On Tue, 4 Jun 2002, GOMEZ Henri wrote:
> 1) On my configuration, the standard tomcat 3.3.1
> run as user tomcat3, group tomcat3, but apache2
> run as user apache2, group apache2.
That won't work very well. At least for in-process mode
it is completely impossible to do it otherwise.
There are 2 cases:
- you want to have tomcat and apache in the same directory
structure. In this case same user id is probably required,
and we may have problems with log rolling.
- different directory structures - in which case you can
have different users.
A particular case is tomcat.base != tomcat.home, and you
may have multiple tomcats with different uids...
Probably the default should be the easiest to understand
case ( same user, one dir layout ), and let advanced users
deal with other cases.
> So log/spool files can't be accessed in rw mode
> since all these files are 644 to tomcat3/tomcat3.
> I saw there is a setUser APR impl but since it's
> not a static method, it couldn't be called by
> TomcatStarter. Also shm file is owned by root,
> and so couldn't be used by childs (apache2).
setUser should be called very late, after all resources
are aquired ( port 80, open log files, etc ). That would be
the start callback. Each jk component can be retrieved
by name ( "apr" in this case ), and you get an instance and
call the method.
> 2) Tomcat3 at least allow the use of TOMCAT_HOME and
> TOMCAT_INSTALL, and in that case config files are
> in $TOMCAT_HOME/conf and tomcat.jar in $TOMCAT_INSTALL/lib.
> workers2.properties should be updated accordingly.
> I think there is a similar system for TC 4.0/4.1
> workers2.properties (nb I put tomcat-jni.jar in tomcat/lib not in tomcat/bin :
That's fine, I was trying to get a consistent location for 4.x and 3.3.
I also thing jars should be in lib, but I understand the argument
that executable jars should be in bin.
Please keep in mind that the workers2.properties should work fine
with any version of tomcat ( i.e. TOMCAT_HOME and TOMCAT_INSTALL
can point to a catalina installation ).
> 3) Under Linux we have to set many env vars before being
> able to load libjvm.so (here is what I've to do to
> use the IBM SDK 1.3.1 :
>
> export JAVAHOME=/opt/IBMJava2-131/jre
> export LD_LIBRARY_PATH=$JAVAHOME/bin:$JAVAHOME/bin/classic:$LD_LIBRARY_PATH
>
> Linux users running a kernel 2.4 should also add :
>
> export LD_ASSUME_KERNEL=2.2.5
>
> What about adding ENV params in [vm:] to setup all of these directly
> from httpd2 ?
Also TOMCAT_HOME must be set ( and TOMCAT_INSTALL ).
Not sure what adding ENV means, but if you talk about setenv() it won't
work on all cases ( VMs, etc ). Setting the env vars before executing
apache and tomcat is the only case that worked in all configurations.
> 4) It seems that jni is loaded in each child (I've build apache 2.0.36
> using -with-mpm=worker on my box) and sus there is 3 jvm started and conflict
> with listen port later (8080, 8007, 8009), so we should use a lock file to
> avoid duplicate initialization
Already have a solution for that - disable the HTTP listeners and the old
ajp listeners, and it'll work fine.
The new AJP connector ( coyote-jk2 ) is aware of load balancing (
in-process is a particular case of load balancing ), and will use a port
range ( if 8009 is taken, it'll use 8010, 8011... ).
That means we can have a single config file and multiple instances
( no need for separate server.xml ). There are few details related
with the log name. The 'instance id' must be used in creating the
name for the log and all other resources.
BTW, the instance id ( former jvmRoute ) is automatically generated
from the ajp13 port number and host ( i.e. localhost:8009, etc ).
> 5) What about using tomcat.user and tomcat.group properties and use setUser() in
> TomcatStarter run method ?
I would put this in a JkUser, and use a coyote callback (
CONTAINER_START).
It's easy to do it - but I'm doing some research on how things work on
windows ( i.e. I heard they have some way to play with the user id ).
> Of course will have to change public native int setUser( String user, String group )
> to public static native int setUser( String user, String group ).
No, it'll be:
AprImpl apr=WorkerEnv.getHandler( "apr" );
apr.setUser(... );
That works for all jk components ( you can do the same for "shm" if you
want to play with the scoreboard ).
But I preffer
class JkUser extends JkHandler {
void setUser(String);
void init() {
apr.setUser();
}
}
It's more flexible.
> We have to change JVM user/group in the early stage of init since we want
> to be sure that logs, pid and others R/W files will be available to the
> running process.
I think late - to make sure logs and other resources can be acquired (
port 80, etc ).
Costin
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
