PSI Probe 安装手记

鉴客 发布于 2011/11/13 15:45
阅读 7K+
收藏 18

一、简介

psi-probe是lambdaprobe的一个分支版本,用于对Tomcat进行监控,比tomcat的manager强大很多。

psi就是一个形如叉子的符号Ψ,希腊字母的第23个字母,用来代表fork。

为啥需要分支呢,因为lambdaprobe已经多年没有更新(大致在2006年就停止发布新版本了)。

二、下载地址

http://code.google.com/p/psi-probe/downloads/list

三、安装

1.解压,将probe.war放进webapps目录。

2.修改CATALINA_HOME/conf/tomcat-users.xml

(权限配置参考如下,由于首先保证可运行,权限没有特别细分,仅供参考)

<tomcat-users>
<!--
  NOTE:  By default, no user is included in the "manager-gui" role required
  to operate the "/manager/html" web application.  If you wish to use this app,
  you must define such a user - the username and password are arbitrary.
-->
<!--
  NOTE:  The sample user and role entries below are wrapped in a comment
  and thus are ignored when reading this file. Do not forget to remove
  <!.. ..> that surrounds them.
-->
  <role rolename="tomcat"/>
  <role rolename="role1"/>
  <role rolename="manager-gui"/>
  <role rolename="manager-script"/>
  <role rolename="manager-jmx"/>
  <role rolename="manager-status"/>
  <role rolename="poweruser"/>
  <role rolename="probeuser"/>
  <user username="tomcat" password="tomcat" roles="tomcat"/>
  <user username="both" password="tomcat" roles="tomcat,role1"/>
  <user username="role1" password="tomcat" roles="role1"/>

  <user username="sss" password="sss" roles="manager-gui"/>
  <user username="fbysss" password="sss" roles="manager-script,manager-jmx,manager-status,poweruser,probeuser"/>
</tomcat-users>

四、注意事项

1.不要忘记文件中的<!---->,默认是注释的,需要去掉

2.tomcat6.0.30以上,角色manager一分为四,manager仍保留但不建议使用,因为那样容易遭到CSRF攻击。详见下面的描述:

Note that for Tomcat 6.0.30 onwards, the roles required to use the manager application were changed from the single manager role to add the following four roles. (The manager role is still available but should not be used as it avoids the CSRF protection). You will need to assign the role(s) required for the functionality you wish to access. manager-gui - allows access to the HTML GUI and the status pages manager-script - allows access to the text interface and the status pages manager-jmx - allows access to the JMX proxy and the status pages manager-status - allows access to the status pages only The HTML interface is protected against CSRF but the text and JMX interfaces are not. To maintain the CSRF protection: users with the manager-gui role should not be granted either the manager-script or manager-jmx roles. if the text or jmx interfaces are accessed through a browser (e.g. for testing since these interfaces are intended for tools not humans) then the browser must be closed afterwards to terminate the session.

如果配置不对,就会出现403的错误,连tomcat的manager都进不了,更不用说probe了。

3.lambdaprobe是不支持tomcat6.0.30的。所以最好使用psi-probe。

4.在配置tomcat-users.xml时,还需要加入poweruser等角色,才可以正常使用,不然也是403Forbidden。

5.如果要查看System Information,需要在catalina.sh中加入如下语句:

JAVA_OPTS="$JAVA_OPTS -Dcom.sun.management.jmxremote"

windows版本:catalina.bat中加入SET JAVA_OPTS=%JAVA_OPTS% -Dcom.sun.management.jmxremote

五、权限控制

probe有 probeuser、poweruser、poweruserplus、manager(针对不同tomcat版本)等角色,对应可操作的功能如下表:

特别注意一点:表格里面的X表示拥有权限,也就是说,manager的权限是最大的,什么都能操作(不推荐配置)。

Features by Role

 

  probeuser poweruser poweruserplus manager
Context: list X X X X
Context: status X X X X
Context: view servlets X X X X
Context: view servlet mappings X X X X
Context: view filters X X X X
Context: view filter mappings X X X X
Context: list attributes X X X X
Context: remove attributes   X X X
Context: start   X X X
Context: stop   X X X
Context: view web.xml   X X X
Context: view context.xml       X
Context: deploy       X
Context: undeploy       X
Session: list X X X X
Session: list attributes X X X X
Session: search attributes X X X X
Session: remove attributes   X X X
Session: view last-accessed IP X X X X
Session: expire single   X X X
Session: expire multiple   X X X
JSP: list   X X X
JSP: view source   X X X
JSP: view servlet source   X X X
JSP: compile single   X X X
JSP: compile multiple   X X X
JSP: compile all on deployment       X
JSP: discard all compiled       X
Data Source: list X X X X
Data Source: group by JDBC URL X X X X
Data Source: status X X X X
Data Source: reset   X X X
Data Source: test     X X
Data Source: view query history     X X
Data Source: execute SQL     X X
Log: list X X X X
Log: tail in real-time X X X X
Log: download X X X X
Thread: list X X X X
Thread: view execution stack   X X X
Thread: kill       X
Connector: status X X X X
Connector: real-time usage charts X X X X
Cluster: status X X X X
Cluster: real-time traffic charts X X X X
JVM: real-time memory usage charts X X X X
JVM: status X X X X
JVM: advise GC       X
Java Service Wrapper: status X X X X
Java Service Wrapper: restart JVM       X
System: overview X X X X
System: properties X X X X
System: OS details       X
Quick Check: execute       X

六、效果图

文章出处:http://blog.csdn.net/fbysss/article/details/6221917

加载中
0
野人

大神,会报错是怎么回事啊?org.springframework.web.util.NestedServletException: Request processing failed; nested exception is java.lang.RuntimeException: No container found for your server: Apache Tomcat/8.0.9


0
L
Longlive
求教Tomcat8下面会报楼上的错误
返回顶部
顶部