You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by John Rellis <jo...@gmail.com> on 2012/09/17 21:50:34 UTC
Clustering Question
Hi,
In Summary, I was hoping somebody could look over my configuration and give
me some guidance. I have configured what I think I need to and I have no
evidence to suggest anything is working and I don't know how to verify the
pieces of the puzzle. Any help on troubleshooting would be excellent!
I am using tomcat 7, Apache/2.2.22 (Ubuntu) and the latest ubuntu LTS.
The architecture I am attempting is on EC2, I have disabled firewalls
during testing. Here is the architecture I think I need :
A ubuntu server with an apache web server using mod_jk to create a load
balancer for two other servers that are running tomcat. The tomcat
instances are running a grails app called ClusterApp.
This ClusterApp can be reached on http://tomcatone:8080/ClusterApp and on
http://tomcattwo:8080/ClusterApp
tomcatone and tomcattwo are in my /etc/hosts file.
I am pretty sure mod_jk is installed correctly. I'll show you what files I
think I need to set up clustering and how they are set up. The Tomcats and
apache are starting and I have no idea where to go from there so any help
would be great!!!
I am trying to hit http://balancer/ClusterApp and nothing is happening. my
app has the <distributable/> element
Many thanks!
This is my workers.properties (on balancer server)
# Define worker names
worker.list=jk-status, LoadBalancer
# Create virtual workers
worker.jk-status.type=status
worker.LoadBalancer.type=lb
# Declare Tomcat server workers 1 through n
worker.worker1.type=ajp13
worker.worker1.host=tomcatone
worker.worker1.port=8009
worker.worker2.type=ajp13
worker.worker2.host=tomcattwo
worker.worker2.port=8009
# Associate real workers with virtual LoadBalancer worker
worker.LoadBalancer.balance_workers=worker1,worker2
!!!END OF WORKERS.PROPERTIES
This is in my apache2.conf (should maybe be in jk.conf??, on balancer
server)
JkMount /ClusterApp* LoadBalancer
This is my jk.conf (on balancer server)
<IfModule jk_module>
# We need a workers file exactly once
# and in the global server
JkWorkersFile /etc/apache2/conf/workers.properties
# Our JK error log
# You can (and should) use rotatelogs here
JkLogFile /var/log/apache2/mod_jk.log
# Our JK log level (trace,debug,info,warn,error)
JkLogLevel debug
# Our JK shared memory file
JkShmFile /var/log/apache2/jk-runtime-status
JkWatchdogInterval 60
# Configure access to jk-status and jk-manager
# If you want to make this available in a virtual host,
# either move this block into the virtual host
# or copy it logically there by including "JkMountCopy On"
# in the virtual host.
# Add an appropriate authentication method here!
<Location /jk-status>
# Inside Location we can omit the URL in JkMount
JkMount jk-status
Order deny,allow
Deny from all
Allow from all
</Location>
<Location /jk-manager>
# Inside Location we can omit the URL in JkMount
JkMount jk-manager
Order deny,allow
Deny from all
Allow from all
</Location>
</IfModule>
This is my server.xml on my tomcat servers
<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
-->
<Server port="8005" shutdown="SHUTDOWN">
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" />
<!--Initialize Jasper prior to webapps are loaded. Documentation at
/docs/jasper-howto.html -->
<Listener className="org.apache.catalina.core.JasperListener" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener
className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener
className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener
className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">
<!--The connectors can use a shared executor, you can define one or
more named thread pools-->
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
-->
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking &
non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
-->
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8080" />
<!-- An Engine represents the entry point (within Catalina) that
processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes
them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->
<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
-->
<Engine name="Catalina" defaultHost="localhost" jvmRoute="worker1">
<!--For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster">
<Manager className="org.apache.catalina.ha.session.DeltaManager"
expireSessionsOnShutdown="false"
notifyListenersOnReplication="true"/>
<Channel className="org.apache.catalina.tribes.group.GroupChannel">
<Membership
className="org.apache.catalina.tribes.membership.McastService"
address="228.0.0.4"
port="45564" frequency="500"
dropTime="3000"/>
<Sender
className="org.apache.catalina.tribes.transport.ReplicationTransmitter">
<Transport
className="org.apache.catalina.tribes.transport.nio.PooledParallelSender"/>
</Sender>
<Receiver
className="org.apache.catalina.tribes.transport.nio.NioReceiver"
address="auto" port="4000" autoBind="100"
selectorTimeout="5000" maxThreads="6"/>
<Interceptor
className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"/>
<Interceptor
className="org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor"/>
</Channel>
<Valve className="org.apache.catalina.ha.tcp.ReplicationValve" filter=""/>
<Valve className="org.apache.catalina.ha.session.JvmRouteBinderValve"/>
<ClusterListener
className="org.apache.catalina.ha.session.JvmRouteSessionIDBinderListener"/>
<ClusterListener
className="org.apache.catalina.ha.session.ClusterSessionListener"/>
</Cluster>
<!-- Use the LockOutRealm to prevent attempts to guess user passwords
via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<!-- SingleSignOn valve, share authentication between web
applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common"
-->
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
--
John Rellis
Re: Clustering Question
Posted by John Rellis <jo...@gmail.com>.
On Sep 18, 2012 7:26 PM, "Christopher Schultz" <ch...@christopherschultz.net>
wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> John,
>
> On 9/17/12 5:20 PM, John Rellis wrote:
> > Thanks Chris.
> >
> > My replies will be a little sporadic as I am cooking a 10 pm dinner
> > :)
> >
> >> From what I was reading I thought I could hit some sort of
> >> manager there
> > but it was never able to, when I hit
> >
> > http://balancer/jkmanager
> >
> > I get nothing just a 404.
> >
> > This is in my apache2.conf: (i removed them from jk.conf as i
> > thought my security was messed up)
> >
> > JkMount /jkmanager/* jkstatus
>
> /jkmanager/* != /jkmanager so it's no surprise that you got a 404. Try:
>
> JkMount /jkmanager jkstatus
>
> > uri_worker_map_add::jk_uri_worker_map.c (720): wildchar rule
> > '/jkmanager/*=jkstatus' source 'JkMount' was added NEXT (1) map #0:
> > uri=/jkmanager/* worker=jkstatus context=/jkmanager/*
> > source=JkMount type=Wildchar len=12
>
> Do you have all your JkMount directives inside VirtualHosts? If you
> have them outside, they won't take effect (sounds odd, but makes a
> little sense if you think about it).
>
> > *I should also mention, there's an error while starting :*
> >
> > ubuntu@balancer:/etc/apache2/mods-enabled$ sudo service apache2
> > restart * Restarting web server apache2
> >
> > apache2: Could not reliably determine the server's fully qualified
> > domain name, using 127.0.1.1 for ServerName ... waiting .apache2:
> > Could not reliably determine the server's fully qualified domain
> > name, using 127.0.1.1 for ServerName
>
> That's not your problem, here, but you might want to fix that.
>
> > /etc/hostname just contains balancer
> >
> > /etc/hosts (ip's changed for tomcatone and tomcatone):
> >
> > 127.0.0.1 localhost 123.123.123.123 tomcattwo 123.123.123.123
> > tomcatone 127.0.1.1 balancer
>
> 127.0.1.1 is unlikely to be what you meant, here.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
>
> iEYEARECAAYFAlBYvLEACgkQ9CaO5/Lv0PB6wQCfQEuPyKUo5VZQ8BZY96nngY0J
> m4MAoKIBFwL89Eiv/vOkEcf8gerCaF7+
> =t3JI
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
Thanks Chris!
Yeah it was the fact they weren't in virtual hosts that did it. Thanks for
your help! Learning lots!
Re: Clustering Question
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
John,
On 9/17/12 5:20 PM, John Rellis wrote:
> Thanks Chris.
>
> My replies will be a little sporadic as I am cooking a 10 pm dinner
> :)
>
>> From what I was reading I thought I could hit some sort of
>> manager there
> but it was never able to, when I hit
>
> http://balancer/jkmanager
>
> I get nothing just a 404.
>
> This is in my apache2.conf: (i removed them from jk.conf as i
> thought my security was messed up)
>
> JkMount /jkmanager/* jkstatus
/jkmanager/* != /jkmanager so it's no surprise that you got a 404. Try:
JkMount /jkmanager jkstatus
> uri_worker_map_add::jk_uri_worker_map.c (720): wildchar rule
> '/jkmanager/*=jkstatus' source 'JkMount' was added NEXT (1) map #0:
> uri=/jkmanager/* worker=jkstatus context=/jkmanager/*
> source=JkMount type=Wildchar len=12
Do you have all your JkMount directives inside VirtualHosts? If you
have them outside, they won't take effect (sounds odd, but makes a
little sense if you think about it).
> *I should also mention, there's an error while starting :*
>
> ubuntu@balancer:/etc/apache2/mods-enabled$ sudo service apache2
> restart * Restarting web server apache2
>
> apache2: Could not reliably determine the server's fully qualified
> domain name, using 127.0.1.1 for ServerName ... waiting .apache2:
> Could not reliably determine the server's fully qualified domain
> name, using 127.0.1.1 for ServerName
That's not your problem, here, but you might want to fix that.
> /etc/hostname just contains balancer
>
> /etc/hosts (ip's changed for tomcatone and tomcatone):
>
> 127.0.0.1 localhost 123.123.123.123 tomcattwo 123.123.123.123
> tomcatone 127.0.1.1 balancer
127.0.1.1 is unlikely to be what you meant, here.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlBYvLEACgkQ9CaO5/Lv0PB6wQCfQEuPyKUo5VZQ8BZY96nngY0J
m4MAoKIBFwL89Eiv/vOkEcf8gerCaF7+
=t3JI
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Clustering Question
Posted by John Rellis <jo...@gmail.com>.
Thanks Chris.
My replies will be a little sporadic as I am cooking a 10 pm dinner :)
>From what I was reading I thought I could hit some sort of manager there
but it was never able to, when I hit
http://balancer/jkmanager
I get nothing just a 404.
This is in my apache2.conf: (i removed them from jk.conf as i thought my
security was messed up)
JkMount /jkmanager/* jkstatus
JkMount /ClusterApp* LoadBalancer
This is in my workers,properties :
worker.list=jkstatus, LoadBalancer
# Create virtual workers
worker.jkstatus.type=status
----------------------------------------------------
Is there something I'm missing?? Thanks!!!!!!!
from log
uri_worker_map_add::jk_uri_worker_map.c (720): wildchar rule
'/jkmanager/*=jkstatus' source 'JkMount' was added
NEXT (1) map #0: uri=/jkmanager/* worker=jkstatus context=/jkmanager/*
source=JkMount type=Wildchar len=12
*I should also mention, there's an error while starting :*
ubuntu@balancer:/etc/apache2/mods-enabled$ sudo service apache2 restart
* Restarting web server apache2
apache2: Could not reliably determine the
server's fully qualified domain name, using 127.0.1.1 for ServerName
... waiting .apache2: Could not reliably determine the server's fully
qualified domain name, using 127.0.1.1 for ServerName
/etc/hostname just contains balancer
/etc/hosts (ip's changed for tomcatone and tomcatone):
127.0.0.1 localhost
123.123.123.123 tomcattwo
123.123.123.123 tomcatone
127.0.1.1 balancer
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
On Mon, Sep 17, 2012 at 9:44 PM, Christopher Schultz <
chris@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> John,
>
> On 9/17/12 3:50 PM, John Rellis wrote:
> > <Location /jk-status> # Inside Location we can omit the URL in
> > JkMount JkMount jk-status Order deny,allow Deny from all Allow from
> > all </Location> <Location /jk-manager> # Inside Location we can
> > omit the URL in JkMount JkMount jk-manager Order deny,allow Deny
> > from all Allow from all </Location>
>
> Since you have configured these status and manager URLs, what happens
> when you hit them? mod_jk should produce a lot of good status
> information there for you.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
>
> iEYEARECAAYFAlBXi5oACgkQ9CaO5/Lv0PAKLgCgnYE1W8cmLzUhiBvg5NrOuX/P
> aQoAoJeEWPedGvgwFsvXsk75QE58+Fzg
> =LrsD
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
--
John Rellis
Re: Clustering Question
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
John,
On 9/17/12 3:50 PM, John Rellis wrote:
> <Location /jk-status> # Inside Location we can omit the URL in
> JkMount JkMount jk-status Order deny,allow Deny from all Allow from
> all </Location> <Location /jk-manager> # Inside Location we can
> omit the URL in JkMount JkMount jk-manager Order deny,allow Deny
> from all Allow from all </Location>
Since you have configured these status and manager URLs, what happens
when you hit them? mod_jk should produce a lot of good status
information there for you.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlBXi5oACgkQ9CaO5/Lv0PAKLgCgnYE1W8cmLzUhiBvg5NrOuX/P
aQoAoJeEWPedGvgwFsvXsk75QE58+Fzg
=LrsD
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org