You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2017/01/07 16:43:42 UTC
[Bug 60560] New: Support systemd/inetd style socket activation
https://bz.apache.org/bugzilla/show_bug.cgi?id=60560
Bug ID: 60560
Summary: Support systemd/inetd style socket activation
Product: Tomcat 8
Version: 8.5.9
Hardware: PC
Status: NEW
Severity: enhancement
Priority: P2
Component: Connectors
Assignee: dev@tomcat.apache.org
Reporter: thomas@m3y3r.de
Target Milestone: ----
Created attachment 34600
--> https://bz.apache.org/bugzilla/attachment.cgi?id=34600&action=edit
propsed patch
Use the provided channel from systemd/inetd.
systemd will bind to the socket and forward the channel to tomcat, so tomcat
can run as non-root user on port 80.
For this to work correctly tomcat must be started directly as java program from
systemd unit file and not from intermediate script for channel passing to work
correctly.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60560] Support systemd/inetd style socket activation
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60560
--- Comment #5 from Thomas Meyer <th...@m3y3r.de> ---
Created attachment 34844
--> https://bz.apache.org/bugzilla/attachment.cgi?id=34844&action=edit
updated patch with documentation
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60560] Support systemd/inetd style socket activation
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60560
--- Comment #4 from Mark Thomas <ma...@apache.org> ---
Documentation is in trunk/webapps/docs
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60560] Support systemd/inetd style socket activation
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60560
Jeff Turner <je...@redradishtech.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jeff@redradishtech.com
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60560] Support systemd/inetd style socket activation
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60560
--- Comment #7 from Coty Sutherland <cs...@redhat.com> ---
Comments from a review of the latest provided patch:
* Your patch adds an unnecessary space before the TimeUnit import in
NioEndpoint
* There is a typo, 'automatically', in http.xml
* The useInheritedChannel documentation addition in http.xml specifies type
(boolean) which is inconsistent with other (bool) attrs
* If you specify useInheritedChannel on a Connector it shouldn't fall back to
the default behavior when starting without an OS provided socket. If you
specifically designate that tomcat should use an OS socket, then it should fail
to start the Connector (like the behavior that causes an SSL Connector to fail
to start when it can't find the keystore).
* If you're borrowing a socket from the OS for tomcat to use (by skipping the
bind), then you shouldn't be closing the socket in NioEndpoint.unbind().
After applying this patch the behavior seems to work (mostly, systemd is
behaving a bit odd, but that's not tomcat's fault), but there's something that
may be confusing for users: the thread name (i.e. Starting ProtocolHandler
["http-nio-8080"]). If you specify useInheritedChannel on the Connector then
you're no longer using the specified port. We should probably address that
somehow.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60560] Support systemd/inetd style socket activation
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60560
--- Comment #3 from Thomas Meyer <th...@m3y3r.de> ---
Updated patch here: http://static.217.14.99.88.clients.your-server.de/401
Where can I find the source of the documentation. It seems to be in an
different repository?!
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60560] Support systemd/inetd style socket activation
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60560
Remy Maucherat <re...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
--- Comment #9 from Remy Maucherat <re...@apache.org> ---
This will be available in 9.0.11+ and 8.5.33+. Thanks for the patch, ideas and
testing.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60560] Support systemd/inetd style socket activation
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60560
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
OS| |All
--- Comment #1 from Mark Thomas <ma...@apache.org> ---
The patch assumes that there is only a single NIO endpoint. That assumption is
not valid. The patch needs to handle the multiple end-point case. That in turn
raises the question of how useful this feature is since it appears only to be
able to handle a single channel.
This feature is not compatible with NIO2. Nor is it compatible with APR/native.
The patch needs to be extended to enable configuration to be used to specify
which connector should use the inherited channel. I'd suggest either a new
configuration option called "useInheritedChannel" or a special value for
"address". My preference would be for a new option. It should be specific to
NIO.
Documentation is also required.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60560] Support systemd/inetd style socket activation
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60560
--- Comment #2 from Remy Maucherat <re...@apache.org> ---
About NIO2, this doesn't work as the code in System.inheritableChannel uses the
NIO API directly, but the API itself is "compatible" (an
AsynchronousServerSocketChannel will implement Channel). Odd that this was
never added (as a separate equivalent method). I think they forgot about this
stuff (I had no idea it existed personally).
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60560] Support systemd/inetd style socket activation
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60560
--- Comment #8 from Coty Sutherland <cs...@redhat.com> ---
And just individuals interested in testing this, you need the following new
socket descriptor and modification to the systemd service unit:
Create a socket in /etc/systemd/system/tomcat.socket (this one opens a socket
bound to localhost on port 80):
~~~
[Unit]
Description=Socket for Tomcat
PartOf=tomcat.service
[Socket]
ListenStream=127.0.0.1:80
[Install]
WantedBy=sockets.target
~~~
Then add `Requires=tomcat.socket` to the [Unit] section of your tomcat systemd
service unit and `StandardInput=socket` to the [Service] section.
After adding those, starting the service (systemctl start tomcat) will open the
socket and pass that through to tomcat. You can also start the tomcat service
on the first request to localhost:80, but you have to start the socket first
(systemctl start tomcat.socket).
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60560] Support systemd/inetd style socket activation
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60560
Thomas Meyer <th...@m3y3r.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #34600|0 |1
is obsolete| |
Attachment #34844|0 |1
is obsolete| |
--- Comment #6 from Thomas Meyer <th...@m3y3r.de> ---
Created attachment 34982
--> https://bz.apache.org/bugzilla/attachment.cgi?id=34982&action=edit
updated patch with documentation
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org