You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Gregor S." <rc...@googlemail.com> on 2011/12/20 16:44:22 UTC
Can't get APR running w/ Tomcat 6.0.33 (Debian)
Hi guys,
I'm a bit desperated:
I'm trying to re-organize our "pet" Tomcat within the following environment:
Using CATALINA_BASE: /home/tomcat/local/apache-tomcat-6.0.33
Using CATALINA_HOME: /home/tomcat/local/apache-tomcat-6.0.33
Using CATALINA_TMPDIR: /home/tomcat/local/apache-tomcat-6.0.33/temp
Using JRE_HOME: /home/tomcat/local/jdk15/
Using CLASSPATH: /home/tomcat/local/apache-tomcat-6.0.33/bin/bootstrap.jar
Server version: Apache Tomcat/6.0.33
Server built: Aug 16 2011 02:16:34
Server number: 6.0.33.0
OS Name: Linux
OS Version: 2.6.18-6-amd64 (Debian 4.0 Etch)
Architecture: amd64
JVM Version: 1.5.0_10-b03
JVM Vendor: Sun Microsystems Inc.
I know it's a very outdated version of Debian, still, we do not have
any option yet to upgrade it.
However, we need to get Tomcat6 there up & running, and since it's not
within the Debian repositories for this version, I downloaded a
vanilla Tomcat 6.0.33.
We also need to run Tomcat with the APR (Apache Portable Runtime).
I compiled tomcat-native-1.1.20 (configure, make, make install), and
everything looked great so far: No error-messages.
When I run Tomcat WITHOUT the APR-listener, Tomcat starts up. Still,
when using the APR-listener, Tomcat just doesn't initialize the
HTTP-connector.
When I run Tomcat using the jsvc-demon, it simply failes w/o giving me
any reason. Only when shutting down Tomcat, jsvc demon will shut
Tomcat down, but will exit with an error 143.
When I'm running Tomcat w/o the demon, the same thing happens, still,
slightly different information. It just tells me that the APR is
loaded and then hangs.
This is the info from catalina.out when running w/o jsvc-demon:
================================
Listening for transport dt_socket at address: 7002
Dec 20, 2011 4:26:15 PM org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.20.
Dec 20, 2011 4:26:15 PM org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
[false], random [true].
================================
As you can see, the message that the HTTP-connector is initialized is missing.
My connector in $CATALINA_HOME/conf/server.xml looks like (removed
some valves to improve readability):
=================================
<?xml version='1.0' encoding='utf-8'?>
<Server port="9005" shutdown="xxx">
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" />
<Listener className="org.apache.catalina.core.JasperListener" />
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"
/>
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
/>
<GlobalNamingResources>
[ ... ]
</GlobalNamingResources>
<Service name="Catalina">
<Connector port="9080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="9443"
address="192.xxx.xx.xx"/>
<Connector port="9080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="9443"
address="192.xxx.xx.yyx"/>
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.JDBCRealm"
[ ... ]
roleNameCol="role_name" />
<Host name="localhost" appBase="vhosts/localhost/webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
</Host>
<Host name="someDomain" appBase="vhosts/someDomain/webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
<Alias>www.someDomain</Alias>
<Alias>www1.someDomain</Alias>
</Host>
<Host name="someOtherDomain" appBase="vhosts/someOtherDomain/webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
<Alias>www.someOtherDomain</Alias>
<Alias>www1.someOtherDomain</Alias>
</Host>
</Engine>
</Service>
</Server>
=================================
The Tomcat-native-libs (APR) are looking good from my point of view:
tomcat@www1:~/local/apache-tomcat-6.0.33/lib$ file libtcnative-1.so.0.1.20
libtcnative-1.so.0.1.20: ELF 64-bit LSB shared object, AMD x86-64,
version 1 (SYSV), not stripped
Does anyone on this list has an idea, what I could do to figure out
why Tomcat simply doesn't initialize the HTTP-connectors when
switching to the APR?
On a different Box, running a later version of Debian, but 32Bit,
everything's runing like charm.
Maybe of some help, here's some debugging-output of jsvc, but I can't
see any hints in it.
Would really, really appreciate if somebody could give me a hint.
This is the catalina.out of jsvc-demon:
================================
Switching umask back to 022 from 077
user changed to 'tomcat'
Using default JVM in
/home/tomcat/local/jdk1.5.0_10-amd64/jre/lib/amd64/server/libjvm.so
Attemtping to load library
/home/tomcat/local/jdk1.5.0_10-amd64/jre/lib/amd64/server/libjvm.so
JVM library /home/tomcat/local/jdk1.5.0_10-amd64/jre/lib/amd64/server/libjvm.so
loaded
JVM library entry point found (0x4153EFC0)
+-- DUMPING JAVA VM CREATION ARGUMENTS -----------------
| Version: 0x010004
| Ignore Unrecognized Arguments: False
| Extra options: 9
| "-Dcatalina.home=/home/tomcat/local/apache-tomcat-6.0.33" (0x00000000)
| "-Dcatalina.base=/home/tomcat/local/apache-tomcat-6.0.33" (0x00000000)
| "-Djava.io.tmpdir=/tmp" (0x00000000)
| "-Dlog4j.configuration=log4j.xml" (0x00000000)
| "-XX:MaxPermSize=384m" (0x00000000)
| "-Xmx2048m" (0x00000000)
| "-Xms2048m" (0x00000000)
| "-Djava.library.path=/home/tomcat/local/apache-tomcat-6.0.33/lib"
(0x00000000)
| "-Djava.class.path=/home/tomcat/local/jdk1.5.0_10-amd64/lib/tools.jar:/home/tomcat/local/apache-tomcat-6.0.33/bin/commons-daemon.jar:/home/tomcat/local/a
pache-tomcat-6.0.33/bin/bootstrap.jar:/usr/lib/" (0x00000000)
+-------------------------------------------------------
| Internal options: 4
| "-Dcommons.daemon.process.id=11761" (0x00000000)
| "-Dcommons.daemon.process.parent=11760" (0x00000000)
| "-Dcommons.daemon.version=1.0.7" (0x00000000)
| "abort" (0x004072bd)
+-------------------------------------------------------
Java VM created successfully
Class org/apache/commons/daemon/support/DaemonLoader found
Native methods registered
java_init done
Daemon loading...
Dec 20, 2011 4:12:24 PM org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.20.
Dec 20, 2011 4:12:24 PM org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
[false], random [true].
================================
When I shut down Tomcat, inside the catalina.out it says
================================
Service exit with a return value of 143
================================
On the console, there's some more output:
================================
| Install service: No
| Remove service: No
| JVM Name: "null"
| Java Home: "/home/tomcat/local/jdk1.5.0_10-amd64"
| PID File: "/var/run/jsvc6.pid"
| User Name: "tomcat"
| Extra Options: 9
| "-Dcatalina.home=/home/tomcat/local/apache-tomcat-6.0.33"
| "-Dcatalina.base=/home/tomcat/local/apache-tomcat-6.0.33"
| "-Djava.io.tmpdir=/tmp"
| "-Dlog4j.configuration=log4j.xml"
| "-XX:MaxPermSize=384m"
| "-Xmx2048m"
| "-Xms2048m"
| "-Djava.library.path=/home/tomcat/local/apache-tomcat-6.0.33/lib"
| "-Djava.class.path=/home/tomcat/local/jdk1.5.0_10-amd64/lib/tools.jar:/home/tomcat/local/apache-tomcat-6.0.33/bin/commons-daemon.jar:/home/tomcat/local/apache-tomcat-6.0.33/bin/bootstrap.jar:/usr/lib/"
| Class Invoked: "org.apache.catalina.startup.Bootstrap"
| Class Arguments: 0
+-------------------------------------------------------
user changed to 'tomcat'
User 'tomcat' validated
Attempting to locate Java Home in /home/tomcat/local/jdk1.5.0_10-amd64
Attempting to locate VM configuration file
/home/tomcat/local/jdk1.5.0_10-amd64/jre/lib/jvm.cfg
Attempting to locate VM configuration file
/home/tomcat/local/jdk1.5.0_10-amd64/lib/jvm.cfg
Attempting to locate VM configuration file
/home/tomcat/local/jdk1.5.0_10-amd64/jre/lib/amd64/jvm.cfg
Found VM configuration file at
/home/tomcat/local/jdk1.5.0_10-amd64/jre/lib/amd64/jvm.cfg
Found VM server definition in configuration
Checking library
/home/tomcat/local/jdk1.5.0_10-amd64/jre/lib/amd64/server/libjvm.so
Found VM client definition in configuration
Checking library
/home/tomcat/local/jdk1.5.0_10-amd64/jre/lib/amd64/client/libjvm.so
Checking library /home/tomcat/local/jdk1.5.0_10-amd64/lib/amd64/client/libjvm.so
Cannot locate library for VM client (skipping)
Found VM hotspot definition in configuration
Checking library
/home/tomcat/local/jdk1.5.0_10-amd64/jre/lib/amd64/hotspot/libjvm.so
Checking library
/home/tomcat/local/jdk1.5.0_10-amd64/lib/amd64/hotspot/libjvm.so
Cannot locate library for VM hotspot (skipping)
Found VM classic definition in configuration
Checking library
/home/tomcat/local/jdk1.5.0_10-amd64/jre/lib/amd64/classic/libjvm.so
Checking library
/home/tomcat/local/jdk1.5.0_10-amd64/lib/amd64/classic/libjvm.so
Cannot locate library for VM classic (skipping)
Found VM native definition in configuration
Checking library
/home/tomcat/local/jdk1.5.0_10-amd64/jre/lib/amd64/native/libjvm.so
Checking library /home/tomcat/local/jdk1.5.0_10-amd64/lib/amd64/native/libjvm.so
Cannot locate library for VM native (skipping)
Found VM green definition in configuration
Checking library
/home/tomcat/local/jdk1.5.0_10-amd64/jre/lib/amd64/green/libjvm.so
Checking library /home/tomcat/local/jdk1.5.0_10-amd64/lib/amd64/green/libjvm.so
Cannot locate library for VM green (skipping)
Java Home located in /home/tomcat/local/jdk1.5.0_10-amd64
+-- DUMPING JAVA HOME STRUCTURE ------------------------
| Java Home: "/home/tomcat/local/jdk1.5.0_10-amd64"
| Java VM Config.: "/home/tomcat/local/jdk1.5.0_10-amd64/jre/lib/amd64/jvm.cfg"
| Found JVMs: 1
| JVM Name: "server"
|
"/home/tomcat/local/jdk1.5.0_10-amd64/jre/lib/amd64/server/libjvm.so"
+-------------------------------------------------------
Running w/ LD_LIBRARY_PATH=/home/tomcat/local/jdk1.5.0_10-amd64/jre/lib/amd64/server:/home/tomcat/local/jdk1.5.0_10-amd64/jre/lib/amd64
redirecting stdout to
/home/tomcat/local/apache-tomcat-6.0.33/logs/catalina.out and stderr
to &1
wait_child 12009
get_pidf: 5 in /var/run/jsvc6.pid
get_pidf: pid 12010
check_tmp_file: /tmp/12010.jsvc_up
get_pidf: 5 in /var/run/jsvc6.pid
get_pidf: pid 12010
check_tmp_file: /tmp/12010.jsvc_up
get_pidf: 5 in /var/run/jsvc6.pid
get_pidf: pid 12010
check_tmp_file: /tmp/12010.jsvc_up
get_pidf: 5 in /var/run/jsvc6.pid
get_pidf: pid 12010
check_tmp_file: /tmp/12010.jsvc_up
get_pidf: 5 in /var/run/jsvc6.pid
get_pidf: pid 12010
check_tmp_file: /tmp/12010.jsvc_up
get_pidf: 5 in /var/run/jsvc6.pid
get_pidf: pid 12010
check_tmp_file: /tmp/12010.jsvc_up
fail
================================
Appreciate any comments!
TIA
Gregor
--
just because you're paranoid, don't mean they're not after you...
gpgp-fp: 3DB13F197F8A0360814885D1F1F1E2EFAD509AFD
skype:rc46fi
gplus.to/gregor
twitter.com/#/2smart4u
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Can't get APR running w/ Tomcat 6.0.33 (Debian)
Posted by "Gregor S." <rc...@googlemail.com>.
Chris,
On Tue, Dec 20, 2011 at 9:25 PM, Christopher Schultz
<ch...@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> That's an interesting academic question: would "the stock market"
> provide enough entropy?
when looking at my small portfolio becoming smaller and smaller and
determing against zero and postulating that entropy ~ coincidence,
there's only one answer to that question:
DEFINATELY!
*grumble*
Gregor
--
just because you're paranoid, don't mean they're not after you...
gpgp-fp: 3DB13F197F8A0360814885D1F1F1E2EFAD509AFD
skype:rc46fi
gplus.to/gregor
twitter.com/#/2smart4u
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Can't get APR running w/ Tomcat 6.0.33 (Debian)
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
André,
On 12/20/11 3:10 PM, André Warnier wrote:
>
> Maybe you could just connect it to the stock market ?
That's an interesting academic question: would "the stock market"
provide enough entropy? On the one hand, everything is essentially
random, but if you look at trends across, say, all stocks of a
particular type (say, tech stocks), their value curves pretty much
match each other. The same can be said for tracking-funds like DJIA,
Nikkei, NASDAQ, etc... when one goes up they all go up. Also, barring
big crashes, the trend is that all values go up (at least in numeric
value) over time.
Now, maybe one could take two similar (or, based upon my "complaint"
above) figures and use the "noise" between the two (since their values
are definitely not exactly the same, even if the curves look similar
at a high-level) for your source of entropy.
Of course, this is not practical: nobody is going to store historical
stock data just for entropy, and nobody is going to query Google
Finance every time their server needs to start. :)
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk7w7yEACgkQ9CaO5/Lv0PA0kACfXujaU7D7u5KFQd6KEOYHcTzT
M6cAoKjLsqcXrqSLPUcJg8mu/eu5I5gw
=2lCE
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Can't get APR running w/ Tomcat 6.0.33 (Debian)
Posted by André Warnier <aw...@ice-sa.com>.
Gregor S. wrote:
> Hi Chris,
>
> On Tue, Dec 20, 2011 at 7:43 PM, Christopher Schultz
> <ch...@christopherschultz.net> wrote:
>
>> Yeah, it's a question of faster startup or "better" entropy.
>> Everything is PRNGs, anyway. If you want real entropy, you have to
>> listen to cosmic background radiation or something.
>
> Now *that* sound interesting:
> How do I configure Tomcat to generate entropy by listening to cosmic
> radiation? Couldn't find anything about this in the docs... ;)
>
Maybe you could just connect it to the stock market ?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Can't get APR running w/ Tomcat 6.0.33 (Debian)
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gregor,
On 12/20/11 1:53 PM, Gregor S. wrote:
> On Tue, Dec 20, 2011 at 7:43 PM, Christopher Schultz
> <ch...@christopherschultz.net> wrote:
>
>> Do you have an OpenSSL crypto provider that you'd like to use
>> *besides* the software-based one? If so, that's where you'd
>> specify it.
>
> Nope, we're just using plain OpenSSL here.
Okay. At least that makes configuration straightforward.
> I was just a bit afraid that the netropy generated by /dev/urandom
> might be a bit weak.
>
> JFC also told me that builtin == OpenSSL when the APR is linked
> against OpenSSL.
I think APR *must* be linked against OpenSSL... that is, I don't think
you can link it against... er, some other SSL library (I don't know
any off-hand that exist).
Yes, builtin does == software OpenSSL, unless you have compiled
OpenSSL is some way to change the default engine to something else.
Note that this does not change anything about the rest of your JVM --
only how the Tomcat Connector uses APR and SSL directly. Also note
that on most Linux systems, the JRE is set up to use /dev/urandom as well.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk7w7ecACgkQ9CaO5/Lv0PDRLACeIAcB0zSBrUraJkzeFz1jkhHm
LVwAnR1eKFsJtGw45ZTxZ95d5ub09Vlp
=mEBT
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Can't get APR running w/ Tomcat 6.0.33 (Debian)
Posted by "Gregor S." <rc...@googlemail.com>.
Hi Chris,
On Tue, Dec 20, 2011 at 7:43 PM, Christopher Schultz
<ch...@christopherschultz.net> wrote:
> Yeah, it's a question of faster startup or "better" entropy.
> Everything is PRNGs, anyway. If you want real entropy, you have to
> listen to cosmic background radiation or something.
Now *that* sound interesting:
How do I configure Tomcat to generate entropy by listening to cosmic
radiation? Couldn't find anything about this in the docs... ;)
> Do you have an OpenSSL crypto provider that you'd like to use
> *besides* the software-based one? If so, that's where you'd specify it.
Nope, we're just using plain OpenSSL here.
I was just a bit afraid that the netropy generated by /dev/urandom
might be a bit weak.
JFC also told me that builtin == OpenSSL when the APR is linked against OpenSSL.
So all my questions have been answered, my installation is working,
and I have to give some big KUDOES to everybody involved here - thank
you, guys!
Gregor
--
just because you're paranoid, don't mean they're not after you...
gpgp-fp: 3DB13F197F8A0360814885D1F1F1E2EFAD509AFD
skype:rc46fi
gplus.to/gregor
twitter.com/#/2smart4u
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Can't get APR running w/ Tomcat 6.0.33 (Debian)
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gregor,
On 12/20/11 12:51 PM, Gregor S. wrote:
> Ok, it's not the best solution since AFAIK /dev/urandom is not the
> most secure implementation, but at least it's working now.
Yeah, it's a question of faster startup or "better" entropy.
Everything is PRNGs, anyway. If you want real entropy, you have to
listen to cosmic background radiation or something.
> When reading the docs, I noticed that I also can specify the
> SSLEngine to be used.
>
> The default one is the built-in-engine when specifying
> SSLEngine="on".
>
> Now I'm wondering:
>
> When I compiled the APR against OpenSSL, is OpenSSL the one being
> used when I specify "SSLEngine="on""? Or do I have to specify
> something like "SSLEngine=/usr/bin/openssl""?
No, you don't have to tell it to use OpenSSL -- it will definitely do
that. The "engine" is the one to be used by OpenSSL. OpenSSL comes
with a software engine (which you may just call OpenSSL) but it's
plug-able and you can use a hardware engine with it, too (or any
number of named engines that can provide certain crypto primitives).
(I can't get httpd.apache.org to respond right now, so I can't look-up
the docs for SSLEngine in the httpd documentation, but I believe there
documentation might shed more light on your question).
> Couldn't find anything on this topic in the docs.
>
> My hopes are, that OpenSSL is NOT the built-in-engine and if I
> can specify to use OpenSSL as engine to be used, I don't have to
> tweak Tomcat into using /dev/urandom.
OpenSSL needs a source of entropy, and /dev/urandom will have to be
used if your SSL can't be initialized quickly enough for you.
> But I', afraif OpenSSL in my case equals to the built-in engine.
Built-into OpenSSL, yes. Not built-into Java.
Do you have an OpenSSL crypto provider that you'd like to use
*besides* the software-based one? If so, that's where you'd specify it.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk7w11IACgkQ9CaO5/Lv0PCoJQCfe+xgO6k5dvUWdCJJ44ql0zyV
o30AnA1wFl0XwVoGlq9aR0VJNS7l7Eue
=uOqS
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Can't get APR running w/ Tomcat 6.0.33 (Debian)
Posted by "Gregor S." <rc...@googlemail.com>.
This time, it's great some of the guys are on Google+.
Thanks to +Jean-Frederic Clere, I changed the listener-definition to
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" SSLRandomSeed="/dev/urandom"/>
and it's working now.
Ok, it's not the best solution since AFAIK /dev/urandom is not the
most secure implementation, but at least it's working now.
When reading the docs, I noticed that I also can specify the SSLEngine
to be used.
The default one is the built-in-engine when specifying SSLEngine="on".
Now I'm wondering:
When I compiled the APR against OpenSSL, is OpenSSL the one being used
when I specify "SSLEngine="on""? Or do I have to specify something
like "SSLEngine=/usr/bin/openssl""?
Couldn't find anything on this topic in the docs.
My hopes are, that OpenSSL is NOT the built-in-engine and if I can
specify to use OpenSSL as engine to be used, I don't have to tweak
Tomcat into using /dev/urandom.
But I', afraif OpenSSL in my case equals to the built-in engine.
Comments on this anyone?
Cheers
Gregor
--
just because you're paranoid, don't mean they're not after you...
gpgp-fp: 3DB13F197F8A0360814885D1F1F1E2EFAD509AFD
skype:rc46fi
gplus.to/gregor
twitter.com/#/2smart4u
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Can't get APR running w/ Tomcat 6.0.33 (Debian)
Posted by André Warnier <aw...@ice-sa.com>.
André Warnier wrote:
> Gregor S. wrote:
>> Ok, here's some news:
>>
>> When using the APR without SSL by changing the attribute of
>> APRLiefeCycleListener to
>>
>> <Listener className="org.apache.catalina.core.AprLifecycleListener"
>> SSLEngine="off" />
>>
>> it's working.
>>
>> My SSL-version is
>>
>> OpenSSL> version
>> OpenSSL 0.9.8c 05 Sep 2006
>>
>> According to the docs
>> (http://tomcat.apache.org/tomcat-6.0-doc/apr.html) this should be
>> fine.
>>
>> Anybody got any idea how to proceed?
>>
>> Jean-Frederic suggested to use "urandom" - how can I configure this?
>>
> I seem to remember a post to the list, from Chuck, not so long ago,
> mentioning that.
>
Was not Chuck, was markt :
> 3. Use a different random source with:
> JAVA_OPTS="-Djava.security.egd=file:/dev/./urandom"
> in setenv.sh
(and if I remember correctly, the /./ is really needed there.
)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Can't get APR running w/ Tomcat 6.0.33 (Debian)
Posted by André Warnier <aw...@ice-sa.com>.
Gregor S. wrote:
> Ok, here's some news:
>
> When using the APR without SSL by changing the attribute of
> APRLiefeCycleListener to
>
> <Listener className="org.apache.catalina.core.AprLifecycleListener"
> SSLEngine="off" />
>
> it's working.
>
> My SSL-version is
>
> OpenSSL> version
> OpenSSL 0.9.8c 05 Sep 2006
>
> According to the docs
> (http://tomcat.apache.org/tomcat-6.0-doc/apr.html) this should be
> fine.
>
> Anybody got any idea how to proceed?
>
> Jean-Frederic suggested to use "urandom" - how can I configure this?
>
I seem to remember a post to the list, from Chuck, not so long ago, mentioning that.
Other than that, you could also try to shake the server a bit, to provide the bits of
entropy it's missing.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Can't get APR running w/ Tomcat 6.0.33 (Debian)
Posted by Pid <pi...@pidster.com>.
On 20/12/2011 17:33, Gregor S. wrote:
> Ok, here's some news:
>
> When using the APR without SSL by changing the attribute of
> APRLiefeCycleListener to
>
> <Listener className="org.apache.catalina.core.AprLifecycleListener"
> SSLEngine="off" />
>
> it's working.
>
> My SSL-version is
>
> OpenSSL> version
> OpenSSL 0.9.8c 05 Sep 2006
Should probably update that...
p
> According to the docs
> (http://tomcat.apache.org/tomcat-6.0-doc/apr.html) this should be
> fine.
>
> Anybody got any idea how to proceed?
>
> Jean-Frederic suggested to use "urandom" - how can I configure this?
>
> TIA
>
> Gregor
--
[key:62590808]
Re: Can't get APR running w/ Tomcat 6.0.33 (Debian)
Posted by "Gregor S." <rc...@googlemail.com>.
Ok, here's some news:
When using the APR without SSL by changing the attribute of
APRLiefeCycleListener to
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="off" />
it's working.
My SSL-version is
OpenSSL> version
OpenSSL 0.9.8c 05 Sep 2006
According to the docs
(http://tomcat.apache.org/tomcat-6.0-doc/apr.html) this should be
fine.
Anybody got any idea how to proceed?
Jean-Frederic suggested to use "urandom" - how can I configure this?
TIA
Gregor
--
just because you're paranoid, don't mean they're not after you...
gpgp-fp: 3DB13F197F8A0360814885D1F1F1E2EFAD509AFD
skype:rc46fi
gplus.to/gregor
twitter.com/#/2smart4u
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Can't get APR running w/ Tomcat 6.0.33 (Debian)
Posted by "Gregor S." <rc...@googlemail.com>.
Hi André,
that's a good idea trying the APR w/o SSL, I'll give it a try pretty soon.
Still, we do need SSL (personal data, we're obliged by law), but that
might give me a clue at what to look at.
Updating Java and the OS unfortunately (big, big sighhhhhh) is not an
option, at least for the next few months (kudos for that go, as
always, to our management).
I'll post the results in here.
Cheers!
Gregor
--
just because you're paranoid, don't mean they're not after you...
gpgp-fp: 3DB13F197F8A0360814885D1F1F1E2EFAD509AFD
skype:rc46fi
gplus.to/gregor
twitter.com/#/2smart4u
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Can't get APR running w/ Tomcat 6.0.33 (Debian)
Posted by André Warnier <aw...@ice-sa.com>.
Gregor S. wrote:
> Hi guys,
>
> I'm a bit desperated:
>
> I'm trying to re-organize our "pet" Tomcat within the following environment:
>
> Using CATALINA_BASE: /home/tomcat/local/apache-tomcat-6.0.33
> Using CATALINA_HOME: /home/tomcat/local/apache-tomcat-6.0.33
> Using CATALINA_TMPDIR: /home/tomcat/local/apache-tomcat-6.0.33/temp
> Using JRE_HOME: /home/tomcat/local/jdk15/
> Using CLASSPATH: /home/tomcat/local/apache-tomcat-6.0.33/bin/bootstrap.jar
> Server version: Apache Tomcat/6.0.33
> Server built: Aug 16 2011 02:16:34
> Server number: 6.0.33.0
> OS Name: Linux
> OS Version: 2.6.18-6-amd64 (Debian 4.0 Etch)
> Architecture: amd64
> JVM Version: 1.5.0_10-b03
> JVM Vendor: Sun Microsystems Inc.
>
> I know it's a very outdated version of Debian, still, we do not have
> any option yet to upgrade it.
>
> However, we need to get Tomcat6 there up & running, and since it's not
> within the Debian repositories for this version, I downloaded a
> vanilla Tomcat 6.0.33.
>
> We also need to run Tomcat with the APR (Apache Portable Runtime).
>
> I compiled tomcat-native-1.1.20 (configure, make, make install), and
> everything looked great so far: No error-messages.
>
> When I run Tomcat WITHOUT the APR-listener, Tomcat starts up. Still,
> when using the APR-listener, Tomcat just doesn't initialize the
> HTTP-connector.
>
> When I run Tomcat using the jsvc-demon, it simply failes w/o giving me
> any reason. Only when shutting down Tomcat, jsvc demon will shut
> Tomcat down, but will exit with an error 143.
>
> When I'm running Tomcat w/o the demon, the same thing happens, still,
> slightly different information. It just tells me that the APR is
> loaded and then hangs.
>
> This is the info from catalina.out when running w/o jsvc-demon:
>
> ================================
> Listening for transport dt_socket at address: 7002
> Dec 20, 2011 4:26:15 PM org.apache.catalina.core.AprLifecycleListener init
> INFO: Loaded APR based Apache Tomcat Native library 1.1.20.
> Dec 20, 2011 4:26:15 PM org.apache.catalina.core.AprLifecycleListener init
> INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
> [false], random [true].
> ================================
>
> As you can see, the message that the HTTP-connector is initialized is missing.
>
> My connector in $CATALINA_HOME/conf/server.xml looks like (removed
> some valves to improve readability):
>
> =================================
> <?xml version='1.0' encoding='utf-8'?>
> <Server port="9005" shutdown="xxx">
>
> <Listener className="org.apache.catalina.core.AprLifecycleListener"
> SSLEngine="on" />
> <Listener className="org.apache.catalina.core.JasperListener" />
> <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"
> />
> <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
> />
>
> <GlobalNamingResources>
>
> [ ... ]
>
> </GlobalNamingResources>
>
> <Service name="Catalina">
> <Connector port="9080" protocol="HTTP/1.1"
> connectionTimeout="20000"
> redirectPort="9443"
> address="192.xxx.xx.xx"/>
>
> <Connector port="9080" protocol="HTTP/1.1"
> connectionTimeout="20000"
> redirectPort="9443"
> address="192.xxx.xx.yyx"/>
> <Engine name="Catalina" defaultHost="localhost">
>
> <Realm className="org.apache.catalina.realm.JDBCRealm"
>
> [ ... ]
>
> roleNameCol="role_name" />
>
> <Host name="localhost" appBase="vhosts/localhost/webapps"
> unpackWARs="true" autoDeploy="true"
> xmlValidation="false" xmlNamespaceAware="false">
> </Host>
>
> <Host name="someDomain" appBase="vhosts/someDomain/webapps"
> unpackWARs="true" autoDeploy="true"
> xmlValidation="false" xmlNamespaceAware="false">
>
> <Alias>www.someDomain</Alias>
> <Alias>www1.someDomain</Alias>
> </Host>
>
> <Host name="someOtherDomain" appBase="vhosts/someOtherDomain/webapps"
> unpackWARs="true" autoDeploy="true"
> xmlValidation="false" xmlNamespaceAware="false">
>
> <Alias>www.someOtherDomain</Alias>
> <Alias>www1.someOtherDomain</Alias>
>
> </Host>
>
> </Engine>
> </Service>
> </Server>
>
> =================================
>
> The Tomcat-native-libs (APR) are looking good from my point of view:
>
> tomcat@www1:~/local/apache-tomcat-6.0.33/lib$ file libtcnative-1.so.0.1.20
> libtcnative-1.so.0.1.20: ELF 64-bit LSB shared object, AMD x86-64,
> version 1 (SYSV), not stripped
>
> Does anyone on this list has an idea, what I could do to figure out
> why Tomcat simply doesn't initialize the HTTP-connectors when
> switching to the APR?
>
> On a different Box, running a later version of Debian, but 32Bit,
> everything's runing like charm.
>
> Maybe of some help, here's some debugging-output of jsvc, but I can't
> see any hints in it.
>
> Would really, really appreciate if somebody could give me a hint.
>
> This is the catalina.out of jsvc-demon:
>
> ================================
> Switching umask back to 022 from 077
> user changed to 'tomcat'
> Using default JVM in
> /home/tomcat/local/jdk1.5.0_10-amd64/jre/lib/amd64/server/libjvm.so
> Attemtping to load library
> /home/tomcat/local/jdk1.5.0_10-amd64/jre/lib/amd64/server/libjvm.so
> JVM library /home/tomcat/local/jdk1.5.0_10-amd64/jre/lib/amd64/server/libjvm.so
> loaded
> JVM library entry point found (0x4153EFC0)
> +-- DUMPING JAVA VM CREATION ARGUMENTS -----------------
> | Version: 0x010004
> | Ignore Unrecognized Arguments: False
> | Extra options: 9
> | "-Dcatalina.home=/home/tomcat/local/apache-tomcat-6.0.33" (0x00000000)
> | "-Dcatalina.base=/home/tomcat/local/apache-tomcat-6.0.33" (0x00000000)
> | "-Djava.io.tmpdir=/tmp" (0x00000000)
> | "-Dlog4j.configuration=log4j.xml" (0x00000000)
> | "-XX:MaxPermSize=384m" (0x00000000)
> | "-Xmx2048m" (0x00000000)
> | "-Xms2048m" (0x00000000)
> | "-Djava.library.path=/home/tomcat/local/apache-tomcat-6.0.33/lib"
> (0x00000000)
> | "-Djava.class.path=/home/tomcat/local/jdk1.5.0_10-amd64/lib/tools.jar:/home/tomcat/local/apache-tomcat-6.0.33/bin/commons-daemon.jar:/home/tomcat/local/a
> pache-tomcat-6.0.33/bin/bootstrap.jar:/usr/lib/" (0x00000000)
> +-------------------------------------------------------
> | Internal options: 4
> | "-Dcommons.daemon.process.id=11761" (0x00000000)
> | "-Dcommons.daemon.process.parent=11760" (0x00000000)
> | "-Dcommons.daemon.version=1.0.7" (0x00000000)
> | "abort" (0x004072bd)
> +-------------------------------------------------------
> Java VM created successfully
> Class org/apache/commons/daemon/support/DaemonLoader found
> Native methods registered
> java_init done
> Daemon loading...
> Dec 20, 2011 4:12:24 PM org.apache.catalina.core.AprLifecycleListener init
> INFO: Loaded APR based Apache Tomcat Native library 1.1.20.
> Dec 20, 2011 4:12:24 PM org.apache.catalina.core.AprLifecycleListener init
> INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
> [false], random [true].
> ================================
>
> When I shut down Tomcat, inside the catalina.out it says
>
> ================================
> Service exit with a return value of 143
> ================================
>
> On the console, there's some more output:
>
> ================================
> | Install service: No
> | Remove service: No
> | JVM Name: "null"
> | Java Home: "/home/tomcat/local/jdk1.5.0_10-amd64"
> | PID File: "/var/run/jsvc6.pid"
> | User Name: "tomcat"
> | Extra Options: 9
> | "-Dcatalina.home=/home/tomcat/local/apache-tomcat-6.0.33"
> | "-Dcatalina.base=/home/tomcat/local/apache-tomcat-6.0.33"
> | "-Djava.io.tmpdir=/tmp"
> | "-Dlog4j.configuration=log4j.xml"
> | "-XX:MaxPermSize=384m"
> | "-Xmx2048m"
> | "-Xms2048m"
> | "-Djava.library.path=/home/tomcat/local/apache-tomcat-6.0.33/lib"
> | "-Djava.class.path=/home/tomcat/local/jdk1.5.0_10-amd64/lib/tools.jar:/home/tomcat/local/apache-tomcat-6.0.33/bin/commons-daemon.jar:/home/tomcat/local/apache-tomcat-6.0.33/bin/bootstrap.jar:/usr/lib/"
> | Class Invoked: "org.apache.catalina.startup.Bootstrap"
> | Class Arguments: 0
> +-------------------------------------------------------
> user changed to 'tomcat'
> User 'tomcat' validated
> Attempting to locate Java Home in /home/tomcat/local/jdk1.5.0_10-amd64
> Attempting to locate VM configuration file
> /home/tomcat/local/jdk1.5.0_10-amd64/jre/lib/jvm.cfg
> Attempting to locate VM configuration file
> /home/tomcat/local/jdk1.5.0_10-amd64/lib/jvm.cfg
> Attempting to locate VM configuration file
> /home/tomcat/local/jdk1.5.0_10-amd64/jre/lib/amd64/jvm.cfg
> Found VM configuration file at
> /home/tomcat/local/jdk1.5.0_10-amd64/jre/lib/amd64/jvm.cfg
> Found VM server definition in configuration
> Checking library
> /home/tomcat/local/jdk1.5.0_10-amd64/jre/lib/amd64/server/libjvm.so
> Found VM client definition in configuration
> Checking library
> /home/tomcat/local/jdk1.5.0_10-amd64/jre/lib/amd64/client/libjvm.so
> Checking library /home/tomcat/local/jdk1.5.0_10-amd64/lib/amd64/client/libjvm.so
> Cannot locate library for VM client (skipping)
> Found VM hotspot definition in configuration
> Checking library
> /home/tomcat/local/jdk1.5.0_10-amd64/jre/lib/amd64/hotspot/libjvm.so
> Checking library
> /home/tomcat/local/jdk1.5.0_10-amd64/lib/amd64/hotspot/libjvm.so
> Cannot locate library for VM hotspot (skipping)
> Found VM classic definition in configuration
> Checking library
> /home/tomcat/local/jdk1.5.0_10-amd64/jre/lib/amd64/classic/libjvm.so
> Checking library
> /home/tomcat/local/jdk1.5.0_10-amd64/lib/amd64/classic/libjvm.so
> Cannot locate library for VM classic (skipping)
> Found VM native definition in configuration
> Checking library
> /home/tomcat/local/jdk1.5.0_10-amd64/jre/lib/amd64/native/libjvm.so
> Checking library /home/tomcat/local/jdk1.5.0_10-amd64/lib/amd64/native/libjvm.so
> Cannot locate library for VM native (skipping)
> Found VM green definition in configuration
> Checking library
> /home/tomcat/local/jdk1.5.0_10-amd64/jre/lib/amd64/green/libjvm.so
> Checking library /home/tomcat/local/jdk1.5.0_10-amd64/lib/amd64/green/libjvm.so
> Cannot locate library for VM green (skipping)
> Java Home located in /home/tomcat/local/jdk1.5.0_10-amd64
> +-- DUMPING JAVA HOME STRUCTURE ------------------------
> | Java Home: "/home/tomcat/local/jdk1.5.0_10-amd64"
> | Java VM Config.: "/home/tomcat/local/jdk1.5.0_10-amd64/jre/lib/amd64/jvm.cfg"
> | Found JVMs: 1
> | JVM Name: "server"
> |
> "/home/tomcat/local/jdk1.5.0_10-amd64/jre/lib/amd64/server/libjvm.so"
> +-------------------------------------------------------
> Running w/ LD_LIBRARY_PATH=/home/tomcat/local/jdk1.5.0_10-amd64/jre/lib/amd64/server:/home/tomcat/local/jdk1.5.0_10-amd64/jre/lib/amd64
> redirecting stdout to
> /home/tomcat/local/apache-tomcat-6.0.33/logs/catalina.out and stderr
> to &1
> wait_child 12009
> get_pidf: 5 in /var/run/jsvc6.pid
> get_pidf: pid 12010
> check_tmp_file: /tmp/12010.jsvc_up
> get_pidf: 5 in /var/run/jsvc6.pid
> get_pidf: pid 12010
> check_tmp_file: /tmp/12010.jsvc_up
> get_pidf: 5 in /var/run/jsvc6.pid
> get_pidf: pid 12010
> check_tmp_file: /tmp/12010.jsvc_up
> get_pidf: 5 in /var/run/jsvc6.pid
> get_pidf: pid 12010
> check_tmp_file: /tmp/12010.jsvc_up
> get_pidf: 5 in /var/run/jsvc6.pid
> get_pidf: pid 12010
> check_tmp_file: /tmp/12010.jsvc_up
> get_pidf: 5 in /var/run/jsvc6.pid
> get_pidf: pid 12010
> check_tmp_file: /tmp/12010.jsvc_up
> fail
> ================================
>
> Appreciate any comments!
>
> TIA
>
> Gregor
Gregor,
as you know, I am not an expert. But just in case :
- have you tried the APR listener and Connector without SSL ? (in case it would be waiting
a very long time to collect enough entropy, whatever that really means..)
- in the trace of jsvc, is it normal that it seems to be looking alternatively for
"server" and "client" libraries ?
- have you tried with a more recent JVM ?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org