You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Roman Medina-Heigl Hernandez <ro...@rs-labs.com> on 2007/03/13 11:22:44 UTC
Chrooting Tomcat // Linux threading issue
Hello,
Please, could you recommend to me some tutorial/howto for chrooting Tomcat?
Some special points to take into account?
I suppose Tomcat version shouldn't mind but anyway...:
root@hetzner:/usr/local/obs/tomcat/bin# ./catalina.sh version
Using CATALINA_BASE: /usr/local/obs/tomcat
Using CATALINA_HOME: /usr/local/obs/tomcat
Using CATALINA_TMPDIR: /usr/local/obs/tomcat/temp
Using JRE_HOME: /usr/local/obs/java
Server version: Apache Tomcat/5.5.17
Server built: Apr 14 2006 02:08:29
Server number: 5.5.17.0
OS Name: Linux
OS Version: 2.4.34-grsec-rslabs-k7
Architecture: i386
JVM Version: 1.4.2_10-b03
JVM Vendor: Sun Microsystems Inc.
PS: A 2nd issue (not related to chroot) that I would like to clarify, if
you're so kind: when I run the web app in Tomcat (version showed above) I
got several processes (69 in particular). It seems to be related to the
following FAQ:
http://tomcat.apache.org/faq/unix.html#ps
But I've read FAQ entry (and followed the two links in the entry) and it is
unclear to me where there is some workaround in latest 2.4 kernels (I'm
using 2.4.34; don't wanna switch to 2.6 yet). The FAQ talks about
lightweight processes (the "threads", as seen by Linux 2.4), but how could
I check that they're really light? I'm trying to "measure" the possible
impact of "linux threading problem" over my application. Some URLs or help
would be welcomed. I've also set "LD_ASSUME_KERNEL=2.4" and exported the
variable, without any apparent change of behaviour.
Thanks in advance.
-Román
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Chrooting Tomcat // Linux threading issue
Posted by Andrew Miehs <an...@2sheds.de>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Roman,
To be honest I don't really understand your concerns with 2.6,
but if you really want to be running anything that uses threads,
use a 2.6 kernel.
If the Java Tomcat App that you are running is just a frontend
to something else, and not really for production purposes, then
you can happily stick with 2.4
And yes - 2.6 with NPTL is MUCH faster under high load than
using an old 2.4 kernel.
In my experience Java 1.5 is also much quicker than Java 1.42
On 13/03/2007, at 3:48 PM, Roman Medina-Heigl Hernandez wrote:
> Hi Chuck,
>
> "Not too much relevant" != "isn't relevant". Performance is always
> relevant, so it's good to enhance it *if possible*. I mean, if
> switching to
> 2.6 could make security worse (I know, this assert could be
> subjective /
> questionable but it's one opinion) AND performance is not too much
> relevant, I will not switch to 2.6.
>
> I don't know the enhancements of different JVM branchs/versions,
> nor from a
> performance perspective, neither from a security perspective, so a
> JVM
> upgrade could be perfectly possible and coherent with my thoughts.
>
> I hope your curiosity is satisfied :-)
>
> Cheers,
> -r
>
> Caldarale, Charles R escribió:
>>> From: Roman Medina-Heigl Hernandez [mailto:roman@rs-labs.com]
>>> Subject: Re: Chrooting Tomcat // Linux threading issue
>>>
>>> Performance, in this case, is not too much relevant.
>>>
>>> Would I notice big performance improvements if upgrading?
>>
>> I'm curious: if performance isn't relevant, why do you care if a JVM
>> upgrade would make it better?
>>
>> - Chuck
>>
>>
>> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE
>> PROPRIETARY
>> MATERIAL and is thus for use only by the intended recipient. If you
>> received this in error, please contact the sender and delete the e-
>> mail
>> and its attachments from all computers.
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
iD8DBQFF9ruYW126qUNSzvURAuR/AJ9VMX4gL161TxBXaDYEPXNKNJdq5QCffZgJ
gJOVSu4uVlJ4shlP0yZFH7I=
=KZVm
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Chrooting Tomcat // Linux threading issue
Posted by Roman Medina-Heigl Hernandez <ro...@rs-labs.com>.
Hi Chuck,
"Not too much relevant" != "isn't relevant". Performance is always
relevant, so it's good to enhance it *if possible*. I mean, if switching to
2.6 could make security worse (I know, this assert could be subjective /
questionable but it's one opinion) AND performance is not too much
relevant, I will not switch to 2.6.
I don't know the enhancements of different JVM branchs/versions, nor from a
performance perspective, neither from a security perspective, so a JVM
upgrade could be perfectly possible and coherent with my thoughts.
I hope your curiosity is satisfied :-)
Cheers,
-r
Caldarale, Charles R escribió:
>> From: Roman Medina-Heigl Hernandez [mailto:roman@rs-labs.com]
>> Subject: Re: Chrooting Tomcat // Linux threading issue
>>
>> Performance, in this case, is not too much relevant.
>>
>> Would I notice big performance improvements if upgrading?
>
> I'm curious: if performance isn't relevant, why do you care if a JVM
> upgrade would make it better?
>
> - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete the e-mail
> and its attachments from all computers.
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Chrooting Tomcat // Linux threading issue
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Roman Medina-Heigl Hernandez [mailto:roman@rs-labs.com]
> Subject: Re: Chrooting Tomcat // Linux threading issue
>
> Performance, in this case, is not too much relevant.
>
> Would I notice big performance improvements if upgrading?
I'm curious: if performance isn't relevant, why do you care if a JVM
upgrade would make it better?
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Chrooting Tomcat // Linux threading issue
Posted by Reinhard Moosauer <rm...@moosauer.de>.
Hi,
If security is your main concern, you should really consider 2.6:
Technologies like AppArmor are are giving a lot of confidence.
And you have intrusion detection included.
And IMHO you have no long term alternative to using current and maintained
software.
R.
Am Dienstag, 13. März 2007 12:01 schrieb Roman Medina-Heigl Hernandez:
> Hello,
>
> Andrew Miehs escribió:
> > On 13/03/2007, at 11:22 AM, Roman Medina-Heigl Hernandez wrote:
> >>> Hello,
> >>>
> >>> Server version: Apache Tomcat/5.5.17
> >>> Server number: 5.5.17.0
> >>> OS Version: 2.4.34-grsec-rslabs-k7
> >>> JVM Version: 1.4.2_10-b03
> >
> > Look for NPTL and Linux in Google...
>
> I liked this article:
> http://linuxdevices.com/articles/AT6753699732.html
>
> > I would seriously recommend upgrading to a 2.6 kernel - (unless
> > performance for your web app is irrelevant)
>
> I'll think about it. Performance, in this case, is not too much relevant. I
> was indeed worried about "memory exhausted" problems and things like that,
> but not about how speedy my application could run. If the application is
> stable enough in 2.4, I could keep that kernel. Many people consider kernel
> 2.4 more secure than 2.6, and in my case I prefer security to performance.
>
> > It would also be time to think about an upgrade to Java 1.5 or 1.6.
>
> Would I notice big performance improvements if upgrading? (specially
> regarding threading?) 1.5 or 1.6?
>
> Thanks for your help, Andrew. It is appreciated.
>
> Cheers,
> -Roman
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Chrooting Tomcat // Linux threading issue
Posted by Roman Medina-Heigl Hernandez <ro...@rs-labs.com>.
Hello,
Andrew Miehs escribió:
>
> On 13/03/2007, at 11:22 AM, Roman Medina-Heigl Hernandez wrote:
>
>>> Hello,
>>>
>>> Server version: Apache Tomcat/5.5.17
>>> Server number: 5.5.17.0
>>> OS Version: 2.4.34-grsec-rslabs-k7
>>> JVM Version: 1.4.2_10-b03
>>>
> Look for NPTL and Linux in Google...
I liked this article:
http://linuxdevices.com/articles/AT6753699732.html
> I would seriously recommend upgrading to a 2.6 kernel - (unless performance
> for your web app is irrelevant)
I'll think about it. Performance, in this case, is not too much relevant. I
was indeed worried about "memory exhausted" problems and things like that,
but not about how speedy my application could run. If the application is
stable enough in 2.4, I could keep that kernel. Many people consider kernel
2.4 more secure than 2.6, and in my case I prefer security to performance.
> It would also be time to think about an upgrade to Java 1.5 or 1.6.
Would I notice big performance improvements if upgrading? (specially
regarding threading?) 1.5 or 1.6?
Thanks for your help, Andrew. It is appreciated.
Cheers,
-Roman
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Chrooting Tomcat // Linux threading issue
Posted by Andrew Miehs <an...@2sheds.de>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 13/03/2007, at 11:22 AM, Roman Medina-Heigl Hernandez wrote:
> Hello,
>
> Server version: Apache Tomcat/5.5.17
> Server number: 5.5.17.0
> OS Version: 2.4.34-grsec-rslabs-k7
> JVM Version: 1.4.2_10-b03
>
> PS: A 2nd issue (not related to chroot) that I would like to
> clarify, if
> you're so kind: when I run the web app in Tomcat (version showed
> above) I
> got several processes (69 in particular). It seems to be related to
> the
> following FAQ:
Actually, you get 69 'threads'. Linux 2.4 kernel shows (and deals
with) threads
as processes.
> http://tomcat.apache.org/faq/unix.html#ps
> But I've read FAQ entry (and followed the two links in the entry)
> and it is
> unclear to me where there is some workaround in latest 2.4 kernels
> (I'm
> using 2.4.34; don't wanna switch to 2.6 yet). The FAQ talks about
> lightweight processes (the "threads", as seen by Linux 2.4), but
> how could
> I check that they're really light? I'm trying to "measure" the
> possible
> impact of "linux threading problem" over my application. Some URLs
> or help
> would be welcomed. I've also set "LD_ASSUME_KERNEL=2.4" and
> exported the
> variable, without any apparent change of behaviour.
Look for NPTL and Linux in Google...
for example: http://kerneltrap.org/node/429
I would seriously recommend upgrading to a 2.6 kernel - (unless
performance
for your web app is irrelevant)
It would also be time to think about an upgrade to Java 1.5 or 1.6.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
iD8DBQFF9n8yW126qUNSzvURAkcMAJ93juvogDO9QxMAOW19R+I/cjDfcACfT3gl
w9MjlRfL7zzzByl77Y7xu08=
=pe3y
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Chrooting Tomcat // Linux threading issue
Posted by Roman Medina-Heigl Hernandez <ro...@rs-labs.com>.
Hello David,
There are tools/scripts which try to automate the process of chrooting an
application, i.e, guessing libraries needed and so on. But they usually
require additional work (fine-tunning, etc), trial&error tests, etc. Being
Tomcat/Java a common application (at least amongst this list's users), I
had supposed some of you have already done this work and could share with
me their findings/work, so I could anticipate problems, issues, etc.
Cheers,
-Roman
David Delbecq escribió:
> Hi,
>
> it's, as far as i know, impossible to chroot tomcat after startup
> (unless some JNI tools to do it exist am not aware about)
> So, like any other application you would chroot before linking, you need
> to ensure your chrooted environment contains all libraries needed by the
> JVM (don't ask me for this list, sun doesn't provide it)
>
> also your JAVA_HOME should be updated after chroot :)
> and tomcat script will required availabilty of bash most probably.
>
>
> En l'instant précis du 13/03/07 11:22, Roman Medina-Heigl Hernandez
> s'exprimait en ces termes:
>> Hello,
>>
>> Please, could you recommend to me some tutorial/howto for chrooting Tomcat?
>> Some special points to take into account?
>>
>> I suppose Tomcat version shouldn't mind but anyway...:
>> root@hetzner:/usr/local/obs/tomcat/bin# ./catalina.sh version
>> Using CATALINA_BASE: /usr/local/obs/tomcat
>> Using CATALINA_HOME: /usr/local/obs/tomcat
>> Using CATALINA_TMPDIR: /usr/local/obs/tomcat/temp
>> Using JRE_HOME: /usr/local/obs/java
>> Server version: Apache Tomcat/5.5.17
>> Server built: Apr 14 2006 02:08:29
>> Server number: 5.5.17.0
>> OS Name: Linux
>> OS Version: 2.4.34-grsec-rslabs-k7
>> Architecture: i386
>> JVM Version: 1.4.2_10-b03
>> JVM Vendor: Sun Microsystems Inc.
>>
>>
>> PS: A 2nd issue (not related to chroot) that I would like to clarify, if
>> you're so kind: when I run the web app in Tomcat (version showed above) I
>> got several processes (69 in particular). It seems to be related to the
>> following FAQ:
>> http://tomcat.apache.org/faq/unix.html#ps
>> But I've read FAQ entry (and followed the two links in the entry) and it is
>> unclear to me where there is some workaround in latest 2.4 kernels (I'm
>> using 2.4.34; don't wanna switch to 2.6 yet). The FAQ talks about
>> lightweight processes (the "threads", as seen by Linux 2.4), but how could
>> I check that they're really light? I'm trying to "measure" the possible
>> impact of "linux threading problem" over my application. Some URLs or help
>> would be welcomed. I've also set "LD_ASSUME_KERNEL=2.4" and exported the
>> variable, without any apparent change of behaviour.
>>
>> Thanks in advance.
>> -Román
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Chrooting Tomcat // Linux threading issue
Posted by David Delbecq <de...@oma.be>.
Hi,
it's, as far as i know, impossible to chroot tomcat after startup
(unless some JNI tools to do it exist am not aware about)
So, like any other application you would chroot before linking, you need
to ensure your chrooted environment contains all libraries needed by the
JVM (don't ask me for this list, sun doesn't provide it)
also your JAVA_HOME should be updated after chroot :)
and tomcat script will required availabilty of bash most probably.
En l'instant précis du 13/03/07 11:22, Roman Medina-Heigl Hernandez
s'exprimait en ces termes:
> Hello,
>
> Please, could you recommend to me some tutorial/howto for chrooting Tomcat?
> Some special points to take into account?
>
> I suppose Tomcat version shouldn't mind but anyway...:
> root@hetzner:/usr/local/obs/tomcat/bin# ./catalina.sh version
> Using CATALINA_BASE: /usr/local/obs/tomcat
> Using CATALINA_HOME: /usr/local/obs/tomcat
> Using CATALINA_TMPDIR: /usr/local/obs/tomcat/temp
> Using JRE_HOME: /usr/local/obs/java
> Server version: Apache Tomcat/5.5.17
> Server built: Apr 14 2006 02:08:29
> Server number: 5.5.17.0
> OS Name: Linux
> OS Version: 2.4.34-grsec-rslabs-k7
> Architecture: i386
> JVM Version: 1.4.2_10-b03
> JVM Vendor: Sun Microsystems Inc.
>
>
> PS: A 2nd issue (not related to chroot) that I would like to clarify, if
> you're so kind: when I run the web app in Tomcat (version showed above) I
> got several processes (69 in particular). It seems to be related to the
> following FAQ:
> http://tomcat.apache.org/faq/unix.html#ps
> But I've read FAQ entry (and followed the two links in the entry) and it is
> unclear to me where there is some workaround in latest 2.4 kernels (I'm
> using 2.4.34; don't wanna switch to 2.6 yet). The FAQ talks about
> lightweight processes (the "threads", as seen by Linux 2.4), but how could
> I check that they're really light? I'm trying to "measure" the possible
> impact of "linux threading problem" over my application. Some URLs or help
> would be welcomed. I've also set "LD_ASSUME_KERNEL=2.4" and exported the
> variable, without any apparent change of behaviour.
>
> Thanks in advance.
> -Román
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org