Re: native connector, server problems with "No data received", what could be causing it?

2020-12-16 Thread Mladen Adamović
I have these problems again. To narrow it down I have done the following:
- tested with the latest JDK8 - problem exists
- it exists in both Apr connector and Nio2 connector
- did log JVM Garbage Collector details - it's not due to Garbage collector

Christopher (or anyone else), if we had 1570 requests per minute where this
problem happened (approx. 26 per second), what do you think should our
Connector params be, it's currently:

   





On Wed, Dec 16, 2020 at 7:32 PM Mladen Adamović 
wrote:

> On Wed, Dec 16, 2020 at 7:07 PM Christopher Schultz <
> ch...@christopherschultz.net> wrote:
>
>> I think your scripts will restart Tomcat even when it's not necessary.
>>
>
> Hm, is this
> https://stackoverflow.com/questions/5816239/how-do-i-force-tomcat-to-reload-trusted-certificates
> the way to reload the certificates or is there another suggestion?
>
>
>> The $? check before sending the email message looks like it should be
>> checking the result of the certbot command, but it's checking the result
>> of the chmod command instead. (Or maybe the result of the .sh script,
>> which will proably be 0.)
>>
>
> Correct, thank you this is fixed now.
>
>
>> I might have found that odd had you posted that in your original
>> message, but you did not.
>>
>> You need to show the full stack trace for that thread to make it
>> meaningful. Sockets are added to the poller all the time. It's not
>> unusual to see that happening. It they are getting *stuck*, that would
>> be bad, of course.
>>
>
> I did post full thread dump.
>
>
>> > Don't you find it weird that all threads are trying to get synchronized
>> > on a Poller instance and no one is in this block or another
>> synchronized
>> > block/method?
>>
>> I would find it weird if no threads were making any progress. Lots of
>> threads adding sockets to the poller is not out of the ordinary.
>>
>> If you suspect a bug in Tomcat's socket handling, upgrading to the
>> latest 8.5.x release and re-trying would be the best move. There have
>> been many fixes since your 8.5.5 release which is now 4+ years old.
>>
>
> I have switched today from Apr connector to  Nio2 connector and no problem
> yet.
> What I have found strange is that processor usage is lower when using
> Nio2, I have never tested it or tried it before, I have setup APR for
> performances reason back in 2016. But oddly it seems with Nio2 processor
> usage is lower.
> I have tried the last OpenJDK but jstack is not working for me, so
> switched back to the previous old JRM.
> Let's see what will happen...
>
>
>
>
>> -chris
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>


Tomcat SSO valve implementation

2020-12-16 Thread Kevin Oxley
We are trying to support SSO SAML 2.0 for user authentication in Tomcat
(9.0.22).   Can anybody provide a reference to a pre-integrated SAML SSO
valve implementation that you've had a good experience with?
-- 

Thanks,

Kevin


Re: native connector, server problems with "No data received", what could be causing it?

2020-12-16 Thread Mladen Adamović
On Wed, Dec 16, 2020 at 7:07 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> I think your scripts will restart Tomcat even when it's not necessary.
>

Hm, is this
https://stackoverflow.com/questions/5816239/how-do-i-force-tomcat-to-reload-trusted-certificates
the way to reload the certificates or is there another suggestion?


> The $? check before sending the email message looks like it should be
> checking the result of the certbot command, but it's checking the result
> of the chmod command instead. (Or maybe the result of the .sh script,
> which will proably be 0.)
>

Correct, thank you this is fixed now.


> I might have found that odd had you posted that in your original
> message, but you did not.
>
> You need to show the full stack trace for that thread to make it
> meaningful. Sockets are added to the poller all the time. It's not
> unusual to see that happening. It they are getting *stuck*, that would
> be bad, of course.
>

I did post full thread dump.


> > Don't you find it weird that all threads are trying to get synchronized
> > on a Poller instance and no one is in this block or another synchronized
> > block/method?
>
> I would find it weird if no threads were making any progress. Lots of
> threads adding sockets to the poller is not out of the ordinary.
>
> If you suspect a bug in Tomcat's socket handling, upgrading to the
> latest 8.5.x release and re-trying would be the best move. There have
> been many fixes since your 8.5.5 release which is now 4+ years old.
>

I have switched today from Apr connector to  Nio2 connector and no problem
yet.
What I have found strange is that processor usage is lower when using Nio2,
I have never tested it or tried it before, I have setup APR for
performances reason back in 2016. But oddly it seems with Nio2 processor
usage is lower.
I have tried the last OpenJDK but jstack is not working for me, so switched
back to the previous old JRM.
Let's see what will happen...




> -chris
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>


Re: Tolerating significant system time adjustment

2020-12-16 Thread Christopher Schultz

Mark,

On 12/16/20 11:04, Mark Thomas wrote:

On 16/12/2020 14:04, Christopher Schultz wrote:

All,

I'm working with a partner to troubleshoot a SAML-based service where
their SAML responses are reaching us after timing-out. I tracked that
down to an incorrect system time on many of their servers.

Once fixing the clocks -- hopefully using ntpd or similar which can
smear time adjustments out over time to avoid huge, sudden clock changes
-- would they need to restart their Java VMs running Tomcat?

The only thing I can think of is that the "fast time format" used to
produce "Date" response headers and access-log timestamps might be
disturbed, but a quick look at the code doesn't lead me to believe that
it would suffer from a large system clock change. It doesn't, for
example, assume that every call to System.currentTimeMillis() /
System.nanoTime() returns a value larger (or equal to) than any previous
call.

Can anyone think of any reason why Tomcat (or the JVM) would need to be
restarted?


Restarted? No.

You might see things like:
- longer/shorter (possibly negative) request processing times
- earlier than expected session timeouts
- etc.


Thanks for the confirmation. Any temporary weirdness (e.g. negative 
processing times) would be (somewhat) expected and ignored.


Their application... well, know knows what assumptions that makes :)

Thanks,
-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: native connector, server problems with "No data received", what could be causing it?

2020-12-16 Thread Christopher Schultz

Mladen,

On 12/16/20 10:12, Mladen Adamović wrote:
On Wed, Dec 16, 2020 at 3:27 PM Christopher Schultz 
mailto:ch...@christopherschultz.net>> wrote:


 > We have a self-monitoring script which runs on server and when
the server
 > is not working properly it does a log save and the service restart.

How do you detect this state? Just make a request and if you get "No
data received" from curl, you restart the server?


If there is an error code or the specific text doesn't appear on the 
response we monitor the state and do /etc/init.d/tomcat restart.

The full script is:
#!/bin/bash
serverFailure=0
cd /root
rm /root/numbeo_test.out
#wget -t 1 -T 5 --no-proxy --no-cache --cache=off -q 
'localhost:8080/cost-of-living/city_result.jsp?country=Ireland=Dublin' 
-O /root/numbeo_test.out
#curl -L -m 2 -v  -o /root/numbeo_test.out --trace curl.log 
'localhost:8008/cost-of-living/in/Dublin'
curl -L -m 2 -v --insecure -o /root/numbeo_test.out --trace curl.log 
'https://localhost:8181/cost-of-living/in/Dublin 
'

wgetOutput=$?

grep -q "entries in the past" /root/numbeo_test.out
if [ $? != 0 ]; then
cd /root
rm /root/numbeo_test.out
sleep 10s
#wget -t 2 -T 2 --no-proxy --no-cache --cache=off -q 
'localhost:8080/cost-of-living/city_result.jsp?country=Ireland=Dublin' 
-O /root/numbeo_test.out
   #curl -L -m 2 --retry 1 -v  -o /root/numbeo_test.out --trace curl.log 
'localhost:8008/cost-of-living/in/Dublin'
   curl -L -m 2 -v --insecure -o /root/numbeo_test.out --trace curl.log 
'https://localhost:8181/cost-of-living/in/Dublin 
'

   wgetOutput=$?
grep -q "entries in the past" /root/numbeo_test.out

if [ $? != 0 ]; then
#echo 'server is down!';
ps -eo pid,comm | while read pid command
do
    if [[ "$command" = "java" ]]
        then
                echo $pid
                DATE=`date +%Y-%m-%d`
                echo ${wgetOutput} > ~/wget_${DATE}_${pid}.log
                cp /root/numbeo_test.out > 
~/numbeo_test_out_${DATE}_${pid}.log

                jstack -J-d64 -F $pid > ~/jstack_${DATE}_${pid}.log
                iostat > ~/iostat_${DATE}_${pid}.log
                vmstat > ~/vmstat_${DATE}_${pid}.log
                netstat -tnp > ~/netstat_${DATE}_${pid}.log
                netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut 
-d: -f1 | sort | uniq -c | sort -n > 
~/netstat_anp_outline_${DATE}_${pid}.log

                ps aux > ~/ps_aux_${DATE}_${pid}.log
                tail -n 5000 
~glassfish/apache-tomcat-8.5.5/logs/catalina.out > 
~/catalina_out_${DATE}_${pid}.log

                break
    fi
done
echo 'too many server failures... going to rebootsoftly' >> ~/reboot.log ;
date | mail -s "Numbeo soft reset" mladen.adamo...@gmail.com 


date >> ~/reboot.log
killall -9 java
/root/fix_letsencrypt_chmod.sh
#/etc/init.d/glassfish start
/etc/init.d/tomcat start
#reboot
fi
fi


That seems a little fragile, but it's your server so I guess you can do 
what you want.



I see you are using Let's Encrypt. How are you managing the rotating of
the keys and certificates?


Crontab: 5   1  1   *   *     /root/renew_cert_numbeo.sh
root@condor1796 ~ # cat renew_cert_numbeo.sh
#!/bin/bash

mkdir -p /tmp/letsencrypt/public_html
certbot certonly -n --force-renewal --webroot --webroot-path 
/tmp/letsencrypt/public_html -d numbeo.com  -d 
www.numbeo.com  \
         -d es.numbeo.com  -d pt.numbeo.com 
 -d fr.numbeo.com  -d 
ru.numbeo.com  -d ja.numbeo.com 
 -d de.numbeo.com  -d 
nl.numbeo.com  \
         -d it.numbeo.com  -d zh.numbeo.com 
 -d ar.numbeo.com  -d 
jobs.numbeo.com  \
      --agree-tos --email mladen.adamo...@gmail.com 



/root/fix_letsencrypt_chmod.sh
if [ $? != 0 ]; then
    date | mail -s "Lets encrypt renew certificate fails for numbeo.com 
" mladen.adamo...@gmail.com 


else
    /etc/init.d/tomcat restart
fi

root@condor1796 ~ # cat fix_letsencrypt_chmod.sh
#!/bin/bash
chmod o+rx /etc/letsencrypt
chmod -R o+rx /etc/letsencrypt/*

root@condor1796 ~ #


I think your scripts will restart Tomcat even when it's not necessary. 
The $? check before sending the email message looks like it should be 
checking the result of the certbot command, but it's checking the result 
of the chmod command instead. (Or maybe the result of the .sh script, 
which will proably be 0.)



 > *What would be the next steps how to identify the problem and perhaps
 > solve it?*
What have you done so far?


aaah... reading the Tomcat source to try to understand the state of Threads.

I don't see 

Re: Tolerating significant system time adjustment

2020-12-16 Thread Mark Thomas
On 16/12/2020 14:04, Christopher Schultz wrote:
> All,
> 
> I'm working with a partner to troubleshoot a SAML-based service where
> their SAML responses are reaching us after timing-out. I tracked that
> down to an incorrect system time on many of their servers.
> 
> Once fixing the clocks -- hopefully using ntpd or similar which can
> smear time adjustments out over time to avoid huge, sudden clock changes
> -- would they need to restart their Java VMs running Tomcat?
> 
> The only thing I can think of is that the "fast time format" used to
> produce "Date" response headers and access-log timestamps might be
> disturbed, but a quick look at the code doesn't lead me to believe that
> it would suffer from a large system clock change. It doesn't, for
> example, assume that every call to System.currentTimeMillis() /
> System.nanoTime() returns a value larger (or equal to) than any previous
> call.
> 
> Can anyone think of any reason why Tomcat (or the JVM) would need to be
> restarted?

Restarted? No.

You might see things like:
- longer/shorter (possibly negative) request processing times
- earlier than expected session timeouts
- etc.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: native connector, server problems with "No data received", what could be causing it?

2020-12-16 Thread Mladen Adamović
On Wed, Dec 16, 2020 at 3:27 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> > We have a self-monitoring script which runs on server and when the server
> > is not working properly it does a log save and the service restart.
>
> How do you detect this state? Just make a request and if you get "No
> data received" from curl, you restart the server?
>

If there is an error code or the specific text doesn't appear on the
response we monitor the state and do /etc/init.d/tomcat restart.
The full script is:
#!/bin/bash
serverFailure=0
cd /root
rm /root/numbeo_test.out
#wget -t 1 -T 5 --no-proxy --no-cache --cache=off -q
'localhost:8080/cost-of-living/city_result.jsp?country=Ireland=Dublin'
-O /root/numbeo_test.out
#curl -L -m 2 -v  -o /root/numbeo_test.out --trace curl.log
'localhost:8008/cost-of-living/in/Dublin'
curl -L -m 2 -v --insecure -o /root/numbeo_test.out --trace curl.log '
https://localhost:8181/cost-of-living/in/Dublin'
wgetOutput=$?

grep -q "entries in the past" /root/numbeo_test.out
if [ $? != 0 ]; then
cd /root
rm /root/numbeo_test.out
sleep 10s
#wget -t 2 -T 2 --no-proxy --no-cache --cache=off -q
'localhost:8080/cost-of-living/city_result.jsp?country=Ireland=Dublin'
-O /root/numbeo_test.out
  #curl -L -m 2 --retry 1 -v  -o /root/numbeo_test.out --trace curl.log
'localhost:8008/cost-of-living/in/Dublin'
  curl -L -m 2 -v --insecure -o /root/numbeo_test.out --trace curl.log '
https://localhost:8181/cost-of-living/in/Dublin'
  wgetOutput=$?
grep -q "entries in the past" /root/numbeo_test.out

if [ $? != 0 ]; then
#echo 'server is down!';
ps -eo pid,comm | while read pid command
do
   if [[ "$command" = "java" ]]
   then
   echo $pid
   DATE=`date +%Y-%m-%d`
   echo ${wgetOutput} > ~/wget_${DATE}_${pid}.log
   cp /root/numbeo_test.out >
~/numbeo_test_out_${DATE}_${pid}.log
   jstack -J-d64 -F $pid > ~/jstack_${DATE}_${pid}.log
   iostat > ~/iostat_${DATE}_${pid}.log
   vmstat > ~/vmstat_${DATE}_${pid}.log
   netstat -tnp > ~/netstat_${DATE}_${pid}.log
   netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d:
-f1 | sort | uniq -c | sort -n > ~/netstat_anp_outline_${DATE}_${pid}.log
   ps aux > ~/ps_aux_${DATE}_${pid}.log
   tail -n 5000
~glassfish/apache-tomcat-8.5.5/logs/catalina.out >
~/catalina_out_${DATE}_${pid}.log
   break
   fi
done
echo 'too many server failures... going to rebootsoftly' >> ~/reboot.log ;
date | mail -s "Numbeo soft reset" mladen.adamo...@gmail.com
date >> ~/reboot.log
killall -9 java
/root/fix_letsencrypt_chmod.sh
#/etc/init.d/glassfish start
/etc/init.d/tomcat start
#reboot
fi
fi


I see you are using Let's Encrypt. How are you managing the rotating of
> the keys and certificates?
>

Crontab: 5   1  1   *   * /root/renew_cert_numbeo.sh
root@condor1796 ~ # cat renew_cert_numbeo.sh
#!/bin/bash

mkdir -p /tmp/letsencrypt/public_html
certbot certonly -n --force-renewal --webroot --webroot-path
/tmp/letsencrypt/public_html -d numbeo.com -d www.numbeo.com \
-d es.numbeo.com -d  pt.numbeo.com -d  fr.numbeo.com -d
ru.numbeo.com -d  ja.numbeo.com -d  de.numbeo.com -d nl.numbeo.com \
-d it.numbeo.com -d zh.numbeo.com -d ar.numbeo.com -d
jobs.numbeo.com \
 --agree-tos --email mladen.adamo...@gmail.com

/root/fix_letsencrypt_chmod.sh
if [ $? != 0 ]; then
   date | mail -s "Lets encrypt renew certificate fails for numbeo.com"
mladen.adamo...@gmail.com
else
   /etc/init.d/tomcat restart
fi

root@condor1796 ~ # cat fix_letsencrypt_chmod.sh
#!/bin/bash
chmod o+rx /etc/letsencrypt
chmod -R o+rx /etc/letsencrypt/*

root@condor1796 ~ #



> > *What would be the next steps how to identify the problem and perhaps
> > solve it?*
> What have you done so far?
>

aaah... reading the Tomcat source to try to understand the state of Threads.

I don't see anything that sticks out in your thread dump.
>

There are several threads which are trying to get monitor in
AprEndpoint$Poller.add and no thread seems to be blocking it. Don't you
find it weird:

root@condor1796 ~ # grep Poller jstack_2020-12-16_31415.log  | grep "Apr"
 - org.apache.tomcat.util.net.AprEndpoint$Poller.add(long, long, int)
@bci=102, line=1398 (Compiled frame)
 -
org.apache.tomcat.util.net.AprEndpoint$Poller.access$500(org.apache.tomcat.util.net.AprEndpoint$Poller,
long, long, int) @bci=5, line=1157 (Compiled frame)
 - org.apache.tomcat.util.net.AprEndpoint$Poller.add(long, long, int)
@bci=102, line=1398 (Compiled frame)
 -
org.apache.tomcat.util.net.AprEndpoint$Poller.access$500(org.apache.tomcat.util.net.AprEndpoint$Poller,
long, long, int) @bci=5, line=1157 (Compiled frame)
 - org.apache.tomcat.util.net.AprEndpoint$Poller.add(long, long, int)
@bci=102, line=1398 (Compiled frame)
 -
org.apache.tomcat.util.net.AprEndpoint$Poller.access$500(org.apache.tomcat.util.net.AprEndpoint$Poller,
long, long, int) @bci=5, line=1157 (Compiled frame)
 - 

Re: native connector, server problems with "No data received", what could be causing it?

2020-12-16 Thread Christopher Schultz

Mladen,

On 12/16/20 04:10, Mladen Adamović wrote:

We have experienced a large number of HTTP requests with the problem "No
data received".
this is the example using curl:
--2020-12-15 15:38:13--
https://www.numbeo.com/admin/DownloadLastDbBackupServlet?numbeoPass=xxx
Loaded CA certificate '/etc/ssl/certs/ca-certificates.crt'
Resolving www.numbeo.com (www.numbeo.com)... 209.126.119.66
Connecting to www.numbeo.com (www.numbeo.com)|209.126.119.66|:443...
connected.
HTTP request sent, awaiting response... No data received.
Retrying.

--2020-12-15 15:38:15--  (try: 2)
https://www.numbeo.com/admin/DownloadLastDbBackupServlet?numbeoPass=xxx
Connecting to www.numbeo.com (www.numbeo.com)|209.126.119.66|:443...
connected.
HTTP request sent, awaiting response... No data received.
Retrying.


We have a self-monitoring script which runs on server and when the server
is not working properly it does a log save and the service restart.


How do you detect this state? Just make a request and if you get "No 
data received" from curl, you restart the server?



We are using currently Apache 8.5.5 and the Connector is set-up as follows
(using Tomcat native):
  


I see you are using Let's Encrypt. How are you managing the rotating of 
the keys and certificates?



*What would be the next steps how to identify the problem and perhaps
solve it?*

What have you done so far?


If we should migrate to the new version, should we try first the last
8.5 version or the last 9 Tomcat version?
I think in general you should upgrade to the latest version which makes 
sense for you. That's probably 8.5.61 for now, but maybe you should make 
a plan to migrate to Tomcat 9.x over the next few months or years.



Our JSTACK when the last problem occurred is as follows:

root@condor1796 ~ # cat jstack.log

> [...]

I don't see anything that sticks out in your thread dump.


Attaching to process ID 27753, please wait...
Debugger attached successfully.
Server compiler detected.
JVM version is 25.101-b13
Deadlock Detection:


That JVM seems fairly old, too. Consider upgrading to latest Java 8 VM 
(or beyond, if appropriate).


-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Tolerating significant system time adjustment

2020-12-16 Thread Christopher Schultz

All,

I'm working with a partner to troubleshoot a SAML-based service where 
their SAML responses are reaching us after timing-out. I tracked that 
down to an incorrect system time on many of their servers.


Once fixing the clocks -- hopefully using ntpd or similar which can 
smear time adjustments out over time to avoid huge, sudden clock changes 
-- would they need to restart their Java VMs running Tomcat?


The only thing I can think of is that the "fast time format" used to 
produce "Date" response headers and access-log timestamps might be 
disturbed, but a quick look at the code doesn't lead me to believe that 
it would suffer from a large system clock change. It doesn't, for 
example, assume that every call to System.currentTimeMillis() / 
System.nanoTime() returns a value larger (or equal to) than any previous 
call.


Can anyone think of any reason why Tomcat (or the JVM) would need to be 
restarted?


Thanks,
-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: jdbc connction pool issues [EXTERNAL]

2020-12-16 Thread Beard, Shawn
Yes same version of tomcat 9.0.31, however the one having issues is running 
java 8 where the one that shows things correctly is running java 11.



Shawn​  Beard

Sr. Systems Engineer |
BTS

Middleware Engineering   |  +1-515-564-2528 |  
sbe...@wrberkley.com









-Original Message-
From: Phil Steitz 
Sent: Tuesday, December 15, 2020 3:37 PM
To: users@tomcat.apache.org
Subject: Re: jdbc connction pool issues [EXTERNAL]

** CAUTION: External message


On 12/15/20 1:35 PM, Beard, Shawn wrote:
> No intitialSize is not defined.
>
> Im getting the data to verify from JMX, however we also have an APM called 
> appdynamics loaded. Both verified the 8 max connections.
>
> Other tomcat servers with exact same jdbc connection pool config(only 
> difference is servername, databasename, user and pass) show 50 max 
> connections, which is what maxActive is set to.

Are the other tomcat servers running the same tomcat version? Since TC8, the 
default connection pool is DBCP2 which uses maxTotal in place of maxActive. See 
[1]. If you are running 8+, s/maxActive/maxTotal in the config should work.

Phil

[1] 
https://urldefense.com/v3/__https://tomcat.apache.org/migration-8.html*Database_Connection_Pooling__;Iw!!Li8W9_Um1Taa!orxL7Ci-tTj7jM-90ooXXY8VTcDfIzFLc9YZw4Oh-ybxGw-BbIQv4_O0_vGUlXfF$

>
>
>
> Shawn​ Beard
>
> Sr. Systems Engineer |
> BTS
>
> Middleware Engineering | +1-515-564-2528 | 
> sbe...@wrberkley.com
>
>
>
>
>
>
>
>
>
> -Original Message-
> From: Johnson, Jim 
> Sent: Tuesday, December 15, 2020 2:22 PM
> To: Tomcat Users List 
> Subject: RE: jdbc connction pool issues [EXTERNAL]
>
> ** CAUTION: External message
>
>
> Hi Shawn,
>
> No, I don't think that maxActive means that it's defining the maximum
> number of connections for the pool, I think it's strictly referring to
> the "[ .. ] maximum number of *active connections* that can be
> allocated from this pool at the same time. [ .. ]" (emphasis mine on
> active connections)
>
> Here is the doc that I've been referring to - sorry for not linking it 
> earlier:
> https://urldefense.com/v3/__https://tomcat.apache.org/tomcat-9.0-doc/j
> dbc-pool.html__;!!Li8W9_Um1Taa!vJGrxr7yc86joO5r6QoNstpipfempGFqrYRe3_N
> yAIGNs-LenmBWhtjn1fRiAOex$
>
> On those other Tomcat servers is there a initialSize defined?
>
> Jim
>
> -Original Message-
> From: Beard, Shawn 
> Sent: Tuesday, December 15, 2020 2:49 PM
> To: Tomcat Users List 
> Subject: RE: jdbc connction pool issues [EXTERNAL]
>
> But wouldn’t maxActive mean the connection pool has a max of 50 conenctions? 
> On other tomcat servers I have, maxActive is set to 50 and I verified im jmx 
> that there are 50 max connections on the connection pool.
>
> Here though I checked jmx, sure enough, its max connections is 8.
>
>
>
> Shawn​ Beard
>
> Sr. Systems Engineer |
> BTS
>
> Middleware Engineering | +1-515-564-2528 |
> sbe...@wrberkley.com
>
>
>
>
>
>
>
>
>
> -Original Message-
> From: Johnson, Jim 
> Sent: Tuesday, December 15, 2020 1:35 PM
> To: Tomcat Users List 
> Subject: RE: jdbc connction pool issues [EXTERNAL]
>
> ** CAUTION: External message
>
>
> Hi Shawn,
>
> I think you’re missing initialSize
>
> initialSize
> (int)The initial number of connections that are created when the pool
> is started. Default value is 10
>
> maxActive
> (int) The maximum number of active connections that can be allocated
> from this pool at the same time. The default value is 100
>
> It would make sense that 8 connections would be 80% utilized.
>
> I would try replacing maxActive with initialSize and seeing how that works 
> for you.
>
> Good luck!
>
> - Jim
>
> From: Beard, Shawn 
> Sent: Tuesday, December 15, 2020 2:12 PM
> To: Tomcat Users List 
> Subject: jdbc connction pool issues
>
> CAUTION EXTERNAL EMAIL: This email originated from outside of the 
> organization. Do not click links or open attachments unless you recognize the 
> sender and know the content is safe.
>
> We have this jdbc connection pool set up:
>
>  driverClassName="com.microsoft.sqlserver.jdbc.SQLServerDriver"
> url="jdbc:sqlserver://hostname:1433;selectMethod=direct;databaseName=databasename;sendStringParametersAsUnicode=false"
> username="XXX" password="XX" maxIdle="20" minIdle="10" maxActive="50"
> maxWait="3" testWhileIdle="true" testOnBorrow="true"
> validationQuery="SELECT 1"/>
>
> However we are getting this error:
> Resource Pool Limit Reached
> Time 12/15/20 11:48:00 AM
> Summary
> JDBC Connection Pool
> Catalina:class=javax.sql.DataSource,context=/XX,host=X,name="j
> dbc/DataSource",type=DataSource has reached 80% limit. Current pool
> size [8, Max pool size [8]
>
> Shouldn’t the max connections of the connection pool be 50 since maxActive is 
> 50?
>
>
>
> Shawn Beard • Sr. Systems Engineer
> Middleware Engineering
>
> [cid:image003.png@01D6D2E3.D5F1EFA0]
>
> 3840 109th Street