Re: Tomcat 5.5.17 migration to 6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 David, On 7/14/18 4:53 PM, David Babooram wrote: > Alright. > > I guess the thought the process was to upgrade to 6, then 7, 8 Having gone through exactly this process a few years ago (from 4.1 to 5.0 and continuing on up the major-version ladder until I was current), I can tell you that it was a collossal waste of our time to do everything incrementally. We have a very conservative test-to-prod pipeline at $work (where I'm personally responsible for that process) and so that transition took a few years. - From experience, I can tell you that going from 5.5 -> 6.0 is exactly as difficult as it will be to go from 5.5 -> 8.5. I personally recommend 8.5 over 9.0 due to some potential backward-incompatibilities you may encounter with 9.0 that don't exist in 8.5. An eventual migration from 8.5 -> 9.0 should be much less "scary" and easy for you to do. Here is exactly what you should do. There are 2 phases. Phase I - Prep your environment 1. Read the RUNNING.txt file that comes with Tomcat, especially the section titled "Advanced Configuration - Multiple Tomcat Instances". 2. Split your existing application configuration in Tomcat 5.5. such that you have a stock, un-altered Tomcat 5.5.x installation as your CATALINA_HOME and a CATALINA_BASE which contains your instance-specific configuration to support your application. 3. Make sure you aren't using any deployments from conf/server.xml. Specifically, there should be no elements in that file. If you have them there, there are better ways of doing deployments.[1] 4. Make sure everything still works. Once you have done this, everything else will be a lot easier. Phase II - Upgrade to your target version 0. Throw our all your existing Tomcat configuration. Well, almost. 1. Download a copy of 8.5.32 (current as of this writing) and unpack it into wherever it will eventually go. This will be your new CATALINA_HOME for your 8.5.x-based service. Don't change anything. Ever. 2. Create a new CATALINA_BASE structure for your 8.5.x-based service. 3. Compare your existing conf/server.xml file to the stock one from Phase I step 2 above. There shouldn't be really that many changes... usually just a few definitions. Make appropriate similar changes to a *copy of* the conf/server.xml file that comes with the stock Tomcat 8.5.32 distribution and put that file into your new CATALINA_BASE/conf directory. 4. Stop your old 5.5-based service. Start your 8.5-based service. 5. Test everything. With any luck, you will just be good to go. If you find any problems, feel free to ask for some help on this list. For your next upgrade (e.g. 8.5.32 -> 8.5.33), simply do the following: 1. Unpack the new distribution into a NEW directory (e.g. apache-tomcat-8.5.33/). 2. Stop your 8.5.32-based service. 3. Change CATALINA_HOME to point to the new directory from step 1. 4. Start Tomcat. Patch-level upgrades should be just that simple every time. Moving between versions usually requires starting with a fresh conf/server.xml from the distribution and making modifications similar to those described in Phase II step 3. I hope that helps. - -chris [1] https://tomcat.apache.org/tomcat-8.5-doc/config/context.html#Defining_a_ context -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAltSAMwACgkQHPApP6U8 pFjsORAAg3OD5fRXxP9AsFd9TgjACHCd+yR20iG2Cd+ULBI7JNqleIL5aRXuE2GW u6NpJd0sBpq73Z8jJZOPS5Q0OD5bO8Hc9ngV5pqkHaAMgrROvD/EpI+pw5Ky/HNQ 42wipu+AeKlTR4UWON4XccbaEUz2cPQl8MueuLiMRJ9tMpUSNEhXUm6GTf1q4f+c WuEPSUsiHThi8tFCYp5EkkneZrfJO2t2fECsOJgflEKJyIds2X5JCL2NBQCfniqg KkiX5evjnDwyfZJ2voGm30m+G/XroDViLWAZ1RunXpibwzKExJWQDqtEslVgX5Jz xOPQL0xVgr0evtJ35sgOZGccQlaLy2us7t0/5zhvgXQeHmwguoIMZFAtrfNm5NOB D0rpkEBzGQVzrsj/O8LmFNhv/UesM7gT8XpHHzQOTbXDy/cOqcwer5HzrWLt4pjc dk+exvLQQBMMaStw6R6Jn7IJhOoCxot48L+kR41hzW+0gQo6nGDk9Siwvll4QmS2 tzJQrm74P2R55veju+W3xlUphUHPWTUk1btyr21xJ3H6CtnYDwXOYG7o+4s72Xcl wr4xtikNIzd5Sr2rUU7N9N4piAzgZg6ZKMqs8FAC+5+SRgeCDQhAxGVivrHddlbd yLotsopkPDYL6biL0UG0diBMwxBA/X9pttaJEZpGCkebF1unVRk= =x04i -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Certificate based database authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Will, On 7/10/18 9:03 AM, Will Nordmeyer wrote: > I have an application in Tomcat 7 that connects to an Oracle > database. Currently we are connecting using the username/password > which is embedded in the xml files. To harden security, we are > looking at x509 certificate authentication. > > Is there a way to tie a certificate to Tomcat hand have them > authenticate that way? Your point is well-taken that sometimes the Tomcat users' mailing list is a better resource than many others. If you are asking a question you know to be off-topic, please tag it with the [OT] moniker. It changes nothing, but at least acknowledges that you are asking something that is not Tomcat-specific. I don't know about Oracle Server specifically, but this is how we do things for MySQL/MariaDB in our application's META-INF/context.xml file: So the URL for connecting to the MySQL driver has parameters which control how the authentication is set up. Note that the password for the keystore is right there in the configuration. There's really nothing you can do about that[1]. Make sure that your file-based security policy is sane, and that only the Tomcat server process can read that file. Looking at Oracle's documentation[2], I don't see anything in particular for how to configure a connection to use TLS *at all* let alone mutually-authenticated connections. There is a PDF whitepaper[3] that I found that might be helpful. Let us know if you have any success with any of that. Note that */I/ highly recommend* that all database connections from Java (and other) applications utilize mutual-authentication wherever possible, so I'm happy to hear about people implementing such security controls. Keep up the good work. - -chris [1] https://wiki.apache.org/tomcat/FAQ/Password [2] https://docs.oracle.com/cd/E13222_01/wls/docs81/jdbc_drivers/oracle.html [3] http://www.oracle.com/technetwork/topics/wp-oracle-jdbc-thin-ssl-130128. pdf -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIyBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAltR++cACgkQHPApP6U8 pFj+lA/4zyI+Rn9No7/jIrU8Oq64akhaQAxFO0Lk7q59s/SwIuIQ1shR6V4XjMCS 8+1wbuv8r30kxjjSQqioIrmkUH9/gt3DjWn4ZhUzUrEHBSWSzWzlIWc/C87hP7zr 2VLksCtNUHDZ4NzXzaS4pHVrWc/NnCeUhzlLjKsHaGXVC94dFUHHnXqmG2LkQXCG 95V0P0nT6DaHMtYJ7gqj+j+Toh8Q4Ryr0jFJ9owWeTu0eiXfp01lk5TpjR3raPRp CfcVopxTUjpZo7RzhsQhqT8GgOTBHzMzDSmIwLWDUpcRTCvRFtYL3fz6WB7ojih8 HpX5JD+uAST6w9ANMln4fpP2/B4qUMq0wnCbHqOJoqNc0u0xjamX+coRKre1ORSG LcCLvzBeuEtct/j8WXqeOyjELv/YZDtvWzgkojR1Ia1G761Q5+ZMamcdx6mJqZ6L epe3bT9FNY3vN+VMHA/5YG1ospcJThUzBFgNQNQgtgqFRvu3sTAAJZeUgwWgZchI QznHCs20953v33QxuNoETgTC2s2USS+8NrlXCj6bkum2FlD84sKnbpAydoYz2Z1f aZJU0sH2ubnJGZhzt2PVaFAT0oR7Sg7E7F3KX0GZuR63BFteBvGubIJm8krfXioA JPZ8cCNDv+z9u9mQUW2b2O2tRfy/8Sz0lCXGgmQHZRQgbH3riQ== =APd6 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Using F5 to load balance tomcat servers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Usha, On 7/3/18 3:25 PM, Support wrote: > Chris, sorry for the typo! Can't believe I did it. > > Client -->F5:8080> does not connect to Tomcat-server1:8080. > Client -->connects fine to Tomcat-server1:8080. > > Client can connect fine directly to tomcat over 8080 but not > through f5. > > tcpdump on f5 reveals something about incorrect checksum from > tomcat server. > > visitor.aaa.com.webcache > 172.24.1.26.10970: Flags [.], cksum > 0x4201 (incorrect -> 0xedac), seq 2, ack 524, win 4902, length 0 > out slot1/tmm1 lis=/Common/si-xcaptor-external-8080 > > Robert, could you please give more details on tomcat optional > reason code? You don't mention your Tomcat version. Recent Tomcat versions have removed the HTTP "reason phrase" from HTTP responses. To re-enable it ion Tomcat 8.5, you must set sendReasonPhrase="true" on your in conf/server.xml. If you are running Tomcat 9.0, there is no such option, and you'll have to determine whether this is your problem with the F5 and ask F5 to provide a version of their lb OS which includes a spec-compliant HTTP proxy. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAltR+OUACgkQHPApP6U8 pFiE6g/8DszQL5PvYdDKMsuZ1lvtdo6hmydDSnt4HCI+72MR6w+d3EwCHjthISmM zo85EUSb9TjLjSiTNqFoJQ2DDZs8Q3UQXVwZoCYyeiJYBf6RbTI59j85IuCbBPF8 BLZwGq3+v6zgITvP5xWBNLYyyEAXnFHbDEYGgeWIzftkJAWwoeXqvKabx+cNKgD1 6O/SsI/JkLEr2GsZIvPiGnH+asUsuED/IR7bDYs4hj8I3oow5OfFejPpUYTEsGRR nzOyWB+JgXkE0uJXQE17DJVLD7o7YOd1Of9YIxeEafbjsX6JfkkSMlsOb3Q+yxM4 hSbAWcz0J/AFAherGdjc/MGLBRw+XxKKDHpRQjc24EJg4/wuC9/a+FWckzCFkFSA 8yjQdv/Hl1cJge+tczMIhWi2qd9uMtdgTxXhKvQYLBAc/xu3cGOaFACt7NEyYug8 msDIhAXSRksL7GPDsVaQQABKxIFksaXAmmb2c9DgarUJzXf05WHwKWstRLOg7kUU AYO23bvbLNNu4UIteAQtwAKY7YQYns9ylSvJQpCdfbqe5kznxx8Icg0QuxDDAY56 PrQcZPLOVprN2oV7OwvvHQGQD6yagCe0fVbwHq2VgimbAL8h9+/iuZzKaLUZtrJX dDrpeZvvqZXqRqMBu62QDl9vlYcU3dbcy4X3rs4SMQjsuV5ajPo= =9SNv -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: best practice for temporary file
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Chris,
On 7/17/18 10:36 AM, Chris Cheshire wrote:
> James, this can be done using something like the following
> configuration in your META-INF/context.xml (I use tomcat 8.5)
>
> className="org.apache.catalina.webresources.DirResourceSet"
> base="${catalina.base}/cdn/ROOT/images" webAppMount="/images" />
>
>
> I use this to serve files at /images because they are dynamic
> content and not part of the war itself. Make sure the directory
> specified by "base" has read and write permission by the tomcat
> user at the OS level and then you can serve files with a uri
> starting with /images/.
Just be careful about doing this kind of thing because Tomcat will
cache resources it finds there, or at least the metadata about those
files. So if you get a cache miss on a file that doesn't exist, Tomcat
may "remember" that the resource doesn't exist when you write a file
to that directory and then the cache will be stale.
You must arrange for the first access of the file by the client to
occur after the file has been written to the disk, otherwise you risk
these kinds of problems.
Also, things can get weird when the file is subsequently removed.
Just be careful.
- -chris
> On Tue, Jul 17, 2018 at 10:21 AM James Finnall
> wrote:
>>
>> Hello all,
>>
>> What is the best practice under Tomcat to create a data file and
>> then allow the client to download it?
>>
>> So far all my attempts have failed. If the Java app can write it
>> then the client can not download, if client can download then the
>> Java app can not write it.
>>
>> Does Tomcat have a provision to create a directory that be shared
>> by both the app and the client?
>>
>>
>> Thank you for your consideration, James
>>
>>
>> -
>>
>>
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>
> -
>
>
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAltR9LgACgkQHPApP6U8
pFg2TRAAng/d0PPz5CWwTEgyGvr39+eJ8kFB62f4301s9hVhNbgVZfx0RYn0BOe4
shTqsJ7SHJnQJKf9dfOuEcxm6waMsm8BNir+CeAuDGDGjqTLHurhBCYn1K18IOt2
vb/AqPC/R6uFahipAZ2Rquzl/ee4b+/1ikJmDFa+0psmS/aSLpwGEFUyT2yjgzQF
mP5jQY47nsCikDpXTPhTTRGI1wLM5WsHvxRBeSDWTutK5MSZcscJStEuU+P//KLz
AJYNrGoGv1wGZuAhOizKeR5BKZRp+63TA5xITGGKWNJWhV/q2J1n0u4QESE/4d84
b7k3PvEpb7JQ9uji/U9Ocpm3a7QgoFrMRStvtFiJ8/bRRtpyvgvMvMPB4YQ/Jk41
wvpL8WR6xsXFB27RZU3iqzOPUjARgSOSJXrpQJGbpYZrg/z0Rc4CbIfPiMDafcdr
FScZi5Zp7hpwK6tIq+Apo1KftiQOaiF6pMIizYChp3e4/uVZDgg2GuHQByxeq1LZ
+JeiuTzYG1VJSum3dEYY80CcKtzKol9J6yEa4/9ItetA2vc76TzF/V/4PYtMVRX8
nUePOeICJaaczNIs+P9CjD1mQfcCwn+ZqsKM7nj2jE+XhLfwEClafkVkYE33nI/q
jdzMWjh6VIUFzy2vUhxzW0QHVjEvQNF+vCMUDskHuUxbddswmHs=
=tF8U
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Java licensing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jeffrey, On 7/17/18 3:08 PM, Jeffrey Beckstrom wrote: > How will Oracle's new licensing of Java affect Tomcat? IANAL, but Java's licensing should not affect Tomcat at all, unless Oracle decides that writing software using Java is somehow no longer permissible. The existence of OpenJDK might make hat difficult for Oracle to do. Tomcat is licensed under the AL2 license [1] which allows for broad use of the product (Tomcat) in both source and binary forms for both private and commercial use. Did you have any specific concerns about Oracle's licensing model? (Well, other than the fact that Oracle is the one licensing the software, of course!) - -chris [1] https://www.apache.org/licenses/LICENSE-2.0 -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAltR8/4ACgkQHPApP6U8 pFhpeg//efgTHd+tVA0eXc9LDlmFyng0/I9Gep6c9MwIRweQjkYPUY4NFnVrI9cF HUDkiayxRJt8yWiElccr8jd6Dbh4gZfveHlNXW3HmW4TkV2kQ8PN/RVSzsy/r0ah rXeuJT17W2sfRFeO4zdRWuKVYTsv/0TfFELUWlq4O7/Ceu2Z4V5Rm4Um+tQfqzDp llwe92tlphETbCgtfKAjjS4eSG/38N46BqdSNB7087WKDARqnLhWKmTEvN55ESO0 va/2SdAavSfm3EumBe0Pmfn6GdXwMhmLzI07t9kaW9Vhvnbp6LGwK0OqjWC7b7lQ HC5OzE3DqFB7SLC5vDbcVBeAHrJ0cf6GSpAlrh5W7PpMNULOxozK/Ts/maBIv36V RoN9HiQyx1TXNadrZA20VWGBvtpu3Z0smSY7r2ZwMIKnAYcgulvRAdTw10lCTrgx iYAnSWHQdDyEWnaExn+gher3ZW139UK+oURudXjiP2wIUhmh10OcJsUpK1Chps5p OVisjGiQN7qPREUo6B7EoUFA++MVr3G3/2jmJz4uycvZM7doMK4Pdngci2yOpISD opqWmtd2RXtX/qSGjgEft2tSBtSe7mOa9JxhfSQL3XKMFdHr+WednI1QPYm7p4OH 4CTqoCeVyy5rl0SoD4SRzoU+yRY3PDqPR6Xrz63G9s6blkxGCnI= =bqsq -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat HTTP Sessions exceeded
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Gopi, On 7/10/18 5:38 PM, Gopi Palla wrote: > We have two dc, in one of the dc tomcat http sessions are exceeded. > we are using introscope to monitor tomcat application server and > getting the alerts, we kept the threshold value as 850 in > introscope > > Tomcat version is 8.0.39 > > Do we need to do any configuration changes in server.xml/web.xml ? > > Can someone please guide what to do in this case ? > > Appreciate your help. What is your configuration? What is the expected session limit? How many sessions are you actually seeing? What tool are you using to observe the number of sessions? - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAltR8ngACgkQHPApP6U8 pFjBhw/9Ga+LYFmJEaBX5hXPqzO5Hbs6cAca5A2HrxQx7WLBXxkTPkuobw9kQuDa JwZlAKs40tfqcijHrOI9chRUi2zbaDzu4S12bpQIBI2yKdxX/G3Zre2Ip+BdhPJy 087Kg/1jx5QSbmHPT68rH1NTY6sWrtI3knEmoq0uNMW8IytihWoJWzF7AxP0UZJW ig6AJS3AsS1A2HIdx1b40PfoUVJMQRq8qdttVYWRnRdQkIJS/o+VWjxhVCHFwseM pLGadsx6/CNduy60gtdpmdna+svkDnZ9LhaAkv2g5hN4PTA8Sx3z/UezUapsQ//f n++PBPRzF7ferLMCpMzmX5bcMrAkiQOOq3SFPyPb8curLPH4wSC37gyrCbhJwazw IfmugbBvaqiHuAG4JfwIcO+W1wiWDPpcxaaLRGGB9wVu/Ut6vYaqEK1CrPW4IdVr tH/krWejE+gklY8+vVnth/UqEHqkSNlU+XOmTTLqb8crRYpC7+jjfFRi1BZy4zP0 7wguhqeIcfdmm+d/iu310Le5mTbI/IZOlyaPhaG7OKzW6mPhlwyYnvUw+gDyBVzq tFInUIJFwiJVFmIpTiKvYy5PLC/Nv5frshDaNBVrrKUoMQA3eTkx7mOfywNTA0tx 0SlBkNhlarnbATQ9YSgYu1T8TCqpfz3fR/xShll0sWrnYRMa/bQ= =cmj/ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[mod_jk] No data for "LE" (last error timestamp) column in lb status
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, I've got a lb worker with two balanced nodes. One of the nodes has a non-zero value for the "Err" (errors) field, but there is a blank entry for the "LE" (last error timestamp) field. I'm using mod_jk 1.2.41 on x86-64 Linux. The whole XML record (with some things redacted is here): I don't see any information about the "last error timestamp" in the raw data. Does this field actually exist? Thanks, - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAltR8awACgkQHPApP6U8 pFguaxAAyDy2cwFiMt+NkUn0lfBPOXpeMhcVe3UVJ++Wp9IXbCBdcAmXzLlkXh5o 9+3T1I7qn6joYdgLUk5fr8DxDgUHddSx7Bm2BxnaLP+Ho6Pkht2uyR8DreqpUcU0 8qvz5DxoQ/hSJeMx04yZUGZ9PJ0Z7c24n50doBj9lK4vgk+k5UveALWoYKm8+H1w rYnVnB75YldiKD22HWchKIBi0wIxGEfh/rch1zx1E0kirHyk59381gFgi+py0ynD wuzQ0vn6BlTQESzAzFrbf9rx0I8JeFmQTPh57Hi8HkjkPoeLkB6etmzGNFFvOGvE I7UBATfYtpsdVPR9I2fRv9wR96Oz+HlawURUFnRAFbfFmPRAuZlIDSOXZ4GlnTmG l2KXCdFz8xf3m2OxaOZNckVK+Nbuq1Em8ZHjfdvv1dapYPKlFQqkSDpUxBapca7n 0iymwobwUV4zpSR6DzgnW91CRiWU9Kf3bMzXuVBwn0K84rsru4aA3CzMlgYmEeIJ JjJbMauWBg9CVWClSSeId2p64wDIjo5/MZnpC82WQtvzCXcO5aqYDA6XMgm+4azX 8KX47YFNT7PLP3+OgmiuXVrSiaxqNNVzIFH9MjX0d14yV8nNEMFH9Pnknm5My1Y+ c05hNDiXoxHe3qF/+87cr3canNqCtF/HYyApAuiK0H5MHr/f4ik= =q7+U -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: 21 second pause that randomly happens
Thanks for the feedback. I was confident all along this wasn't a Tomcat issue, and I believe we identified the culprit as the firewall. I was looking for logging that would show the socket behavior (accept, close, etc.) to show that as far as Tomcat was concerned, the delay was happening before it got there. Anyways, we were able to do some testing without the particular firewall they were using and the results were encouraging. Will be a few days of testing before they try it on their production system to confirm it, but so far, so good. Thanks Dave -Original Message- From: charlie arehart [mailto:charlie_li...@carehart.org] Sent: Thursday, July 19, 2018 12:24 PM To: 'Tomcat Users List' Subject: RE: 21 second pause that randomly happens David? Are you still needing help with this? Your answers to what I ask may help us get you to a solution. /charlie -Original Message- From: charlie arehart Sent: Tuesday, July 17, 2018 01:14 PM To: 'Tomcat Users List' Subject: RE: 21 second pause that randomly happens Going back to David's original note, you wrote, " We have a customer who is experiencing a random, 21 second pause when using out Tomcat based application server. We believe this may be during a TCP connect and timeout. Logging indicates the pause happens before the request makes it to our back end." Can you clarify what you mean by the "back end" here? Since you say it's a pause "when using" Tomcat, I can't tell if you're saying Tomcat IS the backend, or instead if the request hangs WHILE running in Tomcat but doesn't reach some other "backend" that the Tomcat-based app should then talk to. You did refer in a later note to a "backend agent log", so I'm inclined to think it's the latter. In that case, it seems you are wondering (in one note) whether the request might be hung up in the connector (getting TO Tomcat). But do you know for sure whether the request is actually running IN Tomcat? You could use any of various JVM or Tomcat monitoring tools to know a) if the request reaches Tomcat, b) if it is hanging while running there, and then c) just WHAT the request is hanging and waiting for (which could well be that "other backend" the app needs to talk to). But before elaborating on approaches, I wanted to ask what you may or may not know in regard to the above, first. :-) /charlie
Re: Tomcat 9.0.8 with JRE 10.0.2 x64 Windows
On 20.07.2018 09:05, Shailendra Kumar Verma wrote: Hello, I recently installed Tomcat 9.0.8 on Windows 2016 server with JRE 10.0.2 x64. After installation, it is taking 95% of CPU and 4 GB of RAM without any calls running to the box. Why? System has 32 GB of RAM and 6 CPU cores. Why is Tomcat is taking 95% of CPU at idle condition, that is main concern? 1) Is there anything relevant in the tomcat logs ? 2) are you logging Garbage Collection ? if yes, anything interesting there ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 9.0.8 with JRE 10.0.2 x64 Windows
Shailendra, On Fri, Jul 20, 2018 at 12:35 PM Shailendra Kumar Verma wrote: > > Hello, > > I recently installed Tomcat 9.0.8 on Windows 2016 server with JRE 10.0.2 x64. > After installation, it is taking 95% of CPU and 4 GB of RAM without any calls > running to the box. Why? > > System has 32 GB of RAM and 6 CPU cores. > > Why is Tomcat is taking 95% of CPU at idle condition, that is main concern? > > Thanks, > Shailendra > That sounds abnormal. I will suggest you to do following when this problem is occurring: 1. Run ProcessExplorer 2. Open Tomcat process which is eating up CPU 3. Go to the Thread tab 4. Sort by CPU column 5. Note down thread IDs which are consuming most of the CPU. List top 5 of them. 6. Take thread dump at the same time. You need to be fast here unless thread state might change and you'll not get the correct picture. 7. Convert those thread ID list to the equivalent Hexadecimal value. 8. Search for those Hex values in the collected thread dump. Hex values will match with native ID of thread dumps. 9. Post all those stack traces with CPU usage details over here. Thanks! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat 9.0.8 with JRE 10.0.2 x64 Windows
Hello, I recently installed Tomcat 9.0.8 on Windows 2016 server with JRE 10.0.2 x64. After installation, it is taking 95% of CPU and 4 GB of RAM without any calls running to the box. Why? System has 32 GB of RAM and 6 CPU cores. Why is Tomcat is taking 95% of CPU at idle condition, that is main concern? Thanks, Shailendra
