Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved

2016-03-20 Thread David Kerber 

On 3/19/2016 5:39 PM, Daniel Savard wrote:

André,

I was just trying to understand why this was a so hard requirement to
run on port 80. The provided answers didn't help to understand why
this was hardly needed. I was just questioning and sometimes, we, yes
I include myself, look at a problem with a narrow view how to solve it
and it may be helpful to be provided alternate solutions.


The most common reason to run TC on port 80 is for simplicity of 
configuration, on production, but not huge-traffic web sites which can 
tolerate a small amount of down time.





But, anyway, enough on this.
-
Daniel Savard


2016-03-19 17:02 GMT-04:00 André Warnier (tomcat) :

Daniel,

first of all, stop top-posting (this applies to both of you). This is not
the style of posting desired on this list.
See http://tomcat.apache.org/lists.html#tomcat-users, #6.

Secondly,
the original poster (lyallex) wants to run Tomcat under Linux, without a
front-end, as a webserver, listening on port 80, but running as a user which
is not root.
This is a legitimate way of running Tomcat, and it is not for you to tell
him to run it otherwise.  Presumably, he knows what he is doing, under his
circumstances.

Tomcat by itself cannot do that, because it cannot by itself start as root,
bind to port 80, and then switch users.
The jsvc program (a "wrapper" for the JVM which runs Tomcat) allows this,
which is why the OP wants to use it.
But he has problems configuring this to run under systemd.
And this was his question : how to run Tomcat as non-root under a JVM under
jsvc under systemd, listening on port 80.

I have not yet tried it myself, so I cannot really help.
But I have a feeling that the information that you have provided earlier,
can be extrapolated to the configuration which lyallex wants.
So thank you for providing that information, and let's leave it at that.
There is no need and no point in transforming this conversation into a flame
now.



On 19.03.2016 21:33, Daniel Savard wrote:

I still don't see how the number of concurrent sessions is related to
the port number.

The default ports for Tomcat are 8080 and 8443.

For huge websites, usually you have a load balancer as a front-end
anyway. You then get the capability to distribute the workload on more
than one instance of Tomcat and/or servers, so, sticking on a single
port isn't desirable since many instances on a single server cannot
run on the same port. You get the capability to eliminate any
single-point of failure as well as getting the capability to implement
a non-stop environment making a Tomcat cluster.
-
Daniel Savard


2016-03-19 15:40 GMT-04:00 Lyallex :



On 19 March 2016 at 19:19, Daniel Savard  wrote:

I see what you were trying to achieve, however I don't see much
interest in that.


Really, I've been running a successful commercial web site for the
last 4 years using Tomcat as a standalone web server
and servlet container using exactly this solution. 1000 concurrent
sessions pose no problem
I mentioned this in my first post, sorry if you missed it.


1) Obviously, if you were expecting systemd to solve that problem, you
were wrong and it is a sane behavir of systemd to not allow that
neither


No, you misunderstood. I was trying to start jsvc from a systemd service
file
Please read more carefully.I never suggested that systemd would solve
the problem


2) Your solution to your problem is lying on jsvc alone.
3) I believe is bad security practice to insist to bind on privileged
ports for process that don't need that level of privilege.

Btw, even if you switch to another user to run the code, you actually
are binding to port 80 as root.

Maybe you can explain us why you want to do such a thing and using any
other unprivileged port isn't a solution to your problem.


What is the default port for non.-encrypted http traffic to a web server?

Anyway, I see no reason to start a slanging match, I have better things
to do.
It's all working quite nicely now anyway, thank you for your input.

To learn about jsvc see
http://commons.apache.org/proper/commons-daemon/jsvc.html
You'll need an up to date ANSI C compiler (I use gcc)

Lyallex



Regards,
-
Daniel Savard


2016-03-19 12:10 GMT-04:00 Lyallex :

It's the simplest way to find out which port you have Tomcat listening
on

*NIX based systems don't allow non root uses bind to ports < 1024

jsvc
http://commons.apache.org/proper/commons-daemon/jsvc.html

solves this problem, nobody seems to have grasped that this is what I
was asking about.
I know of no way to start the container, on port 80 using either
startup.sh or catalina.sh using start, run or anything else.
If I'm wrong then I would love to see how it's done.

CentOS Linux release 7.2.1511 (Core)


On 19 March 2016 at 13:46, Daniel Savard 
wrote:

Why? What is the point? The server.xml has nothing to do with
integration with systemd.
-
Daniel Savard


2016-03-19 1:40 GMT-04:00 Lyallex :

Would you mi

How to start Tomcat as a standalone web server using the systemd init system

2016-03-20 Thread Lyallex 
Apache-tomcat-7.0.42
Java 1.7.0_45-b18
CentOS Linux release 7.2.1511

I have been using various releases of Apache Tomcat as a standalone
web server and servlet container
to serve a commercial web-app written entirely in Java for the past 4
years. Recently my server host informed me that I needed to
move to their 'cloud'.

This meant moving from a CentOS release 5.2 system that used a
SysV-style init script in /etc/rc.d/init.d with symbolic links in
rc2.d, rc3.d, rc4.d and rc5.d
to a CentOS Linux release 7.2.1511 system that used a systemd init system

The init.d script was called tomcat7 and is listed at the end of this message.

Tomcat is employed as a stand alone web server binding to the default
port for inbound non-encrypted http traffic which is port 80.
Due to the restricions placed on privileged ports (< 1024) by UNIX
like systems this required the use of an additional component.

The component chosen was jsvc
(http://commons.apache.org/proper/commons-daemon/jsvc.html)
Tomcat documentation re jsvc
(https://tomcat.apache.org/tomcat-7.0-doc/setup.html)

The first attempt at getting Tomcat to start after a system reboot
consisted of calling the original inid.d script.

# touch /etc/systemd/system/tomcat.service

tomcat.service began life as follows

[Unit]
Description=The Jakarta Apache/Tomcat Server
After=network.target

[Service]
Type=forking
ExecStart=/etc/rc.d/init.d/tomcat7 start
ExecStop=/etc/rc.d/init.d/tomcat7 stop

[Install]
WantedBy=multi-user.target

This and many other versions that called the original init.d script
failed with various systemd error codes
The reason(s) are as yet not fully understood.

The final solution shows the invocation arguments passed to jsvc in
longhand, this is the only way we could get it to work.

[Unit]
Description=Apache Tomcat Web Application Container
After=network.target

[Service]
Type=forking
User=root

ExecStart=/opt/apache-tomcat-7.0.42/bin/jsvc \
-user tomcat \
-home /opt/jdk1.7.0_45 \
-Dcatalina.home=/opt/apache-tomcat-7.0.42 \
-Dcatalina.base=/opt/apache-tomcat-7.0.42 \
-Djava.io.tmpdir=/var/tmp \
-Djava.awt.headless=true \
-Xms512m \
-Xmx1024m \
-outfile /opt/apache-tomcat-7.0.42/logs/catalina.out \
-errfile /opt/apache-tomcat-7.0.42/logs/catalina.err \
-pidfile /var/run/tc7/jsvc.pid \
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
-Djava.util.logging.config.file=/opt/apache-tomcat-7.0.42/conf/logging.properties
\
-cp 
/opt/apache-tomcat-7.0.42/bin/bootstrap.jar:/opt/apache-tomcat-7.0.42/bin/commons-daemon.jar:/opt/jdk1.7.0_45/lib/tools.jar:/opt/apache-tomcat-7.0.42/bin/tomcat-juli.jar
\
org.apache.catalina.startup.Bootstrap

ExecStop=/bin/kill -9 /var/run/tc7/jsvc.pid
ExecStopPost=/bin/rm -f /var/tc7lock/subsys/tomcat /var/run/tc7/jsvc.pid

[Install]
WantedBy=multi-user.target

This works fine and Tomcat starts as expected when the system reboots.

Hope this saves someone some aggravation. There is still much that is
not understood and experimentation is ongoing as time allows.

Lyallex

=== /etc/rc.d/init.d/tomcat7 ===
JAVA_HOME=/opt/jdk1.7.0_45
CATALINA_HOME=/opt/apache-tomcat-7.0.42
export JAVA_HOME CATALINA_HOME
CLASSPATH=$CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/commons-daemon.jar:$JAVA_HOME/lib/tools.jar:$CATALINA_HOME/bin/tomcat-juli.jar
TOMCAT_USER=tomcat
TMPDIR=/var/tmp
PIDFILE=/var/run/tc7/jsvc.pid


RC=0

case "$1" in

  start)

   $CATALINA_HOME/bin/jsvc -user $TOMCAT_USER -home $JAVA_HOME
-Dcatalina.home=/opt/apache-tomcat-7.0.42
-Dcatalina.base=$CATALINA_HOME -Djava.io.tmpdir=$TMPDIR
-Djava.awt.headless=true \
 -Xms512m \
 -Xmx1024m \
 -outfile $CATALINA_HOME/logs/catalina.out \
 -errfile $CATALINA_HOME/logs/catalina.err \
 -pidfile '/var/run/tc7/jsvc.pid' \
 -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
 -Djava.util.logging.config.file=$CATALINA_HOME/conf/logging.properties \
 -cp $CLASSPATH  \
 org.apache.catalina.startup.Bootstrap

RC=$?

[ $RC = 0 ] && touch /var/tc7lock/subsys/tomcat
echo "starting tomcat7 on darkstar with:"
echo "JAVA_HOME=$JAVA_HOME"
echo "CATALINA_HOME=$CATALINA_HOME"
echo "CLASSPATH=$CLASSPATH"
echo "tomcat started"
;;

  stop)

PID=`cat /var/run/tc7/jsvc.pid`
kill $PID

   RC=$?

[ $RC = 0 ] && rm -f /var/tc7lock/subsys/tomcat /var/run/tc7/jsvc.pid
echo "stopping tomcat7 on darkstar with:"
echo "JAVA_HOME=$JAVA_HOME"
echo "CATALINA_HOME=$CATALINA_HOME"
echo "CLASSPATH=$CLASSPATH"

echo "tomcat stopped"
;;

  *)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit $RC

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org