On 28/01/2019 07:25, Vinu Vibhu Sobhana wrote:
> Hai
>
> First of all Iam new to Tomcat-Cluster and hence I apologize if my
> doubts are wrong.
>
> I have been assigned a new project that requires a web application to
> be hosted using Tomcat-Cluster, as it is expected to receive high
> traffic.
High traffic may be a justification for load-balancing. It is not a
justification for session replication.
> So, I have configured a Tomcat-Cluster with 4 Tomcat
> instances (ie 2 - Tomcat instances running on 2 VMs each), where they
> shall receive hits its through a load-balancer. As I new to
> Tomcat-Cluster, I have to clear some points before approving the
> project to go on-line.
Why 2 instances per VM rather than one larger instance per VM?
>
> My queries are :
>
> 1. The Clustering of Tomcat currently configured is using the Delta
> Manger for managing session replications. Is it the correct choice or
> should I go for Backup Manger or any third party session management
> software such as memcache or redis.
Don't use any clustering at all.
> 2. While using Tomcat-Cluster, can we use/configure the Tomcat Manager
> App to deploy applications on FarmWarDeployer folder or is there any
> other method to do so.
N/A since clustering is not required.
> 3. Virtual Host entry has been implemented for our project domain
> "webportal.xyz.in" where only the access logs are getting logged to
> "webportal.xyz.in_access_log". Is there any means by which I can
> receive the error-logs also for this domain on a separate file.
No.
> 4. Is there any method to tune/tweak my current server.xml file so
> that clustering method can be done globally rather than applying
> individually on every Host entry with different ports.
No. Each instance needs to be configured individually. You can use
templating. With careful configuration you can have a commons server.xml
with ${...} property replacement for all the instance specific settings
that are then configured in catalina.properties
> 5. How to enable SSL for Tomcat-Cluster. Should I need to install SSL
> Certificates on all 4 tomcat instances or only on the Load-balancer.
Either works. The right solution depends on your security requirements.
Note: If you terminate TLS at the load-balancer you need to be very
careful to make sure that the Tomcat instances are able to determine
which requests were received over TLS and which were not else you are
likely to have a bunch of security holes - mainly around cookie/session
handling.
> 6. What all parameters needs to be checked/considered for tuning the
> Tomcat / Tomcat-Cluster instance while hosting any Project on
> Production environment.
All of them. Each application is unique. There is no "makeItFaster"
attribute.
> 7. Is there any service reload option present for tomcat, ie. similar
> to the one present in apache where the sessions doesn't get
> invalidated while tuning/updating the server config files.
Yes. It is enabled by default.
http://tomcat.apache.org/tomcat-9.0-doc/config/manager.html#Persistence_Across_Restarts
> 8. One of the issue noted was that one of the security feature
> implemented for this projects stopped working while moving to
> Tomcat-Cluster environment.
>
> Our application uses java spring mvc
> "<spring.version>4.3.5.RELEASE</spring.version>,
> <spring.security.version>4.2.0.RELEASE</spring.security.version>"
> where it is configured to allow only one time login for all users
> until their current login session expires or have been invalidated.
> ie. if multiple logins are done, only the last login will be active
> all the rest gets automatically logged-out. it was implemented for
> some customer security reasons. This was working fine while running on
> a single Tomcat instance. But while deploying on a Clustered instance
> it is not working unless if the same user logs into the same tomcat
> instance of the cluster. Is there any solution to this problem or
> should the developers needs to reconfigure the application to meets
> Tomcat-Clusters concepts.
Configure the load-balancer to use sticky sessions. You'll need to do
that anyway if clustering is removed.
Mark
>
> Please find the server.xml and context.xml for one of my Tomcat
> instances present in Cluster mentioned below.
>
> server.xml
> #############
> <?xml version="1.0" encoding="UTF-8"?>
> <Server port="8105" shutdown="SHUTDOWN">
> <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
> <!-- <Listener
> className="org.apache.catalina.core.AprLifecycleListener"
> SSLEngine="on" /> -->
> <Listener
> className="org.apache.catalina.core.JreMemoryLeakPreventionListener"
> />
> <Listener
> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
> />
> <Listener
> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"
> />
> <GlobalNamingResources>
> <Resource name="UserDatabase" auth="Container"
> type="org.apache.catalina.UserDatabase" description="User database
> that can be updated and saved"
> factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
> pathname="conf/tomcat-users.xml" />
> </GlobalNamingResources>
> <Service name="Catalina">
> <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" />
> <Connector port="8109" protocol="AJP/1.3" />
> <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
> <Realm className="org.apache.catalina.realm.LockOutRealm">
> <Realm
> className="org.apache.catalina.realm.UserDatabaseRealm"
> resourceName="UserDatabase" />
> </Realm>
> <Host name="localhost" appBase="webapps" unpackWARs="true"
> autoDeploy="true">
> <!--##################################################
> LOCALHOST TOMCAT CLUSTERED BEGIN
> ########################################### -->
> <Cluster
> className="org.apache.catalina.ha.tcp.SimpleTcpCluster"
> channelSendOptions="4" channelStartOptions="3">
> <Channel
> className="org.apache.catalina.tribes.group.GroupChannel">
> <Receiver
> className="org.apache.catalina.tribes.transport.nio.NioReceiver"
> address="web1.xyz.in" port="4000" autoBind="9" selectorTimeout="5000"
> maxThreads="6" />
> <Sender
> className="org.apache.catalina.tribes.transport.ReplicationTransmitter">
> <Transport
> className="org.apache.catalina.tribes.transport.nio.PooledParallelSender"
> />
> </Sender>
> <Interceptor
> className="org.apache.catalina.tribes.group.interceptors.TcpPingInterceptor"
> />
> <Interceptor
> className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"
> />
> <Interceptor
> className="org.apache.catalina.tribes.group.interceptors.MessageDispatchInterceptor"
> />
> <Interceptor
> className="org.apache.catalina.tribes.group.interceptors.StaticMembershipInterceptor">
> <Member
> className="org.apache.catalina.tribes.membership.StaticMember"
> port="4001" securePort="-1" host="web1.xyz.in" domain="local-cluster"
> uniqueId="{2,3,4,5,6,7,8,9,10,11,12,13,14,15,0,1}" />
> <Member
> className="org.apache.catalina.tribes.membership.StaticMember"
> port="4000" securePort="-1" host="web2.xyz.in" domain="local-cluster"
> uniqueId="{2,3,4,5,6,7,8,9,10,11,12,13,14,15,0,1}" />
> <Member
> className="org.apache.catalina.tribes.membership.StaticMember"
> port="4001" securePort="-1" host="web2.xyz.in" domain="local-cluster"
> uniqueId="{2,3,4,5,6,7,8,9,10,11,12,13,14,15,0,1}" />
> </Interceptor>
> </Channel>
> <Valve
> className="org.apache.catalina.ha.tcp.ReplicationValve" filter="" />
> <Valve
> className="org.apache.catalina.ha.session.JvmRouteBinderValve" />
> <ClusterListener
> className="org.apache.catalina.ha.session.ClusterSessionListener" />
> <Deployer
> className="org.apache.catalina.ha.deploy.FarmWarDeployer"
> tempDir="/usr/local/tomcat-cluster/tomcat1/temp/"
> deployDir="/usr/local/tomcat-cluster/tomcat1/webapps/"
> watchDir="/usr/local/tomcat-cluster/tomcat1/watchdir/"
> watchEnabled="true" />
> </Cluster>
> <!--##################################################
> LOCALHOST TOMCAT CLUSTERED END
> ########################################### -->
> <Valve
> className="org.apache.catalina.valves.AccessLogValve" directory="logs"
> prefix="localhost_access_log" suffix=".txt" pattern="%h %l %u %t
> &quot;%r&quot; %s %b" />
> </Host>
>
> <Host name="webportal.xyz.in" appBase="webportal_webapps"
> unpackWARs="true" autoDeploy="true">
> <Alias>www.webportal.xyz.in</Alias>
> <!--##################################################
> webportal.xyz.in TOMCAT CLUSTERED BEGIN
> ########################################### -->
> <Cluster
> className="org.apache.catalina.ha.tcp.SimpleTcpCluster"
> channelSendOptions="4" channelStartOptions="3">
> <Channel
> className="org.apache.catalina.tribes.group.GroupChannel">
> <Receiver
> className="org.apache.catalina.tribes.transport.nio.NioReceiver"
> address="web1.xyz.in" port="5000" autoBind="9" selectorTimeout="5000"
> maxThreads="6" />
> <Sender
> className="org.apache.catalina.tribes.transport.ReplicationTransmitter">
> <Transport
> className="org.apache.catalina.tribes.transport.nio.PooledParallelSender"
> />
> </Sender>
> <Interceptor
> className="org.apache.catalina.tribes.group.interceptors.TcpPingInterceptor"
> />
> <Interceptor
> className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"
> />
> <Interceptor
> className="org.apache.catalina.tribes.group.interceptors.MessageDispatchInterceptor"
> />
> <Interceptor
> className="org.apache.catalina.tribes.group.interceptors.StaticMembershipInterceptor">
> <Member
> className="org.apache.catalina.tribes.membership.StaticMember"
> port="5001" securePort="-1" host="web1.xyz.in" domain="web-cluster"
> uniqueId="{2,3,4,5,6,7,8,9,10,11,12,13,14,15,0,1}" />
> <Member
> className="org.apache.catalina.tribes.membership.StaticMember"
> port="5000" securePort="-1" host="web2.xyz.in" domain="web-cluster"
> uniqueId="{2,3,4,5,6,7,8,9,10,11,12,13,14,15,0,1}" />
> <Member
> className="org.apache.catalina.tribes.membership.StaticMember"
> port="5001" securePort="-1" host="web2.xyz.in" domain="web-cluster"
> uniqueId="{2,3,4,5,6,7,8,9,10,11,12,13,14,15,0,1}" />
> </Interceptor>
> </Channel>
> <Valve
> className="org.apache.catalina.ha.tcp.ReplicationValve" filter="" />
> <Valve
> className="org.apache.catalina.ha.session.JvmRouteBinderValve" />
> <ClusterListener
> className="org.apache.catalina.ha.session.ClusterSessionListener" />
> <Deployer
> className="org.apache.catalina.ha.deploy.FarmWarDeployer"
> tempDir="/usr/local/tomcat-cluster/tomcat1/temp/"
> deployDir="/usr/local/tomcat-cluster/tomcat1/webportal_webapps/"
> watchDir="/usr/local/tomcat-cluster/tomcat1/webportal_webapps_watchdir/"
> watchEnabled="true" />
> </Cluster>
> <!--##################################################
> webportal.xyz.in TOMCAT CLUSTERED END
> ########################################### -->
> <Valve
> className="org.apache.catalina.valves.AccessLogValve" directory="logs"
> prefix="webportal.xyz.in_access_log" suffix=".txt" pattern="%h %l %u
> %t &quot;%r&quot; %s %b" />
> </Host>
> </Engine>
> </Service>
> </Server>
> #############
>
> context.xml
> #############
> <?xml version="1.0" encoding="UTF-8"?>
> <Context>
> <WatchedResource>WEB-INF/web.xml</WatchedResource>
> <WatchedResource>${catalina.base}/conf/web.xml</WatchedResource>
> <Manager className="org.apache.catalina.ha.session.DeltaManager"
> expireSessionsOnShutdown="false"
> notifyListenersOnReplication="true"/>
> </Context>
> #############
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
