I'm a (sort-of) java developer, so one of the most frequent sys-admin tasks I have to do is install Tomcat on Linux. Since there's usually quite a lag between Tomcat releases and packages appearing in yum repos, I generally do this "by hand".

It used to be received wisdom that the way to run Tomcat was "behind" an apache installation, but given improvements in the codebase, the Java VM and the option for it to use the Apache Portable Runtime library, I don't think that's the case any longer. Why run two servers when I really only need one?

This means, of course, that it has to start on port 80, and not the default 8080. Which is a problem on linux, as all ports below 1024 are "privileged" and available only to root. Native programs like apache get round this by starting up as root, grabbing the port, then switching to a n0n-root user for their normal operations. This level of native integration is beyond a JVM. You could run Tomcat as root, but that's generally considered a Bad Thing from a security perspective.

What to do then? Well,if you consult the docs, you will see that the Apache project provides you with a small program called jsvc, to solve just this problem. It's packaged up as a tarball in the Tomcat bin directory. Compiling it is usually very easy.

At this point the documentation becomes a bit more vague. It tells you how you can start Tomcat as root (using jsvc) and have it switch to a non-privileged user. But it doesn't tell you how to installTomcat as a linux service, or how to stop the server process.

Tomcat 5 (we're now at version 7) came with a sample start/stop script for use with the linux service command (so you could execute "service tomcat start" for instance). But it had a couple of problems -- it annoyingly did not show the green/red OK/FAILED message that these scripts usually output, and more seriously it's restart method was flawed (it did not wait for the previous process to terminate before running start, so that two processes attempted to occupy the same port).

I've re-written this script (to work with recent releases of Redhat, CentOS, Fedora and Amazon linuxes -- Debian based systems will vary). If you place it in /etc/init.d then it should allow you to run tomcat on port 80 as a service. Obviously you will need to edit it so that the paths are all applicable to your system. Also I make no guarantees that this'll work for you, or that its even the best way of doing things (I'm sure it's not). But you may find it helpful as a starting point, as there seems to be a dearth of info on the topic.

#!/bin/bash
#
# Tomcat Apache Tomcat webserver
#
# chkconfig: 2345 65 37
# description: Tomcat is a webserver and servlet \
# container. In this case, it's \
# controlled with the jsvc daemon, \
# meaning it can be started as root \
# (to run on port 80) but will then \
# switch to a non-privileged user.
#
# processname: jsvc.exec
# pidfile: /var/run/tomcat.pid
# config: /usr/local/tomcat/conf/server.xml
#
# D I Macdonald 30 Apr 2011

# Source function library.
. /etc/rc.d/init.d/functions


# Source networking configuration.
. /etc/sysconfig/network

RETVAL=0

#various script-specific vars
JSVC=/usr/local/bin/jsvc
PID_FILE=/var/run/tomcat.pid
JAVA_HOME=/usr/java
CATALINA_HOME=/usr/local/tomcat
TOMCAT_USER=tomcat

#set the max heap size here...
MEM_OPTS=-Xmx512m

CATALINA_TMPDIR=/usr/local/tomcat/temp
CATALINA_OUT=$CATALINA_HOME/logs/catalina.out
CATALINA_OUT_BAK=$CATALINA_HOME/logs/catalina.out.old
CATALINA_ERR=$CATALINA_HOME/logs/catalina.err
CATALINA_ERR_BAK=$CATALINA_HOME/logs/catalina.err.old
BOOT_CLASS=org.apache.catalina.startup.Bootstrap
CLASSPATH=$CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/commons-daemon.jar:$CATALINA_HOME/bin/tomcat-juli.jar

start()
{
#must be root!
[ "$EUID" != "0" ] && exit 4

# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 1
echo -n $"Starting tomcat: "

if [ -e $PID_FILE ]
then
echo "Tomcat is already running (pidfile $PID_FILE exists)."
exit 1
fi
#start the server
$JSVC -jvm server -user $TOMCAT_USER -cp $CLASSPATH -outfile $CATALINA_OUT -errfile $CATALINA_ERR -pidfile $PID_FILE $ME
M_OPTS -Djava.endorsed.dirs=$CATALINA_HOME/common/endorsed -Dcatalina.home="$CATALINA_HOME" -Djava.io.tmpdir="$CATALINA_TMPDIR"
$BOOT_CLASS && success || failure
RETVAL=$?
echo
#return $RETVAL
}

stop() {
[ "$EUID" != "0" ] && exit 4

# Stop the server
echo -n $"Shutting down tomcat: "
$JSVC -cp $CLASSPATH -pidfile $PID_FILE -stop $BOOT_CLASS && success || failure
RETVAL=$?
echo
#return $RETVAL
}

status()
{
if [ -e $PID_FILE ]
then
echo "Tomcat is running."
else
echo "Tomcat is stopped."
fi
}

# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
status)
status
;;

*)
echo "Usage: service tomcat {start|stop|restart|status}"
exit 2
esac

exit $RETVAL


Comments

  1. donald_i2 May 2011 at 03:37

    Omitted to say that to create the necessary symbolic links, you will need to do something like this:

    chown root:root /etc/rc.d/init.d/tomcat
    chmod 755 /etc/rc.d/init.d/tomcat

    chkconfig --add tomcat
    chkconfig tomcat on

    ReplyDelete

Post a Comment

Popular posts from this blog

Apple No More?

My trusty Macbook Pro is 8 years old. A bit like the Argo it is arguable if that's entirely true, since the memory has been increased and the HDD has been replaced by an SSD (if you haven't done this I can't emphasis enough how worthwhile an upgrade it is). But the fact remains that it's elderly and things like running an android emulator are getting too much for it. I've been putting off buying a new machine as long as possible though. Gone are the days when I used to lust after the latest model. Apple seem to be deliberately making their machines less appealing to me. This may be age creeping up on me and an accompanying lack of desire to experience new things, but I don't think so (at least, not in this case). Soldered memory and soldered SSD? Memory I can just about cope with; to be honest I don't find a need to use more than 8GB for anything these days. But I get all itchy at the thought of internal storage you can't replace or upgrade. Add to...
Read more

Setting XCode brace options

Just started working with Xcode. I'm old-fashioned and prefer my code blocks to look like this: if (x) { //do something } rather than like this (which is how Xcode defaults to doing things): if (x) { //do something } After a bit of quality time with the big G, I found that this bit of Voodoo (supplied to the Terminal) does the trick: defaults write com.apple.Xcode XCCodeSenseFormattingOptions -dict BlockSeparator "\n" More of these codes are available from Apple's reference docs .
Read more

Delicious Serial

Image
NB Even by the standards of this part-time blog the following post is absurdly obscure. My brother works for a large company who have been in business here since the 1950s. They have a lot of old equipment, and he asked my advice about an elderly PC. It interfaced with some industrial plant and displayed vital statistics about what the machinery was doing. The worry was it might fail one day, and they had no backup or replacement for it. Intrigued, I paid a visit. It turned out to be a Sanyo PC, model number MBC-17LXS. It had a 5.25" floppy disk drive (empty) and interfaced with the plant via a serial cable. The software appeared to be running on DOS, but I couldn't confirm that as they were using the plant that day and didn't want me trying to quit the program. Back home, I did a bit of digging. Not a lot of data on the Sanyo MBC-17LX online but I eventually found this advert in a scanned copy of the August 1990 Popular Electronics magazine: Cool - so the machine was c...
Read more