> > From: <[EMAIL PROTECTED]> > Date: 2006/02/03 Fri AM 07:16:32 EST > To: <users@tomcat.apache.org> > Subject: Catalina vs. jsvc stand alone daemon > > Hello Tomcatters, > > finally I solved my Tomcat docs perusal ignorance owed > difficulties, > and could successfully make Tomcat highly available. > Only thing that was required after installation of a recent JRE > and untarring of the Tomcat binary tarball into my DRBD/LVM mount > were very minute adaptations to my somewhat non-standard > environment. > Actually, all that was required was to set the env vars JAVA_HOME > and CATALINA_HOME properly. > Because I brushed this a little up with some pre-start Heartbeat > and DRBD related availability checks of required HA resources I > put it together in yet another wrapper script, that I natutarally > called catalina. > Needless to say that with the proper environment the Tomcat > version query now works. > > > # /etc/ha.d/resource.d/catalina version > Using CATALINA_BASE: /var/www/tomcat/5.5.15 > Using CATALINA_HOME: /var/www/tomcat/5.5.15 > Using CATALINA_TMPDIR: /var/www/tomcat/5.5.15/temp > Using JRE_HOME: /usr/java/jre1.5.0_06 > Server version: Apache Tomcat/5.5.15 > Server built: Jan 3 2006 10:12:35 > Server number: 5.5.15.0 > OS Name: Linux > OS Version: 2.6.9-1.667smp > Architecture: i386 > JVM Version: 1.5.0_06-b05 > JVM Vendor: Sun Microsystems Inc. > > > While I was reading through the Tomcat docs I came across a > section where they mention the jsvc daemon for Unices. > I also read that it understood a -user switch by which to tell > the daemon to relinquish elevated privileges by switching to a > deprived account after initialization. > (I don't know how you Java folks call the process in threading > terms, to my oldfashioned OS ear that sounds as if it is doing a > fork, exits the parent and does a setsid() call, probably > accompanied by some further cleanups like closing of unneeded > pipes) > That's what I would like to make use of, preferebly along with a > chroot jail if this is supported > (similar to SSH's privilege separation) > because as it is started now I see but one proc with root > privileges > > # lsof -nc java -a -i tcp > COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME > java 32056 root 33u IPv6 43122 TCP 127.0.0.1:8005 > (LISTEN) > > So I untarred $CATALINA_HOME/bin/jsvc*tgz to a build dir. > In the INSTALL.txt they mention as prerequisites an ANSI C > capable compiler (got that), > GNU autoconf (no problem), and "A Java Platform 2 compliant SDK". > > Outch, that's where the trouble starts again. > I've been trying in vain for the last hour to find a download URI > from SUN but their servers > always refer me to the Linux JRE Download section.
http://java.sun.com/j2se/1.5.0/download.jsp look for JDK 5.0 Update 6 > Maybe I could get a more dated SDK but than I fear I will be > forced to install loads of downgrade compatibility libs for my > rather current Tomcat. > Btw, what's the difference between JDK and SDK? > (ok, I gould guess that either stands for Java or Software > Develepor's Kit) > > I also haven't found out what the major difference is between the > out of the box Catalina start > and running a separate jsvc daemon instead. > Unfortunately the docs I've found so far are rather terse on that > matter. > > What other benefits would it offer? > I assume that I could embed it in some sort of tcp wrapper. > > If I sticked to the Catalina startup, what could I do to harden > it? > (e.g. access restrictions) regarding running tomcat in a chrooted jail http://www-128.ibm.com/developerworks/java/library/l-secjav.html > > Has anyone of you built and run the jsvc? for me, jsvc was the easier of the two. > > Regards > Ralph > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
