Re: Upgrading from 9.0.20 to 9.0.34 AJP connector issue
On 5/1/20, 5:07 PM, "André Warnier (tomcat/perl)" wrote: I think you may have gotten everyone confused now because 1) you cannot have 2 different tomcat installations under the same directory (/opt/tomcat in your above explanation) I've used this style of parallel installation before. 2) previously, you wrote that the error the two in one case was that you got back a 404 error. Now you are saying that the browser is just waiting and "not returning". Yes, the results have changed. As I have tried the different things suggested. 3) in the diff output below, it seems that you have a line like >> worker.worker1.secret="false" in one of the "server.xml" files (although it appears to be part of a comment). That is not where such a line belongs. I Just moved the line out of the syntax block and commented it out to keep track of what I have tried in the block below. Can you be more precise in exactly describing your installation, how you are starting one tomcat or the other, how you switch between them, and what happens ? Both installations are in /opt/tomcat. One is in /opt/tomcat/apache-tomcat-9.0.20 and the other in /opt/tomcat/apache-tomcat-9.0.34. /opt/tomcat/latest is a symbolic link I can point to either of the installations. The reason for putting the workers.properties file in the apache-tomcat9.0.XX tree is that Apache HTTPD can point at the workers.properties file as /opt/tomcat/latest/conf/jk/workers.properties and the systemd script can use the "latest" path to control tomcat. That way I can switch between the versions with no modifications to Apache HTTPD or the systemd files, just by replacing the symbolic link and restarting. While writing this up I realized I for got one other customization is the setenv.sh file. It is the same in both installations but maybe it has to be different for the 9.0.34 installation. It contains -- JAVA_OPTS="$JAVA_OPTS -Djava.net.preferIPv4Stack=true -Djava.net.preferIPv4Addresses=true" and I am using -- openjdk version "1.8.0_242" P.S. I would recommend moving your workers.properties file away from the tomcat directories, and into some httpd configuration directory, because that file has in fact nothing to do with tomcat. It is read by the mod_jk module, which is a module running in httpd, not tomcat. I will decline the suggestion as it works for the simple flipping between versions as explained above. Darryl Baker, GSEC (he/him/his) Sr. System Administrator Distributed Application Platform Services Northwestern University 1800 Sherman Ave. Suite 6-600 – Box #39 Evanston, IL 60201-3715 darryl.ba...@northwestern.edu (847) 467-6674 On 5/1/20, 5:07 PM, "André Warnier (tomcat/perl)" wrote: On 01.05.2020 20:32, Darryl Philip Baker wrote: > Continuing the investigation: > > I have the two tomcat installation in /opt/tomcat. Apache HTTPD references the worker file using a path that has a symbolic link that "latest" I can switch to point to either installation of tomcat. The workers file is defined in httpd.conf as "JkWorkersFile /opt/tomcat/latest/conf/jk/workers.properties" > > Tomcat 9.0.20 works as expected. Tomcat 9.0.34 fails with just having the browser clocking and not returning. I think you may have gotten everyone confused now because 1) you cannot have 2 different tomcat installations under the same directory (/opt/tomcat in your above explanation) 2) previously, you wrote that the error in one case was that you got back a 404 error. Now you are saying that the browser is just waiting and "not returning". 3) in the diff output below, it seems that you have a line like >> worker.worker1.secret="false" in one of the "server.xml" files (although it appears to be part of a comment). That is not where such a line belongs. Can you be more precise in exactly describing your installation, how you are starting one tomcat or the other, how you switch between them, and what happens ? P.S. I would recommend moving yourt workers.properties file away from the tomcat directories, and into some httpd configuration directory, because that file has in fact nothing to do with tomcat. It is read by the mod_jk module, which is a module running in httpd, not tomcat. > > Just to give you an idea of the differences in the control files: > > [[root@lmsdevsyncapp7 tomcat]# diff apache-tomcat-9.0.20/conf/server.xml apache-tomcat-9.0.34/conf/server.xml > 79c79 > < > > > 119d121 > < address="127.0.0.1" > [root@lmsdevsyncapp7 tomcat]# diff apache-tomcat-9.0.20/conf/jk/workers.properties apache-tomcat-9.0.34/conf/jk/workers.proper
Re: Upgrading from 9.0.20 to 9.0.34 AJP connector issue
On Fri, May 1, 2020, 13:32 Darryl Philip Baker < darryl.ba...@northwestern.edu> wrote: > Continuing the investigation: > > I have the two tomcat installation in /opt/tomcat. I assume /opt/tomcat is the BASE subdirectory path, where two different versions are installed under that named BASE. something like /opt/tomcat/tomcat9020 /opt/tomcat/tomcat9034 Apache HTTPD references the worker file using a path that has a symbolic > link that "latest" I can switch to point to either installation of tomcat. The workers file is defined in httpd.conf as "JkWorkersFile > /opt/tomcat/latest/conf/jk/workers.properties" > So "latest" eventually points to either "20" or "34" Tomcat 9.0.20 works as expected. Tomcat 9.0.34 fails with just having the > browser clocking and not returning. > Here you state, basically, there's no response at the browser, but eventually it should, upon timeout. However the above statement contradicts the "404" statement below. > I am trying to browse to one of the JKmount URLs in this case > https://myserver.northwestern.edu/LmsSync/. When I point the symbolic link to the 9.0.20 installation, it works fine. When I point the symbolic link to the 9.0.34 installation, it I get a 404 > error. This contradicts the above "no response" statement Here's a test I always request a client to perform during troubleshooting : "remove the redirector from the equation and test again" .. any issue now?(ie, go to each Tomcat directly - works? Yes? Then it's an issue with the redirector config).
Re: Upgrading from 9.0.20 to 9.0.34 AJP connector issue
On 01.05.2020 20:32, Darryl Philip Baker wrote: Continuing the investigation: I have the two tomcat installation in /opt/tomcat. Apache HTTPD references the worker file using a path that has a symbolic link that "latest" I can switch to point to either installation of tomcat. The workers file is defined in httpd.conf as "JkWorkersFile /opt/tomcat/latest/conf/jk/workers.properties" Tomcat 9.0.20 works as expected. Tomcat 9.0.34 fails with just having the browser clocking and not returning. I think you may have gotten everyone confused now because 1) you cannot have 2 different tomcat installations under the same directory (/opt/tomcat in your above explanation) 2) previously, you wrote that the error in one case was that you got back a 404 error. Now you are saying that the browser is just waiting and "not returning". 3) in the diff output below, it seems that you have a line like >> worker.worker1.secret="false" in one of the "server.xml" files (although it appears to be part of a comment). That is not where such a line belongs. Can you be more precise in exactly describing your installation, how you are starting one tomcat or the other, how you switch between them, and what happens ? P.S. I would recommend moving yourt workers.properties file away from the tomcat directories, and into some httpd configuration directory, because that file has in fact nothing to do with tomcat. It is read by the mod_jk module, which is a module running in httpd, not tomcat. Just to give you an idea of the differences in the control files: [[root@lmsdevsyncapp7 tomcat]# diff apache-tomcat-9.0.20/conf/server.xml apache-tomcat-9.0.34/conf/server.xml 79c79 < 119d121 < address="127.0.0.1" [root@lmsdevsyncapp7 tomcat]# diff apache-tomcat-9.0.20/conf/jk/workers.properties apache-tomcat-9.0.34/conf/jk/workers.properties [root@lmsdevsyncapp7 tomcat]# ls -l total 8 drwxrwxr-x 9 tomcat tomcat 4096 May 16 2019 apache-tomcat-9.0.20 drwxr-xr-x 9 tomcat tomcat 4096 Apr 28 11:59 apache-tomcat-9.0.34 lrwxrwxrwx 1 root root 20 Apr 28 15:00 latest -> apache-tomcat-9.0.34 [root@lmsdevsyncapp7 tomcat]# Darryl Baker, GSEC (he/him/his) Sr. System Administrator Distributed Application Platform Services Northwestern University 1800 Sherman Ave. Suite 6-600 – Box #39 Evanston, IL 60201-3715 darryl.ba...@northwestern.edu (847) 467-6674 On 4/30/20, 5:09 PM, "Darryl Philip Baker" wrote: I am trying to browse to one of the JKmount URLs in this case https://myserver.northwestern.edu/LmsSync/. When I point the symbolic link to the 9.0.20 installation, it works fine. When I point the symbolic link to the 9.0.34 installation, it I get a 404 error. Darryl Baker, GSEC (he/him/his) Sr. System Administrator Distributed Application Platform Services Northwestern University 1800 Sherman Ave. Suite 6-600 – Box #39 Evanston, IL 60201-3715 darryl.ba...@northwestern.edu (847) 467-6674 On 4/30/20, 3:35 PM, "Christopher Schultz" wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Darryl, On 4/30/20 07:59, Darryl Philip Baker wrote: > I am trying to upgrade a development environment from 9.0.20 to > 9.0.34 and I am having issues getting the tomcat-connectors-1.2.46 > (mod_jk) to work in with the new version. Can you be more specific? What are you trying, and how is it (not) working, specifically? > The Apache HTTPD configuration remains unchanged the paths pass > through a symbolic link I change to switch versions. The > workers.properties file was copied over and is identical. I added > the same definition for the AJP connector into server.xml. I will > place the pieces I modified below.> Server.xml: protocol="AJP/1.3" redirectPort="443" address="127.0.0.1" > enableLookups="false" tomcatAuthentication="false" > secretRequired="false" maxPostSize="10" /> > > Workers.properties: #define 1st worker using worker1 > worker.list=worker1 > > #set properties for the worker1 worker worker.worker1.type=ajp13 > worker.worker1.host=127.0.0.1 worker.worker1.port=8009 > worker.worker1.lbfactor=50 worker.worker1.cachesize=10 > worker.worker1.cache_timeout=600 worker.worker1.socket_keepalive=1 > worker.worker1.recycle_timeout=300 At first glance, this configuration looks fine to me. - -chris -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://urldefense.com/v3/__https://www.enigmail.net/__;!!Dq0X2DkFhyF93HkjWTBQKhk!ErC-A5wGkE-dmk8oRBS9gKPW7tZZ497pTwaCVibxsqDMz0KEnkBfwlQXEg7vdkyO3a5lJcl65g$ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl6rNncACgkQHPApP6U8 pFh5nA//RMgbj+pgTSUqUq7zUaFvzEudyp3kfGDI7As7uvmE2BOwYABPtXjKniRF
Re: Upgrading from 9.0.20 to 9.0.34 AJP connector issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Darryl, On 5/1/20 14:32, Darryl Philip Baker wrote: > Continuing the investigation: > > I have the two tomcat installation in /opt/tomcat. Apache HTTPD references the worker file using a path that has a symbolic link that "latest" I can switch to point to either installation of tomcat. The workers file is defined in httpd.conf as "JkWorkersFile /opt/tomcat/latest/conf/jk/workers.properties" > > Tomcat 9.0.20 works as expected. Tomcat 9.0.34 fails with just having the browser clocking and not returning. > > Just to give you an idea of the differences in the control files: > > [[root@lmsdevsyncapp7 tomcat]# diff apache-tomcat-9.0.20/conf/server.xml apache-tomcat-9.0.34/conf/server.xm l > 79c79 < > > > 119d121 < address="127.0.0.1" [root@lmsdevsyncapp7 tomcat]# > diff apache-tomcat-9.0.20/conf/jk/workers.properties apache-tomcat-9.0.34/conf/jk/workers.properties > [root@lmsdevsyncapp7 tomcat]# ls -l total 8 drwxrwxr-x 9 tomcat > tomcat 4096 May 16 2019 apache-tomcat-9.0.20 drwxr-xr-x 9 tomcat > tomcat 4096 Apr 28 11:59 apache-tomcat-9.0.34 lrwxrwxrwx 1 root > root 20 Apr 28 15:00 latest -> apache-tomcat-9.0.34 > [root@lmsdevsyncapp7 tomcat]# Something seems fishy. First, your workers.properties files should not have had to change at all. Were there any changes made, there? Second, you have a diff of the server.xml files with virtually no changes and yet 9.0.20 did NOT have a "secretRequired" attribute available (it was introduced in 9.0.31). So why does your 9.0.20 installation have secretRequired="false" in it? Finally, there was another change in 9.0.31 that changed the way the connector binds to network interfaces. Your old interface specified "127.0.0.1" (shown in the diff) and the new one does not specify anything (except, oddly, you quoted that in your original message as saying it DOES have address="127.0.0.1" so it's really difficult what is real and what is not real, here. If you aren't specifying an "address", then you are getting whatever Java finds when it looks-up "localhost". That will either be an IPv4 or IPv6 interface. We have seen some problems where httpd and Java come to different conclusions as to which interface to use. It's best to specify exactly which interface you want to use *by IP address* and not by hostname. So, if you want to use IPv4, then use 127.0.0.1 in both places (workers.properties and server.xml). Hope that helps, - -chris -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl6sj3kACgkQHPApP6U8 pFgPJQ//Su/qv/PEYohk6lzma8kiyAC2+6+zo4LsIxq2yu9SKlz357rIxstFQgfd Zdsuhs/QHZA8elpGbo3ecMZ4BikAAFHfwmXK4fEUBqSejCcdI2VY7bBumpYPIrYG zTaOSBfX5UNA+IgWSoQvbtUutnoGIrg+cPSR+eJz/NOl87xiM2fwWaMlZFqGw5Qv pnEpvtfljQtTiG7TC1KX8Ys91uWoiaF8SLrqW4KGdTQpkBQwMwmUFCpS0UksTnoR jhUqb+Wxav+sjLpazwiZP0mwCx2liVKAv4TQOOMjSHU16eQRDK81HzpeZytl9A0V qYIl3d6+d+P6+TSW0z9t1enIp6BMcl05G9g6ONUvxMsRsTaIV5UiT5iKhUP7BRHF D0CXphFJy+4I8LSNvrjgKt0laneSF0R8JHtH5aRdsQkalJxEr4filQXSdgcwcQ2v GhtUU5MBe56HPijml+S5v6CZ8C7SG1UhZxeVTS0jxsrQhkCPBFCVseKq5Wfsj6v3 VAJxUBBUm2eL4APBvDB24dpqY3Uiycj2yW89vY/lG93wq8fF8F9pnra4XkAIxa2N HwQnNO508TAHULGT9fqp7mCMnTHfKeoqtY+6I1wMOV4YS8kI1wsvMtkaBnE4pweS 2dyKGnoqEZCpkK0slXHaJXX+dttVMMKFWl/JQC5pcIvfaVAhLI0= =J0sn -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Upgrading from 9.0.20 to 9.0.34 AJP connector issue
Continuing the investigation: I have the two tomcat installation in /opt/tomcat. Apache HTTPD references the worker file using a path that has a symbolic link that "latest" I can switch to point to either installation of tomcat. The workers file is defined in httpd.conf as "JkWorkersFile /opt/tomcat/latest/conf/jk/workers.properties" Tomcat 9.0.20 works as expected. Tomcat 9.0.34 fails with just having the browser clocking and not returning. Just to give you an idea of the differences in the control files: [[root@lmsdevsyncapp7 tomcat]# diff apache-tomcat-9.0.20/conf/server.xml apache-tomcat-9.0.34/conf/server.xml 79c79 < 119d121 < address="127.0.0.1" [root@lmsdevsyncapp7 tomcat]# diff apache-tomcat-9.0.20/conf/jk/workers.properties apache-tomcat-9.0.34/conf/jk/workers.properties [root@lmsdevsyncapp7 tomcat]# ls -l total 8 drwxrwxr-x 9 tomcat tomcat 4096 May 16 2019 apache-tomcat-9.0.20 drwxr-xr-x 9 tomcat tomcat 4096 Apr 28 11:59 apache-tomcat-9.0.34 lrwxrwxrwx 1 root root 20 Apr 28 15:00 latest -> apache-tomcat-9.0.34 [root@lmsdevsyncapp7 tomcat]# Darryl Baker, GSEC (he/him/his) Sr. System Administrator Distributed Application Platform Services Northwestern University 1800 Sherman Ave. Suite 6-600 – Box #39 Evanston, IL 60201-3715 darryl.ba...@northwestern.edu (847) 467-6674 On 4/30/20, 5:09 PM, "Darryl Philip Baker" wrote: I am trying to browse to one of the JKmount URLs in this case https://myserver.northwestern.edu/LmsSync/. When I point the symbolic link to the 9.0.20 installation, it works fine. When I point the symbolic link to the 9.0.34 installation, it I get a 404 error. Darryl Baker, GSEC (he/him/his) Sr. System Administrator Distributed Application Platform Services Northwestern University 1800 Sherman Ave. Suite 6-600 – Box #39 Evanston, IL 60201-3715 darryl.ba...@northwestern.edu (847) 467-6674 On 4/30/20, 3:35 PM, "Christopher Schultz" wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Darryl, On 4/30/20 07:59, Darryl Philip Baker wrote: > I am trying to upgrade a development environment from 9.0.20 to > 9.0.34 and I am having issues getting the tomcat-connectors-1.2.46 > (mod_jk) to work in with the new version. Can you be more specific? What are you trying, and how is it (not) working, specifically? > The Apache HTTPD configuration remains unchanged the paths pass > through a symbolic link I change to switch versions. The > workers.properties file was copied over and is identical. I added > the same definition for the AJP connector into server.xml. I will > place the pieces I modified below.> Server.xml: protocol="AJP/1.3" redirectPort="443" address="127.0.0.1" > enableLookups="false" tomcatAuthentication="false" > secretRequired="false" maxPostSize="10" /> > > Workers.properties: #define 1st worker using worker1 > worker.list=worker1 > > #set properties for the worker1 worker worker.worker1.type=ajp13 > worker.worker1.host=127.0.0.1 worker.worker1.port=8009 > worker.worker1.lbfactor=50 worker.worker1.cachesize=10 > worker.worker1.cache_timeout=600 worker.worker1.socket_keepalive=1 > worker.worker1.recycle_timeout=300 At first glance, this configuration looks fine to me. - -chris -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://urldefense.com/v3/__https://www.enigmail.net/__;!!Dq0X2DkFhyF93HkjWTBQKhk!ErC-A5wGkE-dmk8oRBS9gKPW7tZZ497pTwaCVibxsqDMz0KEnkBfwlQXEg7vdkyO3a5lJcl65g$ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl6rNncACgkQHPApP6U8 pFh5nA//RMgbj+pgTSUqUq7zUaFvzEudyp3kfGDI7As7uvmE2BOwYABPtXjKniRF 2r/whNKQDu8VGOAp1JwTamPGpuNSh9pHW8KVqoTkr3Hg47E9fl86zE3a33/Gzq4G Q72SZNmIyZtDvkf7autdSUXUeb1DX4KJcX7O42c7TzYp6APb82u/NUwDLRBD24FK dVkMtkdoUgG19tsjLVNalGRkTgBNHC1ySIFikn0Tsd/28ApxCOtApn5Y85JxkjNh GwoxbFXjTtGDVVq3Yo039xelALdquk9mm5BdA1UyANTcOx1s2VZozlVy1ayPMHNm zPgqWLdhgRipAiLqDrPiE4u1R1PQ9wr/klQragHwY5LTzby8x1V7PAn4RZw0BRrt yPCIAoI+dEnsiMRxfnVuNYHYbqMjTKlEF4M2zBKYuq6bpGKZEw8/IoK86kEAFYR5 trVt3o2uJ/qhn/34m4F30ilTXm7DR389ZaZ83nF4dihsst9aNmZuSUCZ6qEHTbNC Tk1v7p+GxMJQwLglr63hfhNTij3zJPbZjQ9NXza7UiLYqqkzStXJX9JeUCjHmKsq V6Ageh0STQm7zjRSsFse0QGP21anIxqmzkD6MmZE85v0Wsbe5gEzHXvGVpb5NdHe ClWrI8H94YGG9XeZePvD2hlMNwCwATqJlev+IKk5WyPE+zI8BkM= =NL+W -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org