Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved
On 3/19/2016 5:39 PM, Daniel Savard wrote: André, I was just trying to understand why this was a so hard requirement to run on port 80. The provided answers didn't help to understand why this was hardly needed. I was just questioning and sometimes, we, yes I include myself, look at a problem with a narrow view how to solve it and it may be helpful to be provided alternate solutions. The most common reason to run TC on port 80 is for simplicity of configuration, on production, but not huge-traffic web sites which can tolerate a small amount of down time. But, anyway, enough on this. - Daniel Savard 2016-03-19 17:02 GMT-04:00 André Warnier (tomcat): Daniel, first of all, stop top-posting (this applies to both of you). This is not the style of posting desired on this list. See http://tomcat.apache.org/lists.html#tomcat-users, #6. Secondly, the original poster (lyallex) wants to run Tomcat under Linux, without a front-end, as a webserver, listening on port 80, but running as a user which is not root. This is a legitimate way of running Tomcat, and it is not for you to tell him to run it otherwise. Presumably, he knows what he is doing, under his circumstances. Tomcat by itself cannot do that, because it cannot by itself start as root, bind to port 80, and then switch users. The jsvc program (a "wrapper" for the JVM which runs Tomcat) allows this, which is why the OP wants to use it. But he has problems configuring this to run under systemd. And this was his question : how to run Tomcat as non-root under a JVM under jsvc under systemd, listening on port 80. I have not yet tried it myself, so I cannot really help. But I have a feeling that the information that you have provided earlier, can be extrapolated to the configuration which lyallex wants. So thank you for providing that information, and let's leave it at that. There is no need and no point in transforming this conversation into a flame now. On 19.03.2016 21:33, Daniel Savard wrote: I still don't see how the number of concurrent sessions is related to the port number. The default ports for Tomcat are 8080 and 8443. For huge websites, usually you have a load balancer as a front-end anyway. You then get the capability to distribute the workload on more than one instance of Tomcat and/or servers, so, sticking on a single port isn't desirable since many instances on a single server cannot run on the same port. You get the capability to eliminate any single-point of failure as well as getting the capability to implement a non-stop environment making a Tomcat cluster. - Daniel Savard 2016-03-19 15:40 GMT-04:00 Lyallex : On 19 March 2016 at 19:19, Daniel Savard wrote: I see what you were trying to achieve, however I don't see much interest in that. Really, I've been running a successful commercial web site for the last 4 years using Tomcat as a standalone web server and servlet container using exactly this solution. 1000 concurrent sessions pose no problem I mentioned this in my first post, sorry if you missed it. 1) Obviously, if you were expecting systemd to solve that problem, you were wrong and it is a sane behavir of systemd to not allow that neither No, you misunderstood. I was trying to start jsvc from a systemd service file Please read more carefully.I never suggested that systemd would solve the problem 2) Your solution to your problem is lying on jsvc alone. 3) I believe is bad security practice to insist to bind on privileged ports for process that don't need that level of privilege. Btw, even if you switch to another user to run the code, you actually are binding to port 80 as root. Maybe you can explain us why you want to do such a thing and using any other unprivileged port isn't a solution to your problem. What is the default port for non.-encrypted http traffic to a web server? Anyway, I see no reason to start a slanging match, I have better things to do. It's all working quite nicely now anyway, thank you for your input. To learn about jsvc see http://commons.apache.org/proper/commons-daemon/jsvc.html You'll need an up to date ANSI C compiler (I use gcc) Lyallex Regards, - Daniel Savard 2016-03-19 12:10 GMT-04:00 Lyallex : It's the simplest way to find out which port you have Tomcat listening on *NIX based systems don't allow non root uses bind to ports < 1024 jsvc http://commons.apache.org/proper/commons-daemon/jsvc.html solves this problem, nobody seems to have grasped that this is what I was asking about. I know of no way to start the container, on port 80 using either startup.sh or catalina.sh using start, run or anything else. If I'm wrong then I would love to see how it's done. CentOS Linux release 7.2.1511 (Core) On 19 March 2016 at 13:46, Daniel Savard wrote: Why? What is the point? The server.xml has nothing to do
Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved
André, I was just trying to understand why this was a so hard requirement to run on port 80. The provided answers didn't help to understand why this was hardly needed. I was just questioning and sometimes, we, yes I include myself, look at a problem with a narrow view how to solve it and it may be helpful to be provided alternate solutions. But, anyway, enough on this. - Daniel Savard 2016-03-19 17:02 GMT-04:00 André Warnier (tomcat): > Daniel, > > first of all, stop top-posting (this applies to both of you). This is not > the style of posting desired on this list. > See http://tomcat.apache.org/lists.html#tomcat-users, #6. > > Secondly, > the original poster (lyallex) wants to run Tomcat under Linux, without a > front-end, as a webserver, listening on port 80, but running as a user which > is not root. > This is a legitimate way of running Tomcat, and it is not for you to tell > him to run it otherwise. Presumably, he knows what he is doing, under his > circumstances. > > Tomcat by itself cannot do that, because it cannot by itself start as root, > bind to port 80, and then switch users. > The jsvc program (a "wrapper" for the JVM which runs Tomcat) allows this, > which is why the OP wants to use it. > But he has problems configuring this to run under systemd. > And this was his question : how to run Tomcat as non-root under a JVM under > jsvc under systemd, listening on port 80. > > I have not yet tried it myself, so I cannot really help. > But I have a feeling that the information that you have provided earlier, > can be extrapolated to the configuration which lyallex wants. > So thank you for providing that information, and let's leave it at that. > There is no need and no point in transforming this conversation into a flame > now. > > > > On 19.03.2016 21:33, Daniel Savard wrote: >> >> I still don't see how the number of concurrent sessions is related to >> the port number. >> >> The default ports for Tomcat are 8080 and 8443. >> >> For huge websites, usually you have a load balancer as a front-end >> anyway. You then get the capability to distribute the workload on more >> than one instance of Tomcat and/or servers, so, sticking on a single >> port isn't desirable since many instances on a single server cannot >> run on the same port. You get the capability to eliminate any >> single-point of failure as well as getting the capability to implement >> a non-stop environment making a Tomcat cluster. >> - >> Daniel Savard >> >> >> 2016-03-19 15:40 GMT-04:00 Lyallex : >>> >>> >>> >>> On 19 March 2016 at 19:19, Daniel Savard wrote: I see what you were trying to achieve, however I don't see much interest in that. >>> >>> >>> Really, I've been running a successful commercial web site for the >>> last 4 years using Tomcat as a standalone web server >>> and servlet container using exactly this solution. 1000 concurrent >>> sessions pose no problem >>> I mentioned this in my first post, sorry if you missed it. >>> 1) Obviously, if you were expecting systemd to solve that problem, you were wrong and it is a sane behavir of systemd to not allow that neither >>> >>> >>> No, you misunderstood. I was trying to start jsvc from a systemd service >>> file >>> Please read more carefully.I never suggested that systemd would solve >>> the problem >>> 2) Your solution to your problem is lying on jsvc alone. 3) I believe is bad security practice to insist to bind on privileged ports for process that don't need that level of privilege. Btw, even if you switch to another user to run the code, you actually are binding to port 80 as root. Maybe you can explain us why you want to do such a thing and using any other unprivileged port isn't a solution to your problem. >>> >>> >>> What is the default port for non.-encrypted http traffic to a web server? >>> >>> Anyway, I see no reason to start a slanging match, I have better things >>> to do. >>> It's all working quite nicely now anyway, thank you for your input. >>> >>> To learn about jsvc see >>> http://commons.apache.org/proper/commons-daemon/jsvc.html >>> You'll need an up to date ANSI C compiler (I use gcc) >>> >>> Lyallex >>> >>> Regards, - Daniel Savard 2016-03-19 12:10 GMT-04:00 Lyallex : > > It's the simplest way to find out which port you have Tomcat listening > on > > *NIX based systems don't allow non root uses bind to ports < 1024 > > jsvc > http://commons.apache.org/proper/commons-daemon/jsvc.html > > solves this problem, nobody seems to have grasped that this is what I > was asking about. > I know of no way to start the container, on port 80 using either > startup.sh or catalina.sh using start, run or anything else. > If I'm wrong then I would love to see how
Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved
On 19.03.2016 22:06, Lyallex wrote: ... I have it working now, I'd be glad to advise if required Yes, please describe your solution. With the increasing footprint of systemd, I am sure that this information will be helpful to other tomcat users, when they search the list archives. It could probably usefully be made into a FAQ article too. http://wiki.apache.org/tomcat/FAQ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved
On 19 March 2016 at 21:02, André Warnier (tomcat)wrote: > Daniel, > > first of all, stop top-posting (this applies to both of you). This is not > the style of posting desired on this list. > See http://tomcat.apache.org/lists.html#tomcat-users, #6. > > Secondly, > the original poster (lyallex) wants to run Tomcat under Linux, without a > front-end, as a webserver, listening on port 80, but running as a user which > is not root. > This is a legitimate way of running Tomcat, and it is not for you to tell > him to run it otherwise. Presumably, he knows what he is doing, under his > circumstances. > > Tomcat by itself cannot do that, because it cannot by itself start as root, > bind to port 80, and then switch users. > The jsvc program (a "wrapper" for the JVM which runs Tomcat) allows this, > which is why the OP wants to use it. > But he has problems configuring this to run under systemd. > And this was his question : how to run Tomcat as non-root under a JVM under > jsvc under systemd, listening on port 80. > > I have not yet tried it myself, so I cannot really help. I have it working now, I'd be glad to advise if required > But I have a feeling that the information that you have provided earlier, > can be extrapolated to the configuration which lyallex wants. > So thank you for providing that information, and let's leave it at that. > There is no need and no point in transforming this conversation into a flame > now. > +1 > > > On 19.03.2016 21:33, Daniel Savard wrote: >> >> I still don't see how the number of concurrent sessions is related to >> the port number. >> >> The default ports for Tomcat are 8080 and 8443. >> >> For huge websites, usually you have a load balancer as a front-end >> anyway. You then get the capability to distribute the workload on more >> than one instance of Tomcat and/or servers, so, sticking on a single >> port isn't desirable since many instances on a single server cannot >> run on the same port. You get the capability to eliminate any >> single-point of failure as well as getting the capability to implement >> a non-stop environment making a Tomcat cluster. >> - >> Daniel Savard >> >> >> 2016-03-19 15:40 GMT-04:00 Lyallex : >>> >>> >>> >>> On 19 March 2016 at 19:19, Daniel Savard wrote: I see what you were trying to achieve, however I don't see much interest in that. >>> >>> >>> Really, I've been running a successful commercial web site for the >>> last 4 years using Tomcat as a standalone web server >>> and servlet container using exactly this solution. 1000 concurrent >>> sessions pose no problem >>> I mentioned this in my first post, sorry if you missed it. >>> 1) Obviously, if you were expecting systemd to solve that problem, you were wrong and it is a sane behavir of systemd to not allow that neither >>> >>> >>> No, you misunderstood. I was trying to start jsvc from a systemd service >>> file >>> Please read more carefully.I never suggested that systemd would solve >>> the problem >>> 2) Your solution to your problem is lying on jsvc alone. 3) I believe is bad security practice to insist to bind on privileged ports for process that don't need that level of privilege. Btw, even if you switch to another user to run the code, you actually are binding to port 80 as root. Maybe you can explain us why you want to do such a thing and using any other unprivileged port isn't a solution to your problem. >>> >>> >>> What is the default port for non.-encrypted http traffic to a web server? >>> >>> Anyway, I see no reason to start a slanging match, I have better things >>> to do. >>> It's all working quite nicely now anyway, thank you for your input. >>> >>> To learn about jsvc see >>> http://commons.apache.org/proper/commons-daemon/jsvc.html >>> You'll need an up to date ANSI C compiler (I use gcc) >>> >>> Lyallex >>> >>> Regards, - Daniel Savard 2016-03-19 12:10 GMT-04:00 Lyallex : > > It's the simplest way to find out which port you have Tomcat listening > on > > *NIX based systems don't allow non root uses bind to ports < 1024 > > jsvc > http://commons.apache.org/proper/commons-daemon/jsvc.html > > solves this problem, nobody seems to have grasped that this is what I > was asking about. > I know of no way to start the container, on port 80 using either > startup.sh or catalina.sh using start, run or anything else. > If I'm wrong then I would love to see how it's done. > > CentOS Linux release 7.2.1511 (Core) > > > On 19 March 2016 at 13:46, Daniel Savard > wrote: >> >> Why? What is the point? The server.xml has nothing to do with >> integration with systemd. >> - >> Daniel Savard >> >> >>
Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved
Daniel, first of all, stop top-posting (this applies to both of you). This is not the style of posting desired on this list. See http://tomcat.apache.org/lists.html#tomcat-users, #6. Secondly, the original poster (lyallex) wants to run Tomcat under Linux, without a front-end, as a webserver, listening on port 80, but running as a user which is not root. This is a legitimate way of running Tomcat, and it is not for you to tell him to run it otherwise. Presumably, he knows what he is doing, under his circumstances. Tomcat by itself cannot do that, because it cannot by itself start as root, bind to port 80, and then switch users. The jsvc program (a "wrapper" for the JVM which runs Tomcat) allows this, which is why the OP wants to use it. But he has problems configuring this to run under systemd. And this was his question : how to run Tomcat as non-root under a JVM under jsvc under systemd, listening on port 80. I have not yet tried it myself, so I cannot really help. But I have a feeling that the information that you have provided earlier, can be extrapolated to the configuration which lyallex wants. So thank you for providing that information, and let's leave it at that. There is no need and no point in transforming this conversation into a flame now. On 19.03.2016 21:33, Daniel Savard wrote: I still don't see how the number of concurrent sessions is related to the port number. The default ports for Tomcat are 8080 and 8443. For huge websites, usually you have a load balancer as a front-end anyway. You then get the capability to distribute the workload on more than one instance of Tomcat and/or servers, so, sticking on a single port isn't desirable since many instances on a single server cannot run on the same port. You get the capability to eliminate any single-point of failure as well as getting the capability to implement a non-stop environment making a Tomcat cluster. - Daniel Savard 2016-03-19 15:40 GMT-04:00 Lyallex: On 19 March 2016 at 19:19, Daniel Savard wrote: I see what you were trying to achieve, however I don't see much interest in that. Really, I've been running a successful commercial web site for the last 4 years using Tomcat as a standalone web server and servlet container using exactly this solution. 1000 concurrent sessions pose no problem I mentioned this in my first post, sorry if you missed it. 1) Obviously, if you were expecting systemd to solve that problem, you were wrong and it is a sane behavir of systemd to not allow that neither No, you misunderstood. I was trying to start jsvc from a systemd service file Please read more carefully.I never suggested that systemd would solve the problem 2) Your solution to your problem is lying on jsvc alone. 3) I believe is bad security practice to insist to bind on privileged ports for process that don't need that level of privilege. Btw, even if you switch to another user to run the code, you actually are binding to port 80 as root. Maybe you can explain us why you want to do such a thing and using any other unprivileged port isn't a solution to your problem. What is the default port for non.-encrypted http traffic to a web server? Anyway, I see no reason to start a slanging match, I have better things to do. It's all working quite nicely now anyway, thank you for your input. To learn about jsvc see http://commons.apache.org/proper/commons-daemon/jsvc.html You'll need an up to date ANSI C compiler (I use gcc) Lyallex Regards, - Daniel Savard 2016-03-19 12:10 GMT-04:00 Lyallex : It's the simplest way to find out which port you have Tomcat listening on *NIX based systems don't allow non root uses bind to ports < 1024 jsvc http://commons.apache.org/proper/commons-daemon/jsvc.html solves this problem, nobody seems to have grasped that this is what I was asking about. I know of no way to start the container, on port 80 using either startup.sh or catalina.sh using start, run or anything else. If I'm wrong then I would love to see how it's done. CentOS Linux release 7.2.1511 (Core) On 19 March 2016 at 13:46, Daniel Savard wrote: Why? What is the point? The server.xml has nothing to do with integration with systemd. - Daniel Savard 2016-03-19 1:40 GMT-04:00 Lyallex : Would you mind posting your server.xml, here is the relevant bit from mine. On 18 March 2016 at 23:35, Daniel Savard wrote: I believe all distros have over engineered the scripts to start Tomcat. Forget all the scripts from your distro, learn the signification of the environment variables from the catalina.sh script shipped with the default Tomcat version. Define your variables in a file, this file is not a script, so you cannot reuse a previously
Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved
I still don't see how the number of concurrent sessions is related to the port number. The default ports for Tomcat are 8080 and 8443. For huge websites, usually you have a load balancer as a front-end anyway. You then get the capability to distribute the workload on more than one instance of Tomcat and/or servers, so, sticking on a single port isn't desirable since many instances on a single server cannot run on the same port. You get the capability to eliminate any single-point of failure as well as getting the capability to implement a non-stop environment making a Tomcat cluster. - Daniel Savard 2016-03-19 15:40 GMT-04:00 Lyallex: > > > On 19 March 2016 at 19:19, Daniel Savard wrote: >> I see what you were trying to achieve, however I don't see much >> interest in that. > > Really, I've been running a successful commercial web site for the > last 4 years using Tomcat as a standalone web server > and servlet container using exactly this solution. 1000 concurrent > sessions pose no problem > I mentioned this in my first post, sorry if you missed it. > >> 1) Obviously, if you were expecting systemd to solve that problem, you >> were wrong and it is a sane behavir of systemd to not allow that >> neither > > No, you misunderstood. I was trying to start jsvc from a systemd service file > Please read more carefully.I never suggested that systemd would solve > the problem > >> 2) Your solution to your problem is lying on jsvc alone. >> 3) I believe is bad security practice to insist to bind on privileged >> ports for process that don't need that level of privilege. >> >> Btw, even if you switch to another user to run the code, you actually >> are binding to port 80 as root. >> >> Maybe you can explain us why you want to do such a thing and using any >> other unprivileged port isn't a solution to your problem. > > What is the default port for non.-encrypted http traffic to a web server? > > Anyway, I see no reason to start a slanging match, I have better things to do. > It's all working quite nicely now anyway, thank you for your input. > > To learn about jsvc see > http://commons.apache.org/proper/commons-daemon/jsvc.html > You'll need an up to date ANSI C compiler (I use gcc) > > Lyallex > > >> >> Regards, >> - >> Daniel Savard >> >> >> 2016-03-19 12:10 GMT-04:00 Lyallex : >>> It's the simplest way to find out which port you have Tomcat listening on >>> >>> *NIX based systems don't allow non root uses bind to ports < 1024 >>> >>> jsvc >>> http://commons.apache.org/proper/commons-daemon/jsvc.html >>> >>> solves this problem, nobody seems to have grasped that this is what I >>> was asking about. >>> I know of no way to start the container, on port 80 using either >>> startup.sh or catalina.sh using start, run or anything else. >>> If I'm wrong then I would love to see how it's done. >>> >>> CentOS Linux release 7.2.1511 (Core) >>> >>> >>> On 19 March 2016 at 13:46, Daniel Savard wrote: Why? What is the point? The server.xml has nothing to do with integration with systemd. - Daniel Savard 2016-03-19 1:40 GMT-04:00 Lyallex : > Would you mind posting your server.xml, here is the relevant bit from > mine. > > > > connectionTimeout="2" >redirectPort="8443" /> > > > > > > resourceName="UserDatabase"/> > > > > autoDeploy="true"> > > directory="logs" >prefix="localhost_access_log" suffix=".txt" >rotatable="false" pattern="combined" /> > > > > > > On 18 March 2016 at 23:35, Daniel Savard wrote: >> I believe all distros have over engineered the scripts to start >> Tomcat. Forget all the scripts from your distro, learn the >> signification of the environment variables from the catalina.sh script >> shipped with the default Tomcat version. Define your variables in a >> file, this file is not a script, so you cannot reuse a previously >> defined variable, feed your systemd service definition file with this >> file in the service section as EnvironmentFile=/path/name/to/your/file >> ExecStart=/path/to/catalina.sh start >> ExecStop=/path/to/catalina.sh stop >> >> and you are done. You control everything from the environment file, >> you can easily manage the environment variables without editing the >> systemd's service file. >> >> It is much simpler than the OpenRC set of scripts at my humble >> opinion. I am running Gentoo at home and RHEL at work and both distros >> wrapped Tomcat into too many layers of scripts in order to make it >> working with OpenRC while none of
Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved
On 19 March 2016 at 19:19, Daniel Savard wrote: > I see what you were trying to achieve, however I don't see much > interest in that. Really, I've been running a successful commercial web site for the last 4 years using Tomcat as a standalone web server and servlet container using exactly this solution. 1000 concurrent sessions pose no problem I mentioned this in my first post, sorry if you missed it. > 1) Obviously, if you were expecting systemd to solve that problem, you > were wrong and it is a sane behavir of systemd to not allow that > neither No, you misunderstood. I was trying to start jsvc from a systemd service file Please read more carefully.I never suggested that systemd would solve the problem > 2) Your solution to your problem is lying on jsvc alone. > 3) I believe is bad security practice to insist to bind on privileged > ports for process that don't need that level of privilege. > > Btw, even if you switch to another user to run the code, you actually > are binding to port 80 as root. > > Maybe you can explain us why you want to do such a thing and using any > other unprivileged port isn't a solution to your problem. What is the default port for non.-encrypted http traffic to a web server? Anyway, I see no reason to start a slanging match, I have better things to do. It's all working quite nicely now anyway, thank you for your input. To learn about jsvc see http://commons.apache.org/proper/commons-daemon/jsvc.html You'll need an up to date ANSI C compiler (I use gcc) Lyallex > > Regards, > - > Daniel Savard > > > 2016-03-19 12:10 GMT-04:00 Lyallex : >> It's the simplest way to find out which port you have Tomcat listening on >> >> *NIX based systems don't allow non root uses bind to ports < 1024 >> >> jsvc >> http://commons.apache.org/proper/commons-daemon/jsvc.html >> >> solves this problem, nobody seems to have grasped that this is what I >> was asking about. >> I know of no way to start the container, on port 80 using either >> startup.sh or catalina.sh using start, run or anything else. >> If I'm wrong then I would love to see how it's done. >> >> CentOS Linux release 7.2.1511 (Core) >> >> >> On 19 March 2016 at 13:46, Daniel Savard wrote: >>> Why? What is the point? The server.xml has nothing to do with >>> integration with systemd. >>> - >>> Daniel Savard >>> >>> >>> 2016-03-19 1:40 GMT-04:00 Lyallex : Would you mind posting your server.xml, here is the relevant bit from mine. >>>connectionTimeout="2" redirectPort="8443" /> >>> resourceName="UserDatabase"/> >>> autoDeploy="true"> >>> directory="logs" prefix="localhost_access_log" suffix=".txt" rotatable="false" pattern="combined" /> On 18 March 2016 at 23:35, Daniel Savard wrote: > I believe all distros have over engineered the scripts to start > Tomcat. Forget all the scripts from your distro, learn the > signification of the environment variables from the catalina.sh script > shipped with the default Tomcat version. Define your variables in a > file, this file is not a script, so you cannot reuse a previously > defined variable, feed your systemd service definition file with this > file in the service section as EnvironmentFile=/path/name/to/your/file > ExecStart=/path/to/catalina.sh start > ExecStop=/path/to/catalina.sh stop > > and you are done. You control everything from the environment file, > you can easily manage the environment variables without editing the > systemd's service file. > > It is much simpler than the OpenRC set of scripts at my humble > opinion. I am running Gentoo at home and RHEL at work and both distros > wrapped Tomcat into too many layers of scripts in order to make it > working with OpenRC while none of these are required to run and manage > Tomcat with systemd. > > In particular with Gentoo, I no longer use the Tomcat distro packaged > with Gentoo because they separated the servlet api from Tomcat and you > need to wrap things into layers of scripts to define the classpath > properly taking this into account, the vanilla classpath.sh file > distributed with Tomcat doesn't work and so one. Really, they did a > very bad job at integrating Tomcat. > > Here is my service file: > > [Unit] > Description=Tomcat 8 (Dev) > After=syslog.target > After=network.target > > [Service] > EnvironmentFile=/tomcat/tomcat-8-dev/bin/tomcat-8-dev.env > Type=forking > User=tomcat > Group=tomcat >
Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved
I see what you were trying to achieve, however I don't see much interest in that. 1) Obviously, if you were expecting systemd to solve that problem, you were wrong and it is a sane behavior of systemd to not allow that neither. 2) Your solution to your problem is lying on jsvc alone. 3) I believe is bad security practice to insist to bind on privileged ports for process that don't need that level of privilege. Btw, even if you switch to another user to run the code, you actually are binding to port 80 as root. Maybe you can explain us why you want to do such a thing and using any other unprivileged port isn't a solution to your problem. Regards, - Daniel Savard 2016-03-19 12:10 GMT-04:00 Lyallex: > It's the simplest way to find out which port you have Tomcat listening on > > *NIX based systems don't allow non root uses bind to ports < 1024 > > jsvc > http://commons.apache.org/proper/commons-daemon/jsvc.html > > solves this problem, nobody seems to have grasped that this is what I > was asking about. > I know of no way to start the container, on port 80 using either > startup.sh or catalina.sh using start, run or anything else. > If I'm wrong then I would love to see how it's done. > > CentOS Linux release 7.2.1511 (Core) > > > On 19 March 2016 at 13:46, Daniel Savard wrote: >> Why? What is the point? The server.xml has nothing to do with >> integration with systemd. >> - >> Daniel Savard >> >> >> 2016-03-19 1:40 GMT-04:00 Lyallex : >>> Would you mind posting your server.xml, here is the relevant bit from mine. >>> >>> >>> >>> >>connectionTimeout="2" >>>redirectPort="8443" /> >>> >>> >>> >>> >>> >>> >> resourceName="UserDatabase"/> >>> >>> >>> >>> >> autoDeploy="true"> >>> >>> >> directory="logs" >>>prefix="localhost_access_log" suffix=".txt" >>>rotatable="false" pattern="combined" /> >>> >>> >>> >>> >>> >>> On 18 March 2016 at 23:35, Daniel Savard wrote: I believe all distros have over engineered the scripts to start Tomcat. Forget all the scripts from your distro, learn the signification of the environment variables from the catalina.sh script shipped with the default Tomcat version. Define your variables in a file, this file is not a script, so you cannot reuse a previously defined variable, feed your systemd service definition file with this file in the service section as EnvironmentFile=/path/name/to/your/file ExecStart=/path/to/catalina.sh start ExecStop=/path/to/catalina.sh stop and you are done. You control everything from the environment file, you can easily manage the environment variables without editing the systemd's service file. It is much simpler than the OpenRC set of scripts at my humble opinion. I am running Gentoo at home and RHEL at work and both distros wrapped Tomcat into too many layers of scripts in order to make it working with OpenRC while none of these are required to run and manage Tomcat with systemd. In particular with Gentoo, I no longer use the Tomcat distro packaged with Gentoo because they separated the servlet api from Tomcat and you need to wrap things into layers of scripts to define the classpath properly taking this into account, the vanilla classpath.sh file distributed with Tomcat doesn't work and so one. Really, they did a very bad job at integrating Tomcat. Here is my service file: [Unit] Description=Tomcat 8 (Dev) After=syslog.target After=network.target [Service] EnvironmentFile=/tomcat/tomcat-8-dev/bin/tomcat-8-dev.env Type=forking User=tomcat Group=tomcat ExecStart=/opt/apache-tomcat/apache-tomcat-8.0.32_ds/bin/catalina.sh start ExecStop=/opt/apache-tomcat/apache-tomcat-8.0.32_ds/bin/catalina.sh stop [Install] WantedBy=multi-user.target And here is the content of my EnvironmentFile: CATALINA_HOME="/opt/apache-tomcat/apache-tomcat-8.0.32_ds" CATALINA_BASE="/tomcat/tomcat-8-dev" CATALINA_OUT="/var/log/tomcat-8-dev/catalina.out" JAVA_HOME="/opt/oracle-jdk-bin-1.8.0.74" CATALINA_PID="/var/run/tomcat-8-dev.pid" - Daniel Savard 2016-03-18 13:31 GMT-04:00 Lyallex : > I thought you might be interested in the resolution to this. > > It turns out that we needed to reproduce the environment in tomcat.service > > For some reason > > ExecStart=/etc/rc.d/init.d/tomcat7 doesn't work > (file shown at the end of this message) > > Instead, in /etc/systemd/system/tomcat.service > we have had to reproduce the environment in longhand to get it to work.
Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved
It's the simplest way to find out which port you have Tomcat listening on *NIX based systems don't allow non root uses bind to ports < 1024 jsvc http://commons.apache.org/proper/commons-daemon/jsvc.html solves this problem, nobody seems to have grasped that this is what I was asking about. I know of no way to start the container, on port 80 using either startup.sh or catalina.sh using start, run or anything else. If I'm wrong then I would love to see how it's done. CentOS Linux release 7.2.1511 (Core) On 19 March 2016 at 13:46, Daniel Savardwrote: > Why? What is the point? The server.xml has nothing to do with > integration with systemd. > - > Daniel Savard > > > 2016-03-19 1:40 GMT-04:00 Lyallex : >> Would you mind posting your server.xml, here is the relevant bit from mine. >> >> >> >> >connectionTimeout="2" >>redirectPort="8443" /> >> >> >> >> >> >> > resourceName="UserDatabase"/> >> >> >> >> > autoDeploy="true"> >> >> > directory="logs" >>prefix="localhost_access_log" suffix=".txt" >>rotatable="false" pattern="combined" /> >> >> >> >> >> >> On 18 March 2016 at 23:35, Daniel Savard wrote: >>> I believe all distros have over engineered the scripts to start >>> Tomcat. Forget all the scripts from your distro, learn the >>> signification of the environment variables from the catalina.sh script >>> shipped with the default Tomcat version. Define your variables in a >>> file, this file is not a script, so you cannot reuse a previously >>> defined variable, feed your systemd service definition file with this >>> file in the service section as EnvironmentFile=/path/name/to/your/file >>> ExecStart=/path/to/catalina.sh start >>> ExecStop=/path/to/catalina.sh stop >>> >>> and you are done. You control everything from the environment file, >>> you can easily manage the environment variables without editing the >>> systemd's service file. >>> >>> It is much simpler than the OpenRC set of scripts at my humble >>> opinion. I am running Gentoo at home and RHEL at work and both distros >>> wrapped Tomcat into too many layers of scripts in order to make it >>> working with OpenRC while none of these are required to run and manage >>> Tomcat with systemd. >>> >>> In particular with Gentoo, I no longer use the Tomcat distro packaged >>> with Gentoo because they separated the servlet api from Tomcat and you >>> need to wrap things into layers of scripts to define the classpath >>> properly taking this into account, the vanilla classpath.sh file >>> distributed with Tomcat doesn't work and so one. Really, they did a >>> very bad job at integrating Tomcat. >>> >>> Here is my service file: >>> >>> [Unit] >>> Description=Tomcat 8 (Dev) >>> After=syslog.target >>> After=network.target >>> >>> [Service] >>> EnvironmentFile=/tomcat/tomcat-8-dev/bin/tomcat-8-dev.env >>> Type=forking >>> User=tomcat >>> Group=tomcat >>> ExecStart=/opt/apache-tomcat/apache-tomcat-8.0.32_ds/bin/catalina.sh start >>> ExecStop=/opt/apache-tomcat/apache-tomcat-8.0.32_ds/bin/catalina.sh stop >>> >>> [Install] >>> WantedBy=multi-user.target >>> >>> >>> And here is the content of my EnvironmentFile: >>> >>> CATALINA_HOME="/opt/apache-tomcat/apache-tomcat-8.0.32_ds" >>> CATALINA_BASE="/tomcat/tomcat-8-dev" >>> CATALINA_OUT="/var/log/tomcat-8-dev/catalina.out" >>> JAVA_HOME="/opt/oracle-jdk-bin-1.8.0.74" >>> CATALINA_PID="/var/run/tomcat-8-dev.pid" >>> >>> >>> - >>> Daniel Savard >>> >>> >>> 2016-03-18 13:31 GMT-04:00 Lyallex : I thought you might be interested in the resolution to this. It turns out that we needed to reproduce the environment in tomcat.service For some reason ExecStart=/etc/rc.d/init.d/tomcat7 doesn't work (file shown at the end of this message) Instead, in /etc/systemd/system/tomcat.service we have had to reproduce the environment in longhand to get it to work. It appears that systemd doesn't expand variables so I really need to investigate the systemd Environment thing a bit more. Anyway, when I shutdown -r now the server comes back up and tomcat is running at the unprivileged tomcat user on port 80 so that's a result == /etc/systemd/system/tomcat.service [Unit] Description=Apache Tomcat Web Application Container After=network.target [Service] Type=forking User=root ExecStart=/opt/apache-tomcat-7.0.42/bin/jsvc \ -user tomcat \ -home /opt/jdk1.7.0_45 \ -Dcatalina.home=/opt/apache-tomcat-7.0.42 \ -Dcatalina.base=/opt/apache-tomcat-7.0.42 \ -Djava.io.tmpdir=/var/tmp \ -Djava.awt.headless=true \ -Xms512m \ -Xmx1024m \ -outfile /opt/apache-tomcat-7.0.42/logs/catalina.out \ -errfile
Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved
Why? What is the point? The server.xml has nothing to do with integration with systemd. - Daniel Savard 2016-03-19 1:40 GMT-04:00 Lyallex: > Would you mind posting your server.xml, here is the relevant bit from mine. > > > > connectionTimeout="2" >redirectPort="8443" /> > > > > > > resourceName="UserDatabase"/> > > > >autoDeploy="true"> > > directory="logs" >prefix="localhost_access_log" suffix=".txt" >rotatable="false" pattern="combined" /> > > > > > > On 18 March 2016 at 23:35, Daniel Savard wrote: >> I believe all distros have over engineered the scripts to start >> Tomcat. Forget all the scripts from your distro, learn the >> signification of the environment variables from the catalina.sh script >> shipped with the default Tomcat version. Define your variables in a >> file, this file is not a script, so you cannot reuse a previously >> defined variable, feed your systemd service definition file with this >> file in the service section as EnvironmentFile=/path/name/to/your/file >> ExecStart=/path/to/catalina.sh start >> ExecStop=/path/to/catalina.sh stop >> >> and you are done. You control everything from the environment file, >> you can easily manage the environment variables without editing the >> systemd's service file. >> >> It is much simpler than the OpenRC set of scripts at my humble >> opinion. I am running Gentoo at home and RHEL at work and both distros >> wrapped Tomcat into too many layers of scripts in order to make it >> working with OpenRC while none of these are required to run and manage >> Tomcat with systemd. >> >> In particular with Gentoo, I no longer use the Tomcat distro packaged >> with Gentoo because they separated the servlet api from Tomcat and you >> need to wrap things into layers of scripts to define the classpath >> properly taking this into account, the vanilla classpath.sh file >> distributed with Tomcat doesn't work and so one. Really, they did a >> very bad job at integrating Tomcat. >> >> Here is my service file: >> >> [Unit] >> Description=Tomcat 8 (Dev) >> After=syslog.target >> After=network.target >> >> [Service] >> EnvironmentFile=/tomcat/tomcat-8-dev/bin/tomcat-8-dev.env >> Type=forking >> User=tomcat >> Group=tomcat >> ExecStart=/opt/apache-tomcat/apache-tomcat-8.0.32_ds/bin/catalina.sh start >> ExecStop=/opt/apache-tomcat/apache-tomcat-8.0.32_ds/bin/catalina.sh stop >> >> [Install] >> WantedBy=multi-user.target >> >> >> And here is the content of my EnvironmentFile: >> >> CATALINA_HOME="/opt/apache-tomcat/apache-tomcat-8.0.32_ds" >> CATALINA_BASE="/tomcat/tomcat-8-dev" >> CATALINA_OUT="/var/log/tomcat-8-dev/catalina.out" >> JAVA_HOME="/opt/oracle-jdk-bin-1.8.0.74" >> CATALINA_PID="/var/run/tomcat-8-dev.pid" >> >> >> - >> Daniel Savard >> >> >> 2016-03-18 13:31 GMT-04:00 Lyallex : >>> I thought you might be interested in the resolution to this. >>> >>> It turns out that we needed to reproduce the environment in tomcat.service >>> >>> For some reason >>> >>> ExecStart=/etc/rc.d/init.d/tomcat7 doesn't work >>> (file shown at the end of this message) >>> >>> Instead, in /etc/systemd/system/tomcat.service >>> we have had to reproduce the environment in longhand to get it to work. >>> It appears that systemd doesn't expand variables so I really need to >>> investigate the systemd Environment thing a bit more. >>> Anyway, when I shutdown -r now the server comes back up and tomcat is >>> running at the unprivileged tomcat user on port 80 so that's a result >>> >>> == /etc/systemd/system/tomcat.service >>> [Unit] >>> Description=Apache Tomcat Web Application Container >>> After=network.target >>> >>> [Service] >>> Type=forking >>> User=root >>> >>> ExecStart=/opt/apache-tomcat-7.0.42/bin/jsvc \ >>> -user tomcat \ >>> -home /opt/jdk1.7.0_45 \ >>> -Dcatalina.home=/opt/apache-tomcat-7.0.42 \ >>> -Dcatalina.base=/opt/apache-tomcat-7.0.42 \ >>> -Djava.io.tmpdir=/var/tmp \ >>> -Djava.awt.headless=true \ >>> -Xms512m \ >>> -Xmx1024m \ >>> -outfile /opt/apache-tomcat-7.0.42/logs/catalina.out \ >>> -errfile /opt/apache-tomcat-7.0.42/logs/catalina.err \ >>> -pidfile /var/run/tc7/jsvc.pid \ >>> -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \ >>> -Djava.util.logging.config.file=/opt/apache-tomcat-7.0.42/conf/logging.properties >>> \ >>> -cp >>> /opt/apache-tomcat-7.0.42/bin/bootstrap.jar:/opt/apache-tomcat-7.0.42/bin/commons-daemon.jar:/opt/jdk1.7.0_45/lib/tools.jar:/opt/apache-tomcat-7.0.42/bin/tomcat-juli.jar >>> \ >>> org.apache.catalina.startup.Bootstrap >>> >>> ExecStop=/bin/kill -9 /var/run/tc7/jsvc.pid >>> ExecStopPost=/bin/rm -f /var/tc7lock/subsys/tomcat /var/run/tc7/jsvc.pid >>> >>> [Install] >>> WantedBy=multi-user.target >>> >>> >>> Oh happy day >>> Thanks again to all responders >>> >>>
porting jsvc startup script from init.d to systemd tomcat.service, resolved
I thought you might be interested in the resolution to this. It turns out that we needed to reproduce the environment in tomcat.service For some reason ExecStart=/etc/rc.d/init.d/tomcat7 doesn't work (file shown at the end of this message) Instead, in /etc/systemd/system/tomcat.service we have had to reproduce the environment in longhand to get it to work. It appears that systemd doesn't expand variables so I really need to investigate the systemd Environment thing a bit more. Anyway, when I shutdown -r now the server comes back up and tomcat is running at the unprivileged tomcat user on port 80 so that's a result == /etc/systemd/system/tomcat.service [Unit] Description=Apache Tomcat Web Application Container After=network.target [Service] Type=forking User=root ExecStart=/opt/apache-tomcat-7.0.42/bin/jsvc \ -user tomcat \ -home /opt/jdk1.7.0_45 \ -Dcatalina.home=/opt/apache-tomcat-7.0.42 \ -Dcatalina.base=/opt/apache-tomcat-7.0.42 \ -Djava.io.tmpdir=/var/tmp \ -Djava.awt.headless=true \ -Xms512m \ -Xmx1024m \ -outfile /opt/apache-tomcat-7.0.42/logs/catalina.out \ -errfile /opt/apache-tomcat-7.0.42/logs/catalina.err \ -pidfile /var/run/tc7/jsvc.pid \ -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \ -Djava.util.logging.config.file=/opt/apache-tomcat-7.0.42/conf/logging.properties \ -cp /opt/apache-tomcat-7.0.42/bin/bootstrap.jar:/opt/apache-tomcat-7.0.42/bin/commons-daemon.jar:/opt/jdk1.7.0_45/lib/tools.jar:/opt/apache-tomcat-7.0.42/bin/tomcat-juli.jar \ org.apache.catalina.startup.Bootstrap ExecStop=/bin/kill -9 /var/run/tc7/jsvc.pid ExecStopPost=/bin/rm -f /var/tc7lock/subsys/tomcat /var/run/tc7/jsvc.pid [Install] WantedBy=multi-user.target Oh happy day Thanks again to all responders Lyallex = /etc/rc.d/init.d/tomcat7 = JAVA_HOME=/opt/jdk1.7.0_45 CATALINA_HOME=/opt/apache-tomcat-7.0.42 export JAVA_HOME CATALINA_HOME CLASSPATH=$CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/commons-daemon.jar:$JAVA_HOME/lib/tools.jar:$CATALINA_HOME/bin/tomcat-juli.jar TOMCAT_USER=tomcat TMPDIR=/var/tmp PIDFILE=/var/run/tc7/jsvc.pid RC=0 case "$1" in start) $CATALINA_HOME/bin/jsvc -user $TOMCAT_USER -home $JAVA_HOME -Dcatalina.home=/opt/apache-tomcat-7.0.42 -Dcatalina.base=$CATALINA_HOME -Djava.io.tmpdir=$TMPDIR -Djava.awt.headless=true \ -Xms512m \ -Xmx1024m \ -outfile $CATALINA_HOME/logs/catalina.out \ -errfile $CATALINA_HOME/logs/catalina.err \ -pidfile '/var/run/tc7/jsvc.pid' \ -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \ -Djava.util.logging.config.file=$CATALINA_HOME/conf/logging.properties \ -cp $CLASSPATH \ org.apache.catalina.startup.Bootstrap RC=$? [ $RC = 0 ] && touch /var/tc7lock/subsys/tomcat echo "starting tomcat7 on darkstar with:" echo "JAVA_HOME=$JAVA_HOME" echo "CATALINA_HOME=$CATALINA_HOME" echo "CLASSPATH=$CLASSPATH" echo "tomcat started" ;; stop) PID=`cat /var/run/tc7/jsvc.pid` kill $PID RC=$? [ $RC = 0 ] && rm -f /var/tc7lock/subsys/tomcat /var/run/tc7/jsvc.pid echo "stopping tomcat7 on darkstar with:" echo "JAVA_HOME=$JAVA_HOME" echo "CATALINA_HOME=$CATALINA_HOME" echo "CLASSPATH=$CLASSPATH" echo "tomcat stopped" ;; *) echo "Usage: $0 {start|stop}" exit 1 esac exit $RC - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved
Would you mind posting your server.xml, here is the relevant bit from mine. On 18 March 2016 at 23:35, Daniel Savardwrote: > I believe all distros have over engineered the scripts to start > Tomcat. Forget all the scripts from your distro, learn the > signification of the environment variables from the catalina.sh script > shipped with the default Tomcat version. Define your variables in a > file, this file is not a script, so you cannot reuse a previously > defined variable, feed your systemd service definition file with this > file in the service section as EnvironmentFile=/path/name/to/your/file > ExecStart=/path/to/catalina.sh start > ExecStop=/path/to/catalina.sh stop > > and you are done. You control everything from the environment file, > you can easily manage the environment variables without editing the > systemd's service file. > > It is much simpler than the OpenRC set of scripts at my humble > opinion. I am running Gentoo at home and RHEL at work and both distros > wrapped Tomcat into too many layers of scripts in order to make it > working with OpenRC while none of these are required to run and manage > Tomcat with systemd. > > In particular with Gentoo, I no longer use the Tomcat distro packaged > with Gentoo because they separated the servlet api from Tomcat and you > need to wrap things into layers of scripts to define the classpath > properly taking this into account, the vanilla classpath.sh file > distributed with Tomcat doesn't work and so one. Really, they did a > very bad job at integrating Tomcat. > > Here is my service file: > > [Unit] > Description=Tomcat 8 (Dev) > After=syslog.target > After=network.target > > [Service] > EnvironmentFile=/tomcat/tomcat-8-dev/bin/tomcat-8-dev.env > Type=forking > User=tomcat > Group=tomcat > ExecStart=/opt/apache-tomcat/apache-tomcat-8.0.32_ds/bin/catalina.sh start > ExecStop=/opt/apache-tomcat/apache-tomcat-8.0.32_ds/bin/catalina.sh stop > > [Install] > WantedBy=multi-user.target > > > And here is the content of my EnvironmentFile: > > CATALINA_HOME="/opt/apache-tomcat/apache-tomcat-8.0.32_ds" > CATALINA_BASE="/tomcat/tomcat-8-dev" > CATALINA_OUT="/var/log/tomcat-8-dev/catalina.out" > JAVA_HOME="/opt/oracle-jdk-bin-1.8.0.74" > CATALINA_PID="/var/run/tomcat-8-dev.pid" > > > - > Daniel Savard > > > 2016-03-18 13:31 GMT-04:00 Lyallex : >> I thought you might be interested in the resolution to this. >> >> It turns out that we needed to reproduce the environment in tomcat.service >> >> For some reason >> >> ExecStart=/etc/rc.d/init.d/tomcat7 doesn't work >> (file shown at the end of this message) >> >> Instead, in /etc/systemd/system/tomcat.service >> we have had to reproduce the environment in longhand to get it to work. >> It appears that systemd doesn't expand variables so I really need to >> investigate the systemd Environment thing a bit more. >> Anyway, when I shutdown -r now the server comes back up and tomcat is >> running at the unprivileged tomcat user on port 80 so that's a result >> >> == /etc/systemd/system/tomcat.service >> [Unit] >> Description=Apache Tomcat Web Application Container >> After=network.target >> >> [Service] >> Type=forking >> User=root >> >> ExecStart=/opt/apache-tomcat-7.0.42/bin/jsvc \ >> -user tomcat \ >> -home /opt/jdk1.7.0_45 \ >> -Dcatalina.home=/opt/apache-tomcat-7.0.42 \ >> -Dcatalina.base=/opt/apache-tomcat-7.0.42 \ >> -Djava.io.tmpdir=/var/tmp \ >> -Djava.awt.headless=true \ >> -Xms512m \ >> -Xmx1024m \ >> -outfile /opt/apache-tomcat-7.0.42/logs/catalina.out \ >> -errfile /opt/apache-tomcat-7.0.42/logs/catalina.err \ >> -pidfile /var/run/tc7/jsvc.pid \ >> -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \ >> -Djava.util.logging.config.file=/opt/apache-tomcat-7.0.42/conf/logging.properties >> \ >> -cp >> /opt/apache-tomcat-7.0.42/bin/bootstrap.jar:/opt/apache-tomcat-7.0.42/bin/commons-daemon.jar:/opt/jdk1.7.0_45/lib/tools.jar:/opt/apache-tomcat-7.0.42/bin/tomcat-juli.jar >> \ >> org.apache.catalina.startup.Bootstrap >> >> ExecStop=/bin/kill -9 /var/run/tc7/jsvc.pid >> ExecStopPost=/bin/rm -f /var/tc7lock/subsys/tomcat /var/run/tc7/jsvc.pid >> >> [Install] >> WantedBy=multi-user.target >> >> >> Oh happy day >> Thanks again to all responders >> >> Lyallex >> >> = /etc/rc.d/init.d/tomcat7 = >> >> JAVA_HOME=/opt/jdk1.7.0_45 >> CATALINA_HOME=/opt/apache-tomcat-7.0.42 >> export JAVA_HOME CATALINA_HOME >> CLASSPATH=$CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/commons-daemon.jar:$JAVA_HOME/lib/tools.jar:$CATALINA_HOME/bin/tomcat-juli.jar >> TOMCAT_USER=tomcat >> TMPDIR=/var/tmp >> PIDFILE=/var/run/tc7/jsvc.pid >> >> >> RC=0 >> >> case "$1" in >> >> start) >> >>$CATALINA_HOME/bin/jsvc -user $TOMCAT_USER -home $JAVA_HOME >> -Dcatalina.home=/opt/apache-tomcat-7.0.42 >> -Dcatalina.base=$CATALINA_HOME
Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved
Or remove the Type=Forking and just execute catalina.sh run, as I had suggested days ago. Then you can drop the ExecStop too. On Fri, Mar 18, 2016 at 7:35 PM, Daniel Savardwrote: > I believe all distros have over engineered the scripts to start > Tomcat. Forget all the scripts from your distro, learn the > signification of the environment variables from the catalina.sh script > shipped with the default Tomcat version. Define your variables in a > file, this file is not a script, so you cannot reuse a previously > defined variable, feed your systemd service definition file with this > file in the service section as EnvironmentFile=/path/name/to/your/file > ExecStart=/path/to/catalina.sh start > ExecStop=/path/to/catalina.sh stop > > and you are done. You control everything from the environment file, > you can easily manage the environment variables without editing the > systemd's service file. > > It is much simpler than the OpenRC set of scripts at my humble > opinion. I am running Gentoo at home and RHEL at work and both distros > wrapped Tomcat into too many layers of scripts in order to make it > working with OpenRC while none of these are required to run and manage > Tomcat with systemd. > > In particular with Gentoo, I no longer use the Tomcat distro packaged > with Gentoo because they separated the servlet api from Tomcat and you > need to wrap things into layers of scripts to define the classpath > properly taking this into account, the vanilla classpath.sh file > distributed with Tomcat doesn't work and so one. Really, they did a > very bad job at integrating Tomcat. > > Here is my service file: > > [Unit] > Description=Tomcat 8 (Dev) > After=syslog.target > After=network.target > > [Service] > EnvironmentFile=/tomcat/tomcat-8-dev/bin/tomcat-8-dev.env > Type=forking > User=tomcat > Group=tomcat > ExecStart=/opt/apache-tomcat/apache-tomcat-8.0.32_ds/bin/catalina.sh start > ExecStop=/opt/apache-tomcat/apache-tomcat-8.0.32_ds/bin/catalina.sh stop > > [Install] > WantedBy=multi-user.target > > > And here is the content of my EnvironmentFile: > > CATALINA_HOME="/opt/apache-tomcat/apache-tomcat-8.0.32_ds" > CATALINA_BASE="/tomcat/tomcat-8-dev" > CATALINA_OUT="/var/log/tomcat-8-dev/catalina.out" > JAVA_HOME="/opt/oracle-jdk-bin-1.8.0.74" > CATALINA_PID="/var/run/tomcat-8-dev.pid" > > > - > Daniel Savard > > > 2016-03-18 13:31 GMT-04:00 Lyallex : >> I thought you might be interested in the resolution to this. >> >> It turns out that we needed to reproduce the environment in tomcat.service >> >> For some reason >> >> ExecStart=/etc/rc.d/init.d/tomcat7 doesn't work >> (file shown at the end of this message) >> >> Instead, in /etc/systemd/system/tomcat.service >> we have had to reproduce the environment in longhand to get it to work. >> It appears that systemd doesn't expand variables so I really need to >> investigate the systemd Environment thing a bit more. >> Anyway, when I shutdown -r now the server comes back up and tomcat is >> running at the unprivileged tomcat user on port 80 so that's a result >> >> == /etc/systemd/system/tomcat.service >> [Unit] >> Description=Apache Tomcat Web Application Container >> After=network.target >> >> [Service] >> Type=forking >> User=root >> >> ExecStart=/opt/apache-tomcat-7.0.42/bin/jsvc \ >> -user tomcat \ >> -home /opt/jdk1.7.0_45 \ >> -Dcatalina.home=/opt/apache-tomcat-7.0.42 \ >> -Dcatalina.base=/opt/apache-tomcat-7.0.42 \ >> -Djava.io.tmpdir=/var/tmp \ >> -Djava.awt.headless=true \ >> -Xms512m \ >> -Xmx1024m \ >> -outfile /opt/apache-tomcat-7.0.42/logs/catalina.out \ >> -errfile /opt/apache-tomcat-7.0.42/logs/catalina.err \ >> -pidfile /var/run/tc7/jsvc.pid \ >> -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \ >> -Djava.util.logging.config.file=/opt/apache-tomcat-7.0.42/conf/logging.properties >> \ >> -cp >> /opt/apache-tomcat-7.0.42/bin/bootstrap.jar:/opt/apache-tomcat-7.0.42/bin/commons-daemon.jar:/opt/jdk1.7.0_45/lib/tools.jar:/opt/apache-tomcat-7.0.42/bin/tomcat-juli.jar >> \ >> org.apache.catalina.startup.Bootstrap >> >> ExecStop=/bin/kill -9 /var/run/tc7/jsvc.pid >> ExecStopPost=/bin/rm -f /var/tc7lock/subsys/tomcat /var/run/tc7/jsvc.pid >> >> [Install] >> WantedBy=multi-user.target >> >> >> Oh happy day >> Thanks again to all responders >> >> Lyallex >> >> = /etc/rc.d/init.d/tomcat7 = >> >> JAVA_HOME=/opt/jdk1.7.0_45 >> CATALINA_HOME=/opt/apache-tomcat-7.0.42 >> export JAVA_HOME CATALINA_HOME >> CLASSPATH=$CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/commons-daemon.jar:$JAVA_HOME/lib/tools.jar:$CATALINA_HOME/bin/tomcat-juli.jar >> TOMCAT_USER=tomcat >> TMPDIR=/var/tmp >> PIDFILE=/var/run/tc7/jsvc.pid >> >> >> RC=0 >> >> case "$1" in >> >> start) >> >>$CATALINA_HOME/bin/jsvc -user $TOMCAT_USER -home $JAVA_HOME >> -Dcatalina.home=/opt/apache-tomcat-7.0.42 >> -Dcatalina.base=$CATALINA_HOME -Djava.io.tmpdir=$TMPDIR >>
Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved
I believe all distros have over engineered the scripts to start Tomcat. Forget all the scripts from your distro, learn the signification of the environment variables from the catalina.sh script shipped with the default Tomcat version. Define your variables in a file, this file is not a script, so you cannot reuse a previously defined variable, feed your systemd service definition file with this file in the service section as EnvironmentFile=/path/name/to/your/file ExecStart=/path/to/catalina.sh start ExecStop=/path/to/catalina.sh stop and you are done. You control everything from the environment file, you can easily manage the environment variables without editing the systemd's service file. It is much simpler than the OpenRC set of scripts at my humble opinion. I am running Gentoo at home and RHEL at work and both distros wrapped Tomcat into too many layers of scripts in order to make it working with OpenRC while none of these are required to run and manage Tomcat with systemd. In particular with Gentoo, I no longer use the Tomcat distro packaged with Gentoo because they separated the servlet api from Tomcat and you need to wrap things into layers of scripts to define the classpath properly taking this into account, the vanilla classpath.sh file distributed with Tomcat doesn't work and so one. Really, they did a very bad job at integrating Tomcat. Here is my service file: [Unit] Description=Tomcat 8 (Dev) After=syslog.target After=network.target [Service] EnvironmentFile=/tomcat/tomcat-8-dev/bin/tomcat-8-dev.env Type=forking User=tomcat Group=tomcat ExecStart=/opt/apache-tomcat/apache-tomcat-8.0.32_ds/bin/catalina.sh start ExecStop=/opt/apache-tomcat/apache-tomcat-8.0.32_ds/bin/catalina.sh stop [Install] WantedBy=multi-user.target And here is the content of my EnvironmentFile: CATALINA_HOME="/opt/apache-tomcat/apache-tomcat-8.0.32_ds" CATALINA_BASE="/tomcat/tomcat-8-dev" CATALINA_OUT="/var/log/tomcat-8-dev/catalina.out" JAVA_HOME="/opt/oracle-jdk-bin-1.8.0.74" CATALINA_PID="/var/run/tomcat-8-dev.pid" - Daniel Savard 2016-03-18 13:31 GMT-04:00 Lyallex: > I thought you might be interested in the resolution to this. > > It turns out that we needed to reproduce the environment in tomcat.service > > For some reason > > ExecStart=/etc/rc.d/init.d/tomcat7 doesn't work > (file shown at the end of this message) > > Instead, in /etc/systemd/system/tomcat.service > we have had to reproduce the environment in longhand to get it to work. > It appears that systemd doesn't expand variables so I really need to > investigate the systemd Environment thing a bit more. > Anyway, when I shutdown -r now the server comes back up and tomcat is > running at the unprivileged tomcat user on port 80 so that's a result > > == /etc/systemd/system/tomcat.service > [Unit] > Description=Apache Tomcat Web Application Container > After=network.target > > [Service] > Type=forking > User=root > > ExecStart=/opt/apache-tomcat-7.0.42/bin/jsvc \ > -user tomcat \ > -home /opt/jdk1.7.0_45 \ > -Dcatalina.home=/opt/apache-tomcat-7.0.42 \ > -Dcatalina.base=/opt/apache-tomcat-7.0.42 \ > -Djava.io.tmpdir=/var/tmp \ > -Djava.awt.headless=true \ > -Xms512m \ > -Xmx1024m \ > -outfile /opt/apache-tomcat-7.0.42/logs/catalina.out \ > -errfile /opt/apache-tomcat-7.0.42/logs/catalina.err \ > -pidfile /var/run/tc7/jsvc.pid \ > -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \ > -Djava.util.logging.config.file=/opt/apache-tomcat-7.0.42/conf/logging.properties > \ > -cp > /opt/apache-tomcat-7.0.42/bin/bootstrap.jar:/opt/apache-tomcat-7.0.42/bin/commons-daemon.jar:/opt/jdk1.7.0_45/lib/tools.jar:/opt/apache-tomcat-7.0.42/bin/tomcat-juli.jar > \ > org.apache.catalina.startup.Bootstrap > > ExecStop=/bin/kill -9 /var/run/tc7/jsvc.pid > ExecStopPost=/bin/rm -f /var/tc7lock/subsys/tomcat /var/run/tc7/jsvc.pid > > [Install] > WantedBy=multi-user.target > > > Oh happy day > Thanks again to all responders > > Lyallex > > = /etc/rc.d/init.d/tomcat7 = > > JAVA_HOME=/opt/jdk1.7.0_45 > CATALINA_HOME=/opt/apache-tomcat-7.0.42 > export JAVA_HOME CATALINA_HOME > CLASSPATH=$CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/commons-daemon.jar:$JAVA_HOME/lib/tools.jar:$CATALINA_HOME/bin/tomcat-juli.jar > TOMCAT_USER=tomcat > TMPDIR=/var/tmp > PIDFILE=/var/run/tc7/jsvc.pid > > > RC=0 > > case "$1" in > > start) > >$CATALINA_HOME/bin/jsvc -user $TOMCAT_USER -home $JAVA_HOME > -Dcatalina.home=/opt/apache-tomcat-7.0.42 > -Dcatalina.base=$CATALINA_HOME -Djava.io.tmpdir=$TMPDIR > -Djava.awt.headless=true \ > -Xms512m \ > -Xmx1024m \ > -outfile $CATALINA_HOME/logs/catalina.out \ > -errfile $CATALINA_HOME/logs/catalina.err \ > -pidfile '/var/run/tc7/jsvc.pid' \ > -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \ > -Djava.util.logging.config.file=$CATALINA_HOME/conf/logging.properties \ > -cp $CLASSPATH \ >