Re: SSL trusted certificate
Thank you very much for your help. In my situation the probleme was that i' ve generate a bad certificate. When the java keytool ask me the question what' s your name i need to set this value with the name of my server (in my case with localhost) and not MY name ;) So now all woks fine. On 3/10/06, Bill Barker [EMAIL PROTECTED] wrote: Yawn, set truststoreFile=/path/to/keystore/file on the Connector / element. In most cases, the truststore and keystore are different authorities, so there is no good reason for Tomcat to default them to being the same. David Avenante [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I' m use CAS for SSO solution. I' ve create a certifiacte for my tomcat and deployed my two applications (CAS server AND client) on the same Tomcat with certificate. When i go to my client application i' m redirecte (in https mode) to the CAS server login page with aknowledge of my certificate in the browser. So all seem OK but after authentification, the CAS protocol callback me to my client who (my client) query the cas server for validation. And this call Fail with : Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target ... Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target ... Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target So after many time on the net the probleme seems to be identified as : for some reason the web server keystore does not trust the HTTPS certificate presented by the CAS server But my client and my server are on the same tomcat Thank you for any help ;) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL trusted certificate
Thank you very much for your help. In my situation the probleme was that i' ve generate a bad certificate. When the java keytool ask me the question what' s your name i need to set this value with the name of my server (in my case with localhost) and not MY name ;) So now all woks fine. And thank your for the link ;) On 3/11/06, Velpi [EMAIL PROTECTED] wrote: I' m use CAS for SSO solution. I' ve create a certifiacte for my tomcat and deployed my two applications (CAS server AND client) on the same Tomcat with certificate. You might want to take a look at this: http://shib.kuleuven.be/docs/idp/install-idp-1.3-windows2003.shtml#trust we use the JVM's default truststore --Velpi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SSL trusted certificate
Hi, I' m use CAS for SSO solution. I' ve create a certifiacte for my tomcat and deployed my two applications (CAS server AND client) on the same Tomcat with certificate. When i go to my client application i' m redirecte (in https mode) to the CAS server login page with aknowledge of my certificate in the browser. So all seem OK but after authentification, the CAS protocol callback me to my client who (my client) query the cas server for validation. And this call Fail with : Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target ... Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target ... Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target So after many time on the net the probleme seems to be identified as : for some reason the web server keystore does not trust the HTTPS certificate presented by the CAS server But my client and my server are on the same tomcat Thank you for any help ;)
Re: configuring mod_jk with apache / tomcat
1 - Yes it's seems the good binary. 2 - sample part httpd.conf to add for support mod_jk in apache # Load mod_jk module LoadModulejk_modulemodules/mod_jk.so JkWorkersFile /etc/apache2/jk-workers.properties JkLogFile /var/log/apache2/mod_jk.log JkLogLevelERROR JkLogStampFormat [%a %b %d %H:%M:%S %Y] JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories JkRequestLogFormat %w %V %T JkMount /cluster-1.0-SNAPSHOT/app* loadbalancer Be carreful : in the line LoadModule, modules/mod_jk.so is the path to your module in the line JkWorkersFile, /etc/apache2/jk-workers.properties is the path to you workers.properties for a sample of worker propertie # workers.properties ps=/ # List the workers name worker.list=node01 # # First worker # worker.node01.port=8009 worker.node01.host=agnes worker.node01.type=ajp13 Be carefull when you configure your Tomcat's server.xml file add jvmRoute=node01 in your engine. Be think to read the documentation of tomcat 5.5 and the documentation of apache connector for better configuration On 2/17/06, Brad O'Hearne [EMAIL PROTECTED] wrote: Bump. Does anyone have any idea on these? I need to get Tomcat configured with apache. Thanks! Brad On Feb 16, 2006, at 8:00 PM, Brad O'Hearne wrote: I am trying to get the Tomcat connector configured to connect tomcat and apache and I have two questions: 1) I downloaded the binary distribution for linux, and the filename was: jakarta-tomcat-connectors-jk-1.2.14-linux-sles9-x86_64- worker.so. Is this supposed to be mod_jk? 2) What kind of workers.properties should I have? There is no sample in the http/conf or tomcat/conf directory. Thanks, Brad - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5.5.15 Clustering ?
when if you had read carefully :).Dont take free support for granted :) For the next steps wich configuration do you want ? with or without mcastBindAddress in server.xml both. does Tomcat recognize membership on both settings now? or still only without the mcastBindAddress attribute? Then follow these steps 1. Shutdown the MCaster program 2. Shutdown both Tomcats - delete or archive your logs 3. Set waitForAck=false on your Sender element 4. Start tomcat 1 5. Wait 10 seconds 6. Start tomcat 2 7. Send us your new output from tomcat Filip David Avenante wrote: Now tell us 1. OS Version - gentoo with 2.6.15 kernel 2. Java version - Sun JDK 1.5.0.06 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5.5.15 Clustering ?
OK i continu to explore this multicast problem on my boxes So what i've learn I learn that it's right to develop J2EE application on Linux. I can see very quickly problem that i can find in production infrastructure. i'm sure on windows all my problemes was be masked. It's improve my knlowledge of Linux system and network. It's fun for a developper like me too learn about system. Now i need to modifiy my real application to support clustering. Thank you again ;) On 2/17/06, Filip Hanik - Dev Lists [EMAIL PROTECTED] wrote: Perfect David, and as far as I can tell, the latter sequence that you present, clustering and session replication is working just fine. now, obviously your system is not setup correctly to bind an interface to the multicasting, so don't do it if it works without it. so what have you learned? :) Filip David Avenante wrote: -- Ok so let's go ;) My two tomcat are stopped and i run the MCaster on both box From agnes java -cp tomcat-replication.jar MCaster 224.0.0.1 45564 ovea-inspiron Usage MCaster [address port message] BEGIN TO RECEIVE SENT:ovea-inspiron1 RECEIVED:ovea-inspiron1 FROM /192.168.2.102:45564 BEGIN TO RECEIVE RECEIVED:agnes3 FROM /192.168.2.103:45564 SENT:ovea-inspiron2 BEGIN TO RECEIVE RECEIVED:ovea-inspiron2 FROM /192.168.2.102:45564 SENT:ovea-inspiron3 BEGIN TO RECEIVE RECEIVED:agnes4 FROM /192.168.2.103:45564 SENT:ovea-inspiron4 BEGIN TO RECEIVE RECEIVED:ovea-inspiron3 FROM /192.168.2.102:45564 SENT:ovea-inspiron5 From ovea-inspiron java -cp tomcat-replication.jar MCaster 224.0.0.1 45564 agnes Usage MCaster [address port message] BEGIN TO RECEIVE RECEIVED:agnes1 FROM /192.168.2.103:45564 SENT:agnes1 BEGIN TO RECEIVE SENT:agnes2 RECEIVED:agnes2 FROM /192.168.2.103:45564 SENT:agnes3 BEGIN TO RECEIVE RECEIVED:ovea-inspiron1 FROM /192.168.2.102:45564 SENT:agnes4 BEGIN TO RECEIVE RECEIVED:agnes3 FROM /192.168.2.103:45564 SENT:agnes5 BEGIN TO RECEIVE RECEIVED:ovea-inspiron2 FROM /192.168.2.102:45564 Come on ... I - WITH mcastBindAddress Shutdown the MCaster program = Ok hutdown both Tomcats - delete or archive your logs = Ok set waitForAck=false on your Sender element = Ok Start tomcat 1 = OK ... logs are : Feb 17, 2006 12:09:08 PM org.apache.catalina.core.AprLifecycleListener lifecycleEvent INFO: The Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /opt/sun-jdk-1.5.0.06/jre/lib/i386/client:/opt/sun-jdk-1.5.0.06 /jre/lib/i386:/opt/sun-jdk-1.5.0.06/jre/../lib/i386 Feb 17, 2006 12:09:08 PM org.apache.coyote.http11.Http11BaseProtocolinit INFO: Initializing Coyote HTTP/1.1 on http-8080 Feb 17, 2006 12:09:08 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 995 ms Feb 17, 2006 12:09:08 PM org.apache.catalina.core.StandardService start INFO: Starting service Catalina Feb 17, 2006 12:09:08 PM org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/5.5.15 Feb 17, 2006 12:09:08 PM org.apache.catalina.core.StandardHost start INFO: XML validation disabled Feb 17, 2006 12:09:08 PM org.apache.catalina.cluster.tcp.SimpleTcpCluster start INFO: Cluster is about to start Feb 17, 2006 12:09:08 PM org.apache.catalina.cluster.tcp.ReplicationTransmitter start INFO: Start ClusterSender at cluster Catalina:type=Cluster,host=localhost with name Catalina:type=ClusterSender,host=localhost Feb 17, 2006 12:09:08 PM org.apache.catalina.cluster.mcast.McastServiceImpl setupSocket INFO: Setting multihome multicast interface to:/192.168.2.102 Feb 17, 2006 12:09:08 PM org.apache.catalina.cluster.mcast.McastServicestart INFO: Sleeping for 4000 secs to establish cluster membership Feb 17, 2006 12:09:12 PM org.apache.catalina.cluster.mcast.McastService registerMBean INFO: membership mbean registered (Catalina:type=ClusterMembership,host=localhost) Feb 17, 2006 12:09:12 PM org.apache.catalina.cluster.session.JvmRouteBinderValve start INFO: JvmRouteBinderValve started Feb 17, 2006 12:09:13 PM org.apache.catalina.startup.HostConfigdeployWAR INFO: Deploying web application archive cluster-1.0-SNAPSHOT.war Feb 17, 2006 12:09:13 PM org.apache.catalina.cluster.session.DeltaManager start INFO: Register manager /cluster-1.0-SNAPSHOT to cluster element Host with name localhost Feb 17, 2006 12:09:13 PM org.apache.catalina.cluster.session.DeltaManager start INFO: Starting clustering manager at /cluster-1.0-SNAPSHOT Feb 17, 2006 12:09:13 PM org.apache.catalina.cluster.session.DeltaManager getAllClusterSessions INFO: Manager [/cluster-1.0-SNAPSHOT]: skipping state transfer. No members active in cluster group. Feb 17, 2006 12:09:13 PM org.apache.jasper.EmbeddedServletOptions init SEVERE: The scratchDir you specified: /opt/java/appserver/tomcat-5.5.15/work/Catalina
Re: Tomcat 5.5.15 Clustering ?
Now tell us 1. OS Version - gentoo with 2.6.15 kernel 2. Java version - Sun JDK 1.5.0.06 OK in response of your previous message. I start the two servers and run MCast output is : On agnes : java -cp tomcat-replication.jar MCaster 224.0.0.1 45564 ovea-inspiron Usage MCaster [address port message] BEGIN TO RECEIVE SENT:ovea-inspiron1 RECEIVED:ovea-inspiron1 FROM /192.168.2.102:45564 BEGIN TO RECEIVE SENT:ovea-inspiron2 RECEIVED:▒��(f▒tcp://192.168.2.102:400cluster1 FROM /192.168.2.102:45564 SENT:ovea-inspiron3 BEGIN TO RECEIVE RECEIVED:�t�(g▒tcp://192.168.2.103:400cluster1 FROM /192.168.2.103:45564 SENT:ovea-inspiron4 BEGIN TO RECEIVE RECEIVED:��(f▒tcp://192.168.2.102:400cluster1 FROM /192.168.2.102:45564 On ovea-inspiron : java -cp tomcat-replication.jar MCaster 224.0.0.1 45564 agnes Usage MCaster [address port message] BEGIN TO RECEIVE SENT:agnes1 RECEIVED:agnes1 FROM /192.168.2.103:45564 BEGIN TO RECEIVE RECEIVED:gm???f▒tcp://192.168.2.102:400cluster1 FROM /192.168.2.102:45564 SENT:agnes2 BEGIN TO RECEIVE RECEIVED:▒g▒tcp://192.168.2.103:400cluster1 FROM /192.168.2.103:45564 SENT:agnes3 BEGIN TO RECEIVE RECEIVED:k_???f▒tcp://192.168.2.102:400cluster1 FROM /192.168.2.102:45564 SENT:agnes4 For the next steps wich configuration do you want ? with or without mcastBindAddress in server.xml configuration Then follow these steps 1. Shutdown the MCaster program 2. Shutdown both Tomcats - delete or archive your logs 3. Set waitForAck=false on your Sender element 4. Start tomcat 1 5. Wait 10 seconds 6. Start tomcat 2 7. Send us your new output from tomcat On 2/16/06, Filip Hanik - Dev Lists [EMAIL PROTECTED] wrote: ok, you didn't read my message again, that's ok. Now tell us 1. OS Version 2. Java version Then follow these steps 1. Shutdown the MCaster program 2. Shutdown both Tomcats - delete or archive your logs 3. Set waitForAck=false on your Sender element 4. Start tomcat 1 5. Wait 10 seconds 6. Start tomcat 2 7. Send us your new output from tomcat Filip David Avenante wrote: See my previous post it's on agnes the command java -cp tomcat-replication.jar MCaster 224.0.0.1 45564 ovea-inspiron and on ovea-inspiron start comand : java -cp tomcat-replication.jar MCaster 224.0.0.1 45564 agnes the ouput as the same a the other tests but tcpdump info are now : on agnes 12:43: 02.336748 IP ovea-inspiron.45566 all-systems.mcast.net.45566: UDP, length 7 12:43:02.395214 IP agnes.45564 all-systems.mcast.net.45564: UDP, length 15 12:43:05.400696 IP agnes.45564 all-systems.mcast.net.45564: UDP, length 15 12:43:05.506764 IP ovea-inspiron.45566 all-systems.mcast.net.45566: UDP, length 7 12:43:08.405287 IP agnes.45564 all-systems.mcast.net.45564: UDP, length 15 12:43:08.604056 IP ovea-inspiron.45566 all-systems.mcast.net.45566: UDP, length 7 12:43:11.410371 IP agnes.45564 all-systems.mcast.net.45564 : UDP, length 15 12:43:11.608944 IP ovea-inspiron.45566 all-systems.mcast.net.45566: UDP, length 7 on ovea-inspiron 12:45:55.861466 IP ovea-inspiron.45566 all-systems.mcast.net.45566:UDP, length 7 12:45:57.983294 IP AGNES.45564 all-systems.mcast.net.45564: UDP, length 14 12:45:58.914085 IP ovea-inspiron.45566 all-systems.mcast.net.45566:UDP, length 7 12:46:00.988429 IP AGNES.45564 all-systems.mcast.net.45564: UDP, length 15 12:46:01.918123 IP ovea-inspiron.45566 all-systems.mcast.net.45566:UDP , length 7 On 2/15/06, Filip Hanik - Dev Lists [EMAIL PROTECTED] wrote: ok, we will work through it one item at the time. show me the output from both servers MCaster program (not the tcpdump) when they run simultanously. Filip - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5.5.15 Clustering ?
Yes MULTICAST is enabled i see that by too fact :
first,
ifconfig eth0 :
eth0 Link encap:Ethernet HWaddr 00:13:D4:45:A6:3F
inet addr:192.168.2.102 Bcast:192.168.2.255 Mask:255.255.255.0
UP BROADCAST NOTRAILERS RUNNING ALLMULTI MULTICAST MTU:1500
Metric:1
RX packets:264493 errors:0 dropped:0 overruns:0 frame:0
TX packets:292063 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:98079150 (93.5 Mb) TX bytes:41007393 (39.1 Mb)
ALLMULTI and MULTICAST is enabled on two serveur interface.
second,
as you see in my first post tcpdump track the UDP messages send between
server.
For sticky_session=true i' m not agree with you.
In the connector documentation (see
http://tomcat.apache.org/connectors-doc/config/workers.html)
= Set sticky_session to *False* when Tomcat is using a Session Manager
which can persist session data across multiple instances of Tomcat
It' s my situation.
So i' m alway in the trouble by thanks a lot for the verification ;)
On 2/15/06, Peter Rossbach [EMAIL PROTECTED] wrote:
Hey,
1) Clustering need sticky_session=true and is only design for
failover (see servlet spec).
2) Are your sure that MULTICAST is enabled at eth0?
regards
Peter
[EMAIL PROTECTED]
Am 15.02.2006 um 02:26 schrieb David Avenante:
Hi,
I' ve try to use Tomcat 5.5.15 in cluster mod. And after some work on
configuration and test
i seems to be on limit of my all possibilities ;)
I try to use two tomcat in cluster with apache web server and
mod_jk as
connector.
my Apache configuration look like :
# workers.properties
ps=/
# List the workers name
worker.list=loadbalancer
#
# First worker
#
worker.node01.port=8009
worker.node01.host=agnes
worker.node01.type=ajp13
worker.node01.lbfactor=1
#worker.node01.domain=cluster1
#
# Second worker
#
worker.node02.port=9009
worker.node02.host=ovea-inspiron
worker.node02.type=ajp13
worker.node02.lbfactor=1
#worker.node02.domain=cluster1
# --
# Load Balancer worker
# --
worker.loadbalancer.type=lb
worker.loadbalancer.sticky_session=false
worker.loadbalancer.balanced_workers=node01,node02
As you can see i use two server ('agnes' IP : 192.168.2.102 and
'ovea-inspiron' IP : 192.168.2.103)
I' ve coded a little aplication who read un file and create a
sessions if
session not exist.
If i use the system in mod load balancing (with no cluster mod
activate)
all is great (my config is of course
worker.loadbalancer.sticky_session=true
)
So system run with session affinitu but the two server are
accessible ;)
Now i try to configure as cluster mode with session replication
(my config is now worker.loadbalancer.sticky_session=3Dfalse)
I configure my to server.xml like that :
agnes (IP : 192.168.2.102)
Server port=8005 shutdown=SHUTDOWN
GlobalNamingResources
Resource name=UserDatabase auth=Container
type=org.apache.catalina.UserDatabase
description=User database that can be updated
and saved
factory=
org.apache.catalina.users.MemoryUserDatabaseFactory
pathname=conf/tomcat-users.xml /
/GlobalNamingResources
Service name=Catalina
Connector port=8080 maxHttpHeaderSize=8192
maxThreads=150 minSpareThreads=25
maxSpareThreads=75
enableLookups=false redirectPort=8443
acceptCount=100
connectionTimeout=2
disableUploadTimeout=true
/
Connector port=8009 enableLookups=false
redirectPort=8443 protocol=AJP/1.3 /
Engine name=Catalina defaultHost=localhost
jvmRoute=node01
Realm className=org.apache.catalina.realm.UserDatabaseRealm
resourceName=UserDatabase /
Host name=localhost appBase=webapps
unpackWARs=true autoDeploy=true
xmlValidation=false xmlNamespaceAware=false
Cluster
className=org.apache.catalina.cluster.tcp.SimpleTcpCluster
doClusterLog=true
clusterLogName=clusterlog
manager.className=
org.apache.catalina.cluster.session.DeltaManager
manager.expireSessionsOnShutdown=false
manager.notifyListenersOnReplication=true
manager.notifySessionListenersOnReplication=true
manager.sendAllSessions=true
manager.sendAllSessionsSize=500
manager.sendAllSessionsWaitTime=20
Membership className=
org.apache.catalina.cluster.mcast.McastService
mcastBindAddress=192.168.2.102
mcastAddr
Re: Tomcat 5.5.15 Clustering ?
Thank you very much for the toolkit ;)
My feeling was also on my multicast support.
But i' ve read more documentation for my Linux
and i think that my servers support MULTICAST like
explaned on my first message (compile kernel support
and add route + test with tcpdump)
So this toolkit seems confirme the fact that my servers support multicast.
When i test on agnes with target ovea-inspiron i've:
java -cp tomcat-replication.jar MCaster 224.0.0.1 45564 ovea-inspiron
Usage MCaster [address port message]
BEGIN TO RECEIVE
SENT:ovea-inspiron1
RECEIVED:ovea-inspiron1 FROM /192.168.2.102:45564
SENT:ovea-inspiron2
BEGIN TO RECEIVE
RECEIVED:(gtcp://192.168.2.103:400cluster1 FROM /192.168.2.103:45564
SENT:ovea-inspiron3
BEGIN TO RECEIVE
RECEIVED:(ftcp://192.168.2.102:400catalina FROM /192.168.2.102:45564
SENT:ovea-inspiron4
BEGIN TO RECEIVE
RECEIVED:(gtcp://192.168.2.103:400cluster1 FROM /192.168.2.103:45564
And when i test on ovea-inspiron with target agnes i've:
java -cp tomcat-replication.jar MCaster 224.0.0.1 http://228.1.2.3/ 45566
agnes
Usage MCaster [address port message]
BEGIN TO RECEIVE
SENT:agnes1
RECEIVED:agnes1 FROM /192.168.2.103:45566
SENT:agnes2
BEGIN TO RECEIVE
RECEIVED:agnes2 FROM /192.168.2.103:45566
SENT:agnes3
BEGIN TO RECEIVE
RECEIVED:agnes3 FROM /192.168.2.103:45566
SENT:agnes4
BEGIN TO RECEIVE
RECEIVED:agnes4 FROM /192.168.2.103:45566
SENT:agnes5
BEGIN TO RECEIVE
RECEIVED:agnes5 FROM /192.168.2.103:45566
SENT:agnes6
BEGIN TO RECEIVE
RECEIVED:agnes6 FROM /192.168.2.103:45566
SENT:agnes7
BEGIN TO RECEIVE
RECEIVED:agnes7 FROM /192.168.2.103:45566
So it's not a multicast probleme but most a configuration probleme.
ovea-inspiron sent is ok but the received is empty ?
Some suggestion(s) ?
Thank's for the progress
On 2/15/06, Filip Hanik - Dev Lists [EMAIL PROTECTED] wrote:
1)Clustering need sticky_session=true and is only design for
failover (see servlet spec).
Not true for Tomcat, using replicationMode=pooled and
waitForAck=true, you can do round robin non sticky load balancing as
long as you don't have more than one thread accessing the session at any
point in time.
INFO: Manager [/cluster-1.0-SNAPSHOT]: skipping state transfer. No
members active in cluster group.
yes, your multicast isn't working, or it should have said that you had a
member.
Take a look at the bottom of the page and run the MCaster test included
in a super old version of Tomcat 4 clustering.
http://people.apache.org/~fhanik/
On multihomed hosts, it can get a little tricky to get multicasting
working and you might have to setup some routes to help. Check with your
sysadmin.
Filip
Peter Rossbach wrote:
Hey,
1)Clustering need sticky_session=true and is only design for
failover (see servlet spec).
2)Are your sure that MULTICAST is enabled at eth0?
regards
Peter
[EMAIL PROTECTED]
Am 15.02.2006 um 02:26 schrieb David Avenante:
Hi,
I' ve try to use Tomcat 5.5.15 in cluster mod. And after some work on
configuration and test
i seems to be on limit of my all possibilities ;)
I try to use two tomcat in cluster with apache web server and mod_jk as
connector.
my Apache configuration look like :
# workers.properties
ps=/
# List the workers name
worker.list=loadbalancer
#
# First worker
#
worker.node01.port=8009
worker.node01.host=agnes
worker.node01.type=ajp13
worker.node01.lbfactor=1
#worker.node01.domain=cluster1
#
# Second worker
#
worker.node02.port=9009
worker.node02.host=ovea-inspiron
worker.node02.type=ajp13
worker.node02.lbfactor=1
#worker.node02.domain=cluster1
# --
# Load Balancer worker
# --
worker.loadbalancer.type=lb
worker.loadbalancer.sticky_session=false
worker.loadbalancer.balanced_workers=node01,node02
As you can see i use two server ('agnes' IP : 192.168.2.102 and
'ovea-inspiron' IP : 192.168.2.103)
I' ve coded a little aplication who read un file and create a
sessions if
session not exist.
If i use the system in mod load balancing (with no cluster mod
activate)
all is great (my config is of course
worker.loadbalancer.sticky_session=true
)
So system run with session affinitu but the two server are accessible
;)
Now i try to configure as cluster mode with session replication
(my config is now worker.loadbalancer.sticky_session=3Dfalse)
I configure my to server.xml like that :
agnes (IP : 192.168.2.102)
Server port=8005 shutdown=SHUTDOWN
GlobalNamingResources
Resource name=UserDatabase auth=Container
type=org.apache.catalina.UserDatabase
description=User database that can be updated and
saved
factory=
org.apache.catalina.users.MemoryUserDatabaseFactory
pathname=conf/tomcat-users.xml /
/GlobalNamingResources
Service
Re: Apache / mod_jk / Multiples instances of Tomcat
You can see this URL http://www.paulkimbrel.com/?p=3 my configuration for me with one apache in front on two tomcat (for my tests) is : after install mod_jk of course ;) httpd.conf : # Load mod_jk module LoadModulejk_modulemodules/mod_jk.so JkWorkersFile /etc/apache2/workers.properties JkLogFile /var/log/apache2/mod_jk.log JkLogLevelERROR JkLogStampFormat [%a %b %d %H:%M:%S %Y] JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories JkRequestLogFormat %w %V %T JkMount /cluster-1.0-SNAPSHOT/app* loadbalancer workers.properties : # workers.properties ps=/ # List the workers name worker.list=loadbalancer # # First worker # worker.node01.port=8009 worker.node01.host=agnes worker.node01.type=ajp13 worker.node01.lbfactor=1 worker.node01.domain=cluster1 # # Second worker # worker.node02.port=9009 worker.node02.host=ovea-inspiron worker.node02.type=ajp13 worker.node02.lbfactor=1 worker.node02.domain=cluster1 # -- # Load Balancer worker # -- worker.loadbalancer.type=lb worker.loadbalancer.sticky_session=true worker.loadbalancer.balanced_workers=node01,node02 as you can see in the list of worker only the loadbalancer worker is present. Be carreful in your server.xml to add jvmRoute with same name of worker. Engine name=Catalina defaultHost=localhost jvmRoute=node01 ... On 2/15/06, Farid Izem [EMAIL PROTECTED] wrote: Hi all, I'm currently trying to build a Apache load balancings against multiples instances of Tomcat. On my host, i have three instances of Tomcat (ie using CATALINA_BASE variable), each listening on differents ports for AJP Connector. On the same server, i have an Apache using Mod_jk. Is it possible to configure load balancing across the three instances of Tomcat using mod_jk ? Morever, in the worker.properties, i don't known how to configure worker.tomcat_home as it is different for each instance of Tomcat ? Any help would be appreciate, Any Internet Links .. Kind Regards, Farid
Re: Tomcat 5.5.15 Clustering ?
I try it and the multicast seems OK ?
On 2/15/06, Filip Hanik - Dev Lists [EMAIL PROTECTED] wrote:
It is a multicast problem, your second box is not receiving any
multicast messages, only from itself.
To run this test properly, you will need to shutdown your tomcats, then
run MCaster on both machines at the same time,
if both machines are not receiving messages from each other (like your
example below) then you have a multicast problem
Filip
David Avenante wrote:
Thank you very much for the toolkit ;)
My feeling was also on my multicast support.
But i' ve read more documentation for my Linux
and i think that my servers support MULTICAST like
explaned on my first message (compile kernel support
and add route + test with tcpdump)
So this toolkit seems confirme the fact that my servers support
multicast.
When i test on agnes with target ovea-inspiron i've:
java -cp tomcat-replication.jar MCaster 224.0.0.1 45564 ovea-inspiron
Usage MCaster [address port message]
BEGIN TO RECEIVE
SENT:ovea-inspiron1
RECEIVED:ovea-inspiron1 FROM /192.168.2.102:45564
SENT:ovea-inspiron2
BEGIN TO RECEIVE
RECEIVED:(gtcp://192.168.2.103:400cluster1 FROM /192.168.2.103:45564
SENT:ovea-inspiron3
BEGIN TO RECEIVE
RECEIVED:(ftcp://192.168.2.102:400catalina FROM /192.168.2.102:45564
SENT:ovea-inspiron4
BEGIN TO RECEIVE
RECEIVED:(gtcp://192.168.2.103:400cluster1 FROM /192.168.2.103:45564
And when i test on ovea-inspiron with target agnes i've:
java -cp tomcat-replication.jar MCaster 224.0.0.1 http://228.1.2.3/
45566
agnes
Usage MCaster [address port message]
BEGIN TO RECEIVE
SENT:agnes1
RECEIVED:agnes1 FROM /192.168.2.103:45566
SENT:agnes2
BEGIN TO RECEIVE
RECEIVED:agnes2 FROM /192.168.2.103:45566
SENT:agnes3
BEGIN TO RECEIVE
RECEIVED:agnes3 FROM /192.168.2.103:45566
SENT:agnes4
BEGIN TO RECEIVE
RECEIVED:agnes4 FROM /192.168.2.103:45566
SENT:agnes5
BEGIN TO RECEIVE
RECEIVED:agnes5 FROM /192.168.2.103:45566
SENT:agnes6
BEGIN TO RECEIVE
RECEIVED:agnes6 FROM /192.168.2.103:45566
SENT:agnes7
BEGIN TO RECEIVE
RECEIVED:agnes7 FROM /192.168.2.103:45566
So it's not a multicast probleme but most a configuration probleme.
ovea-inspiron sent is ok but the received is empty ?
Some suggestion(s) ?
Thank's for the progress
On 2/15/06, Filip Hanik - Dev Lists [EMAIL PROTECTED] wrote:
1)Clustering need sticky_session=true and is only design for
failover (see servlet spec).
Not true for Tomcat, using replicationMode=pooled and
waitForAck=true, you can do round robin non sticky load balancing as
long as you don't have more than one thread accessing the session at
any
point in time.
INFO: Manager [/cluster-1.0-SNAPSHOT]: skipping state transfer. No
members active in cluster group.
yes, your multicast isn't working, or it should have said that you had
a
member.
Take a look at the bottom of the page and run the MCaster test included
in a super old version of Tomcat 4 clustering.
http://people.apache.org/~fhanik/
On multihomed hosts, it can get a little tricky to get multicasting
working and you might have to setup some routes to help. Check with
your
sysadmin.
Filip
Peter Rossbach wrote:
Hey,
1)Clustering need sticky_session=true and is only design for
failover (see servlet spec).
2)Are your sure that MULTICAST is enabled at eth0?
regards
Peter
[EMAIL PROTECTED]
Am 15.02.2006 um 02:26 schrieb David Avenante:
Hi,
I' ve try to use Tomcat 5.5.15 in cluster mod. And after some work on
configuration and test
i seems to be on limit of my all possibilities ;)
I try to use two tomcat in cluster with apache web server and mod_jk
as
connector.
my Apache configuration look like :
# workers.properties
ps=/
# List the workers name
worker.list=loadbalancer
#
# First worker
#
worker.node01.port=8009
worker.node01.host=agnes
worker.node01.type=ajp13
worker.node01.lbfactor=1
#worker.node01.domain=cluster1
#
# Second worker
#
worker.node02.port=9009
worker.node02.host=ovea-inspiron
worker.node02.type=ajp13
worker.node02.lbfactor=1
#worker.node02.domain=cluster1
# --
# Load Balancer worker
# --
worker.loadbalancer.type=lb
worker.loadbalancer.sticky_session=false
worker.loadbalancer.balanced_workers=node01,node02
As you can see i use two server ('agnes' IP : 192.168.2.102 and
'ovea-inspiron' IP : 192.168.2.103)
I' ve coded a little aplication who read un file and create a
sessions if
session not exist.
If i use the system in mod load balancing (with no cluster mod
activate)
all is great (my config is of course
worker.loadbalancer.sticky_session=true
)
So system run with session affinitu but the two server are accessible
Re: Tomcat 5.5.15 Clustering ?
Yes all right !
INFO: Register manager /cluster-1.0-SNAPSHOT to cluster element Host with
name localhost
Feb 15, 2006 10:47:32 AM org.apache.catalina.cluster.session.DeltaManagerstart
But Why
my mcastAddress is good !
now i' ve a new error
Feb 15, 2006 10:50:41 AM
org.apache.catalina.cluster.tcp.FastAsyncSocketSender$FastQueueThreadpushQueuedMessages
WARNING: Unable to asynchronously send session with id=[GET-ALL-/cluster-
1.0-SNAPSHOT] - message will be ignored.
java.net.ConnectException: Connection timed out
at java.net.PlainSocketImpl.socketConnect(Native Method)
but it's a big progress ;)
I got to verifiy if my ntp synchronisation between my server is OK ;)
Thank you very much.
On 2/15/06, Peter Rossbach [EMAIL PROTECTED] wrote:
Can you test your config without the parameter mcastBindAddress=xx?
Peter
Am 15.02.2006 um 14:35 schrieb David Avenante:
Yes MULTICAST is enabled i see that by too fact :
first,
ifconfig eth0 :
eth0 Link encap:Ethernet HWaddr 00:13:D4:45:A6:3F
inet addr:192.168.2.102 Bcast:192.168.2.255 Mask:
255.255.255.0
UP BROADCAST NOTRAILERS RUNNING ALLMULTI MULTICAST MTU:1500
Metric:1
RX packets:264493 errors:0 dropped:0 overruns:0 frame:0
TX packets:292063 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:98079150 (93.5 Mb) TX bytes:41007393 (39.1 Mb)
ALLMULTI and MULTICAST is enabled on two serveur interface.
second,
as you see in my first post tcpdump track the UDP messages send
between
server.
For sticky_session=true i' m not agree with you.
In the connector documentation (see
http://tomcat.apache.org/connectors-doc/config/workers.html)
= Set sticky_session to *False* when Tomcat is using a Session
Manager
which can persist session data across multiple instances of Tomcat
It' s my situation.
So i' m alway in the trouble by thanks a lot for the verification ;)
On 2/15/06, Peter Rossbach [EMAIL PROTECTED] wrote:
Hey,
1) Clustering need sticky_session=true and is only design for
failover (see servlet spec).
2) Are your sure that MULTICAST is enabled at eth0?
regards
Peter
[EMAIL PROTECTED]
Am 15.02.2006 um 02:26 schrieb David Avenante:
Hi,
I' ve try to use Tomcat 5.5.15 in cluster mod. And after some
work on
configuration and test
i seems to be on limit of my all possibilities ;)
I try to use two tomcat in cluster with apache web server and
mod_jk as
connector.
my Apache configuration look like :
# workers.properties
ps=/
# List the workers name
worker.list=loadbalancer
#
# First worker
#
worker.node01.port=8009
worker.node01.host=agnes
worker.node01.type=ajp13
worker.node01.lbfactor=1
#worker.node01.domain=cluster1
#
# Second worker
#
worker.node02.port=9009
worker.node02.host=ovea-inspiron
worker.node02.type=ajp13
worker.node02.lbfactor=1
#worker.node02.domain=cluster1
# --
# Load Balancer worker
# --
worker.loadbalancer.type=lb
worker.loadbalancer.sticky_session=false
worker.loadbalancer.balanced_workers=node01,node02
As you can see i use two server ('agnes' IP : 192.168.2.102 and
'ovea-inspiron' IP : 192.168.2.103)
I' ve coded a little aplication who read un file and create a
sessions if
session not exist.
If i use the system in mod load balancing (with no cluster mod
activate)
all is great (my config is of course
worker.loadbalancer.sticky_session=true
)
So system run with session affinitu but the two server are
accessible ;)
Now i try to configure as cluster mode with session replication
(my config is now worker.loadbalancer.sticky_session=3Dfalse)
I configure my to server.xml like that :
agnes (IP : 192.168.2.102)
Server port=8005 shutdown=SHUTDOWN
GlobalNamingResources
Resource name=UserDatabase auth=Container
type=org.apache.catalina.UserDatabase
description=User database that can be updated
and saved
factory=
org.apache.catalina.users.MemoryUserDatabaseFactory
pathname=conf/tomcat-users.xml /
/GlobalNamingResources
Service name=Catalina
Connector port=8080 maxHttpHeaderSize=8192
maxThreads=150 minSpareThreads=25
maxSpareThreads=75
enableLookups=false redirectPort=8443
acceptCount=100
connectionTimeout=2
disableUploadTimeout=true
/
Connector port=8009 enableLookups=false
redirectPort=8443 protocol=AJP/1.3 /
Engine name=Catalina defaultHost=localhost
jvmRoute=node01
Realm className=org.apache.catalina.realm.UserDatabaseRealm
Re: Tomcat 5.5.15 Clustering ?
for a second. my guess is that one of your interfaces is not doing what you think it is doing. follow these simple steps 1. Make sure that your multicast is working 2. Stop all your tomcat processes 3. Make sure nothing else is broadcasting on the same mcast address 4. Delete or archive all your previous logs 5. Startup tomcat 1 - wait 10 seconds 6. Startup tomcat 2 Then do the following 7. Set tcpListenAddress=auto in your server.xml file 8. Repeat steps 1 through 6 9. email the logs to the list our guess is that you have a networking problem, but you just don't dont look into it close enough for yourself and then provide us with the info. Filip David Avenante wrote: Yes all right ! INFO: Register manager /cluster-1.0-SNAPSHOT to cluster element Host with name localhost Feb 15, 2006 10:47:32 AM org.apache.catalina.cluster.session.DeltaManagerstart But Why my mcastAddress is good ! now i' ve a new error Feb 15, 2006 10:50:41 AM org.apache.catalina.cluster.tcp.FastAsyncSocketSender$FastQueueThreadpushQueuedMessages WARNING: Unable to asynchronously send session with id=[GET-ALL-/cluster- 1.0-SNAPSHOT] - message will be ignored. java.net.ConnectException: Connection timed out at java.net.PlainSocketImpl.socketConnect(Native Method) but it's a big progress ;) I got to verifiy if my ntp synchronisation between my server is OK ;) Thank you very much. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5.5.15 Clustering ?
Yes you're right i' ve a problem in my /etc/hosts as you can see in my response to Hanik. I hope this type of thread can help people to save time. Because some skills are necessary for reolve the problem. Thank you Paul ;) On 2/15/06, Paul Smith [EMAIL PROTECTED] wrote: Is the multicast going over the 127.0.0.1 instead? We've had this problem before (redhat el3), and to fix it, you have to make sure that in /etc/hosts that localhost is bound to a real IP address and not 127.0.0.1. for some reason, in Java it always seems to want to stick to the local interface when localhost is mapped to this. Paul Smith On 16/02/2006, at 3:08 AM, Filip Hanik - Dev Lists wrote: David, you are all over the place. Slow down for a second. my guess is that one of your interfaces is not doing what you think it is doing. follow these simple steps 1. Make sure that your multicast is working 2. Stop all your tomcat processes 3. Make sure nothing else is broadcasting on the same mcast address 4. Delete or archive all your previous logs 5. Startup tomcat 1 - wait 10 seconds 6. Startup tomcat 2 Then do the following 7. Set tcpListenAddress=auto in your server.xml file 8. Repeat steps 1 through 6 9. email the logs to the list our guess is that you have a networking problem, but you just don't dont look into it close enough for yourself and then provide us with the info. Filip David Avenante wrote: Yes all right ! INFO: Register manager /cluster-1.0-SNAPSHOT to cluster element Host with name localhost Feb 15, 2006 10:47:32 AM org.apache.catalina.cluster.session.DeltaManagerstart But Why my mcastAddress is good ! now i' ve a new error Feb 15, 2006 10:50:41 AM org.apache.catalina.cluster.tcp.FastAsyncSocketSender $FastQueueThreadpushQueuedMessages WARNING: Unable to asynchronously send session with id=[GET-ALL-/ cluster- 1.0-SNAPSHOT] - message will be ignored. java.net.ConnectException: Connection timed out at java.net.PlainSocketImpl.socketConnect(Native Method) but it's a big progress ;) I got to verifiy if my ntp synchronisation between my server is OK ;) Thank you very much. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5.5.15 Clustering ?
See my previous post it's on agnes the command java -cp tomcat-replication.jar MCaster 224.0.0.1 45564 ovea-inspiron and on ovea-inspiron start comand : java -cp tomcat-replication.jar MCaster 224.0.0.1 45564 agnes the ouput as the same a the other tests but tcpdump info are now : on agnes 12:43:02.336748 IP ovea-inspiron.45566 all-systems.mcast.net.45566: UDP, length 7 12:43:02.395214 IP agnes.45564 all-systems.mcast.net.45564: UDP, length 15 12:43:05.400696 IP agnes.45564 all-systems.mcast.net.45564: UDP, length 15 12:43:05.506764 IP ovea-inspiron.45566 all-systems.mcast.net.45566: UDP, length 7 12:43:08.405287 IP agnes.45564 all-systems.mcast.net.45564: UDP, length 15 12:43:08.604056 IP ovea-inspiron.45566 all-systems.mcast.net.45566: UDP, length 7 12:43:11.410371 IP agnes.45564 all-systems.mcast.net.45564: UDP, length 15 12:43:11.608944 IP ovea-inspiron.45566 all-systems.mcast.net.45566: UDP, length 7 on ovea-inspiron 12:45:55.861466 IP ovea-inspiron.45566 all-systems.mcast.net.45566:UDP, length 7 12:45:57.983294 IP AGNES.45564 all-systems.mcast.net.45564: UDP, length 14 12:45:58.914085 IP ovea-inspiron.45566 all-systems.mcast.net.45566:UDP, length 7 12:46:00.988429 IP AGNES.45564 all-systems.mcast.net.45564: UDP, length 15 12:46:01.918123 IP ovea-inspiron.45566 all-systems.mcast.net.45566:UDP, length 7 On 2/15/06, Filip Hanik - Dev Lists [EMAIL PROTECTED] wrote: ok, we will work through it one item at the time. show me the output from both servers MCaster program (not the tcpdump) when they run simultanously. Filip - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat 5.5.15 Clustering ?
Hi,
I' ve try to use Tomcat 5.5.15 in cluster mod. And after some work on
configuration and test
i seems to be on limit of my all possibilities ;)
I try to use two tomcat in cluster with apache web server and mod_jk as
connector.
my Apache configuration look like :
# workers.properties
ps=/
# List the workers name
worker.list=loadbalancer
#
# First worker
#
worker.node01.port=8009
worker.node01.host=agnes
worker.node01.type=ajp13
worker.node01.lbfactor=1
#worker.node01.domain=cluster1
#
# Second worker
#
worker.node02.port=9009
worker.node02.host=ovea-inspiron
worker.node02.type=ajp13
worker.node02.lbfactor=1
#worker.node02.domain=cluster1
# --
# Load Balancer worker
# --
worker.loadbalancer.type=lb
worker.loadbalancer.sticky_session=false
worker.loadbalancer.balanced_workers=node01,node02
As you can see i use two server ('agnes' IP : 192.168.2.102 and
'ovea-inspiron' IP : 192.168.2.103)
I' ve coded a little aplication who read un file and create a sessions if
session not exist.
If i use the system in mod load balancing (with no cluster mod activate)
all is great (my config is of course worker.loadbalancer.sticky_session=true
)
So system run with session affinitu but the two server are accessible ;)
Now i try to configure as cluster mode with session replication
(my config is now worker.loadbalancer.sticky_session=3Dfalse)
I configure my to server.xml like that :
agnes (IP : 192.168.2.102)
Server port=8005 shutdown=SHUTDOWN
GlobalNamingResources
Resource name=UserDatabase auth=Container
type=org.apache.catalina.UserDatabase
description=User database that can be updated and saved
factory=
org.apache.catalina.users.MemoryUserDatabaseFactory
pathname=conf/tomcat-users.xml /
/GlobalNamingResources
Service name=Catalina
Connector port=8080 maxHttpHeaderSize=8192
maxThreads=150 minSpareThreads=25
maxSpareThreads=75
enableLookups=false redirectPort=8443
acceptCount=100
connectionTimeout=2 disableUploadTimeout=true
/
Connector port=8009 enableLookups=false
redirectPort=8443 protocol=AJP/1.3 /
Engine name=Catalina defaultHost=localhost jvmRoute=node01
Realm className=org.apache.catalina.realm.UserDatabaseRealm
resourceName=UserDatabase /
Host name=localhost appBase=webapps
unpackWARs=true autoDeploy=true
xmlValidation=false xmlNamespaceAware=false
Cluster className=org.apache.catalina.cluster.tcp.SimpleTcpCluster
doClusterLog=true
clusterLogName=clusterlog
manager.className=
org.apache.catalina.cluster.session.DeltaManager
manager.expireSessionsOnShutdown=false
manager.notifyListenersOnReplication=true
manager.notifySessionListenersOnReplication=true
manager.sendAllSessions=true
manager.sendAllSessionsSize=500
manager.sendAllSessionsWaitTime=20
Membership className=
org.apache.catalina.cluster.mcast.McastService
mcastBindAddress=192.168.2.102
mcastAddr=224.0.0.1
mcastPort=45564
mcastFrequency=1000
mcastDropTime=3/
Receiver className=
org.apache.catalina.cluster.tcp.ReplicationListener
tcpListenAddress=192.168.2.102
tcpListenPort=4000
tcpSelectorTimeout=100
tcpThreadCount=6 /
Sender className=
org.apache.catalina.cluster.tcp.ReplicationTransmitter
replicationMode=fastasyncqueue
doTransmitterProcessingStats=true
doProcessingStats=true
doWaitAckStats=true
queueTimeWait=true
queueDoStats=true
queueCheckLock=true
ackTimeout=15000
waitForAck=true
keepAliveTimeout=8
keepAliveMaxRequestCount=-1 /
/Host
/Engine
/Service
/Server
ovea-inspiron (IP : 192.168.2.103)
Server port=9005 shutdown=SHUTDOWN
GlobalNamingResources
Resource name=UserDatabase auth=Container
type=org.apache.catalina.UserDatabase
description=User database that can be updated and
saved
factory=
org.apache.catalina.users.MemoryUserDatabaseFactory
pathname=conf/tomcat-users.xml /
/GlobalNamingResources
Service name=Catalina
Connector port=9080 maxHttpHeaderSize=8192
