Chris,
> On Tuesday, October 14, 2014 11:47 AM, Christopher Schultz > <ch...@christopherschultz.net> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Mark, > > On 10/14/14 1:21 PM, Mark Eggers wrote: >> Chris, >> >>> On Tuesday, October 14, 2014 9:47 AM, Christopher Schultz >>> <ch...@christopherschultz.net> wrote: >> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA256 >>> >>> Léa, >>> >>> On 10/14/14 7:06 AM, Léa Massiot wrote: >>>> My question is about how can Tomcat be started at boot time as >>>> a non-root user. >>>> >>>> The OS is Debian Wheezy. >>>> >>>> Below is what I did already: >>>> >>>> root> chown -R tomcat7.tomcat7 /opt/tomcat7/ >>>> >>>> I created a new file: "/etc/init.d/tomcat7" Owner and > owner >>> group: >>>> root Permissions: 755 >>>> ------------------------------------------------------- #! >>>> /bin/sh >>>> >>>> export JAVA_HOME=/opt/jdk1.7.0_67/ case $1 in >>>> >>>> start) /bin/bash /opt/tomcat7/bin/startup.sh >>> >>> Change this to: >>> >>> su -c "/bin/bash /opt/tomcat7/bin/startup.sh" tomcat7 >> >> You might need to use runuser in the above line if you're running >> SELinux. > > Oh, I wasn't aware of that. I don't use SELinux myself. We use SELinux, and so far it's not bitten us too hard. > >>> Look at the man page for "su" to see what's going on. >>> >>> Or you can use jsvc as others have suggested. I think jsvc is >>> probably more robust (because it can restart Tomcat if it dies) >>> but it's a bit more hassle, too. >> >> I've not tried the jsvc route yet, but I'm sorely tempted >> (especially now with systemd). > > I'm interested to hear what you have to say about systemd and how it > relates to Tomcat deployments. systemd can (allegedly) work just fine > with plain-old "init" scripts if you want to use them. > I've seen that, but it seems more like a hack (and some of the systemd people think so as well). I'd rather look at some examples and see if I can do things "correctly". My biggest systemd complaints so far are service level logging, feedback, and status information. >> Writing an init script that takes care of all the issues is >> complicated. > > We have one that works just fine under both Debian and RHEL, with > dependencies, etc. It's a bare-bones script that basically just calls > our ant build script which understands how to launch Tomcat with all > the right environment variables set. We do this because we have > multiple VMs running -- one per webapp -- and everything is configured > in one place. Basically, "/etc/init.d/webapp start" for us just > translates into "ant tomcat-start", etc. Ours works more or less like that. One script per Tomcat, and the script name matches the service name, matches the configuration file name. Our script is a bit more complex, since it does some of the RedHat / CentOS housekeeping. It also has some checks for sane starts and restarts (checks to see if things are running cleanly or not, etc.). > > - -chris We have a nice environment based on $CATALINA_HOME, $CATALINA_BASE, separate appBase directories, and soft links. This allows us to upgrade Tomcat without impacting production. The final (production impact) upgrade steps are: 1. Shut down service 2. Move links 3. Bring up service One of these days, we'll look at Chef / Puppet / et. al. . . . just my two cents /mde/ --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
