On 31/01/2019 11:45, Vinu Vibhu Sobhana wrote: > Hai Mark, > > For your valid comment please for one more point mentioned in the trail mail.. > > > On Tue, Jan 29, 2019 at 4:11 PM Vinu Vibhu Sobhana <vvsv...@gmail.com> wrote: >> >> Hai Mark >> >> One more small clarity required on the previous reply with respective >> to the below point. >> >> You can use the FarmWarDeployer if you wish but you don't have to. >> Generally, the right answer here will be driven by how your organisation >> manages files on servers. >> >>>>>> Ok..If Iam having a load-balancer serving 2 tomcat instances configured >>>>>> with autoDeploy="true" and unpackWARs="false" in their server.xml >>>>>> respectively, running on two separate VMs. Also, Iam having a common >>>>>> share such as NFS folder mounted on both servers. This share folder >>>>>> contains a single folder named prod_webapps which contains all the >>>>>> required application war files that needs to be deployed on both tomcat >>>>>> servers. >> >> Can I have this prod_webapps folder soft-linked to both >> tomcat1/webapps folder and tomact2/webapps folder, so that we can have >> a centralized webapps deployment folder. Is this possible? Will this >> scenario feasible for Production deployment?
That is likely to be problematic if automatic deployment is enabled. If you must use softlinks, just soft-link the WAR. Personally, I would just copy the files. Mark >> >> Thank You >> Vinu VS >> >> On Tue, Jan 29, 2019 at 3:43 PM Mark Thomas <ma...@apache.org> wrote: >>> >>> On 29/01/2019 06:56, Vinu Vibhu Sobhana wrote: >>>> Hai Mark, >>>> >>>> Please find my comments on the reply sent earlier as some points are >>>> still remain unclear. >>>> >>>>> I have been assigned a new project that requires a web application to >>>>> be hosted using Tomcat-Cluster, as it is expected to receive high >>>>> traffic. >>>> High traffic may be a justification for load-balancing. It is not a >>>> justification for session replication. >>>> >>>>>>> Since we would be receiving high traffic it was decided to go with >>>>>>> multiple instances of tomcat using a load-balancer. >>>> >>>> Why 2 instances per VM rather than one larger instance per VM? >>>>>>> So for this point it is understood that it is best that we put only one >>>>>>> instance per VM (with large hardware resource). Iam I correct. Will the >>>>>>> same scenario be applicable while using physical machine. ie one Tomcat >>>>>>> instance per machine. What about the resource limitation (ie. any >>>>>>> memory allocation pool for a JVM, etc.) required that must be noted. >>> >>> The right configuration will depend on the app. Generally, for a well >>> written app one JVM per VM will be the best choice but only testing will >>> tell for sure. >>> >>>>> Point 1 >>>> Don't use any clustering at all. >>>> >>>>>>> This point was not clear at all. Are you suggesting that we configure >>>>>>> Tomcat instances without cluster and configure the load balancer with >>>>>>> session management and stickiness features to manage sessions?? >>> >>> Yes. Don;t use clustering unless you really need it. >>> >>>>> Point 2 >>>> N/A since clustering is not required. >>>> >>>>>>> If clustering is required for other scenarios, then please comment on >>>>>>> this point how should we deploy applications using Tomcat Manager App >>>>>>> on FarmWarDeployer folder >>> >>> You can use the FarmWarDeployer if you wish but you don't have to. >>> Generally, the right answer here will be driven by how your organisation >>> manages files on servers. >>> >>>>> Point 3 >>>> No. >>>>>>> This means that there is mo method to collect the errors for individual >>>>>>> domain when VirtualHost element is enabled. If there is any work-around >>>>>>> please suggest. Also will the catalina.out log contains errors for >>>>>>> these VirtualHost element? >>> >>> There is no workaround. >>> >>> A well written application should not be writing anything to catalina.out >>> >>>>> Point 8 >>>> Configure the load-balancer to use sticky sessions. You'll need to do >>>> that anyway if clustering is removed. >>>> >>>>>>> With respect to my project specification mentioned in point 8, you have >>>>>>> suggested to go with a load-balancer serving 2 tomcat instances, each >>>>>>> running on two separate VMs with enough resources. Moreover, these >>>>>>> tomcat instances are NOT to be in Clustered State and the session must >>>>>>> be managed by an external Load-balancer using Stick bit mode enable. Is >>>>>>> it correct?. >>> >>> Yes. >>> >>>> Is Tomcat CPU intrinsic or Memory? >>> >>> I don't understand the question. >>> >>> Mark >>> >>>> -- >>>> Thank You >>>> Vinu VS >>>> >>>> >>>> On Mon, Jan 28, 2019 at 3:00 PM Mark Thomas <ma...@apache.org> wrote: >>>>> >>>>> On 28/01/2019 07:25, Vinu Vibhu Sobhana wrote: >>>>>> Hai >>>>>> >>>>>> First of all Iam new to Tomcat-Cluster and hence I apologize if my >>>>>> doubts are wrong. >>>>>> >>>>>> I have been assigned a new project that requires a web application to >>>>>> be hosted using Tomcat-Cluster, as it is expected to receive high >>>>>> traffic. >>>>> >>>>> High traffic may be a justification for load-balancing. It is not a >>>>> justification for session replication. >>>>> >>>>>> So, I have configured a Tomcat-Cluster with 4 Tomcat >>>>>> instances (ie 2 - Tomcat instances running on 2 VMs each), where they >>>>>> shall receive hits its through a load-balancer. As I new to >>>>>> Tomcat-Cluster, I have to clear some points before approving the >>>>>> project to go on-line. >>>>> >>>>> Why 2 instances per VM rather than one larger instance per VM? >>>>> >>>>>> >>>>>> My queries are : >>>>>> >>>>>> 1. The Clustering of Tomcat currently configured is using the Delta >>>>>> Manger for managing session replications. Is it the correct choice or >>>>>> should I go for Backup Manger or any third party session management >>>>>> software such as memcache or redis. >>>>> >>>>> Don't use any clustering at all. >>>>> >>>>>> 2. While using Tomcat-Cluster, can we use/configure the Tomcat Manager >>>>>> App to deploy applications on FarmWarDeployer folder or is there any >>>>>> other method to do so. >>>>> >>>>> N/A since clustering is not required. >>>>> >>>>>> 3. Virtual Host entry has been implemented for our project domain >>>>>> "webportal.xyz.in" where only the access logs are getting logged to >>>>>> "webportal.xyz.in_access_log". Is there any means by which I can >>>>>> receive the error-logs also for this domain on a separate file. >>>>> >>>>> No. >>>>> >>>>>> 4. Is there any method to tune/tweak my current server.xml file so >>>>>> that clustering method can be done globally rather than applying >>>>>> individually on every Host entry with different ports. >>>>> >>>>> No. Each instance needs to be configured individually. You can use >>>>> templating. With careful configuration you can have a commons server.xml >>>>> with ${...} property replacement for all the instance specific settings >>>>> that are then configured in catalina.properties >>>>> >>>>>> 5. How to enable SSL for Tomcat-Cluster. Should I need to install SSL >>>>>> Certificates on all 4 tomcat instances or only on the Load-balancer. >>>>> >>>>> Either works. The right solution depends on your security requirements. >>>>> Note: If you terminate TLS at the load-balancer you need to be very >>>>> careful to make sure that the Tomcat instances are able to determine >>>>> which requests were received over TLS and which were not else you are >>>>> likely to have a bunch of security holes - mainly around cookie/session >>>>> handling. >>>>> >>>>>> 6. What all parameters needs to be checked/considered for tuning the >>>>>> Tomcat / Tomcat-Cluster instance while hosting any Project on >>>>>> Production environment. >>>>> >>>>> All of them. Each application is unique. There is no "makeItFaster" >>>>> attribute. >>>>> >>>>>> 7. Is there any service reload option present for tomcat, ie. similar >>>>>> to the one present in apache where the sessions doesn't get >>>>>> invalidated while tuning/updating the server config files. >>>>> >>>>> Yes. It is enabled by default. >>>>> http://tomcat.apache.org/tomcat-9.0-doc/config/manager.html#Persistence_Across_Restarts >>>>> >>>>>> 8. One of the issue noted was that one of the security feature >>>>>> implemented for this projects stopped working while moving to >>>>>> Tomcat-Cluster environment. >>>>>> >>>>>> Our application uses java spring mvc >>>>>> "<spring.version>4.3.5.RELEASE</spring.version>, >>>>>> <spring.security.version>4.2.0.RELEASE</spring.security.version>" >>>>>> where it is configured to allow only one time login for all users >>>>>> until their current login session expires or have been invalidated. >>>>>> ie. if multiple logins are done, only the last login will be active >>>>>> all the rest gets automatically logged-out. it was implemented for >>>>>> some customer security reasons. This was working fine while running on >>>>>> a single Tomcat instance. But while deploying on a Clustered instance >>>>>> it is not working unless if the same user logs into the same tomcat >>>>>> instance of the cluster. Is there any solution to this problem or >>>>>> should the developers needs to reconfigure the application to meets >>>>>> Tomcat-Clusters concepts. >>>>> >>>>> Configure the load-balancer to use sticky sessions. You'll need to do >>>>> that anyway if clustering is removed. >>>>> >>>>> Mark >>>>> >>>>> >>>>>> >>>>>> Please find the server.xml and context.xml for one of my Tomcat >>>>>> instances present in Cluster mentioned below. >>>>>> >>>>>> server.xml >>>>>> ############# >>>>>> <?xml version="1.0" encoding="UTF-8"?> >>>>>> <Server port="8105" shutdown="SHUTDOWN"> >>>>>> <Listener >>>>>> className="org.apache.catalina.startup.VersionLoggerListener" /> >>>>>> <!-- <Listener >>>>>> className="org.apache.catalina.core.AprLifecycleListener" >>>>>> SSLEngine="on" /> --> >>>>>> <Listener >>>>>> className="org.apache.catalina.core.JreMemoryLeakPreventionListener" >>>>>> /> >>>>>> <Listener >>>>>> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" >>>>>> /> >>>>>> <Listener >>>>>> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" >>>>>> /> >>>>>> <GlobalNamingResources> >>>>>> <Resource name="UserDatabase" auth="Container" >>>>>> type="org.apache.catalina.UserDatabase" description="User database >>>>>> that can be updated and saved" >>>>>> factory="org.apache.catalina.users.MemoryUserDatabaseFactory" >>>>>> pathname="conf/tomcat-users.xml" /> >>>>>> </GlobalNamingResources> >>>>>> <Service name="Catalina"> >>>>>> <Connector port="8080" protocol="HTTP/1.1" >>>>>> connectionTimeout="20000" /> >>>>>> <Connector port="8109" protocol="AJP/1.3" /> >>>>>> <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1"> >>>>>> <Realm className="org.apache.catalina.realm.LockOutRealm"> >>>>>> <Realm >>>>>> className="org.apache.catalina.realm.UserDatabaseRealm" >>>>>> resourceName="UserDatabase" /> >>>>>> </Realm> >>>>>> <Host name="localhost" appBase="webapps" unpackWARs="true" >>>>>> autoDeploy="true"> >>>>>> <!--################################################## >>>>>> LOCALHOST TOMCAT CLUSTERED BEGIN >>>>>> ########################################### --> >>>>>> <Cluster >>>>>> className="org.apache.catalina.ha.tcp.SimpleTcpCluster" >>>>>> channelSendOptions="4" channelStartOptions="3"> >>>>>> <Channel >>>>>> className="org.apache.catalina.tribes.group.GroupChannel"> >>>>>> <Receiver >>>>>> className="org.apache.catalina.tribes.transport.nio.NioReceiver" >>>>>> address="web1.xyz.in" port="4000" autoBind="9" selectorTimeout="5000" >>>>>> maxThreads="6" /> >>>>>> <Sender >>>>>> className="org.apache.catalina.tribes.transport.ReplicationTransmitter"> >>>>>> <Transport >>>>>> className="org.apache.catalina.tribes.transport.nio.PooledParallelSender" >>>>>> /> >>>>>> </Sender> >>>>>> <Interceptor >>>>>> className="org.apache.catalina.tribes.group.interceptors.TcpPingInterceptor" >>>>>> /> >>>>>> <Interceptor >>>>>> className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector" >>>>>> /> >>>>>> <Interceptor >>>>>> className="org.apache.catalina.tribes.group.interceptors.MessageDispatchInterceptor" >>>>>> /> >>>>>> <Interceptor >>>>>> className="org.apache.catalina.tribes.group.interceptors.StaticMembershipInterceptor"> >>>>>> <Member >>>>>> className="org.apache.catalina.tribes.membership.StaticMember" >>>>>> port="4001" securePort="-1" host="web1.xyz.in" domain="local-cluster" >>>>>> uniqueId="{2,3,4,5,6,7,8,9,10,11,12,13,14,15,0,1}" /> >>>>>> <Member >>>>>> className="org.apache.catalina.tribes.membership.StaticMember" >>>>>> port="4000" securePort="-1" host="web2.xyz.in" domain="local-cluster" >>>>>> uniqueId="{2,3,4,5,6,7,8,9,10,11,12,13,14,15,0,1}" /> >>>>>> <Member >>>>>> className="org.apache.catalina.tribes.membership.StaticMember" >>>>>> port="4001" securePort="-1" host="web2.xyz.in" domain="local-cluster" >>>>>> uniqueId="{2,3,4,5,6,7,8,9,10,11,12,13,14,15,0,1}" /> >>>>>> </Interceptor> >>>>>> </Channel> >>>>>> <Valve >>>>>> className="org.apache.catalina.ha.tcp.ReplicationValve" filter="" /> >>>>>> <Valve >>>>>> className="org.apache.catalina.ha.session.JvmRouteBinderValve" /> >>>>>> <ClusterListener >>>>>> className="org.apache.catalina.ha.session.ClusterSessionListener" /> >>>>>> <Deployer >>>>>> className="org.apache.catalina.ha.deploy.FarmWarDeployer" >>>>>> tempDir="/usr/local/tomcat-cluster/tomcat1/temp/" >>>>>> deployDir="/usr/local/tomcat-cluster/tomcat1/webapps/" >>>>>> watchDir="/usr/local/tomcat-cluster/tomcat1/watchdir/" >>>>>> watchEnabled="true" /> >>>>>> </Cluster> >>>>>> <!--################################################## >>>>>> LOCALHOST TOMCAT CLUSTERED END >>>>>> ########################################### --> >>>>>> <Valve >>>>>> className="org.apache.catalina.valves.AccessLogValve" directory="logs" >>>>>> prefix="localhost_access_log" suffix=".txt" pattern="%h %l %u %t >>>>>> &quot;%r&quot; %s %b" /> >>>>>> </Host> >>>>>> >>>>>> <Host name="webportal.xyz.in" appBase="webportal_webapps" >>>>>> unpackWARs="true" autoDeploy="true"> >>>>>> <Alias>www.webportal.xyz.in</Alias> >>>>>> <!--################################################## >>>>>> webportal.xyz.in TOMCAT CLUSTERED BEGIN >>>>>> ########################################### --> >>>>>> <Cluster >>>>>> className="org.apache.catalina.ha.tcp.SimpleTcpCluster" >>>>>> channelSendOptions="4" channelStartOptions="3"> >>>>>> <Channel >>>>>> className="org.apache.catalina.tribes.group.GroupChannel"> >>>>>> <Receiver >>>>>> className="org.apache.catalina.tribes.transport.nio.NioReceiver" >>>>>> address="web1.xyz.in" port="5000" autoBind="9" selectorTimeout="5000" >>>>>> maxThreads="6" /> >>>>>> <Sender >>>>>> className="org.apache.catalina.tribes.transport.ReplicationTransmitter"> >>>>>> <Transport >>>>>> className="org.apache.catalina.tribes.transport.nio.PooledParallelSender" >>>>>> /> >>>>>> </Sender> >>>>>> <Interceptor >>>>>> className="org.apache.catalina.tribes.group.interceptors.TcpPingInterceptor" >>>>>> /> >>>>>> <Interceptor >>>>>> className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector" >>>>>> /> >>>>>> <Interceptor >>>>>> className="org.apache.catalina.tribes.group.interceptors.MessageDispatchInterceptor" >>>>>> /> >>>>>> <Interceptor >>>>>> className="org.apache.catalina.tribes.group.interceptors.StaticMembershipInterceptor"> >>>>>> <Member >>>>>> className="org.apache.catalina.tribes.membership.StaticMember" >>>>>> port="5001" securePort="-1" host="web1.xyz.in" domain="web-cluster" >>>>>> uniqueId="{2,3,4,5,6,7,8,9,10,11,12,13,14,15,0,1}" /> >>>>>> <Member >>>>>> className="org.apache.catalina.tribes.membership.StaticMember" >>>>>> port="5000" securePort="-1" host="web2.xyz.in" domain="web-cluster" >>>>>> uniqueId="{2,3,4,5,6,7,8,9,10,11,12,13,14,15,0,1}" /> >>>>>> <Member >>>>>> className="org.apache.catalina.tribes.membership.StaticMember" >>>>>> port="5001" securePort="-1" host="web2.xyz.in" domain="web-cluster" >>>>>> uniqueId="{2,3,4,5,6,7,8,9,10,11,12,13,14,15,0,1}" /> >>>>>> </Interceptor> >>>>>> </Channel> >>>>>> <Valve >>>>>> className="org.apache.catalina.ha.tcp.ReplicationValve" filter="" /> >>>>>> <Valve >>>>>> className="org.apache.catalina.ha.session.JvmRouteBinderValve" /> >>>>>> <ClusterListener >>>>>> className="org.apache.catalina.ha.session.ClusterSessionListener" /> >>>>>> <Deployer >>>>>> className="org.apache.catalina.ha.deploy.FarmWarDeployer" >>>>>> tempDir="/usr/local/tomcat-cluster/tomcat1/temp/" >>>>>> deployDir="/usr/local/tomcat-cluster/tomcat1/webportal_webapps/" >>>>>> watchDir="/usr/local/tomcat-cluster/tomcat1/webportal_webapps_watchdir/" >>>>>> watchEnabled="true" /> >>>>>> </Cluster> >>>>>> <!--################################################## >>>>>> webportal.xyz.in TOMCAT CLUSTERED END >>>>>> ########################################### --> >>>>>> <Valve >>>>>> className="org.apache.catalina.valves.AccessLogValve" directory="logs" >>>>>> prefix="webportal.xyz.in_access_log" suffix=".txt" pattern="%h %l %u >>>>>> %t &quot;%r&quot; %s %b" /> >>>>>> </Host> >>>>>> </Engine> >>>>>> </Service> >>>>>> </Server> >>>>>> ############# >>>>>> >>>>>> context.xml >>>>>> ############# >>>>>> <?xml version="1.0" encoding="UTF-8"?> >>>>>> <Context> >>>>>> <WatchedResource>WEB-INF/web.xml</WatchedResource> >>>>>> <WatchedResource>${catalina.base}/conf/web.xml</WatchedResource> >>>>>> <Manager className="org.apache.catalina.ha.session.DeltaManager" >>>>>> expireSessionsOnShutdown="false" >>>>>> notifyListenersOnReplication="true"/> >>>>>> </Context> >>>>>> ############# >>>>>> >>>>> >>>>> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>>> For additional commands, e-mail: users-h...@tomcat.apache.org >>>>> >>>> >>>> >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >> >> >> -- >> Thank You >> >> Best regards >> Vinu Vibhu Sobhana >> >> Disclaimer: This e-mail and any files transmitted with it are intended >> for the named addresses only and may contain privileged and >> confidential information. If you have received this e-mail in error, >> please notify the sender by e-mail reply immediately and delete it >> from your system. You may not copy this message and its attachments or >> disclose its contents to any other person, use it for any purpose or >> store it by any means. Any form of reproduction, dissemination, >> copying, disclosure, modification, distribution and / or publication >> of this message without the prior written consent of the author of >> this e-mail is strictly prohibited. Although this e-mail and its >> attachments are believed to be free from virus, it is the >> responsibility of the recipient to ensure that they are virus free. > > > > -- > Thank You > > Best regards > Vinu Vibhu Sobhana > > Disclaimer: This e-mail and any files transmitted with it are intended > for the named addresses only and may contain privileged and > confidential information. If you have received this e-mail in error, > please notify the sender by e-mail reply immediately and delete it > from your system. You may not copy this message and its attachments or > disclose its contents to any other person, use it for any purpose or > store it by any means. Any form of reproduction, dissemination, > copying, disclosure, modification, distribution and / or publication > of this message without the prior written consent of the author of > this e-mail is strictly prohibited. Although this e-mail and its > attachments are believed to be free from virus, it is the > responsibility of the recipient to ensure that they are virus free. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org