Catalina vs. jsvc stand alone daemon

[Ra...@itdz-berlin.de]

Hello Tomcatters,

finally I solved my Tomcat docs perusal ignorance owed
difficulties,
and could successfully make Tomcat highly available.
Only thing that was required after installation of a recent JRE
and untarring of the Tomcat binary tarball into my DRBD/LVM mount
were very minute adaptations to my somewhat non-standard
environment.
Actually, all that was required was to set the env vars JAVA_HOME
and CATALINA_HOME properly.
Because I brushed this a little up with some pre-start Heartbeat
and DRBD related availability checks of required HA resources I
put it together in yet another wrapper script, that I natutarally
called catalina.
Needless to say that with the proper environment the Tomcat
version query now works.


# /etc/ha.d/resource.d/catalina version
Using CATALINA_BASE:   /var/www/tomcat/5.5.15
Using CATALINA_HOME:   /var/www/tomcat/5.5.15
Using CATALINA_TMPDIR: /var/www/tomcat/5.5.15/temp
Using JRE_HOME:       /usr/java/jre1.5.0_06
Server version: Apache Tomcat/5.5.15
Server built:   Jan 3 2006 10:12:35
Server number:  5.5.15.0
OS Name:        Linux
OS Version:     2.6.9-1.667smp
Architecture:   i386
JVM Version:    1.5.0_06-b05
JVM Vendor:     Sun Microsystems Inc.


While I was reading through the Tomcat docs I came across a
section where they mention the jsvc daemon for Unices.
I also read that it understood a -user switch by which to tell
the daemon to relinquish elevated privileges by switching to a
deprived account after initialization.
(I don't know how you Java folks call the process in threading
terms, to my oldfashioned OS ear that sounds as if it is doing a
fork, exits the parent and does a setsid() call, probably
accompanied by some further cleanups like closing of unneeded
pipes)
That's what I would like to make use of, preferebly along with a
chroot jail if this is supported
(similar to SSH's privilege separation)
because as it is started now I see but one proc with root
privileges

# lsof -nc java -a -i tcp
COMMAND   PID USER   FD   TYPE DEVICE SIZE NODE NAME
java    32056 root   33u  IPv6  43122       TCP 127.0.0.1:8005
(LISTEN)

So I untarred $CATALINA_HOME/bin/jsvc*tgz to a build dir.
In the INSTALL.txt they mention as prerequisites an ANSI C
capable compiler (got that),
GNU autoconf (no problem), and "A Java Platform 2 compliant SDK".

Outch, that's where the trouble starts again.
I've been trying in vain for the last hour to find a download URI
from SUN but their servers
always refer me to the Linux JRE Download section.
Maybe I could get a more dated SDK but than I fear I will be
forced to install loads of downgrade compatibility libs for my
rather current Tomcat.
Btw, what's the difference between JDK and SDK?
(ok, I gould guess that either stands for Java or Software
Develepor's Kit)

I also haven't found out what the major difference is between the
out of the box Catalina start
and running a separate jsvc daemon instead.
Unfortunately the docs I've found so far are rather terse on that
matter.

What other benefits would it offer?
I assume that I could embed it in some sort of tcp wrapper.

If I sticked to the Catalina startup, what could I do to harden
it?
(e.g. access restrictions)

Has anyone of you built and run the jsvc?

Regards
Ralph




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org