Add Tomcat

Step 1: Prepare Tomcat for monitoring.

Prerequisites and Credentials

Prerequisites and Credentials
Tomcat is monitored using JMX. You must configure Tomcat for JMX remote monitoring even if you are using a local agent. Tomcat can be monitored with or without authentication. If a JMX credential is created, then it’s assumed you’re monitoring this entity with credentials. To create a JMX credential for monitoring: Edit the environment file: `vi $CATALINA_HOME/bin/setenv.sh` Add: `CATALINA_OPTS="-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=9999 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.password.file=../conf/jmxremote.password -Dcom.sun.management.jmxremote.access.file=../conf/jmxremote.access"` Save the file. Change the file permission as executable: `chmod 755 $CATALINA_HOME/bin/setenv.sh` Edit the password file: `vi $CATALINA_HOME/conf/jmxremote.password` Add: `control tomcat admin tomcat` Edit the access file: `vi $CATALINA_HOME/conf/jmxremote.access` Add: `control readonly admin readwrite` Change the file permission for only the owner: `chmod 600 jmxremote.access chmod 600 jmxremote.password` Bounce the Tomcat instance: `sh $CATALINA_HOME/bin/shutdown.sh sh $CATALINA_HOME/bin/startup.sh` If you have enabled the Tomcat JMX with SSL, you must export the certificate from its keystore and import it in the Cloud Agent keystore. Perform the following steps: Export the certificate from the Tomcat instance JMX SSL keystore to the Cloud Agent's truststore. For example, on a UNIX host: `cd <agent Base Directory>/agentStateDir/sysman/config/montrust` `keytool -exportcert -alias <alias of Tomcat JMX SSL key> -file <Exported Cert Name>.cer -keystore <path to the Tomcat JMX SSL Keystore>.keystore -storepass <Tomcat JMX SSL Keystore password> -rfc` Import the Tomcat instance JMX SSL keystore to the Cloud Agent's truststore: `keytool -import -noprompt -alias <alias agent's truststore key> -file <Exported Cert Name>.cer -keystore AgentTrust.jks -storepass <agent truststore password, default is "welcome">` Restart the agent, using the command line interface: `omcli stop agent omcli start agent`

Tomcat is monitored using JMX. You must configure Tomcat for JMX remote monitoring even if you are using a local agent.

Tomcat can be monitored with or without authentication. If a JMX credential is created, then it’s assumed you’re monitoring this entity with credentials.

To create a JMX credential for monitoring:

Edit the environment file:

vi $CATALINA_HOME/bin/setenv.sh

Add:

CATALINA_OPTS="-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=9999 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.password.file=../conf/jmxremote.password -Dcom.sun.management.jmxremote.access.file=../conf/jmxremote.access"

Save the file.
Change the file permission as executable:
```
chmod 755 $CATALINA_HOME/bin/setenv.sh
```

Edit the password file:

vi $CATALINA_HOME/conf/jmxremote.password

Add:

control tomcat
admin tomcat

Edit the access file:

vi $CATALINA_HOME/conf/jmxremote.access

Add:

control readonly
admin readwrite

Change the file permission for only the owner:

chmod 600 jmxremote.access
chmod 600 jmxremote.password

Bounce the Tomcat instance:

sh $CATALINA_HOME/bin/shutdown.sh
sh $CATALINA_HOME/bin/startup.sh

If you have enabled the Tomcat JMX with SSL, you must export the certificate from its keystore and import it in the Cloud Agent keystore. Perform the following steps:

Export the certificate from the Tomcat instance JMX SSL keystore to the Cloud Agent's truststore. For example, on a UNIX host:

cd <agent Base Directory>/agentStateDir/sysman/config/montrust

keytool -exportcert -alias <alias of Tomcat JMX SSL key> -file <Exported Cert Name>.cer -keystore <path to the Tomcat JMX SSL Keystore>.keystore -storepass <Tomcat JMX SSL Keystore password> -rfc
Import the Tomcat instance JMX SSL keystore to the Cloud Agent's truststore:

keytool -import -noprompt -alias <alias agent's truststore key> -file <Exported Cert Name>.cer -keystore AgentTrust.jks -storepass <agent truststore password, default is "welcome">
Restart the agent, using the command line interface:
```
omcli stop agent
omcli start agent
```

Step 2: Decide how you want to add the Tomcat.

You can add Tomcat entities using one of two ways:

Add them from UI
Use the agent's omcli add_entity command with the appropriate JSON files

Adding Entities from the UI

From the Management Cloud main menu, select Administration, Discovery, and then Add Entity. The Add Entity page displays.
Select the Tomcat Entity Type.

Enter the following UI properties.

Tomcat UI Fields
Discover Using Credentials: Discover Tomcat using Tomcat credentials (on by default). Entity Name: Name of this entity displayed in the Oracle Management Cloud console. Host Name: The fully-qualified host name where the Tomcat entity is installed. JMX Port Number: The JMX port used by the Tomcat entity. Cloud Agent: The cloud agent monitoring the host where Tomcat is installed. Monitoring Credentials JMX Username: The Tomcat user name. JMX Password: The Tomcat user name password.

Tomcat UI Fields

Discover Using Credentials: Discover Tomcat using Tomcat credentials (on by default).
Entity Name: Name of this entity displayed in the Oracle Management Cloud console.
Host Name: The fully-qualified host name where the Tomcat entity is installed.
JMX Port Number: The JMX port used by the Tomcat entity.
Cloud Agent: The cloud agent monitoring the host where Tomcat is installed.

Monitoring Credentials

JMX Username: The Tomcat user name.
JMX Password: The Tomcat user name password.

See Add Entities from the Console for detailed instructions on using the Add Entity UI.

Using omcli and the Appropriate JSON Files

Download and extract the required JSON file(s) from the master JSON zip file. See the table below for the specific JSON files you'll need.

Edit the file(s) and specify the requisite properties shown below.

Tomcat JSON Files and Properties

Tomcat JSON Files and Properties
Definition File: omc_tomcat_secure_sample.json name: Your Tomcat name. displayName: Name displayed in the Oracle Infrastructure Monitoring User Interface. timezoneRegion: Time zone of your entity. It is recommended that you use the long values IANA-maintained TZ database time zones. For example: America/New_York host_name: Under “value”, provide the fully-qualified Tomcat host name where the Tomcat entity is installed. jmx_port: Under “value”, provide the JMX port used by the Tomcat entity. Credential Files omc_tomcat_secure_creds.json jmx_username: Under “value”, within the square brackets, provide the Tomcat user name. Leave this field blank and still include the credential JSON file for credential-less discovery. Do not remove the square brackets. jmx_password: Under “value”, within the square brackets, provide the Tomcat user name password. Leave this field blank and still include the credential JSON file for credential-less discovery. omc_tomcat_secureSSL_creds.json ssl_trust_store: Under “value”, within the square brackets, provide the full path to the Cloud Agent truststore, AgentTrust.jks. For example, <agent base directory>/sysman/config/montrust/AgentTrust.jks ssl_trust_store_password: Under “value”, within the square brackets, provide the Cloud Agent truststore password, the default is "welcome". Do not remove the square brackets. Note: To add a Tomcat entity that does not require credentials, simply add the entity without any credentials. And, if you do not provide any credentials, make sure input JSON file also does not contain any references to credentials. To add a Tomcat entity without credentials, you will still need to provide the credentials file (omc_tomcat_secure_creds.json) but keep the `jmx_username` value blank, as shown in the following example. `{ "credentials": [{ "id": "TomcatCredsNormal", "name": "tomcat_creds", "credType": "TomcatCreds ", "properties": [{ "name": "jmx_username", "value": "CLEAR[]" }, { "name": "jmx_password", "value": "CLEAR[]" }] }] }` Note: Beginning with Oracle Management Cloud 1.30, Tomcat discovery will always use the Agent Trust Store. User-provided SSL Trust Store will no longer be accepted.

Definition File: omc_tomcat_secure_sample.json

name: Your Tomcat name.
displayName: Name displayed in the Oracle Infrastructure Monitoring User Interface.
timezoneRegion: Time zone of your entity. It is recommended that you use the long values IANA-maintained TZ database time zones. For example: America/New_York
host_name: Under “value”, provide the fully-qualified Tomcat host name where the Tomcat entity is installed.
jmx_port: Under “value”, provide the JMX port used by the Tomcat entity.

Credential Files

omc_tomcat_secure_creds.json

jmx_username: Under “value”, within the square brackets, provide the Tomcat user name. Leave this field blank and still include the credential JSON file for credential-less discovery. Do not remove the square brackets.
jmx_password: Under “value”, within the square brackets, provide the Tomcat user name password. Leave this field blank and still include the credential JSON file for credential-less discovery.

omc_tomcat_secureSSL_creds.json

ssl_trust_store: Under “value”, within the square brackets, provide the full path to the Cloud Agent truststore, AgentTrust.jks. For example, <agent base directory>/sysman/config/montrust/AgentTrust.jks
ssl_trust_store_password: Under “value”, within the square brackets, provide the Cloud Agent truststore password, the default is "welcome".

Do not remove the square brackets.

Note:

To add a Tomcat entity that does not require credentials, simply add the entity without any credentials. And, if you do not provide any credentials, make sure input JSON file also does not contain any references to credentials.

To add a Tomcat entity without credentials, you will still need to provide the credentials file (omc_tomcat_secure_creds.json) but keep the jmx_username value blank, as shown in the following example.

{
 "credentials": [{
 "id": "TomcatCredsNormal",
 "name": "tomcat_creds",
 "credType": "TomcatCreds ",
 "properties": [{
 "name": "jmx_username",
 "value": "CLEAR[]"
 }, {
 "name": "jmx_password",
 "value": "CLEAR[]"
 }]
 }]
}

Note:

Beginning with Oracle Management Cloud 1.30, Tomcat discovery will always use the Agent Trust Store. User-provided SSL Trust Store will no longer be accepted.

Add the entity using omcli.

omcli add_entity agent DEFINITION_FILE [-credential_file CREDENTIAL_FILE [-encryption_method_gpg]]

Verify the status of the newly added entity.
```
omcli status_entity agent DEFINITION_FILE
```

See step 4. Adding Entities to Your Service of Add Entities Using JSON Files for more information.

Step 3: (Optional but recommended) Set up alerts.

To enable lights-out monitoring, you can set up alert rules to generate alerts and send notifications if your entities have performance issues.

See Set Up Alert Rules and Set Up Alert Thresholds and Notifications.

Troubleshooting

If you run into any issues regarding discovery or monitoring of Tomcat, see the following: