tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Strange MySQL error when starting tomcat 8 on boot
Date Wed, 10 Aug 2016 19:01:55 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Sean,

On 8/10/16 12:56 PM, Sean Son wrote:
> On Wed, Aug 10, 2016 at 11:41 AM, Christopher Schultz < 
> chris@christopherschultz.net> wrote:
> 
> Sean,
> 
> On 8/10/16 10:39 AM, Sean Son wrote:
>>>> On Wed, Aug 10, 2016 at 10:06 AM, Sean Son 
>>>> <linuxmailinglistsemail@gmail.com
>>>>> wrote:
>>>> 
>>>>> 
>>>>> 
>>>>> On Tue, Aug 9, 2016 at 5:05 PM, Mark Eggers 
>>>>> <its_toasted@yahoo.com.invalid
>>>>>> wrote:
>>>>> 
>>>>>> Sean,
>>>>>> 
>>>>>> 
>>>>>> On 8/9/2016 1:55 PM, Sean Son wrote:
>>>>>>> On Mon, Aug 8, 2016 at 11:31 AM, Mark Eggers 
>>>>>>> <its_toasted@yahoo.com.invalid> wrote:
>>>>>>> 
>>>>>>>> Sean,
>>>>>>>> 
>>>>>>>> On 8/8/2016 7:10 AM, Sean Son wrote:
>>>>>>>>> On Fri, Aug 5, 2016 at 5:34 PM, Mark Eggers
>>>>>>>> <its_toasted@yahoo.com.invalid>
>>>>>>>>> wrote:
>>>>>>>>> 
>>>>>>>>>> On 8/5/2016 2:19 PM, Sean Son wrote:
>>>>>>>>>>> Hello!
>>>>>>>>>>> 
>>>>>>>>>>> I am currently running Tomcat 8 on RHEL 7.2
>>>>>>>>>>> with one web application called AppVet (A
>>>>>>>>>>> mobile Application Vetting program).  The
>>>>>>>>>>> application works well but when I tried to use
>>>>>>>>>>> a script to allow tomcat to start up at boot,
>>>>>>>>>>> the webapp gives an authentication error. I saw
>>>>>>>>>>> the following error in the logs for appvet:
>>>>>>>>>>> 
>>>>>>>>>>> 
>>>>>>>>>>> [ERROR] Could not connect to database: 
>>>>>>>>>>> com.mysql.jdbc.exceptions.jdbc4.CommunicationsException:
>>>>>>>>>>>
>>>>>>>>>>>
>
>>>>>>>>>>> 
Communications link failure
>>>>>>>>>>> 
>>>>>>>>>>> The last packet sent successfully to the server
>>>>>>>>>>> was 0 milliseconds ago. The driver has not
>>>>>>>>>>> received any packets from the server. Make sure
>>>>>>>>>>> your MySQL password in your
>>>>>>>>>>> AppVetProperties.xml file is correct
>>>>>>>>>>> 
>>>>>>>>>>> 
>>>>>>>>>>> I know for a fact that the MySQL password is
>>>>>>>>>>> correct in that XML file. I double checked it
>>>>>>>>>>> already.  Any ideas on how I should fix this
>>>>>>>>>>> error?
>>>>>>>>>>> 
>>>>>>>>>>> This is the script that I am using for 
>>>>>>>>>>> startup/shutdown of Tomcat8 on boot:
>>>>>>>>>>> 
>>>>>>>>>>> http://pastebin.com/mrvfDtTD
>>>>>>>>>>> 
>>>>>>>>>>> Thanks!
>>>>>>>>>>> 
>>>>>>>>>>> Sean
>>>>>>>>>>> 
>>>>>>>>>> 
>>>>>>>>>> It appears that your Tomcat process is running as
>>>>>>>>>> root. Do not do this.
>>>>>>>>>> 
>>>>>>>>>> Is your MySQL server up and running before Tomcat
>>>>>>>>>> is started?
>>>>>>>>>> 
>>>>>>>>>> . . . just my two cents /mde/
>>>>>>>>>> 
>>>>>>>>>> 
>>>>>>>>> Hello thank you for your response
>>>>>>>>> 
>>>>>>>>> I created a user account for Tomcat, I will set
>>>>>>>>> the script to use that account instead of the root
>>>>>>>>> account. Question though, does this account need a
>>>>>>>>> password?
>>>>>>>> 
>>>>>>>> Yes, especially since you'll be running a service.
>>>>>>>> 
>>>>>>>> Note that if you're running Tomcat on a privileged
>>>>>>>> port (less than 1024), a non-root account will not be
>>>>>>>> able to bind to this port.
>>>>>>>> 
>>>>>>>> You have three choices.
>>>>>>>> 
>>>>>>>> 1. iptables
>>>>>>>> 
>>>>>>>> route port 80 to port 8080 (Tomcat default)
>>>>>>>> internally. Take a look at the iptables
>>>>>>>> documentation.
>>>>>>>> 
>>>>>>>> 2. jsvc
>>>>>>>> 
>>>>>>>> jsvc from the Apache Commons Daemon project allows
>>>>>>>> you to run a service such as Tomcat more easily. I
>>>>>>>> don't remember if there is an RPM for RHEL or not
>>>>>>>> (possible in EPEL). It's configuration and startup
>>>>>>>> script are different, but the documentation is a good
>>>>>>>> start (there are Tomcat examples).
>>>>>>>> 
>>>>>>>> https://commons.apache.org/proper/commons-daemon/jsvc.html
>>>>>>>>
>>>>>>>>
>>>>>>>> 
3. Apache HTTPD front end with mod_proxy_ajp or mod_jk
>>>>>>>> 
>>>>>>>> I'd do this if you need Apache HTTPD for other web 
>>>>>>>> applications (a PHP application, perhaps). There is
>>>>>>>> good documentation available on the Tomcat web site,
>>>>>>>> as well as a ton of discussion on the mailing list to
>>>>>>>> get this running.
>>>>>>>> 
>>>>>>>> If you don't feel like building software, I'd
>>>>>>>> recommend mod_proxy_ajp. I find mod_jk more flexible
>>>>>>>> and a little easier to use (opinions on easy of use
>>>>>>>> vary), but you'd have to build mod_jk from source.
>>>>>>>> It's easy to do, but some people find that a little
>>>>>>>> more challenging.
>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> Also, I cant tell if the MySQL server is up and
>>>>>>>>> running prior to Tomcat being started. I know that
>>>>>>>>> mysqld is enabled to start at boot, but I dont know
>>>>>>>>> if Tomcat starts prior to MySQL.  How would I
>>>>>>>>> figure that out?
>>>>>>>>> 
>>>>>>>> 
>>>>>>>> I thought REHL 7 uses systemd and not init scripts?
>>>>>>>> 
>>>>>>>> There have been many discussions on the mailing list 
>>>>>>>> concerning systemd and Tomcat. I think someone has
>>>>>>>> posted appropriate systemd scripts.
>>>>>>>> 
>>>>>>>> If not, then look at /etc/rc3.d. Start and stop
>>>>>>>> scripts are executed in numerical order. Start
>>>>>>>> scripts start with S, stop scripts start with K.
>>>>>>>> 
>>>>>>>> Adjust the numbers in your Tomcat init script 
>>>>>>>> (/etc/initinit.d) so that the start comes after
>>>>>>>> MySQL (second number in the chkconfig line).
>>>>>>>> 
>>>>>>>> You'll have to chkconfig --del and chkconfig --add to
>>>>>>>> have the new numbers take effect in /etc/rcx.d.
>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> Thanks!
>>>>>>>>> 
>>>>>>>> 
>>>>>>>> . . . just my two cents /mde/
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>> 
>>>>>>> hello thank you for your response.
>>>>>>> 
>>>>>>> So i decided to go the SystemD route and I found this 
>>>>>>> article online:
>>>>>>> 
>>>>>>> https://panovski.me/install-tomcat-8-on-centos-7/
>>>>>>> 
>>>>>>> I followed the instructions and instead of downloading
>>>>>>> Tomcat and installing it in /opt/tomcat, I copied the
>>>>>>> existing Tomcat installation, which was in
>>>>>>> /home/username, into /opt/tomcat and I gave the entire
>>>>>>> installation directory, an owner and group of tomcat.
>>>>>>> Then I set up the following tomcat.service unit file:
>>>>>>> 
>>>>>>> 
>>>>>>> [Unit] Description=Apache Tomcat Web Application
>>>>>>> Container After=network.target
>>>>>>> 
>>>>>>> [Service] Type=forking PIDFile=/var/run/tomcat.pid 
>>>>>>> Environment=CATALINA_PID=/var/run/tomcat.pid 
>>>>>>> Environment=JAVA_HOME=/usr/java/jdk1.8.0_92 
>>>>>>> Environment=CATALINA_HOME=/opt/tomcat/apache-tomcat-8.0.35
>>>>>>>
>>>>>>> 
Environment=CATALINA_BASE=/opt/tomcat/apache-tomcat-8.0.35
>>>>>>> Environment=CATALINA_OPTS=
>>>>>>> 
>>>>>>> ExecStart=/opt/tomcat/apache-tomcat-8.0.35/bin/jsvc \ 
>>>>>>> -Dcatalina.home=${CATALINA_HOME} \ 
>>>>>>> -Dcatalina.base=${CATALINA_BASE} \ -cp 
>>>>>>> ${CATALINA_HOME}/bin/commons-daemon.jar:${CATALINA_HOME}/bin
>>>>>>
>>>>>>> 
/bootstrap.jar:${CATALINA_HOME}/bin/tomcat-juli.jar
>>>>>>> 
>>>>>>> 
>>>>>> \
>>>>>>> -user tomcat \ -java-home ${JAVA_HOME} \ -pidfile 
>>>>>>> /var/run/tomcat.pid \ -errfile SYSLOG \ -outfile SYSLOG
>>>>>>> \ $CATALINA_OPTS \
>>>>>>> org.apache.catalina.startup.Bootstrap
>>>>>>> 
>>>>>>> ExecStop=/opt/tomcat/bin/jsvc \ -pidfile
>>>>>>> /var/run/tomcat.pid \ -stop \
>>>>>>> org.apache.catalina.startup.Bootstrap
>>>>>>> 
>>>>>>> [Install] WantedBy=multi-user.target
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> I set up JSVC as well just like how the article
>>>>>>> suggested, but when I run systemctl start tomcat and I
>>>>>>> try to browse to https://IP Address:8443   (I am using
>>>>>>> SSL on Tomcat), I get the following errors in the
>>>>>>> webbrowser:
>>>>>>> 
>>>>>>> http://pastebin.com/8RANM5NF
>>>>>>> 
>>>>>>> Any ideas on what I should do to resolve this issue?
>>>>>>> 
>>>>>>> Thanks!
>>>>>>> 
>>>>>> 
>>>>>> Looks like a permissions problem:
>>>>>> 
>>>>>> /opt/tomcat/apache-tomcat-8.0.35/work/Catalina/localhost/ROO
>>>>>>
>>>>>> 
T/org/apache/jsp/index_jsp.class (Permission denied)
>>>>>> 
>>>>>> What are the permissions and ownership (owner, group) for
>>>>>> the files and directories under /opt/tomcat - especially 
>>>>>> /opt/tomcat/apache-tomcat-8.0.35?
>>>>>> 
>>>>>> . . . just my two cents /mde/
>>>>>> 
>>>>>> 
>>>>> Hello ! thank you for your response
>>>>> 
>>>>> I checked the permissions for that path: the owner and
>>>>> group  for the path is tomcat:tomcat EXCEPT for the
>>>>> index_jsp.class and index_jsp.java, both of which are
>>>>> owned/group by root.  So it looks like when the systemd
>>>>> unit is ran, the two files are created by root as opposed
>>>>> to by Tomcat.  how would I fix this?
>>>>> 
>>>>> 
>>>>> Thanks!
>>>>> 
>>>>> 
>>>>> 
>>>> 
>>>> Hello
>>>> 
>>>> I changed the permissions on the two files tomcat:tomcat
>>>> and restarted Tomcat... it took a while, probably close to 10
>>>> minutes for the server to come up but now I can see the
>>>> Tomcat start page.. How come it takes so long for it to start
>>>> up? Any way that I can speed up the process?
> 
> Take a thread dump to find out what's going on.
> 
> My guess is that the server is waiting for entropy from
> /dev/random
> 
> -chris
>> 
>> ---------------------------------------------------------------------
>>
>> 
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>> 
>> 
> 
> Thank you for your response.  I installed haveged from the EPEL
> repository. I read that it should fix that issue.  I rebooted the
> server a few times and it seems to be coming up much better now.

IMHO, the use haveged is a terrible idea: it takes /dev/random
(theoretically, a reliable source of suitable entropy) and turns it
into /dev/urandom (theoretically, an unreliable source of low entropy).

This affects the entire system and all processes running on it. So,
with haveged running and you use "openssl genrsa" or "gpg --gen-key"
then you get a very poor-quality key.

If you want to hobble Java specifically, you can change the security
policy for the JRE to use /dev/urandom. Many distributions already do
this for you, possibly to the detriment of your security within Java
itself.

But it certainly does make things run faster. Much like disconnecting
the transmission in your car from its engine will allow the engine to
reach a higher RPM in a shorter amount of time.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJXq3ojAAoJEBzwKT+lPKRYOSIP/Rl6j7ZZuw4LaqzVDLLJin+t
WR5rkAGhpx7u//E5J41ZoKTird+h9qGsnyR1/r7rMthUjL+7FTxWe9ANH6Jh3z2f
bSjTUANBpeCtvXTgQSoxvkUhXi12j5WPyLJN7IEPzgiO8M5ltz47XveXRx02bAwd
lOYSnkCAWOIpFyw92AeyTK30LDqWEU1TcACNQ+jlJYA0hMAjBjU6At0AD4cnC/sx
ra/yS7xdXhbjrva+uBsRKrEDhC+Y7KApRZDVNh7Tvd2vVNgfEGcFb9bkC7AzGErl
pKz5eezGyc2SWki6E47rAnEdpRvRQLaBJl8OF7SoZli6TPOCOSpJYqjgZmOdZgLS
gZvCuegZwB+qmrUgxUask4tarkXoU+uZBTRwsl9Dfc03JtG56TT17BgSXZS6o+XV
lKM6chKlyaBbwWPXPUyXCex9WDlOJ7bHqOYALr7MMU3vvlBw45l4UgpBZ7gSELy4
k5etZiIWiuwDeQgiXaR+2G/+I5bV33k/kqxkfedNUfzPAQl0GPXGwcPKWCgAQ/6a
fxicYtmfLkp+6jBPmejSl92mQX/tZ7HlOlqupmR0GMBw6epe14YleWUSITInN0gu
arMJ09JcGNbGrhAWy1mXElVR50y6p3nBCYsR451JMnX5RNlItQZ66mtnEI7IsA4s
4kLWjqDOOlIRpGjHqXX1
=+3C4
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message