from:"Alan F"

Dealing with an insecure Struts application on Tomcat

2023-10-19 Thread Alan F

I am looking at security steps to mitigate issues with a 1.x Struts based app.

I have recommended the following until an upgrade resource is available

Remove application from current shared datasource
Remediate high risk CVE scored vulnerabilities (x4 with high EPSS rating)
Reduce exposure to internal audience.
Create new db and instance for above isolated datasource

Would you take it further and ensure this runs on it's own separate Tomcat 
instance?
Any other recommendations?

Where do find debug logging

2023-09-12 Thread Alan F

We have some applications which are pushing out to their own applogs clearly 
showing 'Debug' on most lines with a large amount of data and CI.

I would like to find out where the app team are setting this level, I have 
check in the obvious in the war files as it's a Spring Boot app in 
application.properties and logback.xml but mention error only there. Any advice 
appreciated thanks

RE: Tomcat Deployment scripts

2023-06-30 Thread Alan F

This is great thankyou Thomas. Just wondering how secure this is, prefer to be 
able to deploy with a non 'admin' account does this support a deploy only 
profile there?



-Original Message-
From: Thomas Hoffmann (Speed4Trade GmbH) 
 
Sent: 29 June 2023 09:08
To: Tomcat Users List 
Subject: AW: Tomcat Deployment scripts

Hello Alan,

> Von: Alan F  
> Gesendet: Mittwoch, 28. Juni 2023 18:24
> An: users@tomcat.apache.org
> Betreff: Tomcat Deployment scripts
>
> Anyone have an example deployment script or method used to deploy a simple 
> war and context root, also with rollback preferably. 
>
> Thanks

you could use tomcat-manager.
A war file can be deployed using curl for example:
https://stackoverflow.com/questions/4432684/tomcat-manager-remote-deploy-script

Greetings, Thomas

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat Deployment scripts

2023-06-28 Thread Alan F

Anyone have an example deployment script or method used to deploy a simple war 
and context root, also with rollback preferably.

Thanks

tomcat logging

2022-06-09 Thread Alan F

Tomcat logging

I would like to add a delimiter or characters " "  around {user-agent} for 
logging,  I wanted it in double quotes for example "Mozilla 5.0.."  but can't 
seem to make it work. Or even adding a # symbol before would help any ideas?

Thanks

 

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Constant errors in Tomcat logs

2022-06-06 Thread Alan F

HI I have a Tomcat clustered pair running, I see this 3 times a minute in the 
logs. I don't see this IP in server.xml I do have a DEV Tomcat pair is this 
somehow interfering? 

06-Jun-2022 11:15:18.836 WARNING [Catalina-utility-2] 
org.apache.catalina.tribes.group.interceptors.TcpFailureDetector.performBasicCheck
 Member added, even though we weren't 
notified:[org.apache.catalina.tribes.membership.MemberImpl[tcp://{192, 168, 
217, 57}:4102,{192, 168, 217, 57},4102, alive=3547745427, securePort=-1, UDP 
Port=-1, id={-119 -107 23 88 119 -39 74 -49 -118 57 -61 -49 -28 -91 11 43 }, 
payload={}, command={}, domain={}]]

403 whilst reading from ROOT

2022-03-04 Thread Alan F

Im trying to read robots.txt from '/' on a few tomcat servers to block web 
search engines. Obviously placed the txt file in ./webapps/ROOT/

Works fine on a few tomcat hosts that have identical server.xml / web.xml  so 
im puzzled as to why these two Tomcat servers are blocking requests, obviously 
something is different. Ive checked ./Catalina/localhost and see some 
restrictions here but only apply to /webapps/manager

Im not sure where else to look?



The error im seeing is:

HTTP Status 403 - Forbidden

Type Status Report
Description The server understood the request but refuses to authorize it.

RE: help with high cpu usage

2022-02-04 Thread Alan F

Hello Thomas,

Thanks for your input here, what's your weapon of choice to identify this 
thread bar thread dump? I just downloaded jvmtop from github but that didn't 
seem to give me any clue at all about independent threads.

Cheers

Alan

-Original Message-
From: Thomas Hoffmann (Speed4Trade GmbH) 
 
Sent: 04 February 2022 09:18
To: Tomcat Users List 
Subject: AW: help with high cpu usage

Hello,

when I encounter high CPU usage, it's best to identify the thread Id which is 
eating CPU.
Making a thread dump, you can then search for  the thread id within this dump.
This works good for long lasting threads. If the CPU eating thread changes 
quickly, it's harder to figure out.

Greetings,
Thomas

Von: Alan F 
Gesendet: Freitag, 4. Februar 2022 00:02:49
An: Tomcat Users List
Betreff: Re: help with high cpu usage

John thanks so much !! Will pass this on tomorrow. Cheers.

From: john.e.gr...@wellsfargo.com.INVALID 
Sent: 03 February 2022 22:45
To: users@tomcat.apache.org 
Subject: RE: help with high cpu usage

Alan,


> -Original Message-
> From: Alan F 
> Sent: Thursday, February 03, 2022 2:51 PM
> To: Tomcat Users List 
> Subject: RE: help with high cpu usage
>
> My bad here are the correct dumps 10 secs apart
>
> https://urldefense.com/v3/__https://fastthread.io/my-thread-
> report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS0zNzY2ZmZmNy0wZDgyL
> TRhZTItYmE3Mi0zMWQyYTYwN2M1ZjgudHh0&__;!!F9svGWnIaVPGSwU!-
> fDbBdZmwXsUn9QT9ftL8f4PTLoASDZOXCeB4UEo7qKgcIHhANQVT6VMoGvG
> st67ghaaLsg$
>
>
> https://urldefense.com/v3/__https://fastthread.io/my-thread-
> report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS00NTE3MWUxNy1jYWRi
> LTRkY2UtODBlNS1lMDk0YTJjNTg1OGEudHh0&__;!!F9svGWnIaVPGSwU!-
> fDbBdZmwXsUn9QT9ftL8f4PTLoASDZOXCeB4UEo7qKgcIHhANQVT6VMoGvG
> st67j-3O5xU$
>
>
>
>
> -Original Message-
> From: john.e.gr...@wellsfargo.com.INVALID
> 
> Sent: 03 February 2022 19:33
> To: users@tomcat.apache.org
> Subject: RE: help with high cpu usage
>
> Alan,
>
>
> > -Original Message-
> > From: Alan F 
> > Sent: Thursday, February 03, 2022 12:19 PM
> > To: Tomcat Users List 
> > Subject: help with high cpu usage
> >
> > Had some issues today with one prod host. One is fine the other has 
> > stuck around 80%Cpu.
> > Ive taken a thread dump from both hosts and would appreciate someone 
> > give a once over what it may be before I kill and restart. They are 
> > clustered nodes so running identical apps and loadbalanced by a 
> > hardware
> balancer.
> >
> > Node1 is ok (relatively!)
> > https://urldefense.com/v3/__https://fastthread.io/my-thread-
> >
> report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS1hODllYzBkZS01OGJjLTQ
> >
> 2ZDQtYWRhNS1kYjkxZjM2NjI1ZTAudHh0&__;!!F9svGWnIaVPGSwU!91fvMc
> > RzcMYr95RrClT-eCrcDNp3fKUDpupDSNtn-mDKbTl_dmUSa0LaAolXlhipl-
> > Fk2pQ$
> >
> >
> > Node 2 still has high CPU usage
> > https://urldefense.com/v3/__https://fastthread.io/my-thread-
> >
> report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS0yN2I0YWY4Mi05OWFhL
> >
> TQ3YjYtOGQ2My0wMDMwZjlkNDQzNjMudHh0&__;!!F9svGWnIaVPGSwU!9
> > 1fvMcRzcMYr95RrClT-eCrcDNp3fKUDpupDSNtn-
> > mDKbTl_dmUSa0LaAolXlhipkmLFr3E$
>
> Taking thread dumps was a good idea but I see very little activity on node 2.
> It looks like two threads are in Hibernate's
> EntityEntryContext.downgradeLocks() method, one is taking the thread 
> dump itself, and another is reading a request from a client, I think.  
> I would not expect this to add up to 80% CPU usage unless one of those 
> threads is stuck in a loop.  Comparing multiple thread dumps taken 
> 5-10 seconds apart would help answer this question.  How much GC is 
> there?  Could these Hibernate queries be pulling a huge amount of data 
> from the DB, thus causing a lot of GC activity?
>
> Node 1 looks idle except for the thread taking the thread dump.
>
> Do you know for sure that it's the Tomcat process that is using the CPU?

Of the 3 dumps from the same node, the first two are 3 hours apart, yet the two 
query threads seem to still be doing the same thing.  (I verified that the 
timestamps in the dumps are different but maybe I made a mistake.)  They are 
both making the Hibernate downgradeLocks call.  This is occurring in the 
context of committing a transaction.  That definitely makes it look like those 
threads are somehow either stuck or are looping.

The 3rd dump has those same two threads actually making queries to Oracle.  So 
within about 10 seconds, we have two threads committing transactions followed 
by making additional queries.

Definitely show these to the developers if you haven't already.

I didn't fo

Re: help with high cpu usage

2022-02-03 Thread Alan F

John thanks so much !! Will pass this on tomorrow. Cheers.

From: john.e.gr...@wellsfargo.com.INVALID 
Sent: 03 February 2022 22:45
To: users@tomcat.apache.org 
Subject: RE: help with high cpu usage

Alan,


> -Original Message-
> From: Alan F 
> Sent: Thursday, February 03, 2022 2:51 PM
> To: Tomcat Users List 
> Subject: RE: help with high cpu usage
>
> My bad here are the correct dumps 10 secs apart
>
> https://urldefense.com/v3/__https://fastthread.io/my-thread-
> report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS0zNzY2ZmZmNy0wZDgyL
> TRhZTItYmE3Mi0zMWQyYTYwN2M1ZjgudHh0&__;!!F9svGWnIaVPGSwU!-
> fDbBdZmwXsUn9QT9ftL8f4PTLoASDZOXCeB4UEo7qKgcIHhANQVT6VMoGvG
> st67ghaaLsg$
>
>
> https://urldefense.com/v3/__https://fastthread.io/my-thread-
> report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS00NTE3MWUxNy1jYWRi
> LTRkY2UtODBlNS1lMDk0YTJjNTg1OGEudHh0&__;!!F9svGWnIaVPGSwU!-
> fDbBdZmwXsUn9QT9ftL8f4PTLoASDZOXCeB4UEo7qKgcIHhANQVT6VMoGvG
> st67j-3O5xU$
>
>
>
>
> -Original Message-
> From: john.e.gr...@wellsfargo.com.INVALID
> 
> Sent: 03 February 2022 19:33
> To: users@tomcat.apache.org
> Subject: RE: help with high cpu usage
>
> Alan,
>
>
> > -Original Message-
> > From: Alan F 
> > Sent: Thursday, February 03, 2022 12:19 PM
> > To: Tomcat Users List 
> > Subject: help with high cpu usage
> >
> > Had some issues today with one prod host. One is fine the other has
> > stuck around 80%Cpu.
> > Ive taken a thread dump from both hosts and would appreciate someone
> > give a once over what it may be before I kill and restart. They are
> > clustered nodes so running identical apps and loadbalanced by a hardware
> balancer.
> >
> > Node1 is ok (relatively!)
> > https://urldefense.com/v3/__https://fastthread.io/my-thread-
> >
> report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS1hODllYzBkZS01OGJjLTQ
> >
> 2ZDQtYWRhNS1kYjkxZjM2NjI1ZTAudHh0&__;!!F9svGWnIaVPGSwU!91fvMc
> > RzcMYr95RrClT-eCrcDNp3fKUDpupDSNtn-mDKbTl_dmUSa0LaAolXlhipl-
> > Fk2pQ$
> >
> >
> > Node 2 still has high CPU usage
> > https://urldefense.com/v3/__https://fastthread.io/my-thread-
> >
> report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS0yN2I0YWY4Mi05OWFhL
> >
> TQ3YjYtOGQ2My0wMDMwZjlkNDQzNjMudHh0&__;!!F9svGWnIaVPGSwU!9
> > 1fvMcRzcMYr95RrClT-eCrcDNp3fKUDpupDSNtn-
> > mDKbTl_dmUSa0LaAolXlhipkmLFr3E$
>
> Taking thread dumps was a good idea but I see very little activity on node 2.
> It looks like two threads are in Hibernate's
> EntityEntryContext.downgradeLocks() method, one is taking the thread
> dump itself, and another is reading a request from a client, I think.  I would
> not expect this to add up to 80% CPU usage unless one of those threads is
> stuck in a loop.  Comparing multiple thread dumps taken 5-10 seconds apart
> would help answer this question.  How much GC is there?  Could these
> Hibernate queries be pulling a huge amount of data from the DB, thus
> causing a lot of GC activity?
>
> Node 1 looks idle except for the thread taking the thread dump.
>
> Do you know for sure that it's the Tomcat process that is using the CPU?

Of the 3 dumps from the same node, the first two are 3 hours apart, yet the two 
query threads seem to still be doing the same thing.  (I verified that the 
timestamps in the dumps are different but maybe I made a mistake.)  They are 
both making the Hibernate downgradeLocks call.  This is occurring in the 
context of committing a transaction.  That definitely makes it look like those 
threads are somehow either stuck or are looping.

The 3rd dump has those same two threads actually making queries to Oracle.  So 
within about 10 seconds, we have two threads committing transactions followed 
by making additional queries.

Definitely show these to the developers if you haven't already.

I didn't follow what you said about the GC.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: help with high cpu usage

2022-02-03 Thread Alan F

My bad here are the correct dumps 10 secs apart

https://fastthread.io/my-thread-report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS0zNzY2ZmZmNy0wZDgyLTRhZTItYmE3Mi0zMWQyYTYwN2M1ZjgudHh0;


https://fastthread.io/my-thread-report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS00NTE3MWUxNy1jYWRiLTRkY2UtODBlNS1lMDk0YTJjNTg1OGEudHh0;




-Original Message-
From: john.e.gr...@wellsfargo.com.INVALID  
Sent: 03 February 2022 19:33
To: users@tomcat.apache.org
Subject: RE: help with high cpu usage

Alan,


> -Original Message-
> From: Alan F 
> Sent: Thursday, February 03, 2022 12:19 PM
> To: Tomcat Users List 
> Subject: help with high cpu usage
> 
> Had some issues today with one prod host. One is fine the other has 
> stuck around 80%Cpu.
> Ive taken a thread dump from both hosts and would appreciate someone 
> give a once over what it may be before I kill and restart. They are 
> clustered nodes so running identical apps and loadbalanced by a hardware 
> balancer.
> 
> Node1 is ok (relatively!)
> https://urldefense.com/v3/__https://fastthread.io/my-thread-
> report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS1hODllYzBkZS01OGJjLTQ
> 2ZDQtYWRhNS1kYjkxZjM2NjI1ZTAudHh0&__;!!F9svGWnIaVPGSwU!91fvMc
> RzcMYr95RrClT-eCrcDNp3fKUDpupDSNtn-mDKbTl_dmUSa0LaAolXlhipl-
> Fk2pQ$
> 
> 
> Node 2 still has high CPU usage
> https://urldefense.com/v3/__https://fastthread.io/my-thread-
> report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS0yN2I0YWY4Mi05OWFhL
> TQ3YjYtOGQ2My0wMDMwZjlkNDQzNjMudHh0&__;!!F9svGWnIaVPGSwU!9
> 1fvMcRzcMYr95RrClT-eCrcDNp3fKUDpupDSNtn-
> mDKbTl_dmUSa0LaAolXlhipkmLFr3E$

Taking thread dumps was a good idea but I see very little activity on node 2.  
It looks like two threads are in Hibernate's 
EntityEntryContext.downgradeLocks() method, one is taking the thread dump 
itself, and another is reading a request from a client, I think.  I would not 
expect this to add up to 80% CPU usage unless one of those threads is stuck in 
a loop.  Comparing multiple thread dumps taken 5-10 seconds apart would help 
answer this question.  How much GC is there?  Could these Hibernate queries be 
pulling a huge amount of data from the DB, thus causing a lot of GC activity?

Node 1 looks idle except for the thread taking the thread dump.

Do you know for sure that it's the Tomcat process that is using the CPU?

RE: help with high cpu usage

2022-02-03 Thread Alan F

HI John,

Thankyou kindly for taking the time here. 

First of all looking back at the historical chart for the day I observed node 2 
rise in cpu activity about 11am this morning and stayed high node1 has dropped 
back to idle.


##Do you know for sure that its the Tomcat process that is using the CPU?##
A simple top -i showing the only process still running here at 189% is a java 
process under tomcat account.

24667 tomcat20   0  365.6g  17.2g  23080 S 189.7 54.9   2663:45 java

I have taken 2 dumps here 10 secs apart if this helps at all? 

https://fastthread.io/my-thread-report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS0zNzY2ZmZmNy0wZDgyLTRhZTItYmE3Mi0zMWQyYTYwN2M1ZjgudHh0;


https://fastthread.io/my-thread-report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS0yMzFjOGYzZS01MjYzLTRiYWYtOTJjMS1jN2RiMWRlZmEwN2QudHh0;


We do have Prometheus hooked in via jmx with Grafana but im struggling to see 
anything glaring apart from GC I see old Gen taking about 5hrs before it drops 
back one node2 as opposed to 3 on node 1. 



-Original Message-
From: john.e.gr...@wellsfargo.com.INVALID  
Sent: 03 February 2022 19:33
To: users@tomcat.apache.org
Subject: RE: help with high cpu usage

Alan,


> -Original Message-
> From: Alan F 
> Sent: Thursday, February 03, 2022 12:19 PM
> To: Tomcat Users List 
> Subject: help with high cpu usage
> 
> Had some issues today with one prod host. One is fine the other has 
> stuck around 80%Cpu.
> Ive taken a thread dump from both hosts and would appreciate someone 
> give a once over what it may be before I kill and restart. They are 
> clustered nodes so running identical apps and loadbalanced by a hardware 
> balancer.
> 
> Node1 is ok (relatively!)
> https://urldefense.com/v3/__https://fastthread.io/my-thread-
> report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS1hODllYzBkZS01OGJjLTQ
> 2ZDQtYWRhNS1kYjkxZjM2NjI1ZTAudHh0&__;!!F9svGWnIaVPGSwU!91fvMc
> RzcMYr95RrClT-eCrcDNp3fKUDpupDSNtn-mDKbTl_dmUSa0LaAolXlhipl-
> Fk2pQ$
> 
> 
> Node 2 still has high CPU usage
> https://urldefense.com/v3/__https://fastthread.io/my-thread-
> report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS0yN2I0YWY4Mi05OWFhL
> TQ3YjYtOGQ2My0wMDMwZjlkNDQzNjMudHh0&__;!!F9svGWnIaVPGSwU!9
> 1fvMcRzcMYr95RrClT-eCrcDNp3fKUDpupDSNtn-
> mDKbTl_dmUSa0LaAolXlhipkmLFr3E$

Taking thread dumps was a good idea but I see very little activity on node 2.  
It looks like two threads are in Hibernate's 
EntityEntryContext.downgradeLocks() method, one is taking the thread dump 
itself, and another is reading a request from a client, I think.  I would not 
expect this to add up to 80% CPU usage unless one of those threads is stuck in 
a loop.  Comparing multiple thread dumps taken 5-10 seconds apart would help 
answer this question.  How much GC is there?  Could these Hibernate queries be 
pulling a huge amount of data from the DB, thus causing a lot of GC activity?

Node 1 looks idle except for the thread taking the thread dump.

Do you know for sure that it's the Tomcat process that is using the CPU?

help with high cpu usage

2022-02-03 Thread Alan F

Had some issues today with one prod host. One is fine the other has stuck 
around 80%Cpu. 
Ive taken a thread dump from both hosts and would appreciate someone give a 
once over what it may be before I kill and restart. They are clustered nodes so 
running identical apps and loadbalanced by a hardware balancer.

Node1 is ok (relatively!)
https://fastthread.io/my-thread-report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS1hODllYzBkZS01OGJjLTQ2ZDQtYWRhNS1kYjkxZjM2NjI1ZTAudHh0;


Node 2 still has high CPU usage
https://fastthread.io/my-thread-report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS0yN2I0YWY4Mi05OWFhLTQ3YjYtOGQ2My0wMDMwZjlkNDQzNjMudHh0;

RE: Tomcat 9 Session replication

2022-02-01 Thread Alan F

Many thanks Mark! 

-Original Message-
From: Mark Thomas  
Sent: 01 February 2022 09:25
To: users@tomcat.apache.org
Subject: Re: Tomcat 9 Session replication

On 31/01/2022 14:54, Alan F wrote:
> Many thanks Chris,
> 
> Don't laugh I was looking at those values after Keiichi kindly mentioned this 
> too (thankyou!)  and was thinking hmm where is 15 no mention! Ok makes sense 
> now.
> 
> Im trying to find out why we chose static, I think it was a guess at trying 
> to stop the multicast interference from other hosts. I think we just had it 
> all set wrong to start with.
> 
> Looking at many online examples like here 
> https://tomcat.apache.org/tomcat-9.0-doc/cluster-howto.html is what i looked 
> would this suffice?
> 
> If you could recommend the params I need just for two hosts to talk without 
> interference ie specifying group or unique id etc.

This is a working static cluster example from my 4-node test cluster.

https://people.apache.org/~markt/dev/server-static-cluster-example.xml

Things you'll need to change:
- the jvmRoute on the Engine element
   - must be unique for each node
   - must match the reverse proxy config for sticky sessions to work
- you'll only need two members
- LocalMember needs to be correct on each node
- The address attribute of the receiver needs to be correct on each node

Mark

> 
> -Original Message-
> From: Christopher Schultz 
> Sent: 31 January 2022 14:46
> To: users@tomcat.apache.org
> Subject: Re: Tomcat 9 Session replication
> 
> All,
> 
> On 1/31/22 08:04, Keiichi Fujino wrote:
>> If you use StaticMembershipService, you must set 
>> Cluster#channelStartOptions to 15 (default).
> 
> To spell that out (since the docs aren't very explicit), the value of "15" is 
> the combination of the following flags:
> 
> SND_RX_SEQ (1) - Starts the data receiver.
> SND_TX_SEQ (2) - Starts the data transmitter ("sender").
> MBR_RX_SEQ (4) - Starts the membership receiver ("listener").
> MBR_TX_SEQ (8) - Starts the membership transmitter ("broadcaster").
>   |= 15 (0xf)
> 
> I'm curious why, if one is using static membership, are the membership 
> transmitter and receiver flags required? It seems to be that the membership 
> should remain static and therefore no membership comms shuould be required. 
> Are those important to ensure that the cluster members (through static) are 
> actually present during operation?
> 
> -chris
> 
>> 2022年1月31日(月) 16:47 Alan F :
>>
>>> OK with your advice I tried what I thought would work from example 
>>> and doesn't at all. The old example below works but this doesn’t 
>>> even detect members.
>>>
>>> Below is example to which Im using on both nodes which are remote to 
>>> eachother.
>>>
>>>
>>> >>  channelSendOptions="8" channelStartOptions = "3">
>>> >>  expireSessionsOnShutdown="false"
>>>  notifyListenersOnReplication="true"/>
>>>
>>> >> className="org.apache.catalina.tribes.group.GroupChannel">
>>>
>>>   >> className="org.apache.catalina.tribes.membership.StaticMembershipService">
>>>   >> className="org.apache.catalina.tribes.membership.StaticMember"
>>> port="4110"
>>> host="local-tomcat"
>>> domain="tomcat-pc2"
>>>
>>> uniqueId="{1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,0}" />
>>>   >> className="org.apache.catalina.tribes.membership.StaticMember"
>>> port="4110"
>>> host="remote-tomcat"
>>> domain="tomcat-pc2"
>>>
>>> uniqueId="{0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}" />
>>>   
>>>
>>>  >> className="org.apache.catalina.tribes.transport.nio.NioReceiver"
>>>address="local-tomcat"
>>>port="4110"
>>>autoBind="9"
>>>selectorTimeout="2000"
>>>maxThreads="6"/>
>>>
>>>  >> className="org.apache.catalina.tribes.transport.ReplicationTransmitter">
>>>

RE: Tomcat 9 Session replication

2022-01-31 Thread Alan F

Many thanks Chris,

Don't laugh I was looking at those values after Keiichi kindly mentioned this 
too (thankyou!)  and was thinking hmm where is 15 no mention! Ok makes sense 
now. 

Im trying to find out why we chose static, I think it was a guess at trying to 
stop the multicast interference from other hosts. I think we just had it all 
set wrong to start with. 

Looking at many online examples like here 
https://tomcat.apache.org/tomcat-9.0-doc/cluster-howto.html is what i looked 
would this suffice? 

If you could recommend the params I need just for two hosts to talk without 
interference ie specifying group or unique id etc. 

-Original Message-
From: Christopher Schultz  
Sent: 31 January 2022 14:46
To: users@tomcat.apache.org
Subject: Re: Tomcat 9 Session replication

All,

On 1/31/22 08:04, Keiichi Fujino wrote:
> If you use StaticMembershipService, you must set 
> Cluster#channelStartOptions to 15 (default).

To spell that out (since the docs aren't very explicit), the value of "15" is 
the combination of the following flags:

SND_RX_SEQ (1) - Starts the data receiver.
SND_TX_SEQ (2) - Starts the data transmitter ("sender").
MBR_RX_SEQ (4) - Starts the membership receiver ("listener").
MBR_TX_SEQ (8) - Starts the membership transmitter ("broadcaster").
 |= 15 (0xf)

I'm curious why, if one is using static membership, are the membership 
transmitter and receiver flags required? It seems to be that the membership 
should remain static and therefore no membership comms shuould be required. Are 
those important to ensure that the cluster members (through static) are 
actually present during operation?

-chris

> 2022年1月31日(月) 16:47 Alan F :
> 
>> OK with your advice I tried what I thought would work from example 
>> and doesn't at all. The old example below works but this doesn’t even 
>> detect members.
>>
>> Below is example to which Im using on both nodes which are remote to 
>> eachother.
>>
>>
>> > channelSendOptions="8" channelStartOptions = "3">
>>> expireSessionsOnShutdown="false"
>> notifyListenersOnReplication="true"/>
>>
>>> className="org.apache.catalina.tribes.group.GroupChannel">
>>
>>  > className="org.apache.catalina.tribes.membership.StaticMembershipService">
>>  > className="org.apache.catalina.tribes.membership.StaticMember"
>>port="4110"
>>host="local-tomcat"
>>domain="tomcat-pc2"
>>
>> uniqueId="{1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,0}" />
>>  > className="org.apache.catalina.tribes.membership.StaticMember"
>>port="4110"
>>host="remote-tomcat"
>>domain="tomcat-pc2"
>>
>> uniqueId="{0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}" />
>>  
>>
>> > className="org.apache.catalina.tribes.transport.nio.NioReceiver"
>>   address="local-tomcat"
>>   port="4110"
>>   autoBind="9"
>>   selectorTimeout="2000"
>>   maxThreads="6"/>
>>
>> > className="org.apache.catalina.tribes.transport.ReplicationTransmitter">
>>  > className="org.apache.catalina.tribes.transport.nio.PooledParallelSender"/>
>> 
>>
>> > className="org.apache.catalina.tribes.group.interceptors.TcpPingInterceptor"
>> staticOnly="true"/>
>> > className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"
>> />
>> > className="org.apache.catalina.tribes.group.interceptors.MessageDispatchInterceptor"/>
>> > className="org.apache.catalina.tribes.group.interceptors.ThroughputInterceptor"/>
>> > className="org.apache.catalina.tribes.group.interceptors.StaticMembershipInterceptor">
>> 
>>
>>
>>
>>> filter=""/>
>>> className="org.apache.catalina.ha.session.JvmRouteBinderValve"/>
>>
>>> className="org.apache.catalina.ha.deploy.FarmWarDeployer"
>>  tempDir="/op

RE: Tomcat 9 Session replication

2022-01-30 Thread Alan F

OK with your advice I tried what I thought would work from example and doesn't 
at all. The old example below works but this doesn’t even detect members. 

Below is example to which Im using on both nodes which are remote to eachother. 
 


  

  






   

   

   

   
   
   
   
   
   

  

  
  
  
  
  
 


-Original Message-
From: Mark Thomas  
Sent: 28 January 2022 18:15
To: users@tomcat.apache.org
Subject: Re: Tomcat 9 Session replication

On 28/01/2022 17:05, Alan F wrote:
> We are currently getting traffic from all cluster members in other 
> environments using .staticmember opposed to multicast can I confirm why this 
> is see below.
> 
> What do we need to set here for a clustered pair to make them unique 
> and talk to eachother only without seeing traffic from other members 
> in Catalina.out
> 
> This is how they are currently configured as you can see only difference 
> between nodes is the receiver and member ips are reversed. Im concerned 
> uniqueID is the same, do we also need to specify domain?

uniqueID should be unique at least within the subnet, ideally globally.

Yes, you should use a separate domain for each cluster.

Looking at your config:

You are missing the local member definition 
https://tomcat.apache.org/tomcat-10.0-doc/config/cluster-interceptor.html#Static_Membership

The deployer should be defined under the cluster, not under an interceptor.

Mark

> 
> WE have hostname A and B if you could check below:
> 
> HOSTNAME A config
> 
> 
> 
>  channelSendOptions="8">
> expireSessionsOnShutdown="false"
> notifyListenersOnReplication="true"/>
> 
> 
> 
>   className="org.apache.catalina.tribes.transport.ReplicationTransmitter">
>   className="org.apache.catalina.tribes.transport.nio.PooledParallelSender" />
>  
>address="hostnameA"
>  autoBind="0"
>  className="org.apache.catalina.tribes.transport.nio.NioReceiver"
>  maxThreads="6"
>  port="4100"
>  selectorTimeout="5000"
>  />
>  
>   className="org.apache.catalina.tribes.group.interceptors.TcpPingInterceptor" 
> staticOnly="true"/>
>   className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector" 
> />
>   className="org.apache.catalina.tribes.group.interceptors.StaticMembershipInterceptor">
>
> className="org.apache.catalina.tribes.membership.StaticMember"
> port="4100"
>  host="HostnameB"
>  uniqueId="{0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1}"
>  />
>  tempDir="/opt/tomcat/war-temp/"
>   deployDir="/opt/tomcat/war-deploy/"
>  watchDir="/opt/tomcat/war-listen/"
>  watchEnabled="true"/>
> 
>  
>   className="org.apache.catalina.tribes.group.interceptors.MessageDispatchInterceptor"
>  />
>  
>   
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat 9 Session replication

2022-01-28 Thread Alan F

We are currently getting traffic from all cluster members in other environments 
using .staticmember opposed to multicast can I confirm why this is see below.

What do we need to set here for a clustered pair to make them unique and talk 
to eachother only without seeing traffic from other members in Catalina.out

This is how they are currently configured as you can see only difference 
between nodes is the receiver and member ips are reversed. Im concerned 
uniqueID is the same, do we also need to specify domain? 

WE have hostname A and B if you could check below:

HOSTNAME A config

RE: Tomcat jdbc connections

2022-01-25 Thread Alan F

Hi Chris,

Thankyou so much for your time and detail here. I had been working on this 
yesterday and posted my findings below. In the end It turned out to be my lack 
of understanding on Tomcat, but hey we are always learning! 

I would just like to update on my discovery of the issue I had with Tomcat 
resetting connections to DB. Main issue being lack of familiarity of parameters 
and how connection pooling worked. 

One thing I was unable to see without using a DBA admin was the connections 
resetting, no level of logging in Tomcat seemed to reveal this, and in the end 
I used a simple netstat query to check connections. 

watch -n1 "netstat -ant | grep ':1521.*ESTABLISHED' | nl | tail -n20  (last 
number depends on how many connections to monitor.)

Obvs local ports will change outgoing therefore highlighting a new connection 
when these change. 

Once I had this I was able to tinker with current settings until I discovered 
the issue. Which in reality wasn't an issue per se its just that I discovered a 
non live Tomcat was behaving differently with pooled connections over a live 
host! 

Just to Recap

Symptom:
Tomcat closing DBCP pooled connections  to Database every 60 seconds 

Cause:
Tomcat was idle, therefore the configuration param was causing idle connections 
to be reset the period specified below (60 secs)

timeBetweenEvictionRunsMillis=6 

Resolution:
The behaviour above is by design, a busy server will be less likely to trigger 
this due to connections being used! 

-Original Message-
From: Christopher Schultz  
Sent: 24 January 2022 22:42
To: users@tomcat.apache.org
Subject: Re: Tomcat jdbc connections

Alan,

On 1/23/22 09:17, Alan F wrote:
> Can I just follow up here what would be the next steps how would I go 
> about capturing the root cause of these very short connection times to 
> Oracle from Tomcat.

Honestly, I would want to know what query or queries are being run by these 
short-lived connections. Something tells me that if you are able to audit those 
queries, you'll immediately know what's going on.

SELECT * FROM query_details WHERE connection_id='deadbeef'

user   | start_time | end_time | query
zabbix | 12:00:00   | 12:00:00 | SELECT COUNT(*) FROM some_queue
zabbix | 12:01:00   | 12:01:00 | SELECT COUNT(*) FROM some_queue
zabbix | 12:02:00   | 12:02:00 | SELECT COUNT(*) FROM some_queue
zabbix | 12:03:00   | 12:03:00 | SELECT COUNT(*) FROM some_queue
zabbix | 12:04:00   | 12:04:00 | SELECT COUNT(*) FROM some_queue
zabbix | 12:05:00   | 12:05:00 | SELECT COUNT(*) FROM some_queue

/me says "Oh, right. We have monitoring."

> Would it be along the lines of Wireshark or TCP dump to see what's 
> occurring as I gather this won't be captured in tomcat logging via 
> Catalina.out? Or can it be.
I would only resort to reading TCP dumps if all else fails. Why?

1. TCP dumps are large and "expensive"
2. You are encrypting connections to your database... right?!

Knowing the nature of the queries will help. If you see no queries being 
executed, then no TCP dump will help you because you won't be able to prove 
what component is making those connection anyway (unless dbcp2 pushes some 
environmental information over to Oracle whenever it makes a connection like 
"I'm connecting to Oracle on behalf of application X on Tomcat, but I'm not 
going to execute any queries mmm'kay"). I don't think dbcp does that kind of 
thing, so you'd have to crank-up the logging level on that application and/or 
Tomcat instance to see what's happening with the connection pool.

Hope that helps,
-chris

> -Original Message-
> From: Phil Steitz 
> Sent: 21 January 2022 17:50
> To: users@tomcat.apache.org
> Subject: Re: Tomcat jdbc connections
> 
> 
> 
> On 1/21/22 9:28 AM, Alan F wrote:
>> Ok thanks Phil ok I checked other connections in the same host and see 
>> minIdle="2" and initialSize="7"
>>
>> Ive run a diff on this server.xml between our active prod hosts which shows 
>> connections on Toad up for at least a day as to this idle server 
>> reconnecting after minutes!  And diff is identical apart from Cluster ips.
> Most likely culprit is network or other issue causing validations to fail.  
> With testWhileIdle on, idle connections in the pool will be tested when 
> visited and closed if validation fails.
> 
> Phil
>>
>>
>>
>>
>> -----Original Message-
>> From: Phil Steitz 
>> Sent: 21 January 2022 16:10
>> To: users@tomcat.apache.org
>> Subject: Re: Tomcat jdbc connections
>>
>>
>>
>> On 1/21/22 8:19 AM, Alan F wrote:
>>> Thanks John,
>>>
>>> Here is an example of a connection below I see 
>>> timeBetweenEvictionRunsMillis but not maxConnLifetimeMillis if the 
>>> server has no traffic does this

RE: Tomcat jdbc connections

2022-01-23 Thread Alan F

Can I just follow up here what would be the next steps how would I go about 
capturing the root cause of these very short connection times to Oracle from 
Tomcat. 
Would it be along the lines of Wireshark or TCP dump to see what's occurring as 
I gather this won't be captured in tomcat logging via Catalina.out? Or can it 
be. 



-Original Message-
From: Phil Steitz  
Sent: 21 January 2022 17:50
To: users@tomcat.apache.org
Subject: Re: Tomcat jdbc connections



On 1/21/22 9:28 AM, Alan F wrote:
> Ok thanks Phil ok I checked other connections in the same host and see 
> minIdle="2" and initialSize="7"
>
> Ive run a diff on this server.xml between our active prod hosts which shows 
> connections on Toad up for at least a day as to this idle server reconnecting 
> after minutes!  And diff is identical apart from Cluster ips.
Most likely culprit is network or other issue causing validations to fail.  
With testWhileIdle on, idle connections in the pool will be tested when visited 
and closed if validation fails.

Phil
>
>
>
>
> -Original Message-
> From: Phil Steitz 
> Sent: 21 January 2022 16:10
> To: users@tomcat.apache.org
> Subject: Re: Tomcat jdbc connections
>
>
>
> On 1/21/22 8:19 AM, Alan F wrote:
>> Thanks John,
>>
>> Here is an example of a connection below I see 
>> timeBetweenEvictionRunsMillis but not maxConnLifetimeMillis if the 
>> server has no traffic does this mean
>>
>> > timeBetweenEvictionRunsMillis="6" testWhileIdle="true" 
>> testOnReturn="false"
>> testOnBorrow="true" removeAbandonedOnBorrow="true" maxWaitmillis="3" 
>> defaultQueryTimeout="30" validationQuery="select * from dual" maxTotal="10" 
>> maxIdle="5"
>> url="jdbc:oracle:thin:@XXX:X:" username="XXX"
>> password=""  driverClassName="oracle.jdbc.OracleDriver" />
>>
>>
>> So above does that mean every 60 secs Eviction runs, does this mean a server 
>> with no traffic evicts unused connections to DB?
> One more note on this config.  Since you have not specified minIIdle or 
> initialSize, the pool will not create connections until they are requested by 
> clients.
>
> Phil
>>
>> -Original Message-
>> From: john.e.gr...@wellsfargo.com.INVALID
>> 
>> Sent: 21 January 2022 14:50
>> To: users@tomcat.apache.org
>> Subject: RE: Tomcat jdbc connections
>>
>> Alan,
>>
>>
>>> -Original Message-
>>> From: Alan F 
>>> Sent: Friday, January 21, 2022 6:53 AM
>>> To: Tomcat Users List 
>>> Subject: RE: Tomcat jdbc connections
>>>
>>> Hi Christopher
>>>
>>> Thanks for your time here.
>>>
>>> You mean like, a connection is made, no queries are executed, and 
>>> then the connection is terminated?
>>> - ANSWER -  DBAs are saying connections last a minute or so and are 
>>> replaced by a new set of connections 1 session each pool.
>>>
>>>
>>> Presumably, you have an application running on Tomcat with a JDBC 
>>> connection configured. Are you using Tomcat's built-in pooling, or 
>>> is your application managing its own pooling/connections?
>>> - ANSWER we are using dbcp2
>>>
>>>
>>> Do you have any background tasks (in the JVM) that will run even 
>>> when there is no user activity? Cache-management? Lazy-writes?
>>> - ANSWER I don't think so.
>>>
>>>
>>> Are you using Tomcat's clustering? Are you using a database-backed 
>>> session management or any kind? -
>>> - ANSWER YES clustered B node down, A node up this Tomcat node is 
>>> not live or receiving any traffic currently in test.
>>>
>>>
>>> Are the connections definitely being made from the application 
>>> itself and/or Tomcat? Or do you just see those connections coming 
>>> from the IP where the application is running? - ANSWER im assuming 
>>> according to server.xml they are utlising these declared connections via 
>>> Tomcat.
>>>
>>>
>>> Do you have any background tasks (outside the JVM) that will run 
>>> even when there are no user actions? For example, some monitoring 
>>> system that pings the server to say "can you reach the database?" - 
>>> ANSWER NO
>>>
>>>
>>> O
>>>
>> Could your pool be closing the connections after a set time?  Look at 
>> timeBetweenEvict

RE: Tomcat jdbc connections

2022-01-21 Thread Alan F

Thanks for your input Phil! Arghh will keep looking.

-Original Message-
From: Phil Steitz  
Sent: 21 January 2022 17:50
To: users@tomcat.apache.org
Subject: Re: Tomcat jdbc connections



On 1/21/22 9:28 AM, Alan F wrote:
> Ok thanks Phil ok I checked other connections in the same host and see 
> minIdle="2" and initialSize="7"
>
> Ive run a diff on this server.xml between our active prod hosts which shows 
> connections on Toad up for at least a day as to this idle server reconnecting 
> after minutes!  And diff is identical apart from Cluster ips.
Most likely culprit is network or other issue causing validations to fail.  
With testWhileIdle on, idle connections in the pool will be tested when visited 
and closed if validation fails.

Phil
>
>
>
>
> -Original Message-
> From: Phil Steitz 
> Sent: 21 January 2022 16:10
> To: users@tomcat.apache.org
> Subject: Re: Tomcat jdbc connections
>
>
>
> On 1/21/22 8:19 AM, Alan F wrote:
>> Thanks John,
>>
>> Here is an example of a connection below I see 
>> timeBetweenEvictionRunsMillis but not maxConnLifetimeMillis if the 
>> server has no traffic does this mean
>>
>> > timeBetweenEvictionRunsMillis="6" testWhileIdle="true" 
>> testOnReturn="false"
>> testOnBorrow="true" removeAbandonedOnBorrow="true" maxWaitmillis="3" 
>> defaultQueryTimeout="30" validationQuery="select * from dual" maxTotal="10" 
>> maxIdle="5"
>> url="jdbc:oracle:thin:@XXX:X:" username="XXX"
>> password=""  driverClassName="oracle.jdbc.OracleDriver" />
>>
>>
>> So above does that mean every 60 secs Eviction runs, does this mean a server 
>> with no traffic evicts unused connections to DB?
> One more note on this config.  Since you have not specified minIIdle or 
> initialSize, the pool will not create connections until they are requested by 
> clients.
>
> Phil
>>
>> -Original Message-
>> From: john.e.gr...@wellsfargo.com.INVALID
>> 
>> Sent: 21 January 2022 14:50
>> To: users@tomcat.apache.org
>> Subject: RE: Tomcat jdbc connections
>>
>> Alan,
>>
>>
>>> -Original Message-
>>> From: Alan F 
>>> Sent: Friday, January 21, 2022 6:53 AM
>>> To: Tomcat Users List 
>>> Subject: RE: Tomcat jdbc connections
>>>
>>> Hi Christopher
>>>
>>> Thanks for your time here.
>>>
>>> You mean like, a connection is made, no queries are executed, and 
>>> then the connection is terminated?
>>> - ANSWER -  DBAs are saying connections last a minute or so and are 
>>> replaced by a new set of connections 1 session each pool.
>>>
>>>
>>> Presumably, you have an application running on Tomcat with a JDBC 
>>> connection configured. Are you using Tomcat's built-in pooling, or 
>>> is your application managing its own pooling/connections?
>>> - ANSWER we are using dbcp2
>>>
>>>
>>> Do you have any background tasks (in the JVM) that will run even 
>>> when there is no user activity? Cache-management? Lazy-writes?
>>> - ANSWER I don't think so.
>>>
>>>
>>> Are you using Tomcat's clustering? Are you using a database-backed 
>>> session management or any kind? -
>>> - ANSWER YES clustered B node down, A node up this Tomcat node is 
>>> not live or receiving any traffic currently in test.
>>>
>>>
>>> Are the connections definitely being made from the application 
>>> itself and/or Tomcat? Or do you just see those connections coming 
>>> from the IP where the application is running? - ANSWER im assuming 
>>> according to server.xml they are utlising these declared connections via 
>>> Tomcat.
>>>
>>>
>>> Do you have any background tasks (outside the JVM) that will run 
>>> even when there are no user actions? For example, some monitoring 
>>> system that pings the server to say "can you reach the database?" - 
>>> ANSWER NO
>>>
>>>
>>> O
>>>
>> Could your pool be closing the connections after a set time?  Look at 
>> timeBetweenEvictionRunsMillis and maxConnLifetimeMillis here:
>>
>> https://commons.apache.org/proper/commons-dbcp/configuration.html
>> B CB  
>> [  X  ܚX KK[XZ[
>>\ \  ][  X  ܚX P X ]
>>\X K ܙ B  ܈Y][ۘ[  [X[  K[XZ[
>>\ \  Z[ X ]
>>\X K ܙ B
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat jdbc connections

2022-01-21 Thread Alan F

Ok thanks Phil ok I checked other connections in the same host and see 
minIdle="2" and initialSize="7" 

Ive run a diff on this server.xml between our active prod hosts which shows 
connections on Toad up for at least a day as to this idle server reconnecting 
after minutes!  And diff is identical apart from Cluster ips. 




-Original Message-
From: Phil Steitz  
Sent: 21 January 2022 16:10
To: users@tomcat.apache.org
Subject: Re: Tomcat jdbc connections



On 1/21/22 8:19 AM, Alan F wrote:
> Thanks John,
>
> Here is an example of a connection below I see 
> timeBetweenEvictionRunsMillis but not maxConnLifetimeMillis if the 
> server has no traffic does this mean
>
>  timeBetweenEvictionRunsMillis="6" testWhileIdle="true" 
> testOnReturn="false"
> testOnBorrow="true" removeAbandonedOnBorrow="true" maxWaitmillis="3" 
> defaultQueryTimeout="30" validationQuery="select * from dual" maxTotal="10" 
> maxIdle="5"
> url="jdbc:oracle:thin:@XXX:X:" username="XXX" 
> password=""  driverClassName="oracle.jdbc.OracleDriver" />
>
>
> So above does that mean every 60 secs Eviction runs, does this mean a server 
> with no traffic evicts unused connections to DB?

One more note on this config.  Since you have not specified minIIdle or 
initialSize, the pool will not create connections until they are requested by 
clients.

Phil
>
>
> -Original Message-
> From: john.e.gr...@wellsfargo.com.INVALID 
> 
> Sent: 21 January 2022 14:50
> To: users@tomcat.apache.org
> Subject: RE: Tomcat jdbc connections
>
> Alan,
>
>
>> -Original Message-
>> From: Alan F 
>> Sent: Friday, January 21, 2022 6:53 AM
>> To: Tomcat Users List 
>> Subject: RE: Tomcat jdbc connections
>>
>> Hi Christopher
>>
>> Thanks for your time here.
>>
>> You mean like, a connection is made, no queries are executed, and 
>> then the connection is terminated?
>> - ANSWER -  DBAs are saying connections last a minute or so and are 
>> replaced by a new set of connections 1 session each pool.
>>
>>
>> Presumably, you have an application running on Tomcat with a JDBC 
>> connection configured. Are you using Tomcat's built-in pooling, or is 
>> your application managing its own pooling/connections?
>> - ANSWER we are using dbcp2
>>
>>
>> Do you have any background tasks (in the JVM) that will run even when 
>> there is no user activity? Cache-management? Lazy-writes?
>> - ANSWER I don't think so.
>>
>>
>> Are you using Tomcat's clustering? Are you using a database-backed 
>> session management or any kind? -
>> - ANSWER YES clustered B node down, A node up this Tomcat node is not 
>> live or receiving any traffic currently in test.
>>
>>
>> Are the connections definitely being made from the application itself 
>> and/or Tomcat? Or do you just see those connections coming from the 
>> IP where the application is running? - ANSWER im assuming according 
>> to server.xml they are utlising these declared connections via Tomcat.
>>
>>
>> Do you have any background tasks (outside the JVM) that will run even 
>> when there are no user actions? For example, some monitoring system 
>> that pings the server to say "can you reach the database?" - ANSWER 
>> NO
>>
>>
>> O
>>
> Could your pool be closing the connections after a set time?  Look at 
> timeBetweenEvictionRunsMillis and maxConnLifetimeMillis here:
>
> https://commons.apache.org/proper/commons-dbcp/configuration.html
> B CB  
> [  X  ܚX KK[XZ[
>   \ \  ][  X  ܚX P X ]
>   \X K ܙ B  ܈Y][ۘ[  [X[  K[XZ[
>   \ \  Z[ X ]
>   \X K ܙ B
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat jdbc connections

2022-01-21 Thread Alan F

Thanks John,

Here is an example of a connection below I see timeBetweenEvictionRunsMillis 
but not maxConnLifetimeMillis if the server has no traffic does this mean 




So above does that mean every 60 secs Eviction runs, does this mean a server 
with no traffic evicts unused connections to DB?


-Original Message-
From: john.e.gr...@wellsfargo.com.INVALID  
Sent: 21 January 2022 14:50
To: users@tomcat.apache.org
Subject: RE: Tomcat jdbc connections

Alan,


> -Original Message-
> From: Alan F 
> Sent: Friday, January 21, 2022 6:53 AM
> To: Tomcat Users List 
> Subject: RE: Tomcat jdbc connections
> 
> Hi Christopher
> 
> Thanks for your time here.
> 
> You mean like, a connection is made, no queries are executed, and then 
> the connection is terminated?
> - ANSWER -  DBAs are saying connections last a minute or so and are 
> replaced by a new set of connections 1 session each pool.
> 
> 
> Presumably, you have an application running on Tomcat with a JDBC 
> connection configured. Are you using Tomcat's built-in pooling, or is 
> your application managing its own pooling/connections?
> - ANSWER we are using dbcp2
> 
> 
> Do you have any background tasks (in the JVM) that will run even when 
> there is no user activity? Cache-management? Lazy-writes?
> - ANSWER I don't think so.
> 
> 
> Are you using Tomcat's clustering? Are you using a database-backed 
> session management or any kind? -
> - ANSWER YES clustered B node down, A node up this Tomcat node is not 
> live or receiving any traffic currently in test.
> 
> 
> Are the connections definitely being made from the application itself 
> and/or Tomcat? Or do you just see those connections coming from the IP 
> where the application is running? - ANSWER im assuming according to 
> server.xml they are utlising these declared connections via Tomcat.
> 
> 
> Do you have any background tasks (outside the JVM) that will run even 
> when there are no user actions? For example, some monitoring system 
> that pings the server to say "can you reach the database?" - ANSWER NO
> 
> 
> O
> 

Could your pool be closing the connections after a set time?  Look at 
timeBetweenEvictionRunsMillis and maxConnLifetimeMillis here:

https://commons.apache.org/proper/commons-dbcp/configuration.html
B CB  [  
X  ܚX KK[XZ[
 \ \  ][  X  ܚX P X ]
 \X K ܙ B  ܈Y][ۘ[  [X[  K[XZ[
 \ \  Z[ X ]
 \X K ܙ B 

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat jdbc connections

2022-01-21 Thread Alan F

Hi Christopher

Thanks for your time here.

You mean like, a connection is made, no queries are executed, and then the 
connection is terminated? 
- ANSWER -  DBAs are saying connections last a minute or so and are replaced by 
a new set of connections 1 session each pool. 

Presumably, you have an application running on Tomcat with a JDBC connection 
configured. Are you using Tomcat's built-in pooling, or is your application 
managing its own pooling/connections? 
- ANSWER we are using dbcp2 

Do you have any background tasks (in the JVM) that will run even when there is 
no user activity? Cache-management? Lazy-writes? 
- ANSWER I don't think so. 

Are you using Tomcat's clustering? Are you using a database-backed session 
management or any kind? -  
- ANSWER YES clustered B node down, A node up this Tomcat node is not live or 
receiving any traffic currently in test.

Are the connections definitely being made from the application itself and/or 
Tomcat? Or do you just see those connections coming from the IP where the 
application is running? - ANSWER im assuming according to server.xml they are 
utlising these declared connections via Tomcat. 

Do you have any background tasks (outside the JVM) that will run even when 
there are no user actions? For example, some monitoring system that pings the 
server to say "can you reach the database?" - ANSWER NO

O

-Original Message-
From: Christopher Schultz  
Sent: 20 January 2022 17:34
To: users@tomcat.apache.org
Subject: Re: Tomcat jdbc connections

Alan,

On 1/20/22 09:33, Alan F wrote:
> I have an issue with connections on Tomcat9 Oracle showing connections 
> made for about 2seconds then dropped again. Is this normal when the 
> server is not being used?
You mean like, a connection is made, no queries are executed, and then the 
connection is terminated?

Presumably, you have an application running on Tomcat with a JDBC connection 
configured. Are you using Tomcat's built-in pooling, or is your application 
managing its own pooling/connections?

Do you have any background tasks (in the JVM) that will run even when there is 
no user activity? Cache-management? Lazy-writes?

Are you using Tomcat's clustering? Are you using a database-backed session 
management or any kind?

Are the connections definitely being made from the application itself and/or 
Tomcat? Or do you just see those connections coming from the IP where the 
application is running?

Do you have any background tasks (outside the JVM) that will run even when 
there are no user actions? For example, some monitoring system that pings the 
server to say "can you reach the database?"

-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat jdbc connections

2022-01-20 Thread Alan F

I have an issue with connections on Tomcat9 Oracle showing connections made for 
about 2seconds then dropped again. Is this normal when the server is not being 
used?

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat 9 Encrpytion of JDBC

2022-01-14 Thread Alan F

OK thanks Bill! 

-Original Message-
From: Bill Stewart  
Sent: 14 January 2022 19:02
To: Tomcat Users List 
Subject: Re: Tomcat 9 Encrpytion of JDBC

On Fri, Jan 14, 2022 at 10:25 AM Alan F wrote:


> Interested to know your best practices on securing jdbc plain text 
> passwords, in my last place they used a mechanism to encrypt all passwords.
> Is this the best method as I read some people don't recommend this. 
> Any details or procs on best practice appreciated.
>

The "best practice," generally speaking, is that doing so is basically 
pointless from a security perspective.

https://cwiki.apache.org/confluence/display/TOMCAT/Password

Bill

Tomcat 9 Encrpytion of JDBC

2022-01-14 Thread Alan F

All,

Interested to know your best practices on securing jdbc plain text passwords, 
in my last place they used a mechanism to encrypt all passwords. Is this the 
best method as I read some people don't recommend this. Any details or procs on 
best practice appreciated.

Thanks

Ken

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Dealing with an insecure Struts application on Tomcat

Where do find debug logging

RE: Tomcat Deployment scripts

Tomcat Deployment scripts

tomcat logging

Constant errors in Tomcat logs

403 whilst reading from ROOT

RE: help with high cpu usage

Re: help with high cpu usage

RE: help with high cpu usage

RE: help with high cpu usage

help with high cpu usage

RE: Tomcat 9 Session replication

RE: Tomcat 9 Session replication

RE: Tomcat 9 Session replication

Tomcat 9 Session replication

RE: Tomcat jdbc connections

RE: Tomcat jdbc connections

RE: Tomcat jdbc connections

RE: Tomcat jdbc connections

RE: Tomcat jdbc connections

RE: Tomcat jdbc connections

Tomcat jdbc connections

RE: Tomcat 9 Encrpytion of JDBC

Tomcat 9 Encrpytion of JDBC

25 matches

Site Navigation

Mail list logo

Footer information