If you want to remotely diagnose applications that are deployed in Serverless App Engine (SAE), you can use the remote debugging feature of SAE. This topic describes how to perform remote debugging by using a jump server and OpenSSH.
Prerequisites
An application is created. For more information, see Deploy a Java application to SAE 1.0.
Background information
A jump server is an accessible server that can be used to access other servers. In SAE, a jump server is used to perform mutual access and remote management between on-premises devices and SAE application instances over the SSH protocol. SAE provides namespace-level jump servers. After you add a jump server in a namespace, the jump server is automatically associated with the virtual private cloud (VPC) to which the namespace is bound. Then, you can use the jump server to access all application instances in the namespace with a few clicks. You can perform mutual access and debugging between on-premises devices and SAE application instances.
Remote debugging is used only for temporary debugging. If you enable remote debugging for a long period of time, risks such as data leaks may occur. We recommend that you delete the related jump server to disable remote debugging after you complete remote diagnostics tasks.
Step 1: Configure a jump server
Log on to the SAE console.
In the left-side navigation pane, click Namespaces. In the top navigation bar, select a region. Then, click the name of a namespace.
On the Basic Information tab, click Add Jump Server in the Jump Server Information field.
In the Add Jump Server panel, configure the parameters.
In the Configure Jump Server Creation Information step, configure the parameters and click Next. The following table describes the parameters.
Parameter
Description
VPC
The VPC where the jump server resides. The VPC is the same as the VPC where the SAE application resides. The value is automatically specified.
vSwitch
You must specify at least one vSwitch. We recommend that you specify no more than three vSwitches. You can click Modify to change the selected vSwitch. In the Select vSwitch dialog box, view and select a vSwitch in a recommended zone.
Security Group
Make sure that a custom inbound rule that allows TCP port 22 is associated with the selected security group.
SSH Certificate
In the code editor, enter the name of an SSH certificate or click Select File to upload an SSH certificate.
You can run a command in the
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
format to generate an SSH certificate. For more information about how to obtain an SSH certificate, see Generating a new SSH key and adding it to the ssh-agent.In the Create Jump Server Resource step, confirm the configurations and click OK.
The system automatically creates a jump server instance with 0.5-core CPU and 1-GiB memory and an elastic IP address (EIP) for the specified VPC and vSwitch in the current namespace. You are charged based on the usage duration. For more information, see SAE pay-as-you-go and EIP pay-as-you-go.
After the jump server is created, you can view the network configurations of the jump server on the Basic Information tab. The network configurations include the associated EIP, VPC, vSwitch, and security group.
Step 2: Install OpenSSH
You can install OpenSSH and use the remote debugging feature to log on over the SSH protocol and upload and download files over the SFTP or SCP protocol. This way, you can perform temporary debugging on an SAE application instance with ease. For more information, see Copy a command to install O&M components.
Log on to the SAE console.
In the left-side navigation pane, click Applications. In the top navigation bar, select a region. Then, click the name of an application.
On the Basic Information page, click the Instance Deployment Information tab. In the Default Group section, find the instance that you want to manage and click Webshell in the Actions column.
Click the icon in the upper right corner of the webshell window.
In the Copy Command dialog box, select Install openssh, preview the command, and then click Copy.
In the Webshell window, run the following commands to configure OpenSSH:
Run the copied OpenSSH installation command.
Run the passwd command to configure the instance password for logon.
Step 3: Perform remote debugging
After you enable remote debugging, you can use the obtained remote debugging IP address and port to perform remote debugging on a host that can access the Internet and has an SSH client. The following scenarios describe how to verify the remote debugging result.
Scenario 1: Access an SAE application instance from an on-premises device
Run the following command:
ssh -v root@{IP address of the SAE application instance} -J root@{Jump server IP address}
Scenario 2: Map a specific port of an SAE application instance to a local port
Run the following command:
ssh -v -L {Local debugging port}:{IP address of the SAE application instance}:{Port of the SAE application instance} root@{Jump server IP address} -N
Scenario 3: Perform remote debugging by using a Java application
Log on to the SAE console.
In the left-side navigation pane, click Applications. In the top navigation bar, select a region. Then, click the name of an application.
In the upper-right corner of the Basic Information page, click Deploy Application.
In the Startup Command Settings section of the Deploy Application page, configure a startup command. After you configure the settings, click Confirm.
The parameters that are required in a startup command vary based on the value of the Application Deployment Method parameter that you configure when you create the Java application.
ImportantAfter you click Confirm, the application is restarted. To prevent unpredictable errors, we recommend that you deploy applications during off-peak hours.
Image
In this example, the
ENTRYPOINT: [nginx, '-g', 'daemon off;']
command is configured. The following table describe the parameters in the command.Parameter
Description
Startup Command
Enter a startup command. Example:
nginx
.Startup Parameter
Enter a startup parameter. Example:
-g
.Click + Add to add a parameter in a new line. Example:
daemon off
.JAR package
Parameter
Description
Default Startup Command
The default startup command that is provided by SAE.
options Settings
The JVM parameters. For more information, see JVM options, Tuning Java Virtual Machines, and JVM Tuning: How to Prepare Your Environment for Performance Tuning.
If you want to use the remote debugging feature of the application, configure the following command according to the JDK version:
JDK 11 and JDK 17
-agentlib:jdwp=transport=dt_socket,address=*:9000,server=y,suspend=n
Other JDK versions
-agentlib:jdwp=transport=dt_socket,address=9000,server=y,suspend=n
where:
transport: the method that is used to transmit data during remote debugging.
address: the IP address of the client from which the O&M engineer performs remote debugging. Use the port that you specified when you enabled remote debugging. For more information, see Perform remote debugging.
ImportantThe startup command that is used when you deploy an application by using a WAR package is different from the startup command that is used when you deploy an application by using a JAR package. We recommend that you do not use the same startup command when you deploy applications by using different methods. You can use the preceding remote debugging command to debug an application regardless of whether you use a WAR package or a JAR package to deploy the application.
args Settings
The redirection parameter for standard output (stdout) and standard errors (stderr). Example:
1>>/tmp/std.log>&1
.options Shortcut Settings
This parameter is available only if you set the Java Environment parameter to Dragonwell.
Enable Performance Improvement for Microservices (Wisp2 Coroutine): By default, this feature is enabled. This feature improves the performance of multiple threads at runtime.
Enable Application Memory Optimization (G1): By default, this feature is enabled. This feature reduces the GC time in scenarios in which multiple CPUs and large-capacity memory are required. This feature is also suitable for GC optimization and big data scenarios.
Enable Application Startup Acceleration (Quickstart): This parameter is available only if you set the Java Environment parameter to Dragonwell 11. You can select Enable Application Startup Acceleration (Quickstart) and configure the Persistent Storage Directory parameter to improve the application startup efficiency.
ImportantBefore you select Enable Application Startup Acceleration (Quickstart), you must configure a File Storage NAS file system. For more information, see Configure NAS storage.
Persistent Storage Directory: This parameter is required if you select Enable Application Startup Acceleration (Quickstart). To accelerate application startup across instances, we recommend that you set the Persistent Storage Directory parameter to the directory or subdirectory of the NAS file system. For information about how to configure a NAS file system, see Configure NAS storage.
WAR package
Parameter
Description
Default Startup Command
The default startup command that is provided by SAE.
options Settings
The JVM parameters. For more information, see JVM options, Tuning Java Virtual Machines, and JVM Tuning: How to Prepare Your Environment for Performance Tuning.
If you want to use the remote debugging feature of the application, configure the following command according to the JDK version:
JDK 11 and JDK 17
-agentlib:jdwp=transport=dt_socket,address=*:9000,server=y,suspend=n
Other JDK versions
-agentlib:jdwp=transport=dt_socket,address=9000,server=y,suspend=n
where:
transport: the method that is used to transmit data during remote debugging.
address: the IP address of the client from which the O&M engineer performs remote debugging. Use the port that you specified when you enabled remote debugging. For more information, see Perform remote debugging.
ImportantThe startup command that is used when you deploy an application by using a WAR package is different from the startup command that is used when you deploy an application by using a JAR package. We recommend that you do not use the same startup command when you deploy applications by using different methods. You can use the preceding remote debugging command to debug an application regardless of whether you use a WAR package or a JAR package to deploy the application.
options Shortcut Settings
This parameter is available only if you set the Java Environment parameter to Dragonwell.
Enable Performance Improvement for Microservices (Wisp2 Coroutine): By default, this feature is enabled. This feature improves the performance of multiple threads at runtime.
Enable Application Memory Optimization (G1): By default, this feature is enabled. This feature reduces the GC time in scenarios in which multiple CPUs and large-capacity memory are required. This feature is also suitable for GC optimization and big data scenarios.
Enable Application Startup Acceleration (Quickstart): This parameter is available only if you set the Java Environmentparameter to Dragonwell 11. You can select Enable Application Startup Acceleration (Quickstart)and configure the Persistent Storage Directory parameter to improve the application startup efficiency.
Important
Before you select Enable Application Startup Acceleration (Quickstart), you must configure a File Storage NAS file system. For more information, see Configure NAS storage.
Persistent Storage Directory: This parameter is required if you select Enable Application Startup Acceleration (Quickstart). To accelerate application startup across instances, we recommend that you set the Persistent Storage Directory parameter to the directory or subdirectory of the NAS file system. For information about how to configure a NAS file system, see Configure NAS storage.
Enable debugging for an SAE application instance by following the instructions that are described in Step 1 and Step 2.
Run the following command to map a specific port of the SAE application instance to a local port:
ssh -v -L {Local debugging port}:{IP address of the SAE application instance}:{Port of the SAE application instance} root@{Jump server IP address} -N
Access
127.0.0.1 {Local debugging port}
from an on-premises device for debugging.
References
For more information about Java and PHP remote debugging, see the following topics:
If you configure a health check for the Java remote debugging port, you must set the breakpoint of IntelliJ IDEA to Thread during debugging. Otherwise, the health check fails. For more information, see Configure health checks.