Re: Cluster StaticMember (McastService:Required property "tcpListenPort" is missing)

2017-08-21 Thread Keiichi Fujino 
Hi

https://bz.apache.org/bugzilla/show_bug.cgi?id=61448#c2

2017-08-18 20:47 GMT+09:00 Carlos Peon Costa :

> Hello,
>
> It seems to me that it's always necessary to initialize
> membershipService, maybe something like that (untested):
>
> --- apache-tomcat-7.0.70-src/java/org/apache/catalina/tribes/
> group/ChannelCoordinator.java.original
> 2016-06-15 18:45:51.0 +0200
> +++ apache-tomcat-7.0.70-src/java/org/apache/catalina/tribes/
> group/ChannelCoordinator.java
>  2017-08-18 13:19:53.342672900 +0200
> @@ -148,6 +148,10 @@
>  }
>  clusterReceiver.start();
>  //synchronize, big time FIXME
> +
> membershipService.setLocalMemberProperties(getClusterReceiver().getHost(),
> +
> getClusterReceiver().getPort(),
> +
> getClusterReceiver().getSecurePort(),
> +
> getClusterReceiver().getUdpPort());
>  Member localMember = getChannel().getLocalMember(false);
>  if (localMember instanceof StaticMember) {
>  // static member
> @@ -155,13 +159,6 @@
>  staticMember.setHost(getClusterReceiver().getHost());
>  staticMember.setPort(getClusterReceiver().getPort());
>
> staticMember.setSecurePort(getClusterReceiver().getSecurePort());
> -} else {
> -// multicast member
> -
> membershipService.setLocalMemberProperties(getClusterReceiver().getHost(),
> -getClusterReceiver().getPort(),
> -getClusterReceiver().getSecurePort(),
> -getClusterReceiver().getUdpPort());
> -
>  }
>  valid = true;
>  }
>
> Regards,
> Carlos.
>
> On Fri, Aug 18, 2017 at 9:51 AM, Carlos Peon Costa 
> wrote:
> > The reason could be here:
> >
> > $ diff -r apache-tomcat-7.0.69-src/java/org/apache/catalina/tribes/
> group/ChannelCoordinator.java
> > apache-tomcat-7.0.70-src/java/org/apache/catalina/tribes/
> group/ChannelCoordinator.java
> > 146,149c151,165
> > < membershipService.setLocalMemberProperties(
> getClusterReceiver().getHost(),
> > <
>   getClusterReceiver().getPort(),
> > <
>   getClusterReceiver().getSecurePort(),
> > <
>   getClusterReceiver().getUdpPort());
> > ---
> >> Member localMember = getChannel().getLocalMember(
> false);
> >> if (localMember instanceof StaticMember) {
> >> // static member
> >> StaticMember staticMember =
> (StaticMember)localMember;
> >> staticMember.setHost(getClusterReceiver().getHost()
> );
> >> staticMember.setPort(getClusterReceiver().getPort()
> );
> >> staticMember.setSecurePort(getClusterReceiver().
> getSecurePort());
> >> } else {
> >> // multicast member
> >> membershipService.setLocalMemberProperties(
> getClusterReceiver().getHost(),
> >> getClusterReceiver().getPort(),
> >> getClusterReceiver().getSecurePort(),
> >> getClusterReceiver().getUdpPort());
> >>
> >> }
> >
>



-- 
Keiichi.Fujino

Re: Upgrading to 8.5.20 - issue when certificateKeyAlias is not set

2017-08-21 Thread Jesse Schulman 
I'm pretty sure this is a bug/regression related to a recent change by
markt: http://svn.apache.org/viewvc?view=revision=1800868

I think the issue was there before but we weren't hitting it, because the
logic of taking the first alias from the keystore (even if it does not
alias a key) was already there, but only after this change did we start to
hit that code.

We have worked around the issue with a "getFirstKeyAlias" method that we
use to set the certificateKeyAlias in our SSLHostConfigCertificate:

   private String getFirstKeyAlias(KeyStore keyStore) {
  try {
 Enumeration aliases = keyStore.aliases();
 while(aliases.hasMoreElements()) {
String alias = aliases.nextElement();
if (keyStore.isKeyEntry(alias))
   return alias;
}
  } catch (KeyStoreException e) {
  LOGGER.error("Failed to find first key alias in keystore", e);
  }

  return null;
   }

I think that something like this should around line 219 of JSSEUtil, where
currently it looks like this:

Enumeration aliases = ks.aliases();
if (!aliases.hasMoreElements()) {
throw new IOException(sm.getString("jsse.noKeys"));
}
keyAlias = aliases.nextElement();


Should I send this to the dev list instead?

Thanks!
Jesse

On Wed, Aug 16, 2017 at 3:02 PM Jesse Schulman  wrote:

> We use tomcat-embed and we have a test that is breaking with an upgrade
> from 8.5.12 to 8.5.20, it seems due to the fact that we do not set the
> certificateKeyAlias when we configure an SSLHostConfigCertificate.
>
> The documentation for certificateKeyAlias states "If not specified, the
> first *key* read from the keystore will be used."
>
> It seems that the first alias is being used and there is no check that it
> references a key.
>
> The result is that in JSSEUtil.getKeyManagers there is a call to
> KeyStore.getKey(keyAlias, keyPassArray) where keyAlias is actually an alias
> for a certificate, which leads to inMemoryKeyStore.setKeyEntry being passed
> null for the Key argument and eventually a KeyStoreException("Cannot store
> non-PrivateKeys").
>
> This worked previously with certificatekeyAlias being null.  I can confirm
> that this works just fine if I set that with the alias used when creating
> the KeyStore but I would rather not pass that alias around our code when I
> did not previously need to.
>
> Thanks!
> Jesse
>
>
>

Re: Tomcat server apparently bouncing up and down

2017-08-21 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

James,

On 8/18/17 5:13 PM, James H. H. Lampert wrote:
> On 8/18/17, 1:41 PM, Christopher Schultz wrote:
> 
>> You say that you aren't running it as a service. How then are
>> you running Tomcat?
> 
> startup.sh and shutdown.sh from a command line.
> 
>> Just starting catalina.sh from the CLI directly? If you run it in
>> the background, are you running it with nohup? If not, your
>> console closing might be killing the Java process. Hmm... but
>> you said that Tomcat does in fact shut down when you login and
>> stop it. Probably not a SIGHUP killing the process.
> 
> When it's unresponsive, it's apparently still running. But it's not
> just our context that's unresponsive; manager is also unresponsive.
> And we run with autodeploy disabled: aside from being a huge
> context that takes a while to deploy, it's also one that often
> needs to be stopped, have instance-specific values set in its
> web.inf, and then get restarted, before it can function normally.
> 
>> If you stop Tomcat (when it's unresponsive), then re-start it,
>> does it appear to work correctly right away, or do you need to do
>> anything else to get it to work again?
> 
> It opens up the port immediately, and serves a sign-on page for
> our webapp as soon as it's had a chance to initialize.
> 
> I looked in the latest localhost access log, and no sign of
> anything suspicious there.

If the JVM is still running, can you take a thread dump?

https://wiki.apache.org/tomcat/HowTo#How_do_I_obtain_a_thread_dump_of_my
_running_webapp_.3F

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJZm06OAAoJEBzwKT+lPKRYnk8P/0+248VvAIAFl07W5MOSpTk7
UpZqL4/aI21UWHHF61IqjvQyVcLyRR96jHut7crUSt1NpifjhZt/EWgfJTIvQDSs
Q2D7P8RH9OcNwT9v6H2q4eQW0/UW0dubyCcsSfx6Ts2qoCz6RLJr2ZIA7fOz+qT9
jG4ipYD3reUfmgxVrATjY7Lnfuehhnd8YX4FJnBZ1lg7p6zcHZDpqWj6yb/zTKIx
hW03bjy93cI+DWsgUFJCRH2LhA2I6bljihAyTrRfDKem9VF4MgOPmfGpvfZAC/6P
54tDvAAXj1KL7zGhGch479il6ZbkF7LllqV/0o6m9t1MhSes4PAmYWmbSf4CHLzC
8yyTyMAWm0+yavVpSALDtLlNWtmQMc7BbdwS3lYg5RvdM7E6DnmZlIeX0dQ9Nel+
3rg+4kGxYWsP3nx3MKWusTyA1qi9pNypWbY+ztY/+xYIzWj8EoAXIzcSgjZAHet1
jEJC+krV3VyewHYncyuv/aXfCtv4atVvtRHzJ1OWphTTp3/Axt3+5OD92MmfSTYj
5xhSNXu0xQmBZY05SZiWNblF3yyaShU1CTnUnC8cVx6vXGQ+CEZN71KnnH0ZX9lE
G4tJEidiWuCSSLrmxPul8eRWz9dA3vvA/C6eE4QetVOKaLSHY/gKCEUAKt+MQgFU
jugee3DZjdq4S4OUM9U2
=TOFu
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Change of status code for ClientAbortExceptions - bug?

2017-08-21 Thread icyerasor 
markt wrote
> On 06/06/17 15:08, Thomas Eliassen wrote:
> ...
> 
> I think we are going to have to choose a "least bad" option here. Given
> that Tomcat has used 200 in the past and that there is the option to add
> %{javax.servlet.error.exception}r to the access log I think reverting
> the change to the status code is the best (well, least bad) option here.
> 
> I'll get that done shortly.
> 
> Mark

I saw that the change was kind of reverted with Revision 1797829 in
http://svn.apache.org/repos/asf/tomcat/tc8.5.x/trunk/java/org/apache/coyote/AbstractProcessor.java
- but it does not work for me. 
When I stop a request from within the client the method is called with an
ErrorState.CLOSE_NOW and t=null. Thus !(t instanceof IOException) is true
and the status will be set to 500 again.

Maybe it would make more sense to check for
if (response.getStatus() < 400 && errorState.isIoAllowed()) 
// then set to 500, otherwise it was probably a client disconnect

I also saw that with 8.5.20 the %X accessLog format was added, which I might
be able to use to differentiate between "real" 500 server-errors and client
disconnects.

Best Regards
Andreas




--
View this message in context: 
http://tomcat.10.x6.nabble.com/Change-of-status-code-for-ClientAbortExceptions-bug-tp5063738p5066604.html
Sent from the Tomcat - User mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [ANN] Webinar: Tomcat and MoSKito

2017-08-21 Thread Igal @ Lucee.org 

On 8/21/2017 5:55 AM, Mark Thomas wrote:

Your help to spread the word would be much appreciated. Please forward
the details to anyone (colleagues, customers, etc.) you know you may be
interested.


I posted this to the Lucee forum
https://dev.lucee.org/t/tomcatcon/2647/2

Many of our users run Lucee (which is a JSP Servlet) in Tomcat.

Igal Sapir
Lucee Core Developer
Lucee.org

Re: [ANN] Webinar: Tomcat and MoSKito

2017-08-21 Thread Mark Thomas 
Hi all,

Just a brief reminder that this Webinar will be taking place on Thursday.

Your help to spread the word would be much appreciated. Please forward
the details to anyone (colleagues, customers, etc.) you know you may be
interested.

Hope to see you there,

Mark


On 03/08/17 15:18, Mark Thomas wrote:
> All,
> 
> The Tomcat community is hosting a webinar by Leon Rosenberg:
> 
> Monitoring your tomcat web-application in production with MoSKito. Get
> full control of threads, memory and execution time usage of the JVM and
> your code.
> 
> Topic: Tomcat and MoSKito
> Time: Aug 24, 2017 14:00 UTC
>15:00 London, Dublin
>16:00 Amsterdam, Berlin, Rome, Stockholm, Vienna
> 
> Join from PC, Mac, Linux, iOS or Android:
> https://pivotal.zoom.us/j/949439493
> 
> The webinar will be recorded and the recording made available on the
> Tomcat YouTube channel shortly afterwards.
> 
> Hope to see you there.
> 
> Mark
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [ANN] Webinar: Tomcat and MoSKito

2017-08-21 Thread Mark Thomas 
Hi all,

Just a brief reminder that this Webinar will be taking place on Thursday.

Please pass on the information about this webinar to anyone (colleagues,
customers, etc) you think may be interested.

We hope to see you there.

Mark


On 03/08/17 15:18, Mark Thomas wrote:
> All,
> 
> The Tomcat community is hosting a webinar by Leon Rosenberg:
> 
> Monitoring your tomcat web-application in production with MoSKito. Get
> full control of threads, memory and execution time usage of the JVM and
> your code.
> 
> Topic: Tomcat and MoSKito
> Time: Aug 24, 2017 14:00 UTC
>15:00 London, Dublin
>16:00 Amsterdam, Berlin, Rome, Stockholm, Vienna
> 
> Join from PC, Mac, Linux, iOS or Android:
> https://pivotal.zoom.us/j/949439493
> 
> The webinar will be recorded and the recording made available on the
> Tomcat YouTube channel shortly afterwards.
> 
> Hope to see you there.
> 
> Mark
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org