEnabled + "\n" + "    snmpEna = " + monSnmpPortEnabled + "\n" + "    rmiEna = " + monRmiPortEnabled + "\n" + "    policyWindow = " + policyWindow + "\n" + "    sessionWindow = " + sessionWindow + "\n" + "    serverPort = " + serverPort + "\n");
    }
    if (!monitoringEnabled) {
        debug.warning(classMethod + "Monitoring configured as disabled.");
        return MON_CONFIG_DISABLED;
    }
    /*
         *  verify that the HTML, SNMP and RMI ports aren't the same as
         *  the OpenAM server port.  if HTML or SNMP conflict with it,
         *  then they'll be disabled (warning message).  if the RMI port
         *  conflicts, then all of monitoring is disabled.  there might
         *  be other ports that should be checked.
         */
    try {
        int sport = Integer.parseInt(serverPort);
        if (monRmiPort == sport) {
            debug.error(classMethod + "RMI port conflicts with OpenSSO server port (" + sport + "); Monitoring disabled.");
            return MON_RMICONNECTOR_PROBLEM;
        }
        if (monHtmlPort == sport) {
            monHtmlPortEnabled = false;
            if (debug.warningEnabled()) {
                debug.warning(classMethod + "HTML port conflicts with OpenSSO server port (" + sport + "); Monitoring HTML port disabled.");
            }
        }
        if (monSnmpPort == sport) {
            monSnmpPortEnabled = false;
            if (debug.warningEnabled()) {
                debug.warning(classMethod + "SNMP port conflicts with OpenSSO server port (" + sport + "); Monitoring SNMP port disabled.");
            }
        }
    } catch (NumberFormatException nfe) {
        /*
             * odd.  if serverPort's not a valid int, then there'll be
             * other problems
             */
        debug.error(classMethod + "Server port (" + serverPort + " is invalid: " + nfe.getMessage());
    }
    if (debug.messageEnabled()) {
        debug.message(classMethod + "config:\n" + "    monitoring Enabled = " + monitoringEnabled + "\n" + "    HTML Port = " + monHtmlPort + ", enabled = " + monHtmlPortEnabled + "\n" + "    SNMP Port = " + monSnmpPort + ", enabled = " + monSnmpPortEnabled + "\n" + "    RMI Port = " + monRmiPort + ", enabled = " + monRmiPortEnabled + "\n" + "    SessionWindow size = " + sessionWindow + "\n" + "    PolicyWindow size = " + policyWindow + "\n");
    }
    /*
         *  if OpenAM's deployed on a container that has MBeanServer(s),
         *  will the findMBeanServer(null) "find" those?  if so,
         *  is using the first one the right thing to do?
         */
    List<MBeanServer> servers = null;
    try {
        servers = MBeanServerFactory.findMBeanServer(null);
    } catch (SecurityException ex) {
        /*
             * if can't find one, try creating one below, although
             * if there's no findMBeanServer permission, it's unlikely
             * that there's a createMBeanServer permission...
             */
        if (debug.warningEnabled()) {
            debug.warning(classMethod + "findMBeanServer permission error: " + ex.getMessage());
        }
    }
    if (debug.messageEnabled()) {
        debug.message(classMethod + "MBeanServer list is not empty: " + ((servers != null) && !servers.isEmpty()));
    }
    if ((servers != null) && !servers.isEmpty()) {
        server = servers.get(0);
    } else {
        try {
            server = MBeanServerFactory.createMBeanServer();
        } catch (SecurityException ex) {
            if (debug.warningEnabled()) {
                debug.warning(classMethod + "createMBeanServer permission error: " + ex.getMessage());
            }
            return MON_MBEANSRVR_PROBLEM;
        } catch (JMRuntimeException ex) {
            if (debug.warningEnabled()) {
                debug.warning(classMethod + "createMBeanServer JMRuntime error: " + ex.getMessage());
            }
            return MON_MBEANSRVR_PROBLEM;
        } catch (ClassCastException ex) {
            if (debug.warningEnabled()) {
                debug.warning(classMethod + "createMBeanServer ClassCast error: " + ex.getMessage());
            }
            return MON_MBEANSRVR_PROBLEM;
        }
    }
    if (server == null) {
        if (debug.warningEnabled()) {
            debug.warning(classMethod + "no MBeanServer");
        }
        return MON_MBEANSRVR_PROBLEM;
    }
    // throws no exception
    String domain = server.getDefaultDomain();
    // Create the MIB II (RFC 1213), add to the MBean server.
    try {
        sunMibObjName = new ObjectName("snmp:class=SUN_OPENSSO_SERVER_MIB");
        forgerockCtsMibObjName = new ObjectName("snmp:class=FORGEROCK_OPENAM_CTS_MIB");
        forgerockPolicyMibObjName = new ObjectName("snmp:class=FORGEROCK_OPENAM_POLICY_MIB");
        forgerockSessionMibObjName = new ObjectName("snmp:class=FORGEROCK_OPENAM_SESSION_MIB");
        if (debug.messageEnabled()) {
            debug.message(classMethod + "Adding SUN_OPENSSO_SERVER_MIB to MBean server " + "with name '" + sunMibObjName + "'");
            debug.message(classMethod + "Adding FORGEROCK_OPENAM_CTS_MIB to MBean server " + "with name '" + forgerockCtsMibObjName + "'");
        }
    } catch (MalformedObjectNameException ex) {
        // from ObjectName
        if (debug.warningEnabled()) {
            debug.warning(classMethod + "Error getting ObjectName for the MIB: " + ex.getMessage());
        }
        return MON_CREATEMIB_PROBLEM;
    }
    // Create an instance of the customized MIB
    try {
        sunMib = new SUN_OPENSSO_SERVER_MIBImpl();
        forgerockCtsMib = new FORGEROCK_OPENAM_CTS_MIBImpl();
        forgerockPolicyMib = new FORGEROCK_OPENAM_POLICY_MIBImpl();
        forgerockSessionMib = new FORGEROCK_OPENAM_SESSION_MIBImpl();
    } catch (RuntimeException ex) {
        debug.error(classMethod + "Runtime error instantiating MIB", ex);
        return MON_CREATEMIB_PROBLEM;
    } catch (Exception ex) {
        debug.error(classMethod + "Error instantiating MIB", ex);
        return MON_CREATEMIB_PROBLEM;
    }
    try {
        server.registerMBean(sunMib, sunMibObjName);
        server.registerMBean(forgerockCtsMib, forgerockCtsMibObjName);
        server.registerMBean(forgerockPolicyMib, forgerockPolicyMibObjName);
        server.registerMBean(forgerockSessionMib, forgerockSessionMibObjName);
    } catch (RuntimeOperationsException ex) {
        // from registerMBean
        if (debug.warningEnabled()) {
            debug.warning(classMethod + "Null parameter or no object name for MIB specified: " + ex.getMessage());
        }
        return MON_CREATEMIB_PROBLEM;
    } catch (InstanceAlreadyExistsException ex) {
        // from registerMBean
        if (debug.warningEnabled()) {
            debug.warning(classMethod + "Error registering MIB MBean: " + ex.getMessage());
        }
    // probably can just continue
    } catch (MBeanRegistrationException ex) {
        // from registerMBean
        if (debug.warningEnabled()) {
            debug.warning(classMethod + "Error registering MIB MBean: " + ex.getMessage());
        }
        return MON_CREATEMIB_PROBLEM;
    } catch (NotCompliantMBeanException ex) {
        // from registerMBean
        if (debug.warningEnabled()) {
            debug.warning(classMethod + "Error registering MIB MBean: " + ex.getMessage());
        }
        return MON_CREATEMIB_PROBLEM;
    }
    /*
         *  now that we have the MBeanServer, see if the HTML,
         *  SNMP and RMI adaptors specified will start up
         */
    boolean monHTMLStarted = false;
    boolean monSNMPStarted = false;
    boolean monRMIStarted = false;
    // HTML port adaptor
    if (monHtmlPortEnabled) {
        // Create and start the HTML adaptor.
        try {
            htmlObjName = new ObjectName(domain + ":class=HtmlAdaptorServer,protocol=html,port=" + monHtmlPort);
            if (debug.messageEnabled()) {
                debug.message(classMethod + "Adding HTML adaptor to MBean server with name '" + htmlObjName + "'\n    " + "HTML adaptor is bound on TCP port " + monHtmlPort);
            }
            Map<String, String> users = MonitoringUtil.getMonAuthList(monAuthFilePath);
            if (users != null) {
                AuthInfo[] authInfo = new AuthInfo[users.size()];
                int i = 0;
                for (Map.Entry<String, String> entry : users.entrySet()) {
                    authInfo[i] = new AuthInfo(entry.getKey(), entry.getValue());
                    i++;
                }
                htmlAdaptor = new HtmlAdaptorServer(monHtmlPort, authInfo);
            } else {
                if (debug.warningEnabled()) {
                    debug.warning(classMethod + "HTML monitoring interface disabled; no " + "authentication file found");
                }
                htmlAdaptor = null;
            }
            if (htmlAdaptor == null) {
                if (debug.warningEnabled()) {
                    debug.warning(classMethod + "HTTP port " + monHtmlPort + " unavailable or invalid. " + "Monitoring HTML adaptor not started.");
                }
            } else {
                server.registerMBean(htmlAdaptor, htmlObjName);
                // throws no exception
                htmlAdaptor.start();
                monHTMLStarted = true;
            }
        } catch (MalformedObjectNameException ex) {
            // from ObjectName
            if (debug.warningEnabled()) {
                debug.warning(classMethod + "Error getting ObjectName for HTML adaptor: " + ex.getMessage());
            }
        } catch (NullPointerException ex) {
            // from ObjectName
            debug.error(classMethod + "NPE getting ObjectName for HTML adaptor", ex);
            if (debug.warningEnabled()) {
                debug.warning(classMethod + "NPE getting ObjectName for HTML adaptor: " + ex.getMessage());
            }
        } catch (InstanceAlreadyExistsException ex) {
            // from registerMBean
            if (debug.warningEnabled()) {
                debug.warning(classMethod + "Error registering HTML adaptor MBean: " + ex.getMessage());
            }
        } catch (MBeanRegistrationException ex) {
            // from registerMBean
            if (debug.warningEnabled()) {
                debug.warning(classMethod + "Error registering HTML adaptor MBean: " + ex.getMessage());
            }
        } catch (NotCompliantMBeanException ex) {
            // from registerMBean
            if (debug.warningEnabled()) {
                debug.warning(classMethod + "Error registering HTML adaptor MBean: " + ex.getMessage());
            }
        }
    } else {
        debug.warning(classMethod + "Monitoring HTML port not enabled in configuration.");
    }
    // SNMP port adaptor
    if (monSnmpPortEnabled) {
        /*
             * Create and start the SNMP adaptor.
             * Specify the port to use in the constructor. 
             * The standard port for SNMP is 161.
             */
        try {
            snmpObjName = new ObjectName(domain + ":class=SnmpAdaptorServer,protocol=snmp,port=" + monSnmpPort);
            if (debug.messageEnabled()) {
                debug.message(classMethod + "Adding SNMP adaptor to MBean server with name '" + snmpObjName + "'\n    " + "SNMP Adaptor is bound on UDP port " + monSnmpPort);
            }
            // no exc
            snmpAdaptor = new SnmpAdaptorServer(monSnmpPort);
            if (snmpAdaptor == null) {
                if (debug.warningEnabled()) {
                    debug.warning(classMethod + "Unable to get SNMP adaptor.");
                }
            } else {
                server.registerMBean(snmpAdaptor, snmpObjName);
                // throws no exception
                snmpAdaptor.start();
                /*
                     *  Send a coldStart SNMP Trap.
                     *  Use port = monSnmpPort+1.
                     */
                if (debug.messageEnabled()) {
                    debug.message(classMethod + "Sending a coldStart SNMP trap to each " + "destination defined in the ACL file...");
                }
                snmpAdaptor.setTrapPort(new Integer(monSnmpPort + 1));
                snmpAdaptor.snmpV1Trap(0, 0, null);
                if (debug.messageEnabled()) {
                    debug.message(classMethod + "Done sending coldStart.");
                }
                /*
                     *  Bind the SNMP adaptor to the MIB in order to make the
                     *  MIB accessible through the SNMP protocol adaptor.
                     *  If this step is not performed, the MIB will still live
                     *  in the Java DMK agent:
                     *  its objects will be addressable through HTML but not
                     *  SNMP.
                     */
                // throws no exception
                sunMib.setSnmpAdaptor(snmpAdaptor);
                forgerockCtsMib.setSnmpAdaptor(snmpAdaptor);
                forgerockPolicyMib.setSnmpAdaptor(snmpAdaptor);
                forgerockSessionMib.setSnmpAdaptor(snmpAdaptor);
                monSNMPStarted = true;
            }
        } catch (Exception ex) {
            if (debug.warningEnabled()) {
                debug.warning(classMethod + "Error while setting up SNMP adaptor " + ex.getMessage());
            }
            if (ex instanceof IOException || ex instanceof SnmpStatusException) {
                // should be from the snmpV1Trap call, which
                //*shouldn't* affect the rest of snmp operations...
                monSNMPStarted = true;
            }
        }
    } else {
        debug.warning(classMethod + "Monitoring SNMP port not enabled.");
    }
    // RMI port adaptor
    if (monRmiPortEnabled) {
        // Create an RMI connector and start it
        try {
            registry = LocateRegistry.createRegistry(monRmiPort);
            JMXServiceURL url = new JMXServiceURL("service:jmx:rmi:///jndi/rmi://localhost:" + monRmiPort + "/server");
            cs = JMXConnectorServerFactory.newJMXConnectorServer(url, null, server);
            cs.start();
            monRMIStarted = true;
        //                /*
        //                 *  Create a LinkTrapGenerator.
        //                 *  Specify the ifIndex to use in the object name.
        //                 */
        //                String trapGeneratorClass = "LinkTrapGenerator";
        //                int ifIndex = 1;
        //                trapGeneratorObjName = new ObjectName("trapGenerator" + 
        //                    ":class=LinkTrapGenerator,ifIndex=" + ifIndex);
        //                if (debug.messageEnabled()) {
        //                    debug.message(classMethod +
        //                        "Adding LinkTrapGenerator to MBean server " +
        //                        "with name '" +
        //                        trapGeneratorObjName + "'");
        //                }
        //
        //                LinkTrapGenerator trapGenerator =
        //                    new LinkTrapGenerator(nbTraps);
        //                server.registerMBean(trapGenerator, trapGeneratorObjName);
        //
        } catch (MalformedURLException ex) {
            /*
                 * from JMXServiceURL or
                 * JMXConnectorServerFactory.JMXConnectorServer
                 */
            if (debug.warningEnabled()) {
                debug.warning(classMethod + "Error getting JMXServiceURL or JMXConnectorServer " + "for RMI adaptor: " + ex.getMessage());
            }
        } catch (NullPointerException ex) {
            /*
                 * from JMXServiceURL or
                 * JMXConnectorServerFactory.JMXConnectorServer
                 */
            if (debug.warningEnabled()) {
                debug.warning(classMethod + "Error getting JMXServiceURL or JMXConnectorServer " + "for RMI adaptor: " + ex.getMessage());
            }
        } catch (IOException ex) {
            /*
                 * from JMXConnectorServerFactory.JMXConnectorServer or
                 * JMXConnectorServer.start
                 */
            if (debug.warningEnabled()) {
                debug.warning(classMethod + "Error getting JMXConnectorServer for, or starting " + "RMI adaptor: " + ex.getMessage());
            }
        } catch (IllegalStateException ex) {
            // from JMXConnectorServer.start
            if (debug.warningEnabled()) {
                debug.warning(classMethod + "Illegal State Error from JMXConnectorServer for " + "RMI adaptor: " + ex.getMessage());
            }
        } catch (Exception ex) {
            /*
                 * compiler says that JMXProviderException and
                 * NullPointerException already caught
                 */
            debug.error(classMethod + "Error starting RMI: executing rmiregistry " + monRmiPort + ".", ex);
        }
    } else {
        debug.warning(classMethod + "Monitoring RMI port not enabled.");
    }
    /*
         * the HTML and SNMP adaptors may or may not be started,
         * but if the RMI connector had a problem, monitoring is
         * non-functional, as the opensso MIB didn't get registered.
         */
    if (!monRMIStarted && !monSNMPStarted && !monHTMLStarted) {
        debug.warning(classMethod + "No Monitoring interfaces started; monitoring disabled.");
        return MON_RMICONNECTOR_PROBLEM;
    } else {
        // if all/enough has gone well
        agentStarted = true;
        startMonitoringAgent(agentSvrInfo);
        return 0;
    }
}
Also used : MalformedURLException(java.net.MalformedURLException) JMRuntimeException(javax.management.JMRuntimeException) SnmpAdaptorServer(com.sun.management.comm.SnmpAdaptorServer) FORGEROCK_OPENAM_SESSION_MIBImpl(org.forgerock.openam.monitoring.session.FORGEROCK_OPENAM_SESSION_MIBImpl) JMRuntimeException(javax.management.JMRuntimeException) MBeanServer(javax.management.MBeanServer) RuntimeOperationsException(javax.management.RuntimeOperationsException) JMXServiceURL(javax.management.remote.JMXServiceURL) SnmpStatusException(com.sun.management.snmp.SnmpStatusException) MalformedObjectNameException(javax.management.MalformedObjectNameException) AuthInfo(com.sun.jdmk.comm.AuthInfo) NotCompliantMBeanException(javax.management.NotCompliantMBeanException) InstanceAlreadyExistsException(javax.management.InstanceAlreadyExistsException) IOException(java.io.IOException) InstanceAlreadyExistsException(javax.management.InstanceAlreadyExistsException) NotCompliantMBeanException(javax.management.NotCompliantMBeanException) MalformedObjectNameException(javax.management.MalformedObjectNameException) JMException(javax.management.JMException) RuntimeOperationsException(javax.management.RuntimeOperationsException) SnmpStatusException(com.sun.management.snmp.SnmpStatusException) MBeanRegistrationException(javax.management.MBeanRegistrationException) InstanceNotFoundException(javax.management.InstanceNotFoundException) JMRuntimeException(javax.management.JMRuntimeException) MalformedURLException(java.net.MalformedURLException) IOException(java.io.IOException) ObjectName(javax.management.ObjectName) FORGEROCK_OPENAM_CTS_MIBImpl(org.forgerock.openam.monitoring.cts.FORGEROCK_OPENAM_CTS_MIBImpl) FORGEROCK_OPENAM_POLICY_MIBImpl(org.forgerock.openam.monitoring.policy.FORGEROCK_OPENAM_POLICY_MIBImpl) File(java.io.File) Map(java.util.Map) HashMap(java.util.HashMap) HtmlAdaptorServer(com.sun.jdmk.comm.HtmlAdaptorServer) MBeanRegistrationException(javax.management.MBeanRegistrationException)

Aggregations

AuthInfo (com.sun.jdmk.comm.AuthInfo)1 HtmlAdaptorServer (com.sun.jdmk.comm.HtmlAdaptorServer)1 SnmpAdaptorServer (com.sun.management.comm.SnmpAdaptorServer)1 SnmpStatusException (com.sun.management.snmp.SnmpStatusException)1 File (java.io.File)1 IOException (java.io.IOException)1 MalformedURLException (java.net.MalformedURLException)1 HashMap (java.util.HashMap)1 Map (java.util.Map)1 InstanceAlreadyExistsException (javax.management.InstanceAlreadyExistsException)1 InstanceNotFoundException (javax.management.InstanceNotFoundException)1 JMException (javax.management.JMException)1 JMRuntimeException (javax.management.JMRuntimeException)1 MBeanRegistrationException (javax.management.MBeanRegistrationException)1 MBeanServer (javax.management.MBeanServer)1 MalformedObjectNameException (javax.management.MalformedObjectNameException)1 NotCompliantMBeanException (javax.management.NotCompliantMBeanException)1 ObjectName (javax.management.ObjectName)1 RuntimeOperationsException (javax.management.RuntimeOperationsException)1 JMXServiceURL (javax.management.remote.JMXServiceURL)1