Comments inline:
On 1/15/2014 9:46 AM, Bush, Eddie wrote:
Great feedback, Mark! Thanks!
As this will be for a single app, I'm not concerned with having quite as
complex of a setup as you do. The box does not seem to have selinux enabled:
[ebush@tuldgskap01 ~]$ selinuxenabled
[ebush@tuldgskap01 ~]$ echo $?
1
Not enabled. I think this is probably not wise (especially in production
machines). We run with selinux enforcing on production and permissive on
development boxes.
Is there something that would cause the script to be successfully invocable
interactively and yet make it fail at boot? I'm thinking the answer is yes,
based off of what I'm seeing. Perhaps sudo doesn't like being run by root?
Don't use sudo in a script. If you're running selinux use:
/sbin/runuser [user-name] -c [command]
If you're not running selinux use:
/sbin/su [user-name] -c [command]
Since I'll lead the dev team, I'll have teeth to make sure the app does not
misbehave. I can't imagine why one would, as I've never had issues before. I
suppose, if requests were still processing, a problem could occur. However,
we'll use F5 and drain-stop the node prior to performing maintenance, so ...
I'm going to take a simpler path than you've advocated but keep your thoughts
around in case I do experience an issue :-)
I'll look into a more formal daemon mechanism. I think commons-daemon comes with tomcat.
I'm trying to avoid many manual pieces like that, but working (and I define working as
"it comes up after boot") is not optional!
Yes, it does come with Tomcat. However your script should work (wouldn't
recommend it for production, but dev would be OK) provided you use
/sbin/su or /sbin/runuser.
Thanks again! ... and thanks to the others who have provided feedback too! It
is very much appreciated! My take-away: there's a standard way to launch a
daemon, and you should be doing that!
Eddie
. . . . just my two cents
/mde/
-----Original Message-----
From: Mark Eggers [mailto:its_toas...@yahoo.com]
Sent: Wednesday, January 15, 2014 11:24 AM
To: Tomcat Users List
Subject: Re: [tomcat7] rhel 6 - init.d script works; does not start on reboot
See quick notes next to your script:
On 1/15/2014 8:53 AM, Bush, Eddie wrote:
-----Original Message-----
From: Daniel Mikusa [mailto:dmik...@gopivotal.com]
Sent: Wednesday, January 15, 2014 10:19 AM
To: Tomcat Users List
Subject: Re: [tomcat7] rhel 6 - init.d script works; does not start on
reboot
On Jan 15, 2014, at 11:01 AM, "Bush, Eddie" <eddie.b...@williams.com> wrote:
-----Original Message-----
From: Daniel Mikusa [mailto:dmik...@gopivotal.com]
Sent: Wednesday, January 15, 2014 9:54 AM
To: Tomcat Users List
Subject: Re: [tomcat7] rhel 6 - init.d script works; does not start
on reboot
On Jan 15, 2014, at 10:32 AM, "Bush, Eddie" <eddie.b...@williams.com> wrote:
Howdy, List!
I'm in a bit of a pickle here. I'm a senior dev, and quite good at that, but
for my new client I'm also charged with configuring our machines. We're running
on Tomcat 7, so I grabbed the tgz and installed it per the instructions.
Everything works great! ... until I reboot the server :) At that point,
everything else comes up, but tomcat does not.
I have removed all logs and rebooted and see nothing notable in any
of the tomcat logs (because, of course, it did not start), nor can I
find anything in syslog or messages. The chkconfig command reports
that the script is configured to run for runlevel 2-5, and I've even
inspected the links in rc.d/rc*.d and they are linked to the init.d
script (which is the same danged script that works interactively via
"service tomcat start/stop"!)
Dan> Where did you get the init script from?
EB> Off the net somewhere, initially. I tweaked it to use sudo to
EB> change user to tomcat:tomcat though, and I changed the chkconfig
EB> declaration to be extremely similar to what nginx uses, since
EB> that works fine. chkconfig likes the script, and sets it up in
EB> what looks to be perfect form (comparing to other things). These
EB> are pretty standard scripts though, yes? They basically just
EB> delegate to the scripts distributed with tomcat, which all end up
EB> calling catalina.sh :-)
Dan> Since it's not standard, can you include it here? It may be perfectly
fine, but it would be nice to see it regardless.
EB> cat /etc/init.d/tomcat
#!/bin/bash
echo "Let's start Tomcat! ... because Tomcat rocks!" > /tmp/tomcat.log
# chkconfig: - 84 16
# description: Tomcat Start Stop Restart # processname: tomcat
### BEGIN INIT INFO
# Provides: tomcat
# Required-Start: $local_fs $remote_fs $network # Required-Stop:
$local_fs $remote_fs $network # Default-Start: 2 3 4 5 # Default-Stop:
0 1 6 # Short-Description: start stop and restart tomcat ### END INIT
INFO
JAVA_HOME=/usr/java/jdk1.7.0_45
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH
CATALINA_HOME=/usr/share/apache-tomcat-7.0.47
echo "JAVA_HOME = $JAVA_HOME" >> /tmp/tomcat.log echo "PATH = $PATH"
/tmp/tomcat.log echo "CATALINA_HOME = $CATALINA_HOME" >>
/tmp/tomcat.log
case $1 in
start)
echo "START requested!" >> /tmp/tomcat.log sudo -g tomcat -u tomcat sh
$CATALINA_HOME/bin/startup.sh ;;
stop)
echo "STOP requested!" >> /tmp/tomcat.log sudo -g tomcat -u tomcat sh
$CATALINA_HOME/bin/shutdown.sh ;;
restart)
echo "RESTART requested!" >> /tmp/tomcat.log sudo -g tomcat -u tomcat
sh $CATALINA_HOME/bin/shutdown.sh sudo -g tomcat -u tomcat sh
$CATALINA_HOME/bin/startup.sh ;; esac exit 0
This won't work.
1. Use JRE_HOME and set it to where your JRE is installed
Technically you can use JAVA_HOME, but Tomcat no longer needs javac (unless
you've changed the stock configuration).
2. sudo won't work if you have SELinux enabled
use /sbin/runuser
3. I use catalina.sh
My command to start Tomcat ends up looking like this:
$SU - $TOMCAT_USER -c "${CONFIG_OPTS} ${CAT_PID} ${TOMCAT_INSTANCE}"
start > $SERVICE_LOG 2>1&!
(obviously all on one line)
where:
$SU is the proper su command (/sbin/su or /sbin/runuser) $TOMCAT_USER is the
tomcat user $CONFIG_OPTS contains all of the options:
CATALINA_HOME
CATALINA_BASE
JRE_HOME
$CAT_PID is the pid file to write
$TOMCAT_INSTANCE is $CATALINA_HOME/bin/catalina.sh $SERVICE_LOG is where I
write my service startup and shutdown messages
I run multiple Tomcats from one CATALINA_HOME (see RUNNING.txt in the Tomcat
distribution). Each Tomcat gets its own init script, and each init script reads
a corresponding configuration file that sets CATALINA_HOME, CATALINA_BASE, the
PID file, and JRE_HOME. That way I can run multiple versions of Tomcat with
different JREs and still use one init script (copied to a new service name for
each Tomcat).
While the stop command is the same as the start command (just substitute stop
for start), there are some other issues you have to worry about.
1. Is it really running?
2. Did it really stop?
Some misbehaving applications make it difficult to stop Tomcat. I currently
loop for a configurable amount of time, and check the status of Tomcat once per
second. If I fail to stop Tomcat after the configurable amount of time, I issue
a kill -9. That's all logged so I know which Tomcat is causing problems, and I
have an idea about which application is causing an issue.
Hope that helps.
Dan> Also, can you confirm that the init script is actually being called? It
would be helpful to know how far things get before they break down. Since you've
said that *no* Tomcat logs get created, I would expect that things don't get very
far. Maybe add some logging / echo statements to see what does and doesn't run.
EB> Genius suggestion. I'm disappointed I didn't think about it. Turns out that
it does try to start.
EB> cat /tmp/tomcat.log
Let's start Tomcat! ... because Tomcat rocks!
JAVA_HOME = /usr/java/jdk1.7.0_45
PATH = /usr/java/jdk1.7.0_45/bin:/sbin:/usr/sbin:/bin:/usr/bin
CATALINA_HOME = /usr/share/apache-tomcat-7.0.47 START requested!
EB> So it feels like that sudo command fails. However, I see nothing in
/var/log/sudolog. Is sudo the issue?
EB> I was trying su in the script, but it complained about the account not
having login enabled. sudo worked interactively, so I assumed that ought to work!
EB> I looked at adding jsvc, but I don't have a lot of control over channels
that the machine is subscribed to, and that seems to be in the optional channel.
EB> I have (rhel6) a daemon command, and I had considered updating to
EB> use that, but the sudo works interactively so I stuck with that
EB> (if it ain't broke, right?)
This may be more of a *nix question than a tomcat question, but I thought I'd
try here first since it is in the context of tomcat itself.
Thoughts? Suggestions?
Dan> Have you verified that user / permissions are set correct to run as a
service? Keep in mind that running as a service may be running Tomcat as a
different user.
EB> I guess I'm not sure what you mean here. Apologies. However, I did chown -R
tomcat:tomcat on the entire install. First start after that reminded me I needed to clean
the logs out before expecting it to work :-) but I can now start this interactively using
"sudo service tomcat start" and stop it, etc.
EB> Perhaps I should add that I was raised on Unix, including being
EB> schooled in Unix administration. It's been years, but I do have a
EB> decent amount of experience with Unix, shell scripting, etc. :-)
Dan> Sounds like you've got the general idea of what I was saying here. Good
to know how the permissions are set on the Tomcat directory.
EB> Awesome :-) yes, I
Dan
Dan
I have Google'd myself to death! I'm at my wits end! I'm honestly at the point
of thinking about punting this issue until another day or possibly resigning to
making sure that any workflow which involves a server reboot includes a step
for starting tomcat (yuck!).
Thanks in advance for any input!
Eddie
. . . . just my two cents
/mde/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
