RE: Exception in CoyoteAdapter class
Hi Konstantin, My answers below. AT. 2013/12/3 at.silk at.s...@everis.com: Hi, I contact you to talk about an exception we receive in a Tomcat class. Few days ago we get an error in an application integrated with Tomcat. We have tried to get information about it but we don't find any solution, so we would like to know if you are aware about this issue. First we describe our scenario: 1. User logs in the portal and remain static for more than 30 minutes (30 minutes is session expiration time). 2. Afterwards, he refreshes the webpage and session has been expired. 3. During the page reloading, an error occurs while executing the parseSessionSslId method because the SSLSupport.SESSION_ID_KEY is empty. 4. A blank page is displayed because the error is not caught. The exception produced during step 3 belongs to this section: [org\apache\catalina\connector\CoyoteAdapter.java] Method parseSessionSslId: request.setRequestedSessionId(request.getAttribute(SSLSupport.SESSION_ID_KEY).toString()); request.setRequestedSessionSSL(true); This is our context: - Tomcat version: 7.0.25 - OS: Linux distribution - Liferay 6.1GA1 portal integrated with Tomcat - We don't negotiate user session by the sessionid with the cookie but with the certificate. Our server.xml configuration file contains the following connectors: Connector URIEncoding=UTF-8 port=8010 protocol=AJP/1.3 redirectPort=8443 scheme=https secure=true / Connector URIEncoding=UTF-8 port=8443 protocol=HTTP/1.1 SSLEnabled=true clientAuth=false keystoreFile=xxx keystorePass=yyy keystoreType=PKCS12 maxThreads=150 scheme=https secure=true sslProtocol=TLS/ 1. Is Tomcat accessed via AJP or HTTPS ? AT: Tomcat is accessed via AJP: Connector URIEncoding=UTF-8 port=8010 protocol=AJP/1.3 redirectPort=8443 scheme=https secure=true / Connector URIEncoding=UTF-8 port=8443 protocol=HTTP/1.1 SSLEnabled=true clientAuth=false keystoreFile=xxx keystorePass=yyy keystoreType=PKCS12 maxThreads=150 scheme=https secure=true sslProtocol=TLS/ 2. What is in front of Tomcat? An Apache HTTPD server? - Right. Is Apache HTTPD accessed via HTTPS? - Right, via HTTPS How mod_jk is configured there? Is mod_jk configured to pass SSL_SESSION_ID to Tomcat? AT: This is our configuration: AllowCONNECT 443 SSLEngine on SSLProxyEngine on SSLProxyVerify none SSLOptions +StdEnvVars +ExportCertData SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile xxx.crt SSLCertificateKeyFile xxx.key ProxyPass / ajp://localhost:8010/ connectiontimeout=3600 timeout=3600 ProxyPassReverse / ajp://localhost:8010/ 3. How session-config is configured in WEB-INF/web.xml of your web applications and in the shared $CATALINA_BASE/conf/web.xml file? I expect that you have tracking-mode configured in one of those files. session-config session-timeout30/session-timeout tracking-modeSSL/tracking-mode /session-config Are you able to identify what web application is being requested here? (E.g. by looking into the access log)? There is just one web application accessing there. Conclusion: The exception is raised when the session id is empty due to we have an expired session. We have compiled this code section with a try catch and now our application does not receive the error, and we can see our page displayed, obviously with session expired. 4. A full stacktrace = ? java.lang.NullPointerException at org.apache.catalina.connector.CoyoteAdapter.parseSessionSslId(CoyoteAdapter.java:894) at org.apache.catalina.connector.CoyoteAdapter.postParseRequest(CoyoteAdapter.java:689) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:402) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:200) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:579) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662) Do you think this could be due to some local configuration or is it a general issue? Is there the possibility to contemplate this case to be protected when sessionId is null? If an application is configured to use ssl session as its session identifier, and no ssl session is available, how do you expect it to behave? I looks that one adds a try/catch there, the application will create a new session with every request. Are you OK with that? AT: If there is not already an active session I would agree with creating a new session just for this situation. 5. I do not see how 30 minutes can come into a play here. With my guesses above an application should have failed with the first request. Is some form of single-sign-on configured
Re: Need Information regarding Apache Webserver static file configuration
Hi Andre, Finally it worked!!! Thanks a ton. Below is the setting that I used. ProxyPassMatch ^/.*\.(gif|jpg|css|png)$! http://localhost:8080/ ProxyPassMatch ^/(.*/servlet/.*)$ http://localhost:8080/$1 ProxyPassMatch ^/(.*\.jsp)$ http://localhost:8080/$1 Now, One final question. I am using the below settings for Load balancing. VirtualHost *:80 ProxyRequests off ServerName localhost Proxy balancer://mycluster BalancerMember http://localhost:8081/ BalancerMember http://localhost:8082/ Order Deny,Allow Deny from none Allow from all ProxySet lbmethod=byrequests /Proxy ProxyPass /balancer-manager ! ProxyPass / balancer://mycluster/ /VirtualHost How do I merge this with the static content settings (ProxyPassMatch ) that I have used above. Please note that both settings are working fine when given individually. But how am I supposed to combine these two? Thanks again for all your help. Tapajyoti Roy Barman Ph:- +919433040094 Mailto: tapajyoti.roybar...@tcs.com =-=-= Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you
Redirect or Forward a URL on tomcat
Hello Everyone, I have tried to redirect or forward a URL on tomcat but I am not sure how to do this. The tomcat console is http://ramlink.txwes.edu:8080 or https://ramlink.txwes.edu:8443. I created a web application which has the URL is https://ramlink.txwes.edu:8443/WebAdvisor/WebAdvisor. I would like to redirect the https://ramlink.txwes.edu to https://ramlink.txwes.edu:8443/WebAdvisor/WebAdvisor. In addition, the tomcat version is 7.0 on windows 2008 R2. Any help would greatly appreciate. Madison
Re: Need Information regarding Apache Webserver static file configuration
Tapajyoti Roybarman wrote: Hi Andre, Finally it worked!!! Thanks a ton. Below is the setting that I used. ProxyPassMatch ^/.*\.(gif|jpg|css|png)$! http://localhost:8080/ ProxyPassMatch ^/(.*/servlet/.*)$ http://localhost:8080/$1 ProxyPassMatch ^/(.*\.jsp)$ http://localhost:8080/$1 Now, One final question. I am using the below settings for Load balancing. VirtualHost *:80 ProxyRequests off ServerName localhost Proxy balancer://mycluster BalancerMember http://localhost:8081/ BalancerMember http://localhost:8082/ Order Deny,Allow Deny from none Allow from all ProxySet lbmethod=byrequests /Proxy ProxyPass /balancer-manager ! ProxyPass / balancer://mycluster/ /VirtualHost How do I merge this with the static content settings (ProxyPassMatch ) that I have used above. Please note that both settings are working fine when given individually. But how am I supposed to combine these two? Honestly, I do not have a clue. I am not familiar with the load-balancing via mod_proxy. I will make a guess though, and suppose that it would be along the lines of : ProxyPassMatch ^/.*\.(gif|jpg|css|png)$! balancer://mycluster/ ProxyPassMatch ^/(.*/servlet/.*)$ balancer://mycluster/$1 ProxyPassMatch ^/(.*\.jsp)$ balancer://mycluster/$1 (and then probably also remove the line ProxyPass / balancer://mycluster/ ) But now we're really getting into httpd- and mod_proxy-specific questions, so you might want to switch to the httpd list for more accurate information. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Redirect or Forward a URL on tomcat
Madison Le wrote: Hello Everyone, I have tried to redirect or forward a URL on tomcat but I am not sure how to do this. The tomcat console is http://ramlink.txwes.edu:8080 or https://ramlink.txwes.edu:8443. I created a web application which has the URL is https://ramlink.txwes.edu:8443/WebAdvisor/WebAdvisor. I would like to redirect the https://ramlink.txwes.edu to https://ramlink.txwes.edu:8443/WebAdvisor/WebAdvisor. In addition, the tomcat version is 7.0 on windows 2008 R2. Any help would greatly appreciate. What you probably want, is to have this webapp become the default webapp, so that it responds itself to the URL http://ramlink.txwes.edu:8080/. For that, you need to change it into the ROOT webapp. I'm quite sure that there is a Tomcat FAQ article for that. Note that I am bit surprised that currently your app responds to /WebAdvisor/WebAdvisor (instead of just /WebAdvisor). That looks like a misconfiguration already somehow. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Redirect or Forward a URL on tomcat
Hello Andre', Yes, this looks strange but this webapp (https://ramlink.txwes.edu:8443/WebAdvisor/WebAdvisor) needs to have 2 levels down. It can have a different name at this levels (like WebAdvisor/Production), but it needs to have this format for it to work. Do You mean that make the https://ramlink.txwes.edu:8443/WebAdvisor/WebAdvisor to be the default webapp or https://ramlink.txwes.edu to the default webapp ? Do you know the article which talks about this? I could not find it. Thanks -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Monday, December 09, 2013 8:40 AM To: Tomcat Users List Subject: Re: Redirect or Forward a URL on tomcat Madison Le wrote: Hello Everyone, I have tried to redirect or forward a URL on tomcat but I am not sure how to do this. The tomcat console is http://ramlink.txwes.edu:8080 or https://ramlink.txwes.edu:8443. I created a web application which has the URL is https://ramlink.txwes.edu:8443/WebAdvisor/WebAdvisor. I would like to redirect the https://ramlink.txwes.edu to https://ramlink.txwes.edu:8443/WebAdvisor/WebAdvisor. In addition, the tomcat version is 7.0 on windows 2008 R2. Any help would greatly appreciate. What you probably want, is to have this webapp become the default webapp, so that it responds itself to the URL http://ramlink.txwes.edu:8080/. For that, you need to change it into the ROOT webapp. I'm quite sure that there is a Tomcat FAQ article for that. Note that I am bit surprised that currently your app responds to /WebAdvisor/WebAdvisor (instead of just /WebAdvisor). That looks like a misconfiguration already somehow. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Update the Tomcat JVM configuration
Thank you Mark for sharing your VM arguments.It works now..:),i wasn't correctly updating the arguments instead of putting hyphen for every linesome of the lines were missing hyphens. -Original Message- From: Mark Eggers [mailto:its_toas...@yahoo.com] Sent: Friday, December 06, 2013 5:56 PM To: Tomcat Users List Subject: Re: Update the Tomcat JVM configuration On 12/6/2013 3:28 PM, Frank Lugalla wrote: Hello All, I am updating the Tomcat JVM configuration to enable java assertions as below: a. Once tomcat server is configured in local eclipse,I pressed F3 on it. b. Click on Open launch configuration link. c. Go to Arguments tab. d. Add -ea at the beginning of JVM arguments. Then Finally I restarted my tomcat Here is what I am getting Server Tomcat v7.0 Server at localhost failed to start. Error: Could not find or load main class -ea Please anybody who knows about this problem.?Thank you - Works for me: OS: Windows 7 Home Premium 64 bit IDE: Eclipse Kepler J2EE (with lots of plugins) JDK: JDK 1.7.0_45 Tomcat: 7.0.42 (launched from within Eclipse) VM arguments in the Arguments tab of the Edit launch configuration properties window: -ea -Dcatalina.base=C:\Users\mdeggers\workspace\.metadata\.plugins\org.eclipse.wst.server.core\tmp0 -Dcatalina.home=C:\Users\mdeggers\Apache\apache-tomcat-7.0.42 -Dwtp.deploy=C:\Users\mdeggers\workspace\.metadata\.plugins\org.eclipse.wst.server.core\tmp0\wtpwebapps -Djava.endorsed.dirs=C:\Users\mdeggers\Apache\apache-tomcat-7.0.42\endorsed Verified by looking at the running Tomcat with VisualVM . . . just my two cents /mde/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at http://www.amdocs.com/email_disclaimer.asp - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: On one particular box, Tomcat 7.0.25 runs just fine, but 7.0.47 crashes on takeoff -- some authority problem
On 12/6/13 6:56 PM, CRPence (on the Midrange Java List) wrote: The T-AF audit entry should log the object to which there was insufficient authority, then the chmod can be requested against that object to grant the necessary authority bits. The T-AF audit entry shows (and I'm no longer bothering to change names to protect the innocent): 1 'A*N*N*STMFQP0ZSPWP WTADMIN ' 00051 '280199WTADMIN ' 00101 '000 ' 00151 ' ' 00201 ' ' 00251 ' nP8 ry ' . . . 00801 ' nP8 ry QASP011USENU Y' 00851 ' /wintouch/tomcat/bin/startup.sh ' Which would seem to indicate that it's the startup shell script itself that has the authority problem. So looking at the paths using the QShell ls command, I get: cd /wintouch/tomcat/bin $ ls -l startup.sh -rw-rw-rw- 1 WTADMIN 0 1961 Oct 18 13:19 startup.sh for the 7.0.47 version, which has the authority failure, and cd /wintouch/tomcat.bak/bin $ ls -l startup.sh -rw-rw-rw- 1 WINTOUCH 0 1961 Jun 15 2012 startup.sh for the 7.0.25, which looks exactly the same, except for the owner and the date, and yet it works. The bin directory shows: drwxrwsrwx 2 WTADMIN 0 32768 Oct 18 13:19 bin for 7.0.47 (fails), and drwxrwsrwx 2 WINTOUCH 0 32768 Jun 15 2012 bin for 7.0.25 (works) The tomcat (7.0.47) and tomcat.bak (7.0.25) directories show: drwxrwsrwx 9 WTADMIN 0 12288 Dec 6 14:21 tomcat drwxrwsrwx 9 WINTOUCH 0 12288 Jun 15 2012 tomcat.bak Finally, for comparison, here are the corresponding results on our own box, where there are no problems at all: drwxrwsrwx 9 RABBIT0 8192 Nov 29 16:48 tomcat drwxrwsrwx 2 RABBIT 0 28672 Oct 18 13:19 bin -rw-rw-rw- 1 RABBIT 0 1961 Oct 18 13:19 startup.sh and drwxrwsrwx 9 RABBIT0 24576 Nov 5 17:14 tomcat.bak drwxrwsrwx 2 RABBIT 0 28672 Jun 18 2012 bin -rw-rw-rw- 1 RABBIT 0 1961 Feb 14 2012 startup.sh I don't see any difference - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: On one particular box, Tomcat 7.0.25 runs just fine, but 7.0.47 crashes on takeoff -- some authority problem
On Mon, 2013-12-09 at 11:00 -0800, James H. H. Lampert wrote: On 12/6/13 6:56 PM, CRPence (on the Midrange Java List) wrote: The T-AF audit entry should log the object to which there was insufficient authority, then the chmod can be requested against that object to grant the necessary authority bits. The T-AF audit entry shows (and I'm no longer bothering to change names to protect the innocent): 1 'A*N*N*STMFQP0ZSPWP WTADMIN ' 00051 '280199WTADMIN ' 00101 '000 ' 00151 ' ' 00201 ' ' 00251 ' nP8 ry ' . . . 00801 ' nP8 ry QASP011USENU Y' 00851 ' /wintouch/tomcat/bin/startup.sh ' Which would seem to indicate that it's the startup shell script itself that has the authority problem. So looking at the paths using the QShell ls command, I get: cd /wintouch/tomcat/bin $ ls -l startup.sh -rw-rw-rw- 1 WTADMIN 0 1961 Oct 18 13:19 startup.sh for the 7.0.47 version, which has the authority failure, and cd /wintouch/tomcat.bak/bin $ ls -l startup.sh -rw-rw-rw- 1 WINTOUCH 0 1961 Jun 15 2012 startup.sh for the 7.0.25, which looks exactly the same, except for the owner and the date, and yet it works. The bin directory shows: drwxrwsrwx 2 WTADMIN 0 32768 Oct 18 13:19 bin for 7.0.47 (fails), and drwxrwsrwx 2 WINTOUCH 0 32768 Jun 15 2012 bin for 7.0.25 (works) The tomcat (7.0.47) and tomcat.bak (7.0.25) directories show: drwxrwsrwx 9 WTADMIN 0 12288 Dec 6 14:21 tomcat drwxrwsrwx 9 WINTOUCH 0 12288 Jun 15 2012 tomcat.bak What about execute permissions on /wintouch. As Chris pointed out earlier, WTADMIN must have execute permission to the top of the tree. You seem to have investigated every corner except that one. (I'm no AS400 expert but there doesn't seem to be on on the Tomcat list other than you.) Finally, for comparison, here are the corresponding results on our own box, where there are no problems at all: drwxrwsrwx 9 RABBIT0 8192 Nov 29 16:48 tomcat drwxrwsrwx 2 RABBIT 0 28672 Oct 18 13:19 bin -rw-rw-rw- 1 RABBIT 0 1961 Oct 18 13:19 startup.sh and drwxrwsrwx 9 RABBIT0 24576 Nov 5 17:14 tomcat.bak drwxrwsrwx 2 RABBIT 0 28672 Jun 18 2012 bin -rw-rw-rw- 1 RABBIT 0 1961 Feb 14 2012 startup.sh I don't see any difference - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org signature.asc Description: This is a digitally signed message part
session replication issue
setting of session replication worked well. However, we do have threading in some products. Like we are hitting the target API and getting response from there servers. If will not get the response will hit them after some time and in this case threading not handled by session replication because of session timeout and shows below errors. After some time the server starts getting high load. SEVERE: Unable to replicate backup key: AE8095AB32A4DCA0AFD7117F6F32210C.t7 to backup:org.apache.catalina.tribes.membership.MemberImpl[tcp://{-64, -88, 3, 12}:4001,{-64, -88, 3, 12},4001, alive=30639540,id={77 33 -17 95 -79 -80 79 2 -104 -102 -73 29 -100 39 -59 -111 }, payload={}, command={}, domain={}, ]. Reason:Operation has timed out(6 ms.).; Faulty members:tcp://{-64, -88, 3, 12}:4001; org.apache.catalina.tribes.ChannelException: Operation has timed out(6 ms.).; Faulty members:tcp://{-64, -88, 3, 12}:4001; How can i address above issue or just by increasing time out value. Please explain me. server.xml for session replicaiton. Manager className=org.apache.catalina.ha.session.BackupManager expireSessionsOnShutdown=false notifyListenersOnReplication=true mapSendOptions=6/ Channel className=org.apache.catalina.tribes.group.GroupChannel Membership className=org.apache.catalina.tribes.membership.McastService address=228.0.0.4 port=45565 frequency=500 dropTime=3/ Receiver className=org.apache.catalina.tribes.transport.nio.NioReceiver address=auto port=5000 selectorTimeout=5000 timeout=6 maxThreads=6/ Sender className=org.apache.catalina.tribes.transport.ReplicationTransmitter Transport className=org.apache.catalina.tribes.transport.nio.PooledParallelSender timeout=6 keepAliveCount=0/ /Sender Interceptor className=org.apache.catalina.tribes.group.interceptors.TcpFailureDetector/ Interceptor className=org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor/ Interceptor className=org.apache.catalina.tribes.group.interceptors.ThroughputInterceptor/ /Channel Valve className=org.apache.catalina.ha.tcp.ReplicationValve filter=.*\.gif|.*\.js|.*\.jpeg|.*\.jpg|.*\.png|.*\.htm|.*\.html|.*\.css|.*\.txt/ Valve className=org.apache.catalina.ha.session.JvmRouteBinderValve/ ClusterListener className=org.apache.catalina.ha.session.ClusterSessionListener/ ClusterListener className=org.apache.catalina.ha.session.JvmRouteSessionIDBinderListener/
Re: Redirect or Forward a URL on tomcat
Madison Le wrote: On this list, please do not top-post. See : http://tomcat.apache.org/lists.html#tomcat-users Important - #6 Hello Andre', Yes, this looks strange but this webapp (https://ramlink.txwes.edu:8443/WebAdvisor/WebAdvisor) needs to have 2 levels down. It can have a different name at this levels (like WebAdvisor/Production), but it needs to have this format for it to work. Do You mean that make the https://ramlink.txwes.edu:8443/WebAdvisor/WebAdvisor to be the default webapp or https://ramlink.txwes.edu to the default webapp ? Do you know the article which talks about this? I could not find it. See : http://wiki.apache.org/tomcat/HowTo #17 I meant to make it so that both http://ramlink.txwes.edu:8080/; and http://ramlink.txwes.edu:8443/; lead directly to your webapp, but if you confirm that it somehow must be configured as /WebAdvisor/x then you may be out of luck with the standard and easy method. You might need to create a ROOT context which forwards the calls to /, to /WebAdvisor/. For that kind of thing, you may want to look at the URLRewrite filter, at http://www.tuckey.org if I remember right. Note that it is quite bad practice for an application to force one to install it under any particular context name. It probably means that the application itself generates/contains self-referencing absolute URLs in the pages which it returns, which will probably create some additional headaches for you in terms of getting it to work correctly under the root (/) context. You should really contact the developers of that application, for this question. Thanks -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Monday, December 09, 2013 8:40 AM To: Tomcat Users List Subject: Re: Redirect or Forward a URL on tomcat Madison Le wrote: Hello Everyone, I have tried to redirect or forward a URL on tomcat but I am not sure how to do this. The tomcat console is http://ramlink.txwes.edu:8080 or https://ramlink.txwes.edu:8443. I created a web application which has the URL is https://ramlink.txwes.edu:8443/WebAdvisor/WebAdvisor. I would like to redirect the https://ramlink.txwes.edu to https://ramlink.txwes.edu:8443/WebAdvisor/WebAdvisor. In addition, the tomcat version is 7.0 on windows 2008 R2. Any help would greatly appreciate. What you probably want, is to have this webapp become the default webapp, so that it responds itself to the URL http://ramlink.txwes.edu:8080/. For that, you need to change it into the ROOT webapp. I'm quite sure that there is a Tomcat FAQ article for that. Note that I am bit surprised that currently your app responds to /WebAdvisor/WebAdvisor (instead of just /WebAdvisor). That looks like a misconfiguration already somehow. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Setting unloadDelay within embedded Tomcat
I am running Tomcat embedded via something like the following code: tomcat = new Tomcat(); tomcat.setBaseDir(DEFAULT_BASE_DIR); tomcat.getService().addConnector(defaultConnector); tomcat.setConnector(defaultConnector); tomcat.init(); tomcat.start(); How do I go about setting the *unloadDelay* property programmatically in the above example? Cheers, Matthew
Configure Tomcat Logging Programmatically
I am running Tomcat programmatically (embedded) and I wanted to configure its logging so I can track inbound request. I start Tomcat as follows: tomcat = new Tomcat(); tomcat.setBaseDir(DEFAULT_BASE_DIR); tomcat.getService().addConnector(defaultConnector); tomcat.setConnector(defaultConnector); tomcat.init(); tomcat.start(); How do I go about configuring the logging? Cheers, Matt
Re: Exception in CoyoteAdapter class
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 AT, On 12/9/13, 6:43 AM, at.silk wrote: 2. What is in front of Tomcat? An Apache HTTPD server? - Right. Is Apache HTTPD accessed via HTTPS? - Right, via HTTPS How mod_jk is configured there? Is mod_jk configured to pass SSL_SESSION_ID to Tomcat? AT: This is our configuration: AllowCONNECT 443 SSLEngine on SSLProxyEngine on SSLProxyVerify none SSLOptions +StdEnvVars +ExportCertData SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile xxx.crt SSLCertificateKeyFile xxx.key ProxyPass / ajp://localhost:8010/ connectiontimeout=3600 timeout=3600 ProxyPassReverse / ajp://localhost:8010/ Note a note: this is a mod_proxy_ajp configuration, not a mod_jk one. I know that mod_jk uses SSLOptions +StdEnvVars to pass the SSL session id to Tomcat, but I'm sorry, I don't know about mod_proxy_ajp. I can imagine that it would operate in a similar way, but the mod_proxy_ajp documentation isn't as forthcoming as the mod_jk documentation. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSpjtYAAoJEBzwKT+lPKRYbp4P/3xElIVs2K47Y/+ppay3Np/7 TyhYLXIdgUAvapRy6p8KC8okiAxgteNkPPtwxywQqR/LkM0mHeFtN3OFJe1MHl0D qJ3ZoyYEKbe+4bGuUm/SLX7YswSO+0nTsf9OGmi2XVZyCXff0faxZFSZ2N1hW+0y 4+J1eLcG+yHAkaN9JSsSHYx+M9hKoMz4ZXIohnB1zfvD1iroSoBpPPlbdl0BXBaa /b6yNjFfpgqxojiCdP8/eA2/Tdd5+p9aNwUWAYiq3vMME6+oDuYMghQifK1pIbzP ezgF4/IObA8y1Zhavnw2hA3ZjtNcXauzSmF9iTxlDQaEhjVeiAtwAv+yrXyhQB6/ J1pc/1DpVTsA+7j/JEGKhpna8W0G6aJc7iIFoqu5g36bHEoZbNDlnLZDE2kZrSda q1zjIklRhmiA1lEqh8tW4N1ushBgkJpQp2PZx5ZNqsvbrr3djbFHSkXUKgus3VsS czdD7vuhGsHX8ER/c3/KD59TF7IDUcjluJWyQRhoc2P+S0xTtDMTHDLvx4WXwLm1 ZU3+pzR/MAoCI0kesq5NxR4lewyT3n9MW3nD62sO1h9ieqoOuhQ8eRqxSpBTsZZH Sy+GorGhXiZmdr02llagtHrdiexrY84oPzTioIPkQ8/C9TlR7zDaxpPE39HjILkd r8ajstixh1CbE3sC2h1C =hEow -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: session replication issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Dhaval, On 12/9/13, 3:04 PM, Dhaval Jaiswal wrote: setting of session replication worked well. However, we do have threading in some products. Like we are hitting the target API and getting response from there servers. If will not get the response will hit them after some time and in this case threading not handled by session replication because of session timeout and shows below errors. Can you explain this with a little more detail? After some time the server starts getting high load. The high-load is caused by greater client load, or because of the replication re-tried, etc.? - -chris SEVERE: Unable to replicate backup key: AE8095AB32A4DCA0AFD7117F6F32210C.t7 to backup:org.apache.catalina.tribes.membership.MemberImpl[tcp://{-64, -88, 3, 12}:4001,{-64, -88, 3, 12},4001, alive=30639540,id={77 33 -17 95 -79 -80 79 2 -104 -102 -73 29 -100 39 -59 -111 }, payload={}, command={}, domain={}, ]. Reason:Operation has timed out(6 ms.).; Faulty members:tcp://{-64, -88, 3, 12}:4001; org.apache.catalina.tribes.ChannelException: Operation has timed out(6 ms.).; Faulty members:tcp://{-64, -88, 3, 12}:4001; How can i address above issue or just by increasing time out value. Please explain me. server.xml for session replicaiton. Manager className=org.apache.catalina.ha.session.BackupManager expireSessionsOnShutdown=false notifyListenersOnReplication=true mapSendOptions=6/ Channel className=org.apache.catalina.tribes.group.GroupChannel Membership className=org.apache.catalina.tribes.membership.McastService address=228.0.0.4 port=45565 frequency=500 dropTime=3/ Receiver className=org.apache.catalina.tribes.transport.nio.NioReceiver address=auto port=5000 selectorTimeout=5000 timeout=6 maxThreads=6/ Sender className=org.apache.catalina.tribes.transport.ReplicationTransmitter Transport className=org.apache.catalina.tribes.transport.nio.PooledParallelSender timeout=6 keepAliveCount=0/ /Sender Interceptor className=org.apache.catalina.tribes.group.interceptors.TcpFailureDetector/ Interceptor className=org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor/ Interceptor className=org.apache.catalina.tribes.group.interceptors.ThroughputInterceptor/ /Channel Valve className=org.apache.catalina.ha.tcp.ReplicationValve filter=.*\.gif|.*\.js|.*\.jpeg|.*\.jpg|.*\.png|.*\.htm|.*\.html|.*\.css|.*\.txt/ Valve className=org.apache.catalina.ha.session.JvmRouteBinderValve/ ClusterListener className=org.apache.catalina.ha.session.ClusterSessionListener/ ClusterListener className=org.apache.catalina.ha.session.JvmRouteSessionIDBinderListener/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSpjxUAAoJEBzwKT+lPKRYVGUQAKHEP5oRUq8SDKYzOSGMjdAd cOt/L3Y5PbhB+m6RTmXYlhBvBFGUsIy1xfRhSbiUOVSaHAxVcWI96T0larG3YjYW KkRVjzHKg96xe5FRQzRnJxp3tYqS8F+5LSnOvE9RpbOslC162qNy08cRp/nS5aQA 2JzlnZ6wuhRq80tjEb3chHWh5yPyHulcN4z8htNS/lwsIe3gyiPCErQUI6Grg1cO d6NZEEsjYFksNkzbtteyGZbjzfztIvsIdWsK25AUA91Hqh3J7GRYbEm0ha48KVgV f/aKVLOb1viZeZVCcGB79DhlOsOXJVwu854Qw6oaxi9VsSEb10W5SDpzqZKvRP11 To+7oI5xwdnJ+T5sw46Y0qTMqLI63ZzaeyaZlDqoc/K/RaBciqKomWXDVMpm2Vbm 9LC+QVDl5GY92sc2guEHmkGWqXL/csPSkAW2+Q9D0umcFgD/BRTDIiO4gvMXz7BD qRFlnQuEU+zi03etHSw4eNL5BPE+3tX+MrnEideoxR4FeXfKP6FTm3yf7Zj9Pna3 Qod8QIhYacyJhxdwMSwx5qLvttfKuswV3DPx4GXxyWQzx94G+yCM6GGW5GyRHtzm 82wVT6bsTBhQ7fA73h8FofIUCpPmtl/ntN1RWjm3StcuNdGDZWOrdylqG2hHFwrk L7T83sVpEg16Y5ypEslH =RKD5 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: On one particular box, Tomcat 7.0.25 runs just fine, but 7.0.47 crashes on takeoff -- some authority problem
On 12/9/13 11:40 AM, Tim Watts wrote: What about execute permissions on /wintouch. As Chris pointed out earlier, WTADMIN must have execute permission to the top of the tree. You seem to have investigated every corner except that one. Both tomcat and tomcat.bak are subdirectories of /wintouch, so if that were the issue, they'd either both work fine, or both fail. -- JHHL - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Redirect or Forward a URL on tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 André, On 12/9/13, 4:26 PM, André Warnier wrote: Madison Le wrote: On this list, please do not top-post. See : http://tomcat.apache.org/lists.html#tomcat-users Important - #6 Hello Andre', Yes, this looks strange but this webapp (https://ramlink.txwes.edu:8443/WebAdvisor/WebAdvisor) needs to have 2 levels down. It can have a different name at this levels (like WebAdvisor/Production), but it needs to have this format for it to work. Do You mean that make the https://ramlink.txwes.edu:8443/WebAdvisor/WebAdvisor to be the default webapp or https://ramlink.txwes.edu to the default webapp ? Do you know the article which talks about this? I could not find it. See : http://wiki.apache.org/tomcat/HowTo #17 I meant to make it so that both http://ramlink.txwes.edu:8080/; and http://ramlink.txwes.edu:8443/; lead directly to your webapp, but if you confirm that it somehow must be configured as /WebAdvisor/x then you may be out of luck with the standard and easy method. You might need to create a ROOT context which forwards the calls to /, to /WebAdvisor/. For that kind of thing, you may want to look at the URLRewrite filter, at http://www.tuckey.org if I remember right. If all you want to do is redirect the specific URL http://ramlink.txwes.edu:8080/ - http://ramlink.txwes.edu:8080/WebAdvisor/WebAdvisor, then you probably don't need the complexity of url-rewrite: just code-up a catch-all servlet and have it execute a redirect. If you want to be able to redirect http://ramlink.txwes.edu:8080/foo/bar/baz - http://ramlink.txwes.edu:8080/WebAdvisor/WebAdvisor/foo/bar/baz, then use url-rewrite, as it can do regular expression matching, replacement, etc. Note that it is quite bad practice for an application to force one to install it under any particular context name. It probably means that the application itself generates/contains self-referencing absolute URLs in the pages which it returns, which will probably create some additional headaches for you in terms of getting it to work correctly under the root (/) context. +1 - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSpj0mAAoJEBzwKT+lPKRYDxIQALEHVxMBkfOOFAxQ4S2UJNMe HK7TzZsFeqKFQCcwb0Qw9AASnBf4wW5jHiMdLO3k4Wf5oXsxhQleCNlBRqF2lj3l KDemznJ2WOgh7QZX0k7usqGRlK2q4/spTU6SVs3OvoAFs0W5mL/qyK0KhDD+E3/k gOqVIPNzbpyhhCtdJewYG8o20+TySdl9QkQdMDs7ThpLkll8WQ9LAhSUwnwPs6db tIRsDqQARJ6KsTfYRm579MDKXFYfJSnrn5Y96636BQdKTkpd48K6mVeTyVq9Dbz9 XrLXCJ3Z7dDdyZ9H02nuzwLD7YUQdmh4/ZHCH5HEyQ5FGMWPZkbqZOFfiEcSwgVa e5L/qOZbxAPa6zZRiCCU4i93XT8fD0NcezQ7rDdYXrGWdIrCBmp9aGRiuX07yBoS 11qo+lelauDtAW52Ei73LgWtimPAypoPFP4ABZWyr8Dsz9lDz09coXGOdOQz1emv ZjmKrBbvRioO3dLwqiWY+0SDccjBh3rw5Zy38I0dK73coT/6eUDlvN6yytXGPktf Qu8AzKbSjEfyzkSyGEx2p593brJz4t65wCIJYHI8DuG62jmUL2goC08AJKTcxbB3 WpvRnO2jWeYWiwgF/160jQF9TzLLsJLdFIZelyYkgdkZaBAXAwa98iFFzmb+EHp8 J9EbFz5imZCv/aErbufA =Wz3g -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: seeing RemoteEndpoint.Basic BINARY_FULL_WRITING errors under load in Tomcat 7.0.48-dev (trunk)
-Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Wednesday, November 27, 2013 12:59 PM To: Tomcat Users List Subject: Re: seeing RemoteEndpoint.Basic BINARY_FULL_WRITING errors under load in Tomcat 7.0.48-dev (trunk) On 27/11/2013 17:28, Bob DeRemer wrote: When testing our WebSocket application under heavy load we eventually get the following exception from the JSR-356 ServerEndpoint's RemoteEndpoint.Basic when trying to write our binary response message: java.lang.IllegalStateException: The remote endpoint was in state [BINARY_FULL_WRITING] which is an invalid state for called method at org.apache.tomcat.websocket.WsRemoteEndpointImplBase$StateMachine.chec kState(WsRemoteEndpointImplBase.java:1048) ~[tomcat7- websocket.jar:7.0.48-dev] at org.apache.tomcat.websocket.WsRemoteEndpointImplBase$StateMachine.bina ryStart(WsRemoteEndpointImplBase.java:1001) ~[tomcat7- websocket.jar:7.0.48-dev] at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendBytes(WsRemo teEndpointImplBase.java:118) ~[tomcat7-websocket.jar:7.0.48-dev] at org.apache.tomcat.websocket.WsRemoteEndpointBasic.sendBinary(WsRemote EndpointBasic.java:43) ~[tomcat7-websocket.jar:7.0.48-dev] at com.thingworx.communications.server.connection.Jsr356ServerConnection.sen dBinaryMessage(Jsr356ServerConnection.java:240) ~[thingworx-server- common.jar:na] at com.thingworx.communications.common.endpoints.CommunicationEndpoint.se ndBinaryMessage(CommunicationEndpoint.java:321) ~[thingworx-server- common.jar:na] at com.thingworx.communications.common.endpoints.CommunicationEndpoint.se ndMessage(CommunicationEndpoint.java:303) ~[thingworx-server- common.jar:na] at com.thingworx.apiserver.endpoints.RoutingServerEndpoint.sendMessage(Routi ngServerEndpoint.java:24) ~[thingworx-apiserver.jar:na] at com.thingworx.apiserver.routing.OutboundMessageRoutingTask.run(Outbound MessageRoutingTask.java:79) ~[thingworx-apiserver.jar:na] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1 145) [na:1.7.0_45] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java: 615) [na:1.7.0_45] at java.lang.Thread.run(Thread.java:744) [na:1.7.0_45] The Tomcat build is 7.0.48-dev (from today, 11/27) and we're running on Ubuntu Server 13.10 in EC2 (16 vCPUs). The client created 1000 concurrent websockets, and is using 100 threads to send 100 concurrent requests every 3 ms. The server receives the messages, processes them, then sends the response back to the appropriate client. Many response are sent successfully, but after some period of time, we start receiving the above errors when attempting to send the responses back. Is it possible that we could be filling up the TCP buffers (or something related) and this would cause the above exception? What can cause the above exception is if the previous message on that endpoint failed with an IOException. The nature of WebSocket is such that once this happens the only option is to close the connection and start a new one. It appears that we are getting the following IOException: java.io.IOException: java.util.concurrent.TimeoutException immediately before we got the BINARY_FULL_WRITING errors. Would this TimeoutException be caused because the underlying socket did not receive an ACK for the sent websocket message, or could something else cause this when trying to write to the websocket? Thx - bob Please note: we lock around a specific ServerEndpoint's RemoteEndpoint.Basic - to make sure we aren't trying to send more than 1 message at a time. Please let me know if this is a bug, or if you need additional information. A bug is always possible but at this point it looks like some error handling is missing in the app. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: On one particular box, Tomcat 7.0.25 runs just fine, but 7.0.47 crashes on takeoff -- some authority problem
On 12/9/13 11:58 AM, Dan Kimmel (on the Midrange Java List) wrote: Your user needs x permission on startup.sh in order to execute it. The user draws that authority from owner, group or public which are the three groupings of rwx authorities you see, in that order (the first of the 10 characters are - for file or d for directory). If theres a dash in one of the spots where you expect rwx, that permission has not been granted. Except that according to the ls -l startup.sh results, *nobody* has x authority to *either* the new *or* old startup.sh, on *any* box. customer box/wintouch/tomcat/bin/startup.sh is -rw-rw-rw- customer box/wintouch/tomcat.bak/bin/startup.sh is -rw-rw-rw- our box/wintouch/tomcat/bin/startup.sh is -rw-rw-rw- our box/wintouch/tomcat.bak/bin/startup.sh is -rw-rw-rw- yet only the first one fails. Dan goes on to say: One way to fix this is to chown to what is expected. If you are running Tomcat as WTADMIN (which it appears) you probably need to sign on as WINTOUCH and run chown -R WTADMIN /wintouch/tomcat. You can also change permission with chmod ugo+x to add execute permission for owner(u), group(g), and others(o). See http://publib.boulder.ibm.com/infocenter/iseries/v5r4/index.jsp?topic=%2Frzahz%2Fchmod.htm The only difference is the owner of the whole Tomcat 7.0.47 subtree on the problem customer box: because the WINTOUCH account was disabled, I used a secondary account, WTADMIN, to do the 7.0.47 installation, and to do all the launches since the installation. There was no logical reason for me to assume that this was the reason (especially since both tomcat versions are under my QSECOFR-equivalent account's ownership on our box), but I changed the ownership of the entire directory subtree from WTADMIN to WINTOUCH (using the CHGOWN command from an OS/400 command line, rather than a chown from a QShell command line), ran our STRTOMCAT CL program, and CATALINA STARTED RIGHT UP, AND THE PORTS OPENED, AS IF THERE HAD NEVER BEEN ANYTHING WRONG. They're up and running, but now I'm more puzzled than ever. -- JHHL - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: seeing RemoteEndpoint.Basic BINARY_FULL_WRITING errors under load in Tomcat 7.0.48-dev (trunk)
On 09/12/2013 22:16, Bob DeRemer wrote: It appears that we are getting the following IOException: java.io.IOException: java.util.concurrent.TimeoutException immediately before we got the BINARY_FULL_WRITING errors. Would this TimeoutException be caused because the underlying socket did not receive an ACK for the sent websocket message, or could something else cause this when trying to write to the websocket? My experience debugging IO issues with WebSocket is that a write is reported to Tomcat as complete once it has been written to the TCP output buffer. Tomcat has no visibility what happens after that point. All you can really be sure of when you see the TimeoutException is that Tomcat has not been able to write the data it was trying to write to the TCP output buffer within the time it was given to complete the write. Possible causes are: - client is reading data more slowly than Tomcat is writing it - client has silently dropped the connection - the machine where Tomcat is running is is overloaded it can't write the data fast enough My money would be on the first two options rather than the third. HTH, Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Notification strategy for OutOfMemoryError
Last week, one of my servers got an OutOfMemoryError at approximately 1:21pm. My monitoring software which does a heart beat check once per minute did not notice until 3:01pm. Heart beat kept working for over an hour and a half. During that time my high capacity high availablity 24/7 application was getting occasional OutOfMemoryError's until memory got bad enough that even the heart beat check servlet failed. Apparently some things that allocate large chunks of memory started failing first, but none of my customers called to complain. Smaller stuff continiued to work. I didn't know until my monitoring software sent me an email about the heart beat failure. That doesn't work for me. I need to know sooner. I thought of trying to handle it with error-page in web.xml. Apparently that does not work. I used java.lang.Throwable as the exception-type. I was already using this for a number of common exceptions to send me email. I see the OutOfMemoryError's logged in my catalina.out Is there some way that I can catch this so that I can send email or something? I need to know as soon as possible so that I can attempt diagnosis and restart the server. Google has not been helpful. Everything says that you have to fix the memory leak. Duh. I know that. We've fixed many over the years. We haven't had one in nearly 2 years. We thought we'd fixed them all. We need to find out about them sooner when they do happen. This was on Tomcat 6.0.37 in production but we are about to upgrade to 7.0.47 and have been using that in development for a little over a month. My testing has been in development (7.0.47) and I tested by explicitly throwing OutOfMemoryError from a servlet. Logged in catalina.out but no other indication that it happened. My error page does not get called. error-page exception-typejava.lang.Throwable/exception-type location/jsp/error/Error.jsp/location /error-page RedHat EL 5.9. Java 7.0.25 64-bit. Heap size 3GB. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: On one particular box, Tomcat 7.0.25 runs just fine, but 7.0.47 crashes on takeoff -- some authority problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 James, On 12/6/13, 7:59 PM, James H. H. Lampert wrote: qsh: 001-0018 Error found running command /foo/tomcat/bin/startup.sh. Permission denied. Can you confirm that qsh is telling you it can't actually run /foo/tomcat/bin/startup.sh because of a permissions problem, or is it that /foo/tomcat/bin/startup.sh *is* running and something it's trying to do is failing? Does it fail when running from the command-line, or from some scheduled job, startup script, etc.? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSpkl+AAoJEBzwKT+lPKRYcEcP/1K/0tZGRo7LnFrXOdPXOuAA L+g539WxiKkXS763qg8TfQeYqFRBspS3iRkXlK0zRZ0u8ZdaJr5aEwSMSif61eNP 81tPBPjjdKm+VnhZS1novm1ZSbT+3FreEMUCTNbll7cRH8YFsSl/dc5EF3x6UKVt 81puX//7A9M2dVfN/2JXNiQ8V9qW9x9eeIIl/DU8N3KaWn0BEwZ5aCfHkzFM/P19 GpjBGkVKDj8PZp1kBruSJ/E8hipRotj5rpyBQ8DO3PsD5UmuWyYNDP9PCpiXJyp2 TBiiwn2Bzr9RG3DlfprlOW96qcOzX9GbPppXypi68pcZmiebyXF44shWDBO+kLeG pUw9XczV7hLIYV450vbENsMib2Mul71wWhRM9/YSYrMOjIqvs4Jc7IQ9Bsz+4pwG KsUaVmZT352Oolm/mWzWq2M1oqdck4NQSk8e0NaLUJneF3/WKPEP1fgAdnUkIEBo f3gxESgI0F0FCy3yc9Uby1d5XJBfVNeApVB1h+EOBfYROyD7n/KCOhMhcq/yR0iz PYQ0gOYwl4BdbJbkvlCwIFJFuIwoy7XDYm2I4kVjRIOHK0ElbjfEDm6mhITQiBkM flTTenQopwaHGmfSUNN2Ajizx3PZY9rxJ+b95cYp3Xoa2Jt9HDuAkIFZLnHTnS4o CXZwq1b8n8iF2pSjk3q6 =P6UW -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: On one particular box, Tomcat 7.0.25 runs just fine, but 7.0.47 crashes on takeoff -- some authority problem
On 12/9/13 2:51 PM, Christopher Schultz wrote: Can you confirm that qsh is telling you it can't actually run /foo/tomcat/bin/startup.sh because of a permissions problem, or is it that /foo/tomcat/bin/startup.sh *is* running and something it's trying to do is failing? Does it fail when running from the command-line, or from some scheduled job, startup script, etc.? As I recall from Friday, I got the same error message whether I ran it from my STRTOMCAT CL program (which, among other things, finds and selects the best available JVM on the box, and sets up environment variables to avoid the need to set them in catalina.sh or the preferred setenv.sh, before submitting it as a batch job), or from a QShell command line (which is not an especially useful way to run it, given that it would come crashing down around its knees as soon as I exit QShell). But that doesn't tell me anything, one way or the other. And neither does the audit journal entry for the authority problem (it might tell somebody else what was going wrong, but not me). And yet, as I just posted, changing the owner of the entire subtree, something that one would expect (especially given the user profile under which I'm signed on) to either have no effect at all, or to break a working Tomcat, caused it to start working as if nothing had ever been wrong. Which leaves me more puzzled than ever. -- JHHL - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Notification strategy for OutOfMemoryError
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Bill, On 12/9/13, 5:38 PM, Bill Davidson wrote: Last week, one of my servers got an OutOfMemoryError at approximately 1:21pm. :( It's worth pointing out that this is not a trivial issue. My monitoring software which does a heart beat check once per minute did not notice until 3:01pm. Heart beat kept working for over an hour and a half. Was it a transient error, or a chronic condition? A single thread can, for instance, spew objects into its stack or eden space exhausting memory but, when that thread hits the OOME, all those objects are freed which basically recovers from the situation. If, instead, you fill-up some shared cache, buffer, etc. and NO threads can get more memory, then you're basically toast. Which of the above was it? During that time my high capacity high availablity 24/7 application was getting occasional OutOfMemoryError's until memory got bad enough that even the heart beat check servlet failed. Apparently some things that allocate large chunks of memory started failing first, but none of my customers called to complain. Smaller stuff continiued to work. I didn't know until my monitoring software sent me an email about the heart beat failure. That doesn't work for me. I need to know sooner. +1 I thought of trying to handle it with error-page in web.xml. Apparently that does not work. I used java.lang.Throwable as the exception-type. I was already using this for a number of common exceptions to send me email. In most OOME situations, your recovery options are limited... because the JVM might need to allocate (a small amount of) memory in order to even report the error. I see the OutOfMemoryError's logged in my catalina.out Is there some way that I can catch this so that I can send email or something? I need to know as soon as possible so that I can attempt diagnosis and restart the server. Google has not been helpful. Everything says that you have to fix the memory leak. Duh. I know that. We've fixed many over the years. We haven't had one in nearly 2 years. We thought we'd fixed them all. We need to find out about them sooner when they do happen. There are a bunch of things you can try to do. They all have their caveats, failure scenarios, and inefficacies. 1. Use -XX:OnOutOfMemoryError=cmd args;cmd args Rig this to email you, register a passive-check data point with your monitoring server, etc. Just remember that OOMEs happen for a number of reasons. You could have run out of file handles or you could have run out of heap space. 2. Use JMX monitoring, set java.lang:MemoryPool/[heap space]/UsageThreshold to whatever byte value you want to set as your limit. Then, check java.lang:MemoryPool/[heap space]/UsageThresholdExceeded to see if it is true. If so, your usage threshold has been exceeded. Note that this is not proof-positive than an OOME occurred. It's also tough to tell what value to use for the threshold. You can't really set it to MaxHeap - 1 byte, because you'll never get that value in practice. If you set it too low, you'll get warnings all the time when your heap usage rises in the normal course of business. 3. catch IOException in a filter and set an application attribute. Check this attribute from your monitor. I've been considering doing this, because I can rig it so that the error handler does not actually require any memory to run. The problem is that sometimes OOMEs interrupt one thread and not another. You may not catch the OOME in that thread -- it may happen in a background thread that does not go through the filter. 4. You can do what I do: simply look at your total heap space by inspecting java.lang:Memory/HeapMemoryUsage[used] and set a threshold that will cause your monitor to alarm for WARNING and CRITICAL conditions. You may recover and not have to check anything. These days, I get a false-alarm about once every 3 weeks when the heap space grows a hair higher than usual before a full GC runs and clears everything out. The nice thing about #4 is that you can find our early if you *might* be having a problem. Then you can keep an eye on your service to make sure it recovers. If it never OOME's, great. If it does, you can manually restart or whatever. If it OOME's, and #1-#3 above fail because memory might be required to actually execute the do-this-thing-on-OOME action, then you might never get notified. With #4, you don't have to wait until an OOME to take action. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSpk4+AAoJEBzwKT+lPKRYsCIP/0XZ/v8njibLl1ECnpByBagB jtqCeE78lsHdWouoW7ydIpgmSP60KqvHtMemQUoS3STpn52ahNv/hf8imnybgByv smtTxq0cbFNsnHqJiUb/VQtyK5bnqW7u+mLxwvvt1uIwHUoX5QyTZCUBQqvbUuDM JRexqlFZIGzoiXLNUc5Z+Lg36IBZ8xO6/wlC014GQJTtbc71TS06gxTOKNDNTyuO
Re: Pooled Connections Lost After 10 Minutes (600 seconds)
Alec, Dan, and Chris, On Wed, Dec 4, 2013 at 1:01 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Dan, On 12/3/13, 12:32 PM, Daniel Mikusa wrote: On Dec 3, 2013, at 12:14 PM, Tomcat Random tomcat.ran...@gmail.com wrote: I considered using a validation query but it seemed like extra overhead when the default behavior was not, um, behaving in the default way. The overhead is typically minimal. Running SELECT 1 or some other very simply query is not likely to bring your database to it's knees. It might add a small amount of latency as the pool will need to execute the query before it give the connection to your application, but that's likely to be dwarfed by whatever your application does with the connection after it gets it. If you are concerned you can do a couple things to make the process even more lightweight. 1.) With MySQL and use /* ping */ SELECT 1 as the validation query. This is a special case with the MySQL JDBC driver that uses even less resources. +1 We use this everywhere. I've never actually benchmarked it, but since it does not execute a query on the server, it pretty much has to be faster by any measure. 2.) You can use the tomcat-jdbc connection pool which has a validationInterval setting. This will ensure that the validation query is only executed one time during the specified time interval. I haven't moved to tomcat-pool yet, but this was my initial reaction to Alec's question about usually not needing the validation query. ...or you can go without a validation query, but it's not something I would recommend and not something I see done very often. The minimal overhead is usually worth knowing that you get a valid connection from the pool. +1 If you don't use a validation query, you need additional try/catch blocks around all your getConnection() calls, and a loop to re-try just in case the first connection was bad. I think without a validationQuery, your pool will effectively dry-up over time. +1 interesting topic and responses. Thanks! Since I'm using TomEE, tomcat jdbc pool is default, and below is the config. Resource id=jdbc/dbJta type=javax.sql.DataSource JdbcDriver org.apache.derby.jdbc.EmbeddedDriver JdbcUrl jdbc:derby:X:/myPathToMyDB;create=true UserName Password JtaManaged true jmxEnabled true InitialSize 10 MaxActive 30 MaxIdle 20 MaxWait 1 minIdle 10 suspectTimeout 60 removeAbandoned true removeAbandonedTimeout 180 timeBetweenEvictionRunsMillis 3 jdbcInterceptors=StatementCache(max=1024) /Resource As you can see, I am one of those rare cases that Dan mentioned...not using validationQuery. Not so much intentional, but I'm still somewhat novice as tomcat user. With that said, I have not had the need to add try/catch to ensure I get a good connection from the pool. I don't have high traffic coming to my web app, but there are times when multiple users are using the app, and I see absolutely 'no' connection issues (ever), and performance is quite good/sound as well. So, I do hear the recommendations, in this thread, about validation query, but my app has not told me yet...that it needs the validation query. :)
Re: Notification strategy for OutOfMemoryError
On 12/9/2013 3:12 PM, Christopher Schultz wrote: Was it a transient error, or a chronic condition? A single thread can, for instance, spew objects into its stack or eden space exhausting memory but, when that thread hits the OOME, all those objects are freed which basically recovers from the situation. If, instead, you fill-up some shared cache, buffer, etc. and NO threads can get more memory, then you're basically toast. Which of the above was it? It looked more like the first one though we still haven't tracked down the cause. We had several dozen threads running at the time. That's common for us. It's not that unusual for us to have a couple of hundred users with active sessions per server at any given time. There are a bunch of things you can try to do. They all have their caveats, failure scenarios, and inefficacies. 1. Use -XX:OnOutOfMemoryError=cmd args;cmd args Rig this to email you, register a passive-check data point with your monitoring server, etc. Just remember that OOMEs happen for a number of reasons. You could have run out of file handles or you could have run out of heap space. That looks interesting. It wouldn't tell me about the error but at least I'd know that there was an OOME. Better than nothing and I can go check catalina.out. Of course, I still have the problem that threads silently fail and show my users not so much as an error message. 2. Use JMX monitoring, set java.lang:MemoryPool/[heap space]/UsageThreshold to whatever byte value you want to set as your limit. Then, check java.lang:MemoryPool/[heap space]/UsageThresholdExceeded to see if it is true. If so, your usage threshold has been exceeded. Note that this is not proof-positive than an OOME occurred. It's also tough to tell what value to use for the threshold. You can't really set it to MaxHeap - 1 byte, because you'll never get that value in practice. If you set it too low, you'll get warnings all the time when your heap usage rises in the normal course of business. I'm less enthused about that one. 3. catch IOException in a filter and set an application attribute. Check this attribute from your monitor. I've been considering doing this, because I can rig it so that the error handler does not actually require any memory to run. The problem is that sometimes OOMEs interrupt one thread and not another. You may not catch the OOME in that thread -- it may happen in a background thread that does not go through the filter. I'm not sure I understand this one. How does an IOException relate to an OOME? 4. You can do what I do: simply look at your total heap space by inspecting java.lang:Memory/HeapMemoryUsage[used] and set a threshold that will cause your monitor to alarm for WARNING and CRITICAL conditions. You may recover and not have to check anything. These days, I get a false-alarm about once every 3 weeks when the heap space grows a hair higher than usual before a full GC runs and clears everything out. The nice thing about #4 is that you can find our early if you *might* be having a problem. Then you can keep an eye on your service to make sure it recovers. If it never OOME's, great. If it does, you can manually restart or whatever. If it OOME's, and #1-#3 above fail because memory might be required to actually execute the do-this-thing-on-OOME action, then you might never get notified. With #4, you don't have to wait until an OOME to take action. Is there a way I can get to this from my heartbeat servlet? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org