Sessions hanging around . . . apparently left by a health-check
This is also about our clustered Tomcat 8 application running on Google Cloud. The Report sub-cluster runs BIRT. And the default landing page is the Eclipse BIRT viewer default landing page, the one that shows an Eclipse logo, and says "BIRT viewer has been installed." I've got a health-check on that sub-cluster, that polls the default landing page of ROOT periodically. Up until a few days ago, it was polling it every 5 seconds; earlier this week, I cut it down to every 5 minutes (the maximum); now I've got it at every 30 seconds. If I open the Manager context, I find that it shows (currently) around 180 sessions for the ROOT context. When it was going every 5 minutes, it was showing 18 sessions; when it was going every 5 seconds, it was up to over a thousand. The other two sub-clusters don't have any dangling sessions from their health-checks; why would this one? I'd like the sessions from all this health-check polling to expire a bit more quickly; can anybody here suggest a way to accomplish that? -- James H. H. Lampert - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 9.0 with security manager reports access denied
On 25/01/2019 20:34, Mark Thomas wrote: > On 25/01/2019 11:12, Mark Thomas wrote: >> On 24/01/2019 12:19, Kai Hofmann wrote: >>> Hello, >>> >>> I try to activate the security manager for my own Application within >>> Tomcat 9.0.x. The problem ist that I got 2 different access denied's >>> that should (from my point of view) not happen. So this might be a bug - >>> but I am not 100% sure. >>> >>> To make a long story short I have put all information into a >>> stackoverflow question: >>> >>> https://stackoverflow.com/questions/54254003/tomcat-9-0-with-security-manager-reports-access-denied >>> >>> Maybe someone could help me with this problem? >> >> Strange. >> >> The failures might be related to running as a Windows service but I >> don't immediately see how. I wonder if there is a configuration issue. >> >> I ran a similar test locally on Linux and I don't see those failures. I >> did see a couple of other minor issues that I am in the process of fixing. >> >> Once I've finished fixing the issues I can see on Linux, I'll install >> the latest 9.0.x code as a Windows service and see if I can reproduce >> any of those failures. > > I see some additional instances of "denied" but not the ones you saw, > > I did notice that the security policy file was not configured correctly. > "==" is required when setting catalina.policy > > I'll look into getting the additional failures I've observed fixed but > it would help if you could provide the steps to reproduce the failures > you see from a clean Tomcat install. The additional failures are expected. java.beans.Introspector is trying to load classes that don't exist and they fail. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 9.0 with security manager reports access denied
On 25/01/2019 11:12, Mark Thomas wrote: > On 24/01/2019 12:19, Kai Hofmann wrote: >> Hello, >> >> I try to activate the security manager for my own Application within >> Tomcat 9.0.x. The problem ist that I got 2 different access denied's >> that should (from my point of view) not happen. So this might be a bug - >> but I am not 100% sure. >> >> To make a long story short I have put all information into a >> stackoverflow question: >> >> https://stackoverflow.com/questions/54254003/tomcat-9-0-with-security-manager-reports-access-denied >> >> Maybe someone could help me with this problem? > > Strange. > > The failures might be related to running as a Windows service but I > don't immediately see how. I wonder if there is a configuration issue. > > I ran a similar test locally on Linux and I don't see those failures. I > did see a couple of other minor issues that I am in the process of fixing. > > Once I've finished fixing the issues I can see on Linux, I'll install > the latest 9.0.x code as a Windows service and see if I can reproduce > any of those failures. I see some additional instances of "denied" but not the ones you saw, I did notice that the security policy file was not configured correctly. "==" is required when setting catalina.policy I'll look into getting the additional failures I've observed fixed but it would help if you could provide the steps to reproduce the failures you see from a clean Tomcat install. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 9.0.14 Windows service slow to stop
Worked as expected. Thank you for the quick response, Mark. Very much appreciated! -- Sent from: http://tomcat.10.x6.nabble.com/Tomcat-User-f1968778.html - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
502 errors in Google Clod Platform Load Balancing with Tomcat Servers
Hi Team, Our application is deployed in google cloud and the back end instances are tomcat servers. Now our load balancer is returning 502 errors with status details “backend-timeout” for some requests and it is impacting our production in a huge way. The instances are healthy when the error occurs and google cloud configurations seem to be fine. The server version is apache-tomcat-8.0.30 and the operating system is Ubuntu 14.04.5 LTS. I am not sure whether we need to consider any tomcat specific settings or parameters for scaling in GCP and to fix this issue. Any help on this is highly appreciated. Thanks, Abin
Re: Tomcat 9.0 with security manager reports access denied
On 24/01/2019 12:19, Kai Hofmann wrote: > Hello, > > I try to activate the security manager for my own Application within > Tomcat 9.0.x. The problem ist that I got 2 different access denied's > that should (from my point of view) not happen. So this might be a bug - > but I am not 100% sure. > > To make a long story short I have put all information into a > stackoverflow question: > > https://stackoverflow.com/questions/54254003/tomcat-9-0-with-security-manager-reports-access-denied > > Maybe someone could help me with this problem? Strange. The failures might be related to running as a Windows service but I don't immediately see how. I wonder if there is a configuration issue. I ran a similar test locally on Linux and I don't see those failures. I did see a couple of other minor issues that I am in the process of fixing. Once I've finished fixing the issues I can see on Linux, I'll install the latest 9.0.x code as a Windows service and see if I can reproduce any of those failures. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Running Tomcat 8 without a ROOT context?
On 25/01/2019 02:17, James H. H. Lampert wrote: > We have an application that runs on clustered Tomcat 8 servers, in three > sub-clusters (Google Managed Instance Groups, with nodes running under > Debian Stretch), all tied to a common load balancer. Each sub-cluster > runs a different webapp. > > To get to the sub-cluster running the main entry point, you would go to > https://frobozz.example. To get to the one running the report processor, > you would go to https://frobozz.example/reports. To get to the one > running the auxiliary processor, you would go to > https://frobozz.example/aux. The load balancer then routes the requests > to the proper sub-cluster. > > Because of the way things work with the load balancer, it expects to > find the main entry point as the ROOT context of the main sub-cluster, > and expects to find the other two as the "reports" context of the report > cluster, and the "aux" context of the auxiliary cluster. There may be a > way to configure the load balancer look for the root contexts on the > report and auxiliary clusters, but if so, I haven't found it. Some load-balancers can do this but any configuration where you change the path between the reverse proxy and the back-end tends to create a whole bunch of subtle and not so subtle issues. Generally: http://loadbalancer/foo -> [http|ajp]://instanceN.tomcat/foo GOOD http://loadbalancer/foo -> [http|ajp]://foo.instanceN.tomcat BAD BAD is perhaps an overstatement. You can get it to work but it is a lot of work. I'd stick with the configuration you have., It is a lot less hassle. > When I've tried to run Tomcat without a ROOT context, it fails to > launch. What is the error message? A clean Tomcat install starts for me with no ROOT context (as I would expect). > And so, for the report and auxiliary clusters, the actual > webapps are on their ROOT contexts, and the named contexts are links in > the file system, pointing to the respective ROOT contexts. (I tried it > the other way around, and it behaved exactly the same as if I'd had no > ROOT context at all.) You'll likely end up with double deployment in that case. > Am I missing something? Something is going on but I'm not sure what. If something insists on there being a ROOT web application, I'd just create an empty ROOT directory in $CATALINA_BASE/webapps as a work-around until whatever was (incorrectly) requiring a ROOT webapp was fixed and deploy the apps to /aux and /reports as appropriate. If 'something' requires more than just an empty webapp then it is more complicated but, arguably, 'something' is more broken. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org