Re: Question regarding running Tomcat 7.0.57 offline
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 John, On 4/19/18 4:34 PM, John Dale wrote: > Indeed - that is what I thought as well (DNS). > > But what about this (stacktrace below)? > > Will see about the thread dumps (I'm in appointments for the rest > of the day, but can't wait to make it back and read responses and > put this one to bed). > > I was reading that MySQL does some things with host bindings and > resolutions that might auto-resolve algorithmically, explaining > this behavior. Will keep that in mind as I continue. > > Thanks, > > John > > > > - > > [ERROR] 04-19-2018 13:16:50 onefortyfive.SMSNotificationPoller init > – Unable to initialize sms daemon. > > org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot create > PoolableConnectionFactory (Could not create connection to database > server. Attempted reconnect 3 times. Giving up.) > > at > org.apache.tomcat.dbcp.dbcp.BasicDataSource.createPoolableConnectionFa ctory(BasicDataSource.java:1549) > > at > org.apache.tomcat.dbcp.dbcp.BasicDataSource.createDataSource(BasicData Source.java:1388) > > at > org.apache.tomcat.dbcp.dbcp.BasicDataSource.getConnection(BasicDataSou rce.java:1044) > > at > digitalcnc.data.ConnectionFactory.getConnection(ConnectionFactory.java :56) > > at > onefortyfive.SMSNotificationPoller.init(SMSNotificationPoller.java:146 ) Sounds > like the driver tried 3 times and couldn't connect :) If you are using DHCP, let the pool do the reconnections if necessary. Remove that autoReconnect=true junk from your JDBC URL. Without seeing your configuration, it's tough to tell what might be going on. It's also not clear where the call to onefortyfive.SMSNotificationPoller.init is coming from. If that's happening when the application is coming-up, it might be happening synchronously, keeping the application from completely-deploying before anything else happens. Can you post the COMPLETE stack trace? The thread dump during the stall is going to be very informative, too. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlrZFyEACgkQHPApP6U8 pFgfzg//Qk3M8mdiu0dDhPG7qaAi2zvnXhU4TKFk3qlNxwjuEaW+309EqObYe0hB qy6YehCipMe0b/dToOieFw6UGU9RfCpsfAjAGnpDmKjeAFRKXaWYL/FEBbCvVdn7 QJLLYdaaTVw9hoJ3JLEe5M+qPXisQCdHSOI5/jxxsoDlt0hGp9nU/q4/I0PHAm13 pmAXjmFTrvMiGIfyij3UFIcrLxRQjYoaQUUxraiJDQaETJU3XDAVyAjE5xLzrKm9 bJuYOFLrjvlmOAKgqxHYVaXtRdUVc0tdlVj92qRZR0w5C4fQgp9kTaHw58sVrEMF 8aiZOJGQmZJ4xn7qD/obZH0WI/eNFBlqpCqq/evS1JZWewxRLM7ADhMLxk4hfTxB HXIKNXUBG6HJQiKoYCTjc0NSKm9qmtnxztEME5mQHYQRc53/11Rlf/F8PD7TgQvk VR/3PCGd6FwocE3WzpBC+X2NphJx0KX1FEc8sJYbZFe1Vqb1p97JraKsvEJslow3 zyigUwqjr7KTkaQBzQ79LCOYeeVwDePPfURccgZld/WjCKGCEPnzdz/d1uQlpHYv iYuZuZUZzbsrW6C4N98vUbMOsmKm742dSNcWcgOc8rT7A9uwlHs+hyxSjwH0WfT7 9I6BUdOCNFP3wuRQoL0AdIv6VFCBV4LjcQGhp4koqCMyWw0gOVE= =/jbW -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Question regarding running Tomcat 7.0.57 offline
Tomcat 7.0.57 java version "1.8.0_05" Java(TM) SE Runtime Environment (build 1.8.0_05-b13) Java HotSpot(TM) 64-Bit Server VM (build 25.5-b02, mixed mode) There are a couple of subsequent emails with more information .. I'm in meetings for a couple of hours, then I'll check back. Thanks! John On Thu, Apr 19, 2018 at 3:26 PM, Terence M. Bandoianwrote: > On 4/19/2018 12:37 PM, John Dale wrote: >> >> Greetings; >> >> I have a 2006 era macbook pro with the latest osx. >> >> I run MySQL, which binds to localhost just fine when the network cable >> is unplugged and wireless turned off. >> >> Tomcat makes it through most of its startup, but hangs before >> completion and requests from the browser hang and eventually timeout. >> >> I've tried 127.0.0.1, 0.0.0.0, and omitted for the "address" attribute >> of the connector. >> >> With no network, Tomcat successfully makes a connection to MySQL to >> creates the connection pool, but hangs. There are no errors. >> >> I am running debugging transport. >> >> My hosts file is stock, fine. >> >> As soon as I plug in a network cable or connect to wireless, the >> server comes-up fine and I can access it on 127.0.0.1 or the static ip >> assigned to either the wireless interface or the hard LAN. >> >> I. am. stumped. Please help. I need to be able to demo my project >> without being connected to the network. >> >> :\ >> >> I've been dealing with this issue for awhile, and I'm finally fed-up with >> it. >> >> We want offline and we want it .. NOW! ;) >> >> Thanks folks. >> >> Sincerely, >> >> John from Spearfish, SD > > > > What do the Tomcat logs say? Tomcat version? JVM version? > > -Terence > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Question regarding running Tomcat 7.0.57 offline
On 4/19/2018 12:37 PM, John Dale wrote: Greetings; I have a 2006 era macbook pro with the latest osx. I run MySQL, which binds to localhost just fine when the network cable is unplugged and wireless turned off. Tomcat makes it through most of its startup, but hangs before completion and requests from the browser hang and eventually timeout. I've tried 127.0.0.1, 0.0.0.0, and omitted for the "address" attribute of the connector. With no network, Tomcat successfully makes a connection to MySQL to creates the connection pool, but hangs. There are no errors. I am running debugging transport. My hosts file is stock, fine. As soon as I plug in a network cable or connect to wireless, the server comes-up fine and I can access it on 127.0.0.1 or the static ip assigned to either the wireless interface or the hard LAN. I. am. stumped. Please help. I need to be able to demo my project without being connected to the network. :\ I've been dealing with this issue for awhile, and I'm finally fed-up with it. We want offline and we want it .. NOW! ;) Thanks folks. Sincerely, John from Spearfish, SD What do the Tomcat logs say? Tomcat version? JVM version? -Terence - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Connection closed error and certificateVerification="required"
Mark, > Am 19.04.2018 um 20:58 schrieb Mark Thomas: > > On 19/04/18 16:50, Peter@Kreuser-Online wrote: > > > >> Do you mind to share more about the root cause? I’ve followed this mail >> communication from the start and am curious. > > Sure. > > Tomcat was configured to require CLIENT-CERT auth and the main client > was configured to use this. Occasionally, the main client would see > connection problems when using 8.5.x or later with NIO and the OpenSSL > TLS implementation. > > There was a second client the performed health checks on the server. > This client did not use a certificate. The requests it made always > failed but did so with a predictable error message that the health check > looked for. > > OpenSSL error states are stored per thread. > > Each Java thread is mapped 1-to-1 to an OS thread. > > The sequence of events that cause the problem was as follows: > > - Health check ran > - TLS connection failed because no client certificate was provided > - OpenSSL set an error state that - depending on the timing of the > socket closure - was not always cleaned up > - Standard request was received and was handled by the thread that > previously experienced the error > - Because the error had not been cleaned up, this new connection thought > the error was meant for it and closed the connection > > The fix was to ensure that, whenever the Tomcat code made a call to > OpenSSL that looked like this: > - Do something via the OpenSSL API > - Check the OpenSSL error state > > the code was changed so it looked like this: > - Clear the OpenSSL error state > - Do something via the OpenSSL API > - Check the OpenSSL error state > > I also added a TODO for the arguably more complete fix which is to check > the OpenSSL error state after every call to the OpenSSL API. > >> Let me tell you that your endurance on all the tricky issues here is >> admirable! >> >> Thank you for that! > > Thank you. > > Mark > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > Much appreciated. That was a mean one. Best regards. Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Question regarding running Tomcat 7.0.57 offline
Indeed - that is what I thought as well (DNS). But what about this (stacktrace below)? Will see about the thread dumps (I'm in appointments for the rest of the day, but can't wait to make it back and read responses and put this one to bed). I was reading that MySQL does some things with host bindings and resolutions that might auto-resolve algorithmically, explaining this behavior. Will keep that in mind as I continue. Thanks, John - [ERROR] 04-19-2018 13:16:50 onefortyfive.SMSNotificationPoller init – Unable to initialize sms daemon. org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (Could not create connection to database server. Attempted reconnect 3 times. Giving up.) at org.apache.tomcat.dbcp.dbcp.BasicDataSource.createPoolableConnectionFactory(BasicDataSource.java:1549) at org.apache.tomcat.dbcp.dbcp.BasicDataSource.createDataSource(BasicDataSource.java:1388) at org.apache.tomcat.dbcp.dbcp.BasicDataSource.getConnection(BasicDataSource.java:1044) at digitalcnc.data.ConnectionFactory.getConnection(ConnectionFactory.java:56) at onefortyfive.SMSNotificationPoller.init(SMSNotificationPoller.java:146) On Thu, Apr 19, 2018 at 2:29 PM, Christopher Schultzwrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > John, > > On 4/19/18 4:06 PM, John Dale wrote: >> String hostname = InetAddress.getLocalHost().getHostName(); >> InetAddress[] addresses = InetAddress.getAllByName(hostname); > > I'll bet that either or both of these lines are the ones hanging. > > Take a thread-dump during your waiting-period during startup and see > if that's where you are stuck. > > - -chris > -BEGIN PGP SIGNATURE- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlrY/CgACgkQHPApP6U8 > pFg04w/9FqSFVAId63DcVCFe8zkYgw74rjv7BPuUgoEaG90wZv6ozbQJab9zXvA4 > csuTT01bjzs39lZDciB/1WhwJRWzvkzz1d9AexWOJgAv1tg1LtSV+TXPmxGJcuAV > +bh8dNb1271iV1Cd62V7rkBhvprN9HKELsYp6FBvHctSvotEWweSLg4dwbJhjpzb > owWR/iQ/67hpqkoqBfqzgfYyZtaE4jvP2tzSzU8eqyLPzaTAki54B1PZLTo79102 > 57YH8k85b32KM3eS3HYf0Bnz0WyN3RAoH4mnDEf8U3YWbAFKz8GKf7iElVI3Uujq > f/UWMIiBR4vRgVUnYzYMH7JVVUBSXnNH5ND7DDarTb2F5KCjoyTsTpaqRgj0POeH > skTcGz0epNJpxi74WD//AvmtRynfuFNaqH9ZwQGDFxzEnnV1V20Msu7cxlB+Ehxs > G3QJCXmpL170BaVNIWP/PY6TWCTuZYydmDUkn1fpJABMN1UhvLnmGQvCRQaMtC+8 > KX6tgUy4jr+Z0MozGLeCTjx1yrrc16uCX2IrSuAxCDjsLtiZpNEweWZY66AB1e9h > vkZKOdYqXAhRpJxej4cXNm73ZX7qFFkTDyafFV7h7z+i/xQO5wyF4w7G0gyaE4IO > SBZMzWu40fCNQ3z8STUB8GP7dd+BoZFm4bmkDmuUBDraOKL8Nmo= > =EKt1 > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Question regarding running Tomcat 7.0.57 offline
also .. no matter what, I can't seem to shut down tomcat normally unless network is plugged-in (have to kill it). I assure you ladies and gents .. tomcat is indeed running. :) Will see if I can double-back and look at the thread dumps in more detail .. I like that idea. Thanks! SEVERE: Could not contact localhost:8005. Tomcat may not be running. Apr 19, 2018 2:26:04 PM org.apache.catalina.startup.Catalina stopServer SEVERE: Catalina.stop: java.net.ConnectException: Connection refused at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:345) at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) at java.net.Socket.connect(Socket.java:589) at java.net.Socket.connect(Socket.java:538) at java.net.Socket.(Socket.java:434) at java.net.Socket.(Socket.java:211) at org.apache.catalina.startup.Catalina.stopServer(Catalina.java:498) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:483) at org.apache.catalina.startup.Bootstrap.stopServer(Bootstrap.java:370) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:457) On Thu, Apr 19, 2018 at 1:13 PM, Mark Thomaswrote: > On 19/04/18 18:37, John Dale wrote: >> Greetings; >> >> I have a 2006 era macbook pro with the latest osx. >> >> I run MySQL, which binds to localhost just fine when the network cable >> is unplugged and wireless turned off. >> >> Tomcat makes it through most of its startup, but hangs before >> completion > > If you take 3 thread dumps ~5 seconds apart you should be able to see > where it is hanging. If you can tell us that we might be able to provide > you with some ideas to fix it or additional debug options to try. > > For the record I have an OSX development laptop and I've never seen this > issue. Admittedly the hardware is rather newer. > > Mark > > > >> and requests from the browser hang and eventually timeout. >> >> I've tried 127.0.0.1, 0.0.0.0, and omitted for the "address" attribute >> of the connector. >> >> With no network, Tomcat successfully makes a connection to MySQL to >> creates the connection pool, but hangs. There are no errors. >> >> I am running debugging transport. >> >> My hosts file is stock, fine. >> >> As soon as I plug in a network cable or connect to wireless, the >> server comes-up fine and I can access it on 127.0.0.1 or the static ip >> assigned to either the wireless interface or the hard LAN. >> >> I. am. stumped. Please help. I need to be able to demo my project >> without being connected to the network. >> >> :\ >> >> I've been dealing with this issue for awhile, and I'm finally fed-up with it. >> >> We want offline and we want it .. NOW! ;) >> >> Thanks folks. >> >> Sincerely, >> >> John from Spearfish, SD >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Question regarding running Tomcat 7.0.57 offline
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 John, On 4/19/18 4:06 PM, John Dale wrote: > String hostname = InetAddress.getLocalHost().getHostName(); > InetAddress[] addresses = InetAddress.getAllByName(hostname); I'll bet that either or both of these lines are the ones hanging. Take a thread-dump during your waiting-period during startup and see if that's where you are stuck. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlrY/CgACgkQHPApP6U8 pFg04w/9FqSFVAId63DcVCFe8zkYgw74rjv7BPuUgoEaG90wZv6ozbQJab9zXvA4 csuTT01bjzs39lZDciB/1WhwJRWzvkzz1d9AexWOJgAv1tg1LtSV+TXPmxGJcuAV +bh8dNb1271iV1Cd62V7rkBhvprN9HKELsYp6FBvHctSvotEWweSLg4dwbJhjpzb owWR/iQ/67hpqkoqBfqzgfYyZtaE4jvP2tzSzU8eqyLPzaTAki54B1PZLTo79102 57YH8k85b32KM3eS3HYf0Bnz0WyN3RAoH4mnDEf8U3YWbAFKz8GKf7iElVI3Uujq f/UWMIiBR4vRgVUnYzYMH7JVVUBSXnNH5ND7DDarTb2F5KCjoyTsTpaqRgj0POeH skTcGz0epNJpxi74WD//AvmtRynfuFNaqH9ZwQGDFxzEnnV1V20Msu7cxlB+Ehxs G3QJCXmpL170BaVNIWP/PY6TWCTuZYydmDUkn1fpJABMN1UhvLnmGQvCRQaMtC+8 KX6tgUy4jr+Z0MozGLeCTjx1yrrc16uCX2IrSuAxCDjsLtiZpNEweWZY66AB1e9h vkZKOdYqXAhRpJxej4cXNm73ZX7qFFkTDyafFV7h7z+i/xQO5wyF4w7G0gyaE4IO SBZMzWu40fCNQ3z8STUB8GP7dd+BoZFm4bmkDmuUBDraOKL8Nmo= =EKt1 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Question regarding running Tomcat 7.0.57 offline
Greetings; So I have an update on this issue. YAY! :D I have a service that creates a little bit of metadata in the database for sending large amounts of emails/sms (for speed, the user doesn't have to wait for the population of the queue). I create a servlet on startup that polls the table, then uses the metadata to populate another table with the communications details (addresses, message bodies, subjects, as required). I'm using a timer to do this. Asynchronous makes it fast for the user and more fault tolerant during processing. All in all, a great algorithm that takes very little code and is scalable and fast. w00t! On startup, Tomcat deploys the poller servlet, but here is where things get weird. When the poller tries to get its first database connection, it times out with this error: "Cannot create PoolableConnectionFactory (Could not create connection to database server. Attempted reconnect 3 times. Giving up." After it times-out, startup resumes regularly and the other services in the application come alive and are poolable to the database?! I have a code sample below that is from the init method of the servlet. Note that I'm using the MBeanServer code to get the port automatically so I don't have to change a configuration from dev to production (I couldn't find an easier more reliable way to do this). The code times out on the database connection attempt here: connection = ConnectionFactory.getConnection(); Note - if I plug in ethernet, it's a snappy startup. If I unplug ethernet and wait for this servlet init to time-out, then the DBCP is eventually configured and working great, and I can access all of the other data-driven services in my app with the network cable unplugged and wireless turned off. Here is the code in the poller servlet that is offensive. ConnectionFactory is wrapping standard JNDI DBCP lookups: - MBeanServer mbs = ManagementFactory.getPlatformMBeanServer(); Set objs = mbs.queryNames(new ObjectName( "*:type=Connector,*"), Query.match(Query.attr("protocol"), Query.value("HTTP/1.1"))); String hostname = InetAddress.getLocalHost().getHostName(); InetAddress[] addresses = InetAddress.getAllByName(hostname); HashMap me = null; String host = ""; for (Iterator i = objs.iterator(); i.hasNext();) { ObjectName obj = i.next(); String scheme = mbs.getAttribute(obj, "scheme").toString(); if(!scheme.equals("http")) { log.warn("Invalid scheme encountered [" + scheme + "] looking for another connector."); continue; } else { log.info("Found connector."); } String port = obj.getKeyProperty("port"); for (InetAddress addr : addresses) { // first in the list, will always be at least one host = SMSSendBindIp + ":" + port; scheduler = Executors.newSingleThreadScheduledExecutor(); scheduler.scheduleAtFixedRate(new HttpRequestTimer( scheme + "://" + host + "/somecontexturlandparams"), 0, 5, TimeUnit.SECONDS); log.info("Scheduling sms queue processor."); try { connection = ConnectionFactory.getConnection(); - Thanks and have a good one, John On Thu, Apr 19, 2018 at 1:13 PM, Mark Thomaswrote: > On 19/04/18 18:37, John Dale wrote: >> Greetings; >> >> I have a 2006 era macbook pro with the latest osx. >> >> I run MySQL, which binds to localhost just fine when the network cable >> is unplugged and wireless turned off. >> >> Tomcat makes it through most of its startup, but hangs before >> completion > > If you take 3 thread dumps ~5 seconds apart you should be able to see > where it is hanging. If you can tell us that we might be able to provide > you with some ideas to fix it or additional debug options to try. > > For the record I have an OSX development laptop and I've never seen this > issue. Admittedly the hardware is rather newer. > > Mark > > > >> and requests from the browser hang and eventually timeout. >> >> I've tried 127.0.0.1, 0.0.0.0, and omitted for the "address" attribute >> of the connector. >> >> With no network, Tomcat successfully makes a connection to MySQL to >> creates the connection pool, but hangs. There are no errors. >> >> I am running debugging transport. >> >> My hosts file is stock, fine. >> >> As soon as I plug in a network cable or connect to wireless, the >> server comes-up fine and I can access it on 127.0.0.1 or the static ip >> assigned to either the wireless interface or the hard LAN. >> >> I. am.
Re: Question regarding running Tomcat 7.0.57 offline
On 19/04/18 18:37, John Dale wrote: > Greetings; > > I have a 2006 era macbook pro with the latest osx. > > I run MySQL, which binds to localhost just fine when the network cable > is unplugged and wireless turned off. > > Tomcat makes it through most of its startup, but hangs before > completion If you take 3 thread dumps ~5 seconds apart you should be able to see where it is hanging. If you can tell us that we might be able to provide you with some ideas to fix it or additional debug options to try. For the record I have an OSX development laptop and I've never seen this issue. Admittedly the hardware is rather newer. Mark > and requests from the browser hang and eventually timeout. > > I've tried 127.0.0.1, 0.0.0.0, and omitted for the "address" attribute > of the connector. > > With no network, Tomcat successfully makes a connection to MySQL to > creates the connection pool, but hangs. There are no errors. > > I am running debugging transport. > > My hosts file is stock, fine. > > As soon as I plug in a network cable or connect to wireless, the > server comes-up fine and I can access it on 127.0.0.1 or the static ip > assigned to either the wireless interface or the hard LAN. > > I. am. stumped. Please help. I need to be able to demo my project > without being connected to the network. > > :\ > > I've been dealing with this issue for awhile, and I'm finally fed-up with it. > > We want offline and we want it .. NOW! ;) > > Thanks folks. > > Sincerely, > > John from Spearfish, SD > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Training material is now on-line
On 19/04/18 19:44, Berneburg, Cris J. - US wrote: > Thanks Mark for making that available! My questions below. > > -Original Message- > From: Mark Thomas [mailto:ma...@apache.org] > Sent: Wednesday, April 11, 2018 6:32 PM > To: Tomcat Users List> Subject: Training material is now on-line > >> Hi all, >> >> Thanks to the magic of GitHub pages, the Tomcat training >> material that was used for the recent training session is >> now available on-line here: >> >> https://apache.github.io/tomcat-training/ > > I especially liked the TLS material, as I am still very much a novice in that > area. The presentation demystified the handshake to understandability. ;-) > > However (here is comes), one thing that confused me in the TLS Handshake > section made sense if I changed a word: > > Step 12: ChangeCipherSpec Client<<< decrypts PMS > Server creates MS > - Rc + Rs + PMS > > Should "Client" actually be "Server" in Step 12: ChangeCipherSpec? Or did > you already know about that? It should and I didn't. I've just committed the fix. It should be live in a few minutes. Thanks for spotting that and pointing it out. > Also, are the demonstrations (marked by the placeholders in the presentation) > part of the recorded sessions from previous Tomcat conventions? It depends on the module. For those that are heavily based on previous talks, yes. For the new modules, no. The aim is to record each module off-line (rather than at a training course where there is rather too much other stuff to do) and post it on YouTube. There aren't any fixed timescales for this though. Mark > >> The source code is here: >> >> https://github.com/apache/tomcat-training >> >> We plan to add more modules and courses over time. All contributions large >> and small welcome. >> >> Enjoy. >> >> Mark > > -- > Cris Berneburg > CACI Lead Software Engineer > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Connection closed error and certificateVerification="required"
On 19/04/18 16:50, Peter@Kreuser-Online wrote: > Do you mind to share more about the root cause? I’ve followed this mail > communication from the start and am curious. Sure. Tomcat was configured to require CLIENT-CERT auth and the main client was configured to use this. Occasionally, the main client would see connection problems when using 8.5.x or later with NIO and the OpenSSL TLS implementation. There was a second client the performed health checks on the server. This client did not use a certificate. The requests it made always failed but did so with a predictable error message that the health check looked for. OpenSSL error states are stored per thread. Each Java thread is mapped 1-to-1 to an OS thread. The sequence of events that cause the problem was as follows: - Health check ran - TLS connection failed because no client certificate was provided - OpenSSL set an error state that - depending on the timing of the socket closure - was not always cleaned up - Standard request was received and was handled by the thread that previously experienced the error - Because the error had not been cleaned up, this new connection thought the error was meant for it and closed the connection The fix was to ensure that, whenever the Tomcat code made a call to OpenSSL that looked like this: - Do something via the OpenSSL API - Check the OpenSSL error state the code was changed so it looked like this: - Clear the OpenSSL error state - Do something via the OpenSSL API - Check the OpenSSL error state I also added a TODO for the arguably more complete fix which is to check the OpenSSL error state after every call to the OpenSSL API. > Let me tell you that your endurance on all the tricky issues here is > admirable! > > Thank you for that! Thank you. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Training material is now on-line
Thanks Mark for making that available! My questions below. -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Wednesday, April 11, 2018 6:32 PM To: Tomcat Users ListSubject: Training material is now on-line > Hi all, > > Thanks to the magic of GitHub pages, the Tomcat training > material that was used for the recent training session is > now available on-line here: > > https://apache.github.io/tomcat-training/ I especially liked the TLS material, as I am still very much a novice in that area. The presentation demystified the handshake to understandability. ;-) However (here is comes), one thing that confused me in the TLS Handshake section made sense if I changed a word: Step 12: ChangeCipherSpec >>>Client<<< decrypts PMS Server creates MS - Rc + Rs + PMS Should "Client" actually be "Server" in Step 12: ChangeCipherSpec? Or did you already know about that? Also, are the demonstrations (marked by the placeholders in the presentation) part of the recorded sessions from previous Tomcat conventions? > The source code is here: > > https://github.com/apache/tomcat-training > > We plan to add more modules and courses over time. All contributions large > and small welcome. > > Enjoy. > > Mark -- Cris Berneburg CACI Lead Software Engineer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Question regarding running Tomcat 7.0.57 offline
Hi John, I'm not overly familiar with OSX, but does ifconfig show a loopback device when you're not connected? Can you not create a dummy NIC and statically assign some 10.0.0.10 address or something, then let tomcat bind to that? You may have to add something to the hosts file for it to work, perhaps it's hanging on DNS resolution. Cheers, Chris On Thu, Apr 19, 2018 at 1:38 PM John Dalewrote: > Greetings; > > I have a 2006 era macbook pro with the latest osx. > > I run MySQL, which binds to localhost just fine when the network cable > is unplugged and wireless turned off. > > Tomcat makes it through most of its startup, but hangs before > completion and requests from the browser hang and eventually timeout. > > I've tried 127.0.0.1, 0.0.0.0, and omitted for the "address" attribute > of the connector. > > With no network, Tomcat successfully makes a connection to MySQL to > creates the connection pool, but hangs. There are no errors. > > I am running debugging transport. > > My hosts file is stock, fine. > > As soon as I plug in a network cable or connect to wireless, the > server comes-up fine and I can access it on 127.0.0.1 or the static ip > assigned to either the wireless interface or the hard LAN. > > I. am. stumped. Please help. I need to be able to demo my project > without being connected to the network. > > :\ > > I've been dealing with this issue for awhile, and I'm finally fed-up with > it. > > We want offline and we want it .. NOW! ;) > > Thanks folks. > > Sincerely, > > John from Spearfish, SD > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Is LDAP connection failing?
On Wed, Apr 11, 2018, 3:00 PM Felix Schumacher < felix.schumac...@internetallee.de> wrote: > Am 05.04.2018 15:32, schrieb Suvendu Sekhar Mondal: > > Hello Everyone, > > > > Recently in one of our environments I am seeing following log in > > Catalina.out. It seems that LDAP connection is failing. This issue is > > sporadic and goes away with Tomcat recycle. > > > > One interesting thing is "localhost:389" part. I could not find out > > any configuration related to that. It could happen that I am not > > looking at the correct place. > > > > We have 200+ JVMs out there which were starting up simultaneously but > > this happens for some of them sporadically. I suspect that some race > > condition might be causing this failure but could not found any > > evidence so far. Can someone please suggest how can I identify what is > > failing? and why it is failing? > > It would be nice to include the version of tomcat you are using. > (I am guessing it is something like 7.0.55 as the source code matches > the line > numbers in the stacktrace) > Felix, Sorry, I should have given that info upfront. You are correct. I'm using 7.0.55. If it is this version, then the message will be generated, when your > ldap server > configured by connectionURL is not reachable on startup. Tomcat will try > to > connect to the ldap server configured by alternateURL. It seems to me, > that > you have not configured one (again guessing, as you didn't give > configuration > details). In that case the jre is using localhost:389 and as there is no > LDAP server listening you get the exception. > You are right. We don't have any alternate URL configured. So, work around we are using is to start those JVMs in batches. We are working on to tune LDAP as well as to get alternate URL. Thank you for the lead. Appreciate it! :) > > Regards, > Felix > > > > Thanks! > > Suvendu > > > > Stack trace: > > 2018-04-02 20:34:27,293 INFO org.apache.catalina.startup.HostConfig - > > Deploying web application directory D:\xxx\webapps\ROOT > > 2018-04-02 20:34:33,341 SEVERE org.apache.catalina.realm.CombinedRealm > > - Failed to start "org.apache.catalina.realm.JNDIRealm/1.0" realm > > org.apache.catalina.LifecycleException: Failed to start component > > [Realm[JNDIRealm]] > > at > > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:154) > > at > > > org.apache.catalina.realm.CombinedRealm.startInternal(CombinedRealm.java:201) > > at > > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) > > at > > > org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5373) > > at > > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) > > at > > > org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901) > > at > > org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877) > > at > > org.apache.catalina.core.StandardHost.addChild(StandardHost.java:649) > > at > > > org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1247) > > at > > > org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1898) > > at > > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) > > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > > at > > > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > > at > > > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > > at java.lang.Thread.run(Thread.java:745) > > Caused by: org.apache.catalina.LifecycleException: Exception opening > > directory server connection > > at > > org.apache.catalina.realm.JNDIRealm.startInternal(JNDIRealm.java:2191) > > at > > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) > > ... 14 more > > Caused by: javax.naming.CommunicationException: localhost:389 [Root > > exception is java.net.ConnectException: Connection refused: connect] > > at com.sun.jndi.ldap.Connection.(Connection.java:216) > > at com.sun.jndi.ldap.LdapClient.(LdapClient.java:137) > > at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1614) > > at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2746) > > at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:319) > > at > > > com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:70) > > at > > javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) > > at > > javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) > > at javax.naming.InitialContext.init(InitialContext.java:244) > > at javax.naming.InitialContext.(InitialContext.java:216) > > at > > > javax.naming.directory.InitialDirContext.(InitialDirContext.java:101) > > at org.apache.catalina.realm.JNDIRealm.open(JNDIRealm.java:2108) > > at > >
Question regarding running Tomcat 7.0.57 offline
Greetings; I have a 2006 era macbook pro with the latest osx. I run MySQL, which binds to localhost just fine when the network cable is unplugged and wireless turned off. Tomcat makes it through most of its startup, but hangs before completion and requests from the browser hang and eventually timeout. I've tried 127.0.0.1, 0.0.0.0, and omitted for the "address" attribute of the connector. With no network, Tomcat successfully makes a connection to MySQL to creates the connection pool, but hangs. There are no errors. I am running debugging transport. My hosts file is stock, fine. As soon as I plug in a network cable or connect to wireless, the server comes-up fine and I can access it on 127.0.0.1 or the static ip assigned to either the wireless interface or the hard LAN. I. am. stumped. Please help. I need to be able to demo my project without being connected to the network. :\ I've been dealing with this issue for awhile, and I'm finally fed-up with it. We want offline and we want it .. NOW! ;) Thanks folks. Sincerely, John from Spearfish, SD - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Connection closed error and certificateVerification="required"
Mark, >> Am 18.04.2018 um 11:55 schrieb Mark Thomas: >> >> On 18/04/18 10:36, Richard Tearle wrote: >> On 17 April 2018 at 16:45, Richard Tearle >> wrote: >>> On 17 April 2018 at 14:54, Mark Thomas wrote: > On 17/04/18 11:36, Mark Thomas wrote: > On 17/04/18 10:14, Richard Tearle wrote: > Now all we need to to do is to figure out how to fix this. With the > understanding of what is (probably) going wrong, the problem can be > produced with a clean build and the certs we use for unit tests which > makes things a lot easier. I hope to make progress on this today. I believe this is fixed in trunk for both 9.0.x and 8.5.x. Are you able to build either of those from source and test? If not, I can provide a snapshot build for you to test with. Cheers, Mark >>> >>> I've built from source, re-enabled the health check, and so >>> far so good - it's been running an hour without an error. >>> >>> Once this run has finished, I'll run it overnight, and let you >>> know tomorrow morning. >>> >>> Many thanks for your help on this. >>> >>> -- >>> Richard >> >> Just a quick follow up - I've run our test for 8 hours, without the >> connection closed error. > > Excellent. That is really good news. > >> Again, many thanks. > > No problem. Happy to help. Thanks for your assistance with this issue. > Your test case and debug logs were invaluable. I couldn't have fixed > this without them. > > Mark > Do you mind to share more about the root cause? I’ve followed this mail communication from the start and am curious. Let me tell you that your endurance on all the tricky issues here is admirable! Thank you for that! Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org