Hello Tomcatters, finally I solved my Tomcat docs perusal ignorance owed difficulties, and could successfully make Tomcat highly available. Only thing that was required after installation of a recent JRE and untarring of the Tomcat binary tarball into my DRBD/LVM mount were very minute adaptations to my somewhat non-standard environment. Actually, all that was required was to set the env vars JAVA_HOME and CATALINA_HOME properly. Because I brushed this a little up with some pre-start Heartbeat and DRBD related availability checks of required HA resources I put it together in yet another wrapper script, that I natutarally called catalina. Needless to say that with the proper environment the Tomcat version query now works.
# /etc/ha.d/resource.d/catalina version Using CATALINA_BASE: /var/www/tomcat/5.5.15 Using CATALINA_HOME: /var/www/tomcat/5.5.15 Using CATALINA_TMPDIR: /var/www/tomcat/5.5.15/temp Using JRE_HOME: /usr/java/jre1.5.0_06 Server version: Apache Tomcat/5.5.15 Server built: Jan 3 2006 10:12:35 Server number: 5.5.15.0 OS Name: Linux OS Version: 2.6.9-1.667smp Architecture: i386 JVM Version: 1.5.0_06-b05 JVM Vendor: Sun Microsystems Inc. While I was reading through the Tomcat docs I came across a section where they mention the jsvc daemon for Unices. I also read that it understood a -user switch by which to tell the daemon to relinquish elevated privileges by switching to a deprived account after initialization. (I don't know how you Java folks call the process in threading terms, to my oldfashioned OS ear that sounds as if it is doing a fork, exits the parent and does a setsid() call, probably accompanied by some further cleanups like closing of unneeded pipes) That's what I would like to make use of, preferebly along with a chroot jail if this is supported (similar to SSH's privilege separation) because as it is started now I see but one proc with root privileges # lsof -nc java -a -i tcp COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME java 32056 root 33u IPv6 43122 TCP 127.0.0.1:8005 (LISTEN) So I untarred $CATALINA_HOME/bin/jsvc*tgz to a build dir. In the INSTALL.txt they mention as prerequisites an ANSI C capable compiler (got that), GNU autoconf (no problem), and "A Java Platform 2 compliant SDK". Outch, that's where the trouble starts again. I've been trying in vain for the last hour to find a download URI from SUN but their servers always refer me to the Linux JRE Download section. Maybe I could get a more dated SDK but than I fear I will be forced to install loads of downgrade compatibility libs for my rather current Tomcat. Btw, what's the difference between JDK and SDK? (ok, I gould guess that either stands for Java or Software Develepor's Kit) I also haven't found out what the major difference is between the out of the box Catalina start and running a separate jsvc daemon instead. Unfortunately the docs I've found so far are rather terse on that matter. What other benefits would it offer? I assume that I could embed it in some sort of tcp wrapper. If I sticked to the Catalina startup, what could I do to harden it? (e.g. access restrictions) Has anyone of you built and run the jsvc? Regards Ralph --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
