Firstly apologies to anyone I have sent an unsolicited reply to personally, Stupid, tired, It won't happen again
Thanks to all for the responses so far The problem with using the startup and shutdown scripts is that the process ends up running as root. As any server admin worth his salt will tell you, running a 'public facing' service as root is a bad idea. The whole point of using jsvc is that you can start the container as root and switch to a non-privileged user later on. Thanks to those who have offered systemd type solutions, unfortunately none of them work on CentOS Linux release 7.2.1511. I now face the prospect of having to wade through the systemd docs and spend as much as needed experimenting to get this to work as required, still, I have nothing better to do ! Thanks again Lyallex On 17 March 2016 at 11:41, jieryn <jie...@gmail.com> wrote: > ExecStartPre=/usr/sbin/setcap 'cap_net_bind_service=+ep' > /usr/share/tomcat/bin/catalina.sh > > I see a lot of advice for start/stop instead of run within systemd > unit files, both here and in the wild. The gem in the rant I linked is > about start vs run. Sorry if you didn't see it. > > On Thu, Mar 17, 2016 at 1:42 AM, Lyallex <lyal...@gmail.com> wrote: >> But that doesn't work for ports < 1024 >> >> >> On 17 March 2016 at 01:47, jieryn <jie...@gmail.com> wrote: >>> Meh. It's short and sweet and working systemd unit file. >>> >>> [Unit] >>> Description=Apache Tomcat Web Application Container >>> [Service] >>> User=tomcat >>> Group=tomcat >>> ExecStart=/usr/share/tomcat/bin/catalina.sh run >>> [Install] >>> WantedBy=multi-user.target >>> >>> >>> On Wed, Mar 16, 2016 at 8:57 PM, Christopher Schultz >>> <ch...@christopherschultz.net> wrote: >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> >>>> jieryn, >>>> >>>> On 3/16/16 1:36 PM, jieryn wrote: >>>>> http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/systemd-house >>>> - -of-horror/tomcat.html >>>> >>>> Wow, >>>>> >>>> lots of ranting about environment variables and little-used PID >>>> files. >>>> >>>> If the author only understood the reasons behind the way catalina.sh >>>> works, he might not have embarrassed himself. >>>> >>>> It must be hard being so smart and important that you have to quit the >>>> Internet for good[1]. >>>> >>>> - -chris >>>> >>>> [1] >>>> http://homepage.ntlworld.com/jonathan.deboynepollard/contacting-the-auth >>>> or.html#SMTP >>>> >>>>> On Wed, Mar 16, 2016 at 1:01 PM, Lyallex <lyal...@gmail.com> >>>>> wrote: >>>>>> Apologies for dredging this up but I'm having some problems with >>>>>> this. Any ideas much appreciated. >>>>>> >>>>>> Ii have been forced to move from a version of centOS the used the >>>>>> old /etc/rc.d/init.d way of doing things to a new version of >>>>>> CentOS that uses systemd. The hosts can't or won't help because >>>>>> I'm using a 'non-standard setup' Basically I'm using tomcat >>>>>> standalone on port 80 to serve up my site. I use jsvc with a >>>>>> start/stop script in /etc/rc.d/init.d with symbolic links in >>>>>> rc2.d, rc3.d. rc4.d and rc5.d This has been working faultlessly >>>>>> for nearly 4 years. >>>>>> >>>>>> I have installed Tomcat, Java and all required resources on the >>>>>> new server, I have dulpicated the configuration in /etc but >>>>>> needless to say when I restart the server Tomcat doesn't start >>>>>> >>>>>> Starting from the command line as root with >>>>>> /etc/rc.d/init.d/tomcat7 works as it has always done and starts >>>>>> tomcat as root then switches to an unprivileged, no login user >>>>>> (tomcat) >>>>>> >>>>>> I followed your instructions and came up with the following >>>>>> >>>>>> # touch /etc/systemd/system/tomcat.service # nano >>>>>> /etc/systemd/system/tomcat.service >>>>>> >>>>>> tomcat.service looks like this >>>>>> >>>>>> [Unit] Description=The Jakarta Apache/Tomcat Server >>>>>> After=network.target >>>>>> >>>>>> [Service] Type=forking ExecStart=/etc/rc.d/init.d/tomcat7 start >>>>>> ExecStop=/etc/rc.d/init.d/tomcat7 stop >>>>>> >>>>>> [Install] WantedBy=multi-user.target >>>>>> >>>>>> # chmod 664 /etc/systemd/system/tomcat.service >>>>>> >>>>>> [root@vps init.d]# systemctl daemon-reload >>>>>> >>>>>> [root@vps init.d]# systemctl start tomcat.service Job for >>>>>> tomcat.service failed because the control process exited with >>>>>> error code. See "systemctl status tomcat.service" and "journalctl >>>>>> -xe" for details. >>>>>> >>>>>> [root@vps init.d]# systemctl status tomcat.service tomcat.service >>>>>> - The Jakarta Apache/Tomcat Server Loaded: loaded >>>>>> (/etc/systemd/system/tomcat.service; disabled; vendor preset: >>>>>> disabled) Active: failed (Result: exit-code) since Wed 2016-03-16 >>>>>> 16:40:55 GMT; 18s ago Process: 4596 >>>>>> ExecStart=/etc/rc.d/init.d/tomcat7 start (code=exited, >>>>>> status=203/EXEC) >>>>>> >>>>>> Mar 16 16:40:55 vps.example.com systemd[1]: Starting The Jakarta >>>>>> Apache/Tomcat Server... Mar 16 16:40:55 vps.example.com >>>>>> systemd[1]: tomcat.service: control process exited, code=exited >>>>>> status=203 Mar 16 16:40:55 vps.example.com systemd[1]: Failed to >>>>>> start The Jakarta Apache/Tomcat Server. Mar 16 16:40:55 >>>>>> vps.example.com systemd[1]: Unit tomcat.service entered failed >>>>>> state. Mar 16 16:40:55 vps.example.com systemd[1]: tomcat.service >>>>>> failed. >>>>>> >>>>>> tomcat7 fwiw >>>>>> >>>>>> >>>>>> # chkconfig: - 71 19 # description: Start up the Tomcat servlet >>>>>> engine. # this is the startup file for the new version # >>>>>> 24/10/2013 by lyallex # use java 7 # >>>>>> JAVA_HOME=/usr/local/java/jdk1.6.0_07 JAVA_HOME=/opt/jdk1.7.0_45 >>>>>> CATALINA_HOME=/opt/apache-tomcat-7.0.42 export JAVA_HOME >>>>>> CATALINA_HOME >>>>>> CLASSPATH=$CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/commons >>>> - -daemon.jar:$JAVA_HOME/lib/tools.jar:$CATALINA_HOME/bin/tomcat-juli.jar >>>>>> >>>>>> >>>> TOMCAT_USER=tomcat >>>>>> TMPDIR=/var/tmp PIDFILE=/var/run/tc7/jsvc.pid >>>>>> >>>>>> >>>>>> RC=0 >>>>>> >>>>>> case "$1" in >>>>>> >>>>>> start) >>>>>> >>>>>> $CATALINA_HOME/bin/jsvc -user $TOMCAT_USER -home $JAVA_HOME >>>>>> -Dcatalina.home=/opt/apache-tomcat-7.0.42 >>>>>> -Dcatalina.base=$CATALINA_HOME -Djava.io.tmpdir=$TMPDIR >>>>>> -Djava.awt.headless=true \ -Xms512m \ -Xmx1024m \ -outfile >>>>>> $CATALINA_HOME/logs/catalina.out \ -errfile >>>>>> $CATALINA_HOME/logs/catalina.err \ -pidfile >>>>>> '/var/run/tc7/jsvc.pid' \ >>>>>> -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager >>>>>> \ >>>>>> -Djava.util.logging.config.file=$CATALINA_HOME/conf/logging.propertie >>>> s >>>>>> \ -cp $CLASSPATH \ org.apache.catalina.startup.Bootstrap >>>>>> >>>>>> RC=$? >>>>>> >>>>>> [ $RC = 0 ] && touch /var/tc7lock/subsys/tomcat echo "starting >>>>>> tomcat7 on darkstar with:" echo "JAVA_HOME=$JAVA_HOME" echo >>>>>> "CATALINA_HOME=$CATALINA_HOME" echo "CLASSPATH=$CLASSPATH" echo >>>>>> "tomcat started" >>>>>> >>>>>> echo "CLASSPATH=$CLASSPATH" echo "tomcat started" ;; >>>>>> >>>>>> stop) >>>>>> >>>>>> PID=`cat /var/run/tc7/jsvc.pid` kill $PID >>>>>> >>>>>> RC=$? >>>>>> >>>>>> [ $RC = 0 ] && rm -f /var/tc7lock/subsys/tomcat >>>>>> /var/run/tc7/jsvc.pid echo "stopping tomcat7 on darkstar with:" >>>>>> echo "JAVA_HOME=$JAVA_HOME" echo "CATALINA_HOME=$CATALINA_HOME" >>>>>> echo "CLASSPATH=$CLASSPATH" >>>>>> >>>>>> echo "tomcat stopped" ;; >>>>>> >>>>>> *) echo "Usage: $0 {start|stop}" exit 1 esac exit $RC >>>>>> >>>>>> >>>>>> >>>>>> TIA Lyallex >>>>>> >>>>>> >>>>>> On 5 June 2015 at 13:37, Ray Holme <rayho...@yahoo.com.invalid> >>>>>> wrote: >>>>>>> That looks OK, but I would suggest the following. Put all the >>>>>>> real stuff in a standard bash script with 3 parameters start, >>>>>>> stop, restart- pretty much like the OLD system 5 way fo doing >>>>>>> things.This has the advantage of allowing you to add other >>>>>>> things you might want to add AND executing the script as root >>>>>>> is pretty obvious. (I needed to add starting an LibreOffice >>>>>>> server and a few other daemons to get that going). Embed the >>>>>>> catalina start stop in that script.The just make the systemd >>>>>>> script VERY SIMPLY call your standard above start/stop script. >>>>>>> e.g. my script name is S95tomcat and the systemd entry is >>>>>>> trivial. here is tomcat.service: >>>>>>> >>>>>>> [Unit] Description=The Jakarta Apache/Tomcat Server >>>>>>> After=network.target >>>>>>> >>>>>>> [Service] Type=forking ExecStart=/local/bin/S95tomcat start >>>>>>> ExecReload=/local/bin/S95tomcat restart >>>>>>> ExecStop=/local/bin/S95tomcat stop >>>>>>> >>>>>>> [Install] WantedBy=multi-user.target >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Thursday, June 4, 2015 9:31 PM, Dale Ogilvie >>>>>>> <dale_ogil...@trimble.com> wrote: >>>>>>> >>>>>>> >>>>>>> Hi all, >>>>>>> >>>>>>> I am trying to put together a systemd script for an install of >>>>>>> the current binary release tomcat7. Follows my current best >>>>>>> effort, cobbled together from the (RH)EL7 packaged version and >>>>>>> some googling... I am trying to use the unadulterated tomcat >>>>>>> up/down scripts from the binary release. >>>>>>> >>>>>>> Any suggestions as to how this might be improved? I'm not sure >>>>>>> if I am using the right service type here, based on what >>>>>>> catalina.sh is doing under the hood. That said, it seems to >>>>>>> work. >>>>>>> >>>>>>> Thanks >>>>>>> >>>>>>> Dale >>>>>>> >>>>>>> **** follows apache-tomcat.service >>>>>>> >>>>>>> # Systemd unit file for apache-tomcat # >>>>>>> >>>>>>> [Unit] Description=Apache Tomcat Web Application Container >>>>>>> After=syslog.target network.target >>>>>>> >>>>>>> [Service] Type=forking >>>>>>> PIDFile=/var/run/apache-tomcat/apache-tomcat.pid >>>>>>> ExecStart=/opt/apache-tomcat/bin/startup.sh >>>>>>> ExecStop=/opt/apache-tomcat/bin/shutdown.sh >>>>>>> SuccessExitStatus=0 User=apache-tomcat Group=apache-tomcat >>>>>>> >>>>>>> >>>>>>> [Install] WantedBy=multi-user.target >>>>>>> >>>>>>> ***** follows setenv.sh commented out sections removed >>>>>>> >>>>>>> # Where your java installation lives >>>>>>> JAVA_HOME="/usr/java/latest" >>>>>>> >>>>>>> # Where your tomcat installation lives >>>>>>> CATALINA_BASE="/opt/apache-tomcat" >>>>>>> CATALINA_HOME="/opt/apache-tomcat" >>>>>>> CATALINA_OUT="/var/log/apache-tomcat/catalina.out" >>>>>>> JASPER_HOME="/opt/apache-tomcat" >>>>>>> CATALINA_TMPDIR="/opt/apache-tomcat/temp" >>>>>>> >>>>>>> CATALINA_OPTS="-Xms1G -Xmx2G" >>>>>>> >>>>>>> # What user should run tomcat TOMCAT_USER="apache-tomcat" >>>>>>> >>>>>>> # Run tomcat under the Java Security Manager >>>>>>> SECURITY_MANAGER="false" >>>>>>> >>>>>>> # Time to wait in seconds, before killing process >>>>>>> SHUTDOWN_WAIT="90" >>>>>>> >>>>>>> # Whether to annoy the user with "attempting to shut down" >>>>>>> messages or not SHUTDOWN_VERBOSE="false" >>>>>>> >>>>>>> # Set the TOMCAT_PID location >>>>>>> CATALINA_PID="/var/run/apache-tomcat/apache-tomcat.pid" >>>>>>> >>>>>>> # Connector port is 8080 for this tomcat instance >>>>>>> CONNECTOR_PORT="8080" >>>>>>> >>>>>>> >>>>>>> -------------------------------------------------------------------- >>>> - - >>>>>>> >>>>>>> >>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>>>>> For additional commands, e-mail: users-h...@tomcat.apache.org >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> --------------------------------------------------------------------- >>>>>> >>>>>> >>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>>>> For additional commands, e-mail: users-h...@tomcat.apache.org >>>>>> >>>>> >>>>> --------------------------------------------------------------------- >>>>> >>>>> >>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>>> For additional commands, e-mail: users-h...@tomcat.apache.org >>>>> >>>> -----BEGIN PGP SIGNATURE----- >>>> Comment: GPGTools - http://gpgtools.org >>>> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ >>>> >>>> iEYEARECAAYFAlbqAPMACgkQ9CaO5/Lv0PDQqwCbBUDR1aA8zo9iwC0iYh5XiyMn >>>> 9lkAnRL+3KCHQ+POUIQQ4qrYhe8oHmOT >>>> =8mSc >>>> -----END PGP SIGNATURE----- >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>> For additional commands, e-mail: users-h...@tomcat.apache.org >>>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
