Andre and all - problem fixed. Since the only thing that REALLY changed was Fedora 14 -> Fedora 16, I should have guessed it was not in httpd or tomcat.
The problem was fedora's over fastidious security policies. It was fedora that was stopping the shared memory writes and fedora that was stopping read access to this and that. I cleared about 20 "troubleshooter" problems and all web applications work fine with no more complaints about shared memory writing .... Thanks to you all (and thanks to my sub-conscious which woke me up at 2am to say - LOOK AT FEDORA fool). :=] PS - I hate these new hidden security policies. It is really hard to see what is happening and figure what to fix (even with the help you get from the troubleshooter). ________________________________ From: André Warnier <a...@ice-sa.com> To: Tomcat Users List <users@tomcat.apache.org> Sent: Friday, March 23, 2012 1:33 PM Subject: Re: upgraded fedora and mod_jk will not work Ray Holme wrote: > I have recently upgraded from Fedora 14 to Fedora 16. I am testing 4 tomcat > applications on the local web (and one plain apache app.) on one box (no > other tricks like multiple servers ...). The below should pretty well > describe everything I think matters. > > I was running Tomcat 6.0.29 and then 6.0.35 on Fedora 14 and am now trying > the latter on 16 - there were no changes in the apache-tomcat directory for > the new release (NONE _ just restored it and tomcat comes up with it's normal > chatter). Nut my release is pretty vanilla - after unpacking the gzip'd > tomcat tar file I added the 4 webapps; the .xml files for each under > conf/Catalina ... and added the DB driver .jar to the lib directory (symbolic > linked) - then it worked fine (under fedora 14) > > I downloaded and built the newest mod_jk.so (tomcat-connectors-1.2.33) from > src (had to strip final binary to make it work at all - not mentioned). I > still have the old one if need be and yes I tried it too. > > I installed the mod_jk.so in /usr/lib64/httpd/modules with the rest of them > (the Apache mod_jk online docs seems a little old here but were helpful). > > I modified the workers.properties (removed cache stuff which apache > complained of as dead). Here is what I have left: > > --------------------------- > # workers.properties - ajp13 > workers.tomcat_home=/opt/apache <-- obsolete, delete line > workers.java_home=/usr/java/jdk <-- obsolete, delete line > ps=/ <- maybe obsolete too, don't remember > # > # List workers > worker.list=wrkr > # > # Define wrkr > worker.wrkr.port=8009 > worker.wrkr.host=localhost > worker.wrkr.type=ajp13 > worker.wrkr.socket_timeout=300 <-- I wouldn't do that, unless you have a > specific reason to specify this. > --------------------------- > > I have an /etc/rc.d/rc.local file which should bring up httpd, THEN tomcat. > Tomcat comes up fine (the logs look fine), but httpd never comes up till I > manually run the same script after login. I know the script ran from boot > time but it leaves NO complaints as I added an echo line to it and a "clean" > script for /etc/httpd/logs which did definitely run (until I am up, I want > fresh error files, maybe even after that). > Not sure I understand all of that, but it doesn't seem to be a Tomcat problem. You should try to find out why httpd doesn't start when run from the boot script during boot. Maybe you are trying to access something that the boot environment doesn't have yet, but that is available later when you run it by hand ? (like some filesystem which only gets mounted later on ?) > Question 1: is the order right? (httpd then tomcat) > or should I bring up tomcat before httpd?? Probably better tomcat first. Otherwise, if a request comes in, Apache+mod_jk will try to connect to tomcat, tomcat won't be there yet, and you'll get errors. > pause between? Depends how long Tomcat and your applications need to start up and be ready to answer requests. > 1.1 - is the java home right or should it be /usr/java? > - these were both dead wrong under fedora 14 (and it worked) > as it pointed to /usr/java/jdk1.6.something and I have >/usr/java/jdk1.7.. > and the tomcat_home was wrong too. They are correct now (both >are symbolic links > to the real place so I don't do that again). Not surprising that it worked while being wrong, because these parameters are obsolete and just ignored. > > I have carefully modified the http.conf file to be identical to what I had > before with identical lines about worker properties. For the sake of > completeness - here are the mods to the orginal httpd.conf (minus the comment > lines) - I had to add a JkShmFile line to my old conf file to remove one > startup complaint from the newer httpd mod_jk. > > -------------------------------------------- > Listen 192.168.101.101:80 > ... > LoadModule jk_module modules/mod_jk.so > JkWorkersFi le /etc/httpd/conf/workers.properties > JkLogFile /var/log/httpd/mod_jk.log > JkLogLevel info > JkShmFile /etc/httpd/logs/jk.shm > JkLogStampFormat "[%a %b %d %H:%M:%S %Y] JkOptions +ForwardKeySize > +ForwardURICompat -ForwardDirectories > JkRequestLogFormat "%w %V %T" > JkMount /ledger wrkr > JkMount /ledger/* wrkr > ### 3 other app line sets like the above 2 lines are cut for brevity > -------------------------------------------- > > So I start httpd manually now and it says "OK", but the log files do not say > this. Here are the log messages (without the leading dates) and cutting > duplicates > > error_log -> > [notice] mod_python: Creating 4 session mutexes based on 256 max processes > and 0 max threads. > > Question 2: I suspect this might be OK (in earlier fedora too), why "0" max? > - zero is small, is this a problem at all? Don't know. That's something you should ask the "mod_python" guys. > > ssl_error_log-> > [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does > NOT match server name!? > > Question 3: Also seen in earlier ssl_error_logs, but I am not using SSL at > all YET and I don't like errors. I cannot find where it is picking up > localhost.localdomain at all. I would correct that if I knew. I have tried > adding this alias on the line with my real hostname in /etc/hosts but that > does no good. SO, is this a problem? Whether or not it is, can I fix it? > If you are not using SSL, then remove it from your Apache configuration. These error messages will automatically disappear. > mod_jk.log -> THESE ARE ALL NEW TO FEDORA 16 and the real problem I think > [error] init_jk::mod_jk.c (3348): Initializing > shm:/etc/httpd/logs/jk.shm.2384 errno=13. Load balancing workers will not > function properly. > ... You don't seem to be using load balancing workers, so basically you don't care. But the error message may indicate that Apache httpd is not able to write that file, in that location. Does that directory even exist ? (logfiles usually go to somewhere like /var/log/*. /etc/hhtpd/logs is somewhat unusual.) > [info] ajp_connect_to_endpoint::jk_ajp_common.c (992): Failed opening socket > to (127.0.0.1:8009) (errno=13) > [error] ajp_send_request::jk_ajp_common.c (1621): (wrkr) connecting to > backend failed. Tomcat is probably not started or is listening on the wrong > port (errno=13) > [info] ajp_service::jk_ajp_common.c (2614): (wrkr) sending request to tomcat > failed (recoverable), because of error during request sending (attempt=1) > [info] jk_open_socket::jk_connect.c (627): connect to 127.0.0.1:8009 failed > (errno=13) > That's probably because you start httpd before tomcat, as explained earlier. Tomcat has not opened its AJP socket 8009 yet, so httpd+mod_jk cannot connect to it. The rest is a lot of questions, maybe irrelevant. Fix the above first, and then come back with the issues which remain. > Question 4: I am not doing load balancing and the first error happens twice - > once for each jk.shm file created (both are made and of length 0). I don't > know if this is a real error or not. Can I fix it? > > Question 5: THE HUB OF THE PROBLEM IS IN THE LAST FEW ERRORS (sets of 4 > info/error/info/info) or so I believe (repeated many time - each time I try > to bring up a web page). It would appear that Tomcat is not listening as it > should be. The tomcat configuration is out of the box (worked EXACTLY as is > under Fedora 14), and the online Apache documents mumble about using files > that are "standard" (generated by tomcat)- probably so with a much older > version of tomcat (online references 2 and 3) - I see nothing like them - > e.g. no default generated http.conf additions file. > > Question 6: Relating to question 5 (I think), I have enabled my local Fedora > 16 firewall to allow port 80 (the plain Apache webpage test works fine, just > the 4 Tomcat apps fail); 8080, 8005, 8009 and 8443. I never made these > changes before (except 80 which was required for other LOCAL boxes to get at > this server), but I was hoping that this was the problem and these ports are > referred to in the various documents I see. Do I need to enable these ports > on the local fedora 16 internal firewall (there is a router firewall that > will stop them from the outside)? I don't think I need them, but ... > > I have spent several days reading many documents on the net. I seem to be > doing things the way they are suggested. I don't think I need any load > balancing and I don't think I need any Virtual Hosts here, but maybe I am > confused (NO, I AM DEFINITELY CONFUSED). > Help please. > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
