Re: Tomcat Build Issue
I see this kind of thing in my tomcat logs when the security team runs their Nessus scanner against everything. On Tue, Dec 5, 2023 at 2:45 AM Burle, Saicharan wrote: > Hi All, > > I am trying to build a tomcat instance in a net new server and getting the > below error while starting. Although instance has come up but I am unable > to debug the below error. Can someone please assist in this regard? > > [https-jsse-nio-11511-exec-4] > org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request > header > Note: further occurrences of HTTP request parsing errors will be logged at > DEBUG level. > java.lang.IllegalArgumentException: Invalid character found in > method name > [000x020x010x01`+0x020x010x030x040x08cn=Admin0x800x1c0x7d1a9b5edae2b4de4ff533738b...]. > HTTP method names must be tokens > at > org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:407) > at > org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:263) > at > org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) > at > org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:928) > at org.apache.tomcat.util.net > .NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1794) > at org.apache.tomcat.util.net > .SocketProcessorBase.run(SocketProcessorBase.java:52) > at > org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) > at > org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) > at > org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > at java.lang.Thread.run(Thread.java:750) > > > Apache Tomcat Version : 9.0.82 > JDK: jdk1.8.0_391/ jdk-11.0.21(Same issue with this version as well) > > Regards, > Saicharan Burle > Lead Infrastructure Engineer > Chief Technology Office | Foundational Hosting Platform | Middleware > Product Engineering > G=ETI DPS Middleware Prod Eng > > Block B1A Divyasree Orion | Hyderabad - 500081 | India > MAC O2806-010 | Cell +91 9966964321 > > MPE Service Desk: > https://devops-servicedesk.wellsfargo.net/servicedesk/customer/portal/14/group/385?groupId=385 > Enterprise Middleware Services: > https://wim-wiki.wellsfargo.com/pages/viewpage.action?spaceKey=MPE=Middleware+Product+Engineering+Team+Home > Normal Working hours: 4:00 AM to 1:00 PM EST > Upcoming PTO: > Be Green, Leave it on Screen!!! > [ > http://f.connect.wellsfargoemail.com/i/38/2082566297/EML-224071_4726581_6304406_logo-stagecoach-eml_511x80.png > ] > > -- Noelette Stout ITS Enterprise Applications - Senior Application Administrator Idaho State University E-mail: stounoel "at" isu "dot" edu Desk: 208-282-2554
Re: Issue with catalina.out not being generated (RHEL 7.9, tomcat 9.0.63)
dumb question time -- Is tomcat actually starting up all the way when you
run with systemd? One of the things that I ran into with tomcat and systemd
was that the default service start timeout was not enough time for tomcat
to start. Also, I'm not starting tomcat by calling jsvc directly; I'm using
the daemon.sh script. Here's what one of my tomcat unit files looks like:
[Unit]
Description= CAS server (Tomcat)
After=syslog.target network-online.target
[Service]
Type=forking
User=tomcat
Group=tomcat
Environment=CATALINA_HOME=/var/local/tomcat/tomcat
Environment=CATALINA_BASE=/var/local/tomcat/cas
Environment=JAVA_HOME=/var/local/tomcat/java
ExecStart=/var/local/tomcat/tomcat/bin/daemon.sh start
ExecStop=/var/local/tomcat/tomcat/bin/daemon.sh stop
RemainAfterExit=yes
TimeoutSec=300
[Install]
WantedBy=multi-user.target
I also have a setenv.sh file in $CATALINA_BASE/bin with this (yes, it's a
little redundant):
export JAVA_HOME="/var/local/tomcat/java"
export CATALINA_HOME="/var/local/tomcat/tomcat"
export CATALINA_BASE="/var/local/tomcat/cas"
CATALINA_PID="$CATALINA_BASE/logs/tomcat.pid"
CATALINA_OPTS="-server -Xmx512m -Dlog4j2.formatMsgNoLookups=true"
SERVICE_START_WAIT_TIME=300
I always get a catalina-daemon.out file when starting this way.
On Thu, Aug 11, 2022 at 12:25 PM Paul Chauvet wrote:
> Hi Chris,
>
> I honestly don't care if they are in catalina.out, /var/log/messages, or a
> file named 'awesomestuff.log' - I just know that things are MISSING.
>
> Let me be more specific - sorry if I'm not being clear here!
>
>
> Normal operation (running via systemd) - I get Tomcat startup/shutdown,
> and some other info in catalina--MM-DD.log. I don't get the debug
> information for opensaml.
>
> When I start via startup.sh directly - a lot more is being logged to
> catalina.out than anywhere else I have been able to find.
>
>
> I tried starting Tomcat without using systemd by just doing the following
> - but still no catalina.out.
> /opt/tomcat/latest/bin/jsvc \
> -Dcatalina.home=${CATALINA_HOME} \
> -Dcatalina.base=${CATALINA_BASE} \
> -Djava.awt.headless=true \
>
> -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
>
> -Djava.util.logging.config.file=${CATALINA_BASE}/conf/logging.properties \
> -Dlog4j2.FormatMsgNoLookups=true \
> -cp
> ${CATALINA_HOME}/bin/commons-daemon.jar:${CATALINA_HOME}/bin/bootstrap.jar:${CATALINA_HOME}/bin/tomcat-juli.jar
> \
> -pidfile ${CATALINA_PID} \
> -java-home ${JAVA_HOME} \
> -user tomcat \
> $CATALINA_OPTS \
> org.apache.catalina.startup.Bootstrap
>
>
>
> I ended up temporarily just starting via startup.sh just long enough to
> get the error logs I was looking for into catalina.out - then started it up
> again normally.
>
>
> Sorry to bother everyone with this - but I appreciate your assistance!
>
>
>
> From: Christopher Schultz
> Sent: Thursday, August 11, 2022 1:34 PM
> To: users@tomcat.apache.org
> Subject: Re: Issue with catalina.out not being generated (RHEL 7.9, tomcat
> 9.0.63)
>
> CAUTION: Message from a non-New Paltz email server. Treat message, links,
> and attachments with extra caution.
>
>
> Paul,
>
> On 8/11/22 13:03, Paul Chauvet wrote:
> > Hi Noelette,
> >
> > Thanks for the reponse!
> >
> > It logs to catalina--MM-DD.log, localhost.YY-MM-DD.log,
> localhost_access_log.-MM-DD.txt - but it doesn't use catalina.out.
> >
> > When I temporarily started Tomcat via startup.sh it did create
> catalina.out (and start logging the things that it wasn't logging into the
> other files, /var/log/messages, or the systemd journal).
> >
> > I'll see if I can get my setup (at least temporarily) working with
> startup.sh.
>
> OH... you might just be misunderstanding what's happening.
>
> When you use catalina.sh start (or startup.sh), that script just does this:
>
> java [stuff] > ${CATALINA_BASE}/logs/catalina.out 2>&1
>
> When you run with jsvc, it includes some built-in file-rotation and so
> catalina-[date].log is the same thing.
>
> Are you irritated that you can't read the logs, or are you irritated
> that the log file isn't specifically "catalina.out"?
>
> -chris
>
> >
> > From: Noelette Stout
> > Sent: Thursday, August 11, 2022 12:35 PM
> > To: Tomcat Users List
> > Subject: Re: Issue with catalina.out not being generated (RHEL 7.9,
> tomcat 9.0.63)
> >
> > CAUTION: Message from a non-New Paltz email server. Treat message,
> links, an
Re: Issue with catalina.out not being generated (RHEL 7.9, tomcat 9.0.63)
We use systemd with jsvc and our tomcat instances write to
$CATALINA_BASE/logs by default.
On Thu, Aug 11, 2022 at 10:10 AM Paul Chauvet wrote:
> Hello all,
>
> I haven't been able to figure this out - but a catalina.out file is not
> being generated for me. Sadly - I'm trying to troubleshoot an issue (with
> a vendor's saml implementation) which wants to write to that file (and
> doesn't seem to be writing what I need to catalina.-DD-MM.logs,
> /var/log/messages, or into the journal as seen by "journalctl
> --unit=tomcat.service").
>
>
> My environment:
>
> * RHEL 7.9 (though the same happens on my RHEL 8 hosts)
> * Tomcat 9.0.63 (installed from the .tar.gz download from
> https://tomcat.apache.org/download-90.cgi - not from the OS repository)
> * Using jsvc via a systemd startup script to start Tomcat (that script
> is at the bottom of this message).
>
> I've tried specifying CATALINA_OUT in setenv.sh, and in my systemd startup
> script. I've temporarily disabled SELinux to see if that makes a
> difference. Neither of those work. What does work, though I would like to
> avoid it, is if I start Tomcat via ./startup.sh. If I do that -
> catalina.out is generated but I'm not getting other settings I set in my
> systemd script (or having it tied to startup/shutdown of the OS).
>
> I don't know what I'm missing or doing wrong here, or if there's something
> about jsvc that is an issue here that I can't figure out. I've been unable
> to find anything related to this (lots of posts about catalina.out related
> to operating system distributed versions of Tomcat that don't appear to
> apply).
>
> Any advice here would be greatly appreciated!
>
> My systemd startup script is below.
>
>
> [Unit]
> Description=Apache Tomcat Web Application Container
> After=syslog.target network.target
>
> [Service]
> Type=forking
> PIDFile=/var/run/tomcat.pid
> UMask=0007
>
> # Tomcat variables
> Environment='JAVA_HOME=/usr/lib/jvm/java-openjdk'
> Environment='CATALINA_PID=/var/run/tomcat.pid'
> Environment='CATALINA_HOME=/opt/tomcat/latest'
> Environment='CATALINA_BASE=/opt/tomcat/latest'
> Environment='CATALINA_OPTS=-Xms512M -Xmx2048M -XX:+UseParallelGC -server'
> Environment='CATALINA_OUT=/var/log/tomcat/catalina.out'
>
> # Needed to make use of Tomcat Native Library
> Environment='LD_LIBRARY_PATH=/opt/tomcat/latest/lib'
>
> ExecStart=/opt/tomcat/latest/bin/jsvc \
> -Dcatalina.home=${CATALINA_HOME} \
> -Dcatalina.base=${CATALINA_BASE} \
> -Djava.awt.headless=true \
>
> -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
>
> -Djava.util.logging.config.file=${CATALINA_BASE}/conf/logging.properties \
> -Dlog4j2.FormatMsgNoLookups=true \
> -cp
> ${CATALINA_HOME}/bin/commons-daemon.jar:${CATALINA_HOME}/bin/bootstrap.jar:${CATALINA_HOME}/bin/tomcat-juli.jar
> \
> -pidfile ${CATALINA_PID} \
> -java-home ${JAVA_HOME} \
> -user tomcat \
> $CATALINA_OPTS \
> org.apache.catalina.startup.Bootstrap
>
> ExecStop=/opt/tomcat/latest/bin/jsvc \
> -pidfile ${CATALINA_PID} \
> -stop \
> org.apache.catalina.startup.Bootstrap
>
> [Install]
> WantedBy=multi-user.target
>
>
>
>
>
>
>
> Paul Chauvet, CISSP
>
> Information Security Officer
>
> State University of New York at New Paltz
>
> chauv...@newpaltz.edu
>
>
--
Noelette Stout
ITS Enterprise Applications - Senior Application Administrator
Idaho State University
E-mail: stounoel "at" isu "dot" edu
Desk: 208-282-2554
Re: Help with deploying multiple .WAR files in Tomcat
rg.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:936) > at > org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:829) > at > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) >at > org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1384) > at > org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1374) > at java.util.concurrent.FutureTask.run(Unknown Source) >at > org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) > at java.util.concurrent.AbstractExecutorService.submit(Unknown > Source) at > org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:909) > at > org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:262) > at > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) >at > org.apache.catalina.core.StandardService.startInternal(StandardService.java:433) > at > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) >at > org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:930) > at > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) >at org.apache.catalina.startup.Catalina.start(Catalina.java:772) >at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown > Source) at > sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) >at java.lang.reflect.Method.invoke(Unknown Source) at > org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:342) >at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:473) > Caused by: org.apache.catalina.LifecycleException: Failed to start > component > [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/Test2-0.0.1-SNAPSHOT]] > at > org.apache.catalina.util.LifecycleBase.handleSubClassException(LifecycleBase.java:440) > at > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:198) >at > org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:717) > ... 37 more Caused by: > java.lang.IllegalArgumentException: More than one fragment with the name > [org_apache_jasper_el] was found. This is not legal with relative ordering. > See section 8.2.2 2c of the Servlet specification for details. Consider > using absolute ordering. at > org.apache.tomcat.util.descriptor.web.WebXml.orderWebFragments(WebXml.java:2260) > at > org.apache.tomcat.util.descriptor.web.WebXml.orderWebFragments(WebXml.java:2218) > at > org.apache.catalina.startup.ContextConfig.webConfig(ContextConfig.java:1294) > at > org.apache.catalina.startup.ContextConfig.configureStart(ContextConfig.java:986) > at > org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:303) > at > org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123) > at > org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5077) > at > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) >... 38 more > Would appreciate any help on this, > ThanksShakila * > -- Noelette Stout ITS Enterprise Applications - Senior Application Administrator Idaho State University E-mail: stounoel "at" isu "dot" edu Desk: 208-282-2554
Re: Maybe a stupid (Windows related) question
maybe redirect stderr to stdout then redirect to the log: startup.bat 2>&1 1>yourFile.log I believe that kind of redirection works in Windows as well as Linux (but it's been a while since I had to do that sort of thing in Windows, so I may be mistaken) On Tue, Mar 22, 2022 at 11:26 AM Rob Sargent wrote: > > > On 3/22/22 11:21, Rony G. Flatscher (Apache) wrote: > > For debugging purposes I downloaded the zip-version of Tomcat 10.0.18 > and start it up using > > %CATALINA_HOME%\bin\startup.bat. > > > > This will create by default a separate process (terminal, commandline > window) in which Tomcat runs > > and dispatches all output including stdout and stderr output into that > window. > > > > By contrast the Windows service installation would redirect stdout and > stderr by default to > > %CATALINA_HOME%\logs\ using "tomcat10-stderr.yyy-mm-dd.log" and > "tomcat10-stdout.-mm-dd.log" as > > their name. The same would be desired for the "startup.bat" version of > Tomcat 10. > > > > Searched <https://tomcat.apache.org/tomcat-10.0-doc/logging.html> and > > <https://tomcat.apache.org/tomcat-10.0-doc/setup.html> to no avail. > Searching the Internet the best > > I could find > > was > > < > https://serverfault.com/questions/252934/how-to-redirect-tomcat-console-log-to-files-tomcat-started-via-windows-bat > > > > which indeed redirects the Tomcat startup information to > > %CATALINA_HOME%\logs\catalina.-mm-dd.log, but not stdout and stderr > which do not get redirected. > > Using redirections directly in "startup.bat" or "catalina.bat" as > suggested further down in the > > serverfault.com did not yield the desired redirection. > > > > Probably I have been doing something wrong in the past hours and not > seeing the forest for the trees > > anymore I kindly request help: what is needed to successfully redirect > stderr and stdout to > > %CATALINA_HOME%\logs after unzipping Tomcat 10 and starting it on > Windows using > > %CATALINA_HOME%\bin\startup.bat? > > > > TIA for any help/pointer! > > > > ---rony > > > > > > > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > Maybe startup.bat > your.log > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- Noelette Stout ITS Enterprise Applications - Senior Application Administrator Idaho State University E-mail: stounoel "at" isu "dot" edu Desk: 208-282-2554
Re: Tomcat 9.0.58 and OpenJDK 1.8.0_322
Based on those errors, it sounds like SHA-1 has been desupported in the newer OpenJDK version. On Wed, Feb 16, 2022 at 1:55 PM Robert Hicks wrote: > We are currently running Tomcat 9.0.40 and OpenJDK (Red Hat) 1.8.0_292 and > have no issues. > > We upgrade to the ones in the subject line and Tomcat throws "SHA1PRNG > SecureRandom not available" and "SHA MessageDigest not available" and > "SHA-1 not available" and others. > > We downgrade to .40 and _292 and all is well again. > > Was there a change that could possibly cause that? > > Has anyone else seen this behavior? > > We are currently troubleshooting to see if we missed something on our end > and can supply logs when that happens. > > Thanks! > > -- > Bob > -- Noelette Stout ITS Enterprise Applications - Senior Application Administrator Idaho State University E-mail: stounoel "at" isu "dot" edu Desk: 208-282-2554
Re: tomcat 10.0.14 startup and shutdown
e.coyote.AbstractProtocol.destroy Destroying ProtocolHandler > ["http-nio-8081“] > > > Which to me looks like „I started, and then I shut down“. I do not > understand where is the button which the hand clicks to close it self once > it has been triggered out to the box. It feels to me like I have changed > and tried with every combination of quotes, lines included and excluded, > changes of port and reassigning of premissions. > > Thanks a lot for any help you can give me. > > all best > > Pietro > > Pietro Maria Liuzzo (egli/lui,he/him,er/ihn) > Hiob Ludolf Centre for Ethiopian Studies > Room: 136 > Alsterterrasse 1 > 20354 Hamburg > Tel: +49 40 42838-8381 > ORCID: https://orcid.org/-0001-5714-4011 > Academia: https://uni-hamburg.academia.edu/PietroMariaLiuzzo > > -- Noelette Stout ITS Enterprise Applications - Senior Application Administrator Idaho State University E-mail: stounoel "at" isu "dot" edu Desk: 208-282-2554
Re: HTML manager
This is good to know. Unfortunately, changing the webapp is not an option as it comes to us from a vendor. The tomcat listener might be something we could do. I'll read up on that documentation and see if it will fit our needs. For the moment, I have managed to convince my web admins to do a full tomcat shutdown and not use the html manager in this case. Thanks for these suggestions. It's good to have something to work with. Noelette On Fri, Jul 30, 2021 at 7:20 AM Konstantin Kolinko wrote: > вт, 27 июл. 2021 г. в 17:36, Noelette Stout : > > > > We have an application that needs to have files added to WEB-INF/classes > > each time it's deployed. Without getting into a long story about why > we're > > doing things in sub-optimal ways, I need to know if there's a way to run > a > > script that would add these files when deploying with the HTML manager. > Any > > ideas are appreciated. If the answer is to manually run the script from > the > > command line then reload, I can accept that too. > > > > Generally, > if you can make changes in your web application > > 1) PreResources element (with webAppMount="/WEB-INF/classes") can be > used to inject external files into a web application. > > https://tomcat.apache.org/tomcat-9.0-doc/config/resources.html > > 2) A listener can be configured in a web application to do some work > when the web application starts up. > > Either at Tomcat level (e.g. at Context), or with standard Servlet API. > > https://tomcat.apache.org/tomcat-9.0-doc/config/listeners.html > > > https://tomcat.apache.org/tomcat-9.0-doc/servletapi/javax/servlet/ServletContextListener.html > > https://tomcat.apache.org/tomcat-9.0-doc/servletapi/javax/servlet/ServletContainerInitializer.html > > Best regards, > Konstantin Kolinko > > ----- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- Noelette Stout ITS Enterprise Applications - Senior Application Administrator Idaho State University E-mail: stounoel "at" isu "dot" edu Desk: 208-282-2554
HTML manager
We have an application that needs to have files added to WEB-INF/classes each time it's deployed. Without getting into a long story about why we're doing things in sub-optimal ways, I need to know if there's a way to run a script that would add these files when deploying with the HTML manager. Any ideas are appreciated. If the answer is to manually run the script from the command line then reload, I can accept that too. Thanks, Noelette -- Noelette Stout ITS Enterprise Applications - Application Administrator - Senior Business Administration Building, Rm 109L 921 South 8th Ave 8037 Idaho State University Pocatello ID 83209 E-mail: stounoel "at" isu "dot" edu Desk: 208-282-2554
Re: CATALINA_OPTS vs JAVA_OPTS
Thanks! That clears things up a lot. I think my admins got confused and did both because there are some instructions that say to add these in JAVA_OPTS, but those instructions are specifically for Windows servers (we're on RHEL). Thanks everyone for all the info and help. On Wed, Jun 16, 2021 at 11:42 AM Mark Thomas wrote: > On 16/06/2021 18:31, Noelette Stout wrote: > > ok, one more question for clarification :-) > > The vendor docs say this: > > "Define CATALINA_OPTS to configure the following JVM settings: > > CATALINA_OPTS=-server -Xms2048m -Xmx4g -XX:MaxMetaspaceSize=512m > > Note:If you are deploying multiple [vendor] applications to the same > Tomcat > > server, -Xmx must be increased by 2g and -XX:MaxMetaspaceSize must be > > increased by 128m." > > > > Given that they are (ostensibly, based on the above statement) JVM > > settings, would these settings be better placed under JAVA_OPTS instead > of > > CATALINA_OPTS? > > No. CATALINA_OPTS. > > 99 times out of a 100 you want to put any JVM settings in CATALINA_OPTS. > > Mark > > > > > > > On Wed, Jun 16, 2021 at 10:29 AM Noelette Stout > > wrote: > > > >> This confirms something that I was thinking originally, which is that we > >> have no good reason to have both in setenv.sh. I'm pretty sure that > these > >> were both mentioned in various pieces of documentation from the > application > >> vendor. Their documentation tends to be less than stellar. Combine bad > >> documentation with app admins that are completely unfamiliar with > tomcat... > >> and you get messy setups. Unfortunately, there are more of them than > me, so > >> I have to have ALL of my facts straight before I go into battle. > >> > >> Thanks for this additional information. It is much appreciated. > >> > >> On Wed, Jun 16, 2021 at 10:14 AM Christopher Schultz < > >> ch...@christopherschultz.net> wrote: > >> > >>> Noelette, > >>> > >>> On 6/16/21 11:29, Noelette Stout wrote: > >>>> Thanks! I was mostly trying to figure out if there was precedence or > if > >>> it > >>>> was additive (i.e. 2GB to tomcat itself and another 2GB to the apps). > >>> We're > >>>> having some resource issues on one of our servers, so I wanted to make > >>> sure > >>>> I understood how the resources were being allocated. > >>> > >>> No additivity at all: the last one on the command-line wins. There is > no > >>> heap separation between Tomcat and the applications: it's one(ish) big, > >>> happy heap. :) > >>> > >>> A note about CATALINA_OPTS versus JAVA_OPTS: when you use the various > >>> scripts provided by Tomcat, CATALINA_OPTS is only used when launching a > >>> Tomcat instance. JAVA_OPTS is used when launching *any* Java process. > >>> There are many Java processes those scripts will launch that aren't > >>> actually launching Tomcat. Examples include: > >>> > >>> 1. catalina.sh configtest > >>> 2. catalina.sh stop (also shutdown.sh) > >>> 3. catalina.sh version > >>> 4. tool-wrapper.sh [anything] > >>> > >>> In all of those cases, JAVA_OPTS will be passed to the JVM. > >>> > >>> Do you really need a 2 gig heap to send a "shutdown" command to a > >>> running server? Probably not. > >>> > >>> -chris > >>> > >>>> On Wed, Jun 16, 2021 at 9:17 AM Rob Sargent > >>> wrote: > >>>> > >>>>> > >>>>> > >>>>> On 6/16/21 9:06 AM, Noelette Stout wrote: > >>>>>> openjdk version "1.8.0_292" > >>>>>> > >>>>>> > >>>>>> On Wed, Jun 16, 2021 at 9:04 AM Rob Sargent > >>>>> wrote: > >>>>>> > >>>>>> > >>>>> Both as for the same minimum so you should get 2G at start up. I'm > not > >>>>> sure which has precedency but I would be on java opt. I don't have a > >>>>> catalina env, but you can see how CATALINA_OPTS is used in > relationship > >>>>> with JAVA_OPTS > >>>>> > >>>>> > >>>>> - > >>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >>>>> For additional commands, e-mail: users-h...@tomcat.apache.org > >>>>> > >>>>> > >>>> > >>> > >>> - > >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >>> For additional commands, e-mail: users-h...@tomcat.apache.org > >>> > >>> > >> > >> -- > >> Noelette Stout > >> > >> ITS Enterprise Applications - Application Administrator - Senior > >> > >> Business Administration Building, Rm 109L > >> 921 South 8th Ave 8037 > >> Idaho State University > >> Pocatello ID 83209 > >> E-mail: stounoel "at" isu "dot" edu > >> Desk: 208-282-2554 > >> > > > > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- Noelette Stout ITS Enterprise Applications - Application Administrator - Senior Business Administration Building, Rm 109L 921 South 8th Ave 8037 Idaho State University Pocatello ID 83209 E-mail: stounoel "at" isu "dot" edu Desk: 208-282-2554
Re: CATALINA_OPTS vs JAVA_OPTS
ok, one more question for clarification :-) The vendor docs say this: "Define CATALINA_OPTS to configure the following JVM settings: CATALINA_OPTS=-server -Xms2048m -Xmx4g -XX:MaxMetaspaceSize=512m Note:If you are deploying multiple [vendor] applications to the same Tomcat server, -Xmx must be increased by 2g and -XX:MaxMetaspaceSize must be increased by 128m." Given that they are (ostensibly, based on the above statement) JVM settings, would these settings be better placed under JAVA_OPTS instead of CATALINA_OPTS? On Wed, Jun 16, 2021 at 10:29 AM Noelette Stout wrote: > This confirms something that I was thinking originally, which is that we > have no good reason to have both in setenv.sh. I'm pretty sure that these > were both mentioned in various pieces of documentation from the application > vendor. Their documentation tends to be less than stellar. Combine bad > documentation with app admins that are completely unfamiliar with tomcat... > and you get messy setups. Unfortunately, there are more of them than me, so > I have to have ALL of my facts straight before I go into battle. > > Thanks for this additional information. It is much appreciated. > > On Wed, Jun 16, 2021 at 10:14 AM Christopher Schultz < > ch...@christopherschultz.net> wrote: > >> Noelette, >> >> On 6/16/21 11:29, Noelette Stout wrote: >> > Thanks! I was mostly trying to figure out if there was precedence or if >> it >> > was additive (i.e. 2GB to tomcat itself and another 2GB to the apps). >> We're >> > having some resource issues on one of our servers, so I wanted to make >> sure >> > I understood how the resources were being allocated. >> >> No additivity at all: the last one on the command-line wins. There is no >> heap separation between Tomcat and the applications: it's one(ish) big, >> happy heap. :) >> >> A note about CATALINA_OPTS versus JAVA_OPTS: when you use the various >> scripts provided by Tomcat, CATALINA_OPTS is only used when launching a >> Tomcat instance. JAVA_OPTS is used when launching *any* Java process. >> There are many Java processes those scripts will launch that aren't >> actually launching Tomcat. Examples include: >> >> 1. catalina.sh configtest >> 2. catalina.sh stop (also shutdown.sh) >> 3. catalina.sh version >> 4. tool-wrapper.sh [anything] >> >> In all of those cases, JAVA_OPTS will be passed to the JVM. >> >> Do you really need a 2 gig heap to send a "shutdown" command to a >> running server? Probably not. >> >> -chris >> >> > On Wed, Jun 16, 2021 at 9:17 AM Rob Sargent >> wrote: >> > >> >> >> >> >> >> On 6/16/21 9:06 AM, Noelette Stout wrote: >> >>> openjdk version "1.8.0_292" >> >>> >> >>> >> >>> On Wed, Jun 16, 2021 at 9:04 AM Rob Sargent >> >> wrote: >> >>> >> >>> >> >> Both as for the same minimum so you should get 2G at start up. I'm not >> >> sure which has precedency but I would be on java opt. I don't have a >> >> catalina env, but you can see how CATALINA_OPTS is used in relationship >> >> with JAVA_OPTS >> >> >> >> >> >> - >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >> >> >> > >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > > -- > Noelette Stout > > ITS Enterprise Applications - Application Administrator - Senior > > Business Administration Building, Rm 109L > 921 South 8th Ave 8037 > Idaho State University > Pocatello ID 83209 > E-mail: stounoel "at" isu "dot" edu > Desk: 208-282-2554 > -- Noelette Stout ITS Enterprise Applications - Application Administrator - Senior Business Administration Building, Rm 109L 921 South 8th Ave 8037 Idaho State University Pocatello ID 83209 E-mail: stounoel "at" isu "dot" edu Desk: 208-282-2554
Re: CATALINA_OPTS vs JAVA_OPTS
This confirms something that I was thinking originally, which is that we have no good reason to have both in setenv.sh. I'm pretty sure that these were both mentioned in various pieces of documentation from the application vendor. Their documentation tends to be less than stellar. Combine bad documentation with app admins that are completely unfamiliar with tomcat... and you get messy setups. Unfortunately, there are more of them than me, so I have to have ALL of my facts straight before I go into battle. Thanks for this additional information. It is much appreciated. On Wed, Jun 16, 2021 at 10:14 AM Christopher Schultz < ch...@christopherschultz.net> wrote: > Noelette, > > On 6/16/21 11:29, Noelette Stout wrote: > > Thanks! I was mostly trying to figure out if there was precedence or if > it > > was additive (i.e. 2GB to tomcat itself and another 2GB to the apps). > We're > > having some resource issues on one of our servers, so I wanted to make > sure > > I understood how the resources were being allocated. > > No additivity at all: the last one on the command-line wins. There is no > heap separation between Tomcat and the applications: it's one(ish) big, > happy heap. :) > > A note about CATALINA_OPTS versus JAVA_OPTS: when you use the various > scripts provided by Tomcat, CATALINA_OPTS is only used when launching a > Tomcat instance. JAVA_OPTS is used when launching *any* Java process. > There are many Java processes those scripts will launch that aren't > actually launching Tomcat. Examples include: > > 1. catalina.sh configtest > 2. catalina.sh stop (also shutdown.sh) > 3. catalina.sh version > 4. tool-wrapper.sh [anything] > > In all of those cases, JAVA_OPTS will be passed to the JVM. > > Do you really need a 2 gig heap to send a "shutdown" command to a > running server? Probably not. > > -chris > > > On Wed, Jun 16, 2021 at 9:17 AM Rob Sargent > wrote: > > > >> > >> > >> On 6/16/21 9:06 AM, Noelette Stout wrote: > >>> openjdk version "1.8.0_292" > >>> > >>> > >>> On Wed, Jun 16, 2021 at 9:04 AM Rob Sargent > >> wrote: > >>> > >>> > >> Both as for the same minimum so you should get 2G at start up. I'm not > >> sure which has precedency but I would be on java opt. I don't have a > >> catalina env, but you can see how CATALINA_OPTS is used in relationship > >> with JAVA_OPTS > >> > >> > >> - > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: users-h...@tomcat.apache.org > >> > >> > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- Noelette Stout ITS Enterprise Applications - Application Administrator - Senior Business Administration Building, Rm 109L 921 South 8th Ave 8037 Idaho State University Pocatello ID 83209 E-mail: stounoel "at" isu "dot" edu Desk: 208-282-2554
Re: CATALINA_OPTS vs JAVA_OPTS
Thanks! I was mostly trying to figure out if there was precedence or if it was additive (i.e. 2GB to tomcat itself and another 2GB to the apps). We're having some resource issues on one of our servers, so I wanted to make sure I understood how the resources were being allocated. On Wed, Jun 16, 2021 at 9:17 AM Rob Sargent wrote: > > > On 6/16/21 9:06 AM, Noelette Stout wrote: > > openjdk version "1.8.0_292" > > > > > > On Wed, Jun 16, 2021 at 9:04 AM Rob Sargent > wrote: > > > > > Both as for the same minimum so you should get 2G at start up. I'm not > sure which has precedency but I would be on java opt. I don't have a > catalina env, but you can see how CATALINA_OPTS is used in relationship > with JAVA_OPTS > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- Noelette Stout ITS Enterprise Applications - Application Administrator - Senior Business Administration Building, Rm 109L 921 South 8th Ave 8037 Idaho State University Pocatello ID 83209 E-mail: stounoel "at" isu "dot" edu Desk: 208-282-2554
Re: CATALINA_OPTS vs JAVA_OPTS
openjdk version "1.8.0_292" On Wed, Jun 16, 2021 at 9:04 AM Rob Sargent wrote: > > > > On Jun 16, 2021, at 8:36 AM, Noelette Stout > wrote: > > > > If I have a setenv.sh file that contains: > > CATALINA_OPTS="-server -Xms2048m -Xmx5g" > > JAVA_OPTS="... -Xms2048m -Xmx4g .." > > > > How much memory is actually being allocated to tomcat and the > applications > > it is serving up? > > > > -- > > Noelette Stout > > Which version of Java? > > > > ITS Enterprise Applications - Application Administrator - Senior > > > > Business Administration Building, Rm 109L > > 921 South 8th Ave 8037 > > Idaho State University > > Pocatello ID 83209 > > E-mail: stounoel "at" isu "dot" edu > > Desk: 208-282-2554 > > ----- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- Noelette Stout ITS Enterprise Applications - Application Administrator - Senior Business Administration Building, Rm 109L 921 South 8th Ave 8037 Idaho State University Pocatello ID 83209 E-mail: stounoel "at" isu "dot" edu Desk: 208-282-2554
CATALINA_OPTS vs JAVA_OPTS
If I have a setenv.sh file that contains: CATALINA_OPTS="-server -Xms2048m -Xmx5g" JAVA_OPTS="... -Xms2048m -Xmx4g .." How much memory is actually being allocated to tomcat and the applications it is serving up? -- Noelette Stout ITS Enterprise Applications - Application Administrator - Senior Business Administration Building, Rm 109L 921 South 8th Ave 8037 Idaho State University Pocatello ID 83209 E-mail: stounoel "at" isu "dot" edu Desk: 208-282-2554
Re: apache-tomcat-8.5.59 too many open files on Linux 8
gt; > >> You have lots of settings on the HTTP connector but not the HTTPS one. > >> Is that intentional? Which one are you using? Or both? > >> > >> Are you using AJP? If not, disable the connetor entirely. Definitely > never enable it on 0.0.0.0 unless you really know what you are doing. > >> > >>> 4. Are you counting all the open files for a single process or all of > the sub-processes which represent the threads of the main process? > >>> Different kernel versions count things differently. > >>> [YJ] I am just getting the process ID of tomcat and count open files > >>> for that process > >> > >> Ok. > >> > >>> 5. Running lsof, netstat, etc. can you see if some large number of > those sockets are bound to any specific port (listen or connect)? > >>> [YJ] Here is the netstat output: > >>> Active Internet connections (w/o servers) > >>> Proto Recv-Q Send-Q Local Address Foreign Address > State > >>> tcp0 0 Yeggy-F8-FMSVA:ssh 10.12.3.33:55236 > ESTABLISHED > >>> tcp0 64 Yeggy-F8-FMSVA:ssh 10.197.255.10:60378 > ESTABLISHED > >>> tcp0 0 localhost.loca:postgres localhost.localdo:36846 > ESTABLISHED > >> > >> That's not helpful. I want to see what the JVM process is holding, not > what the whole OS is handling. > >> > >> My guess is that lsof is going to be a better bet for inspecting the > process. But if you get "too many open files" being thrown inside the JVM > and you don't see a 1/4 million lines of "lsof" output on your process, > then something else is going on. But remember to limit your lsof to *just > the JVM* process. > >> > >> -chris > >> > >>> -Original Message- > >>> From: Christopher Schultz > >>> Sent: Monday, May 17, 2021 5:18 PM > >>> To: users@tomcat.apache.org > >>> Subject: Re: apache-tomcat-8.5.59 too many open files on Linux 8 > >>> > >>> Yeggy, > >>> > >>> On 5/17/21 15:17, Yeggy Javadi wrote: > >>>> Hi, > >>>> I am seeing too many TCP sockets open by tomcat on Oracle Linux 8: > >>>> java51798 root 6601u sock0,9 0t0 3959342 > protocol: TCPv6 > >>>> > >>>> I was running the same application on Linux 7.6 with the same > >>>> apache-tomcat version without seeing this issue. I saw that RedHat > >>>> has removed apache-tomcat fom their Linux 8 distribution. Please help > >>>> with throubleshooting and indicating if there is any changes in Linux > >>>> 8 that can explain this > >>>> > >>>> Configuration: > >>>> apache-tomcat-8.5.59 > >>>> OEL Linux 8 kernel 4.18.0-193.28.1.el8_2.x86_64 Web-based application > >>>> using Postgres and elastic search databases > >>>> > >>>> > >>>> # ps -ef | grep tomcat > >>>> root 51798 1 1 11:16 ?00:06:01 > /usr/local/jre/bin/java > -Djava.util.logging.config.file=/usr/local/apache-tomcat/conf/logging.properties > -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -d64 > -server -Xms1800m -Xmx8192m -XX:MaxMetaspaceSize=1800m > -Djdk.tls.ephemeralDHKeySize=2048 > -Djava.protocol.handler.pkgs=org.apache.catalina.webresources > -Dorg.apache.catalina.security.SecurityListener.UMASK=0027 > -Dignore.endorsed.dirs= -classpath > /usr/local/apache-tomcat/bin/bootstrap.jar:/usr/local/apache-tomcat/bin/tomcat-juli.jar > -Dcatalina.base=/usr/local/apache-tomcat > -Dcatalina.home=/usr/local/apache-tomcat > -Djava.io.tmpdir=/usr/local/apache-tomcat/temp > org.apache.catalina.startup.Bootstrap start > >>>> root 54122 54037 0 19:43 pts/100:00:00 grep --color=auto > tomcat > >>>> > >>>> > >>>> # cat /proc/51798/limits > >>>> Limit Soft Limit Hard Limit > Units > >>>> Max cpu time unlimitedunlimited > seconds > >>>> Max file size unlimitedunlimited > bytes > >>>> Max data size unlimitedunlimited > bytes > >>>> Max stack size8388608 unlimited > bytes > >>>> Max core file sizeunlimitedunlimited > bytes > >>>> Max resident set unlimitedunlimited > bytes > >>>> Max processes 256518 256518 > processes > >>>> Max open files262144 262144 > files > >>>> Max locked memory 6553665536 > bytes > >>>> Max address space unlimitedunlimited > bytes > >>>> Max file locksunlimitedunlimited > locks > >>>> Max pending signals 256518 256518 > signals > >>>> Max msgqueue size 819200 819200 > bytes > >>>> Max nice priority 00 > >>>> Max realtime priority 00 > >>>> Max realtime timeout unlimitedunlimitedus > >>>> > >>>> > >>>> Too may open files: > >>>> # lsof -p 51798 | wc -l > >>>> 6679 > >>>> > >>>> > >>>> Most of open files are TCP sockets: > >>>> java51798 root 6601u sock0,9 0t0 3959342 > protocol: TCPv6 > >>>> > >>>> > >>>> # lsof -p 51798 | grep "protocol: TCPv6" | wc -l > >>>> 6413 > >>> > >>> Some potentially dumb questions: > >>> > >>> 1. Did you upgrade anything recently (like Java VM)? > >>> > >>> 2. What is error you are seeing? A full stack trace would be helpful. > >>> > >>> 3. What is your configuration? > >>> > >>> 4. Are you counting all the open files for a single process or all of > the sub-processes which represent the threads of the main process? > >>> Different kernel versions count things differently. > >>> > >>> 5. Running lsof, netstat, etc. can you see if some large number of > those sockets are bound to any specific port (listen or connect)? > >>> > >>> -chris > >>> > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -- Noelette Stout ITS Enterprise Applications - Application Administrator - Senior Business Administration Building, Rm 109L 921 South 8th Ave 8037 Idaho State University Pocatello ID 83209 E-mail: stounoel "at" isu "dot" edu Desk: 208-282-2554
Re: embedded, not local
I'm kinda new to this, but it looks like you're trying to start http and https on the same port. Feb 16, 2021 1:06:59 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler ["http-nio-16004"] Feb 16, 2021 1:06:59 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler ["https-jsse-nio-16004"] In my (admittedly limited) experience, they need to be on separate ports. just my 2 cents On Tue, Feb 16, 2021 at 2:39 PM Rob Sargent wrote: > change port assignment (16005) and restarted server. port in use. > > > On 2/16/21 2:36 PM, Rob Sargent wrote: > > Rebooted desktop k1. I get port in use first time I start my server > > (shell). > > > > > > On 2/16/21 1:26 PM, Christopher Schultz wrote: > >> Rob, > >> > >> On 2/16/21 15:02, Rob Sargent wrote: > >>> The logging so far has told me only that my port 16004 is in use, > >>> but at outset it clearly is not according to netstat or ss. Is > >>> tomcat opening that port before the call to "tomcat.start(); > >>> tomcat.getServer().await():"? > >> > >> It it says "port in use" then first stop your application, then make > >> sure all other processes that may have bound that port are stopped. > >> Maybe it's been failing because you have effectively been changing > >> nothing (because some older process is still holding onto the port). > >> > >> -chris > >> > >> > >> - > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: users-h...@tomcat.apache.org > >> > > > > > > -- Noelette Stout ITS Enterprise Applications - Application Administrator - Senior Business Administration Building, Rm 109L 921 South 8th Ave 8037 Idaho State University Pocatello ID 83209 E-mail: stounoel "at" isu "dot" edu Desk: 208-282-2554
