Tomcat 5.5 --- tomcat55ctl --- increase max vm heap space ?

Tomcat 5.5 --- tomcat55ctl --- increase max vm heap space ?

Post by conrad.bur » Thu, 21 Jul 2005 23:36:24


************************************************************
Click here to view our e-mail legal notice:
http://www.yqcomputer.com/ : +27 21 888 7920
************************************************************
Hi all=20

I needed to increase the maximum allowed heap space for the vm tomcat is =
running
on. This was achieved by using the -Xmx switch (eg. -Xmx512m).

use
"tomcat55ctl".

Modified the daemonctl.c and Tomcat 5.5 Makefile to get it working.
=20
My question... I don't want to perform this "hack" operation every time =
I
install tomcat on a machine or update the ports tree.
Would it be possible to add some variable, where passing arbitrary vm =
arguments
to the tomcat vm can be done at port build time?

Eg. Tomcat5.5/Makefile

--- Makefile Wed Jul 20 16:12:59 2005
***************
*** 45,50 ****
--- 45,51 ----
STDERR_LOG=3D ${LOG_DIR}/stderr.log
AUTO_START?=3D NO
STOP_TIMEOUT?=3D 5
+ JAVA_VM_ARGS?=3D -Xmx512m
PID_FILE=3D /var/run/${APP_SHORTNAME}.pid
REPLACE_FILES=3D =
${PORTSDIR}/www/jakarta-tomcat4/files/daemonctl.c \
${PORTSDIR}/www/jakarta-tomcat4/files/daemonctl.1 \
***************
*** 109,114 ****
--- 110,116 ----
-e "/%%STOP_TIMEOUT%%/s//${STOP_TIMEOUT}/g" \
-e "/%%USER%%/s//${USER}/g" \
-e "/%%WARP_PORT%%/s//${WARP_PORT}/g" \
+ -e "/%%JAVA_VM_ARGS%%/s//${JAVA_VM_ARGS}/g" \
$f > ${WRKDIR}/`basename $f`
@${ECHO_MSG} " [ DONE ]"
.endfor


Eg. daemonctl.c
--- daemonctl.c Wed Jul 20 13:06:57 2005
***************
*** 425,431 ****
file using pipe(2) */

/* Execute the command */
! execl("%%JAVA_HOME%%/%%JAVA_CMD%%",
"%%JAVA_HOME%%/%%JAVA_CMD%%", "-jar", %%JAVA_ARGS%% "%%JAR_FILE%%", =
%%JAR_ARGS%%
NULL);

fprintf(stderr, "%%CONTROL_SCRIPT_NAME%%: Unable to =
start
%%APP_TITLE%% %%PORTVERSION%% since '%%JAVA_HOME%%/%%JAVA_CMD%% -jar
%%JAR_FILE%%' in %%APP_HOME%%: ");
perror(NULL);
--- 425,431 ----
file using pipe(2) */

/* Execute the command */
! execl("%%JAVA_HOME%%/%%JAVA_CMD%%",
"%%JAVA_HOME%%/%%JAVA_CMD%%","%%JAVA_VM_ARGS%%", "-jar", %%JAVA_ARGS%%
"%%JAR_FILE%%", %%JAR_ARGS%% NULL);

fprintf(stderr, "%%CONTROL_SCRIPT_NAME%%: Unable to =
start
%%APP_TITLE%% %%PORTVERSION%% since '%%JAVA_HOME%%/%%JAVA_CMD%% -jar
%%JAR_FILE%%' in %%APP_HOME%%: ");
perror(NULL);


Cheers=20
Conrad Burger

_______________________________________________
XXXX@XXXXX.COM mailing list
http://www.yqcomputer.com/
To unsubscribe, send any mail to " XXXX@XXXXX.COM "
 
 
 

Tomcat 5.5 --- tomcat55ctl --- increase max vm heap space ?

Post by achil » Thu, 21 Jul 2005 23:48:20

Conrad Burger Jul 20, 2005 :


I have probably missed something, but
why can't tomcat be started as a shellscript
as jboss does?


--
-Achilleus

_______________________________________________
XXXX@XXXXX.COM mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-java
To unsubscribe, send any mail to " XXXX@XXXXX.COM "

 
 
 

Tomcat 5.5 --- tomcat55ctl --- increase max vm heap space ?

Post by herve.quir » Thu, 21 Jul 2005 23:48:52

Hi Conrad,



We are currently trying to handle the "Tomcat launcher case". The latest
approach so far proposed to the list can be found in the following
thread:
http://www.yqcomputer.com/

(the thread may be scatered due to some wrong "In-Reply-To" field at
some point)

I would suggest that you take a look at the proposed approach as well as
the other ones that have been posted as PRs (that are listed in one of
my messages from the thread).

All feedback welcome.

Herve
_______________________________________________
XXXX@XXXXX.COM mailing list
http://www.yqcomputer.com/
To unsubscribe, send any mail to " XXXX@XXXXX.COM "
 
 
 

Tomcat 5.5 --- tomcat55ctl --- increase max vm heap space ?

Post by herve.quir » Wed, 27 Jul 2005 06:22:02

Hi Achilleus,



Well, actually jboss is launched using an executable which is also a C
program...

But actually I tend to agree with you on the shell script front. There
may have been some historical reason to the tomcatctl.c program but I
believe the most clean approach is probably the one from PR 38018 [1].

I have been trying to get the commons-daemon stuff working but there are
still issues (e.g. it takes forever to shutdown the service) to overcome
and I don't see what jsvc does actually provide more than what
catalina.sh + rcNG already do. I am starting to think that jsvc is good
when your system don't provide features such as the ones that are
provided by rcNG (PID file, run as user, start/stop...)

Please, all people motivated by this issue have a look at PR 33018 [1]
and tell me if there is something wrong with a plain rcNG shell script.
Whether there is indeed some mandatory feature that can only be provided by
some C program or not, we need to know it so we can already close some
PRs and find a solution, at last.

FYI, a ports CVS freeze is coming (6.0 release) in a few days now...

Herve


[1] http://www.yqcomputer.com/
_______________________________________________
XXXX@XXXXX.COM mailing list
http://www.yqcomputer.com/
To unsubscribe, send any mail to " XXXX@XXXXX.COM "
 
 
 

Tomcat 5.5 --- tomcat55ctl --- increase max vm heap space ?

Post by past » Wed, 27 Jul 2005 16:36:03


IMHO, the approach in PR 38018 is a reasonable and future-proof one. I
agree with everything you say above. IIRC the only thing a C program
buys us is the ability to bind directly on privileged ports (e.g. 80,
443). I have had a hard time persuading other people that this is better
than having the stock launcher script, though.

Cheers,

Panagiotis
_______________________________________________
XXXX@XXXXX.COM mailing list
http://www.yqcomputer.com/
To unsubscribe, send any mail to " XXXX@XXXXX.COM "
 
 
 

Tomcat 5.5 --- tomcat55ctl --- increase max vm heap space ?

Post by jonc » Thu, 28 Jul 2005 04:25:55


The major reason why Ernst introduced the daemonctl program was so that
tomcat/jboss wouldn't be running as root. Having it run as root
introduces the possibility of a root-hack via tomcat/jboss. If you can
make it easily run under the `www' pseudo user that would be cool.

The secondary purpose of the daemonctl program was convenience
related: you don't have to be root to start the service, just a
member of `www'. Dunno if you can easily replicate this with a shell
script though.

Cheers.
--
Jonathan Chen < XXXX@XXXXX.COM >
----------------------------------------------------------------------
Power corrupts, Absolute Power is pretty neat
_______________________________________________
XXXX@XXXXX.COM mailing list
http://www.yqcomputer.com/
To unsubscribe, send any mail to " XXXX@XXXXX.COM "
 
 
 

Tomcat 5.5 --- tomcat55ctl --- increase max vm heap space ?

Post by herve.quir » Sat, 30 Jul 2005 22:29:32

Hi Jonathan,




Actually, the logic which allows to run the service as user 'www' is
implemented in the rc script, not in daemonctl.

Moreover, as reported in PR 83434 [1], there are already permission
issues with Tomcat ports. The executables should indeed belong to
root:wheel whereas data files and dirs should belong to www:www and be
664/775. Hence, any user from the 'www' group would be able to run
Tomcat but not to modify Tomcat core itself (as it is now).

After a deeper look at daemonctl.c, it appears that the most logic in it
is about PID storing/retrieving, arguments validating, and other
features that rcNG just happens do provide to any service daemon.

So IMHO, the only real problem we have with the rcNG/catalina.sh
approach lies in what Panagiotis just mentioned, that is the ability to
open port 80 for instance. Anyway, if we actually ensure that Tomcat is
run as 'www' and not as 'root', even daemonctl will not be able to use
port 80.

This leaves us with the following choice: should we enforce strong
security (i.e. PR 83434) and use ${name}_user from rcNG or should we
allow the daemon to open port 80 (running the daemon as superuser)? I
definitively believe we should go for security first. User can just set
tomcat55_user=root when then need to.

Either way, I don't see any more reason to use daemonctl.c, unless I
missed (or misunderstood) some point here.

The ports freeze is due to 1st of August, which leaves us with no much
time to implement the chosen approach. IMHO, such change right before a
release is no good anyway. OTOH, I think we should settle this issue
once and for all so that I may commit the changes right when the freeze
is over.

Herve


[1] http://www.yqcomputer.com/
_______________________________________________
XXXX@XXXXX.COM mailing list
http://www.yqcomputer.com/
To unsubscribe, send any mail to " XXXX@XXXXX.COM "
 
 
 

Tomcat 5.5 --- tomcat55ctl --- increase max vm heap space ?

Post by Jan.Gran » Sun, 31 Jul 2005 18:38:20


As the submitter of that PR, let me say that I certainly agree with the
"security first" approach, and don't atually think it'll hugely impact
general tomcat use. Certainly my production tomcats sit on high ports
and get requests via AJP; there are also alternative cheap and effective
ways of getting traffic from port 80 to a high tomcat port (balance, pf
rdr) and for development on a workstation you generally don't need to be
running on "production" ports anyway.


In a similar vein, we could also do with making sure that the "www"
users (or whatever tomcat is running as) doesn't wind up owning the PID
file if at all possible, unless any signals to the process are also
sent as that user.


--
jan grant, ILRT, University of Bristol. http://www.yqcomputer.com/
Tel +44 (0)117 9287088 or 3317661 http://www.yqcomputer.com/
Strive to live every day as though it was last Wednesday.
_______________________________________________
XXXX@XXXXX.COM mailing list
http://www.yqcomputer.com/
To unsubscribe, send any mail to " XXXX@XXXXX.COM "