-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Jay,
On 11/6/13, 4:27 PM, Jay Vee wrote: > Threaded messaging key: >>> indicates my original post >> indicates a reply > NO > indicates my reply to the reply. > >>> On Nov 5, 2013, at 6:36 PM, Jay Vee <jvsr...@gmail.com> wrote: > >>> I need to bounce tomcat (run a stop, startup script) but from a >>> remote machine. >>> >>> SSH will not work. >>> >>> Tomcat runs as 'tomcat_user' and this user is not a ssh user so >>> we cannot ssh into a box using this user. >>> >>> We have to ssh into the box with our exchange credentials and >>> then $sudo > su >>> - tomcat _user to do the startup / shutdown. >> >> Why does this not work? Are you trying to automate the process >> in some way? > > Yes of course, we are trying to automate the deployment of a .war, > bounce tomcat. This whole deployment pipeline thing just might > catch on and we want to jump on the band wagon just in case it > does. Can I make a suggestion? Fix your web application so it can cleanly un-deploy and re-deloy and then simply do a hot deployment? You can even do that with zero downtime if you use parallel-deployment (read about it in the Tomcat Users' Guide). You can even do all that remotely via HTTP(S) using the Manager webapp. >> If so, maybe look at configuring SSH & sudo. They are pretty >> flexible. For example, you could enable key based authentication >> (i.e. password-less login) for your SSH user and configure sudo >> to allow your user to run the startup / shutdown scripts without >> a password. With that you could do a one command restart. > > This is a no go. I am not in the sys admin department. If I ask > them to configure SSH & sudo they will freak no matter how > rationale my argument is. We have access to the machines with out > exchange/ldap login and then we sudo su to root. So this is why I > posted the question. So, wait, let me get this straight: they won't let you use sudo because sudo-to-root is already in use? That can't possibly be right. Care to clarify? >>> Is there any other way to programatially stop/start comcat? >> >> There's the shutdown port (or perhaps System.exit() called from >> an app), but that's just to stop Tomcat. Once it's stopped you'd >> need to start it again somehow. > > I will look up the shutdown port. How would one programatically > use the shutdown port to shut tomcat down? All you have to do is connect to the shutdown port and send the "shutdown string" (which can be found in server.xml... it defaults to "SHUTDOWN"). You can do this trivially using telnet, netcat, etc. You can also call "catalina.sh stop" and it will do that, too -- it connects to the shutdown port and issues the shutdown string so you only have to have read-access to CATALINA_BASE/conf/server.xml and it will work no matter what user you are. As Dan says, you will still have to figure out how to get Tomcat started again... >> The solution you're looking for here is going to be external to >> Tomcat. > > Yes this is expected. (bounce tomcat remote). I am running a > script on another box and want to bounce tomcat with a script > (ant/maven or something else) You're never going to be able to get Tomcat to come back up this way, unless you have some other service that will allow you to remotely-notify it that you want to bounce Tomcat, and then have that process bounce Tomcat. For example, in a Windows environment, you could use a remote Service command to tell a service to restart. Of course, the service infrastructure has to have rights to stop/start Tomcat so you are kind of back to where you started: you need something like sudo access no matter what. (Unless you want to write a user-level service that runs as tomcat_user and provides a similar capability to that described above). >> Commons Daemon would be the first thing to check out since it's >> included with Tomcat, but there are tons of other options. >> >> https://commons.apache.org/proper/commons-daemon/ > > Awesome, I will check that out. But with commons-daemon, I would > think I still need ssh access as root to execute a script. Yes, that's true. But you might not need to use sudo simply to send a signal to the jsvc process. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSergiAAoJEBzwKT+lPKRYlUcQAJh6KFSDqRtcAm0fBA/DTe+2 YCXFdlS8rilNzWRNkTXga/wgxP63k4KTSlNGZlgwQR7VTvol1VGb94CRbzEBCKbl CYEYj7j47CdEWvvDqcx5UtByEwVNcRnHPRfteSz7OH6JGyF76RfjqBMWAT7F+cui XqPeppnVITg53wfJFUD1B5faXGv6qQrsBXHy9Zxf3aHqmsin+FDLWYPgkMP8k7NO /JtKYMFoyTxkAP2ZaoCUP6ZXnxtTwfZ3v8h9IvEUOre/7806sGh1F2OAjzINvO8w 8ltdrCeDtu6VeuW6j2wvk3TtrY00zdxapxud1buuImOQu4fz6yWBTlxs0NBVopC2 /uFOhg3v2LapjCLAAphnAJJUpjtjaJSo1IfKTORb5Gqk2YIIjIWPoNu7a+P+wMc5 4VUbonvYkjfu6bRc276/2Wm4PXR+6/lZ7Ea1N6ofhptstUoOVuqpRXzK3ZTd3z/i 7QfJJztpafT9oW+YWYKj6bx9nalExGq1YEPcGpvmPSXQNCx6o7FkQOCD0uO/W9nr 4OsmT7C0qeuwbWtblwwXy1MON4Du5ltH+Scs2Y253jCPwrQjaH8QnKn1hQDOxNuH AiqIY3vMSG0WOWXpzfcWshijBdZPBnPzus2Gj42CqPxDoI4C80mAdRVBBcW4T9Pz mymyiGK6yGySvyKRsAV7 =zE9I -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
