We have switched to Apache tomcat 5.5.x from 4.1.x. Obtain the binary distribution from http://tomcat.apache.org/ Use gnu tar, solaris tar does not work correctly.
The following example is for the 2.2 release, we can use a separate installation for every major release.
cd /var/local gtar -xvzf apache-tomcat-5.5.23.tar.gz cp -rp /var/local/apache-tomcat-5.5.23 /var/local/main-tomcat-2.2 cp -rp /var/local/apache-tomcat-5.5.23 /var/local/pilot-tomcat-2.2 cp -rp /var/local/apache-tomcat-5.5.23 /var/local/sakai-tomcat-2.2
Changes are needed to conf/context.xml, conf/server.xml, and bin/catalina.sh These are available here. For each of the above tomcat directories $CATALINA_HOME:
In addition, conf/tomcat-users.xml may be modified to add a user to activate the manager webapp. Add a line like the following, and keep the username and password secret. We haven't done this in production.
<user name="muser" password="mpass" roles="manager"/>
This $CATALINA_HOME/bin/catalina.sh includes the following lines near the top:
#JAVA_HOME="/var/local/java1.4" #JAVA_HOME="/var/local/java1.5" #JAVA_HOME="/var/local/java1.6" CATALINA_OPTS="-server -Dfile.encoding=UTF-8 $CATALINA_OPTS" CATALINA_TMPDIR=/usr/tmp/tomcats/temp1 umask 2 ulimit -H -n 4096 NOW=`/usr/bin/date +%Y%m%dT%H%M` JAVA_OPTS="-d64 -Xms5000m -Xmx6000m"
and later
CATALINA_OUT=/var/local/stellar-logs/tomcat.`/usr/bin/date +%Y%m%dT%H%M` CATALINA_OUT="$CATALINA_HOME/logs/catalina.out"
Customize this. JAVA_HOME specifies which JRE to use; for Java 1.6 use /var/local/java1.6/ (see Stellar 2 Server Setup for installation of java 1.6). JAVA_OPTS specifies what options to use; the memory settings may need revision. Farther down, the CATALINA_OUT setting controls where output is sent. logs/catalina.out is the Tomcat 5.5 default, but Stellar uses the stellar-logs directory. CATALINA_TMPDIR defaults to $CATALINA_BASE/temp and grows to fill / so move to /usr/tmp where it will be cleaned out. Give multiple tomcats different directories.
For Tomcat 4 and Java 1.4, we used:
ulimit -H -n 4096 NOW=`/usr/bin/date +%Y%m%dT%H%M` JAVA_OPTS=" -d64 -Xmx12000m -Xms10000m" JAVA_OPTS="$JAVA_OPTS -Dsun.rmi.dgc.client.gcInterval=7200000" JAVA_OPTS="$JAVA_OPTS -XX:+UseConcMarkSweepGC -XX:+UseParNewGC -XX:+CMSParallelRemarkEnabled" JAVA_OPTS="$JAVA_OPTS -XX:+UseAdaptiveSizePolicy -XX:NewSize=256m -XX:MaxPermSize=128m" JAVA_OPTS="$JAVA_OPTS -XX:PermSize=64m -XX:MaxTenuringThreshold=3" JAVA_OPTS="$JAVA_OPTS -XX:CMSInitiatingOccupancyFraction=40" JAVA_OPTS="$JAVA_OPTS -XX:MinHeapFreeRatio=20" JAVA_OPTS="$JAVA_OPTS -verbose:gc -Xloggc:/var/local/stellar-logs/gclog-$NOW" JAVA_OPTS="$JAVA_OPTS -XX:+PrintGCDetails -XX:+PrintGCTimeStamps" JAVA_OPTS="$JAVA_OPTS -XX:+PrintTenuringDistribution" JAVA_OPTS="$JAVA_OPTS -XX:+PrintAdaptiveSizePolicy -XX:+PrintGCApplicationConcurrentTime" JAVA_OPTS="$JAVA_OPTS -XX:+PrintGCApplicationStoppedTime"
For 1.5 the configuration currently being used is:
JAVA_OPTS="-d64 -Xms8000m -Xmx11000m" JAVA_OPTS="$JAVA_OPTS -XX:NewSize=512m -XX:MaxNewSize=1024m" JAVA_OPTS="$JAVA_OPTS -XX:MaxPermSize=192m -XX:NewRatio=2" JAVA_OPTS="$JAVA_OPTS -Dsun.rmi.dgc.client.gcInterval=7200000" JAVA_OPTS="$JAVA_OPTS -XX:+HeapDumpOnOutOfMemoryError -XX:+UseConcMarkSweepGC" JAVA_OPTS="$JAVA_OPTS -XX:SurvivorRatio=4 -XX:TargetSurvivorRatio=90 -XX:MaxTenuringThreshold=15" JAVA_OPTS="$JAVA_OPTS -XX:+CMSIncrementalMode -XX:+CMSIncrementalPacing" JAVA_OPTS="$JAVA_OPTS -XX:CMSIncrementalDutyCycleMin=2" JAVA_OPTS="$JAVA_OPTS -XX:CMSIncrementalDutyCycle=10" JAVA_OPTS="$JAVA_OPTS -XX:CMSIncrementalSafetyFactor=20" JAVA_OPTS="$JAVA_OPTS -XX:MinHeapFreeRatio=20" JAVA_OPTS="$JAVA_OPTS -XX:+PrintClassHistogram" JAVA_OPTS="$JAVA_OPTS -verbose:gc -Xloggc:/var/local/stellar-logs/gclog-$NOW " JAVA_OPTS="$JAVA_OPTS -XX:+PrintGCDetails -XX:+PrintGCTimeStamps" JAVA_OPTS="$JAVA_OPTS -XX:+PrintTenuringDistribution -XX:+PrintAdaptiveSizePolicy" JAVA_OPTS="$JAVA_OPTS -XX:+PrintGCApplicationConcurrentTime" JAVA_OPTS="$JAVA_OPTS -XX:+PrintGCApplicationStoppedTime"
For development, it is recommended that this unpacked, merged copy of tomcat be left as a clean copy. Copy it to a directory on /var/local to be used for your sandbox (etc).
Modify $CATALINA_HOME/conf/server.xml to configure AJP on whatever the apache httpd will use, e.g. to use port 8559 instead of 8009, use the following. maxThreads may also be increased or decreased depending on the capacity of the hardware.
Ports we use: main tomcat 8115/8119, pilot tomcat 8225/8229, sakai tomcat 8335/8339.
For each of main, pilot, and sakai; set the jvmRoute, tcpListenPort, tempDir, deployDir, and watchDir to be different from others in the cluster.
<Connector port="8559"
enableLookups="false" protocol="AJP/1.3" maxThreads="500" />
The provided ./context.xml has been modified to allow Stellar to access other web application contexts. It may be possible and better to use deployXML="true" in the server.xml Host element and use META-INF/context.xml in the stellar webapp instead.
The ISDA monitor.war webapp should be installed on each tomcat
cp monitor.war /var/local/main-tomcat-2.2/webapps/main-monitor.war cp monitor.war /var/local/pilot-tomcat-2.2/webapps/pilot-monitor.war cp monitor.war /var/local/sakai-tomcat-2.2/webapps/sakai-monitor.war
We used to use a ./catalina.policy file; -security was made the default in catalina.sh and we used a custom ./catalina.policy file. However, since we are only installing trusted Stellar and Sakai webapps, and setting the security settings for the Sakai webapps is not normally done in Sakai, we will no longer use this.
For debugging and test monitoring, set the CATALINA_OPTS variable in your command shell before running tomcat as in the example below. Set the jmxremote.access and jmxremote.password files (access should contain monitorRole readonly and password should contain monitorRole whateverpassword, and set the permissions on the jmxremote.password file to 600. See http://tomcat.apache.org/tomcat-5.5-doc/monitoring.html.
setenv CATALINA_OPTS "-Dcom.sun.management.jmxremote \
-Dcom.sun.management.jmxremote.port=8123 \
-Dcom.sun.management.jmxremote.ssl=false \
-Dcom.sun.management.jmxremote.authenticate=true \
-Dcom.sun.management.jmxremote.password.file=conf/jmxremote.password \
-Dcom.sun.management.jmxremote.access.file=conf/jmxremote.access"
Then use jconsole localhost:8123 to monitor the tomcat. SSL can be used to secure the connection, see http://java.sun.com/j2se/1.5.0/docs/guide/management/agent.html
However, much of the same information is available more conveniently through the Tomcat Manager App which is enabled by setting the username and password for the manager role in tomcat-users.xml as described above.
ln -s /var/local/main-tomcat-2.2/bin/catalina.sh /etc/init.d/tomcat ln -s /etc/init.d/tomcat /etc/rc0.d/K02tomcat ln -s /etc/init.d/tomcat /etc/rc2.d/S98tomcat ln -s /var/local/pilot-tomcat-2.2/bin/catalina.sh /etc/init.d/pilot-tomcat ln -s /etc/init.d/pilot-tomcat /etc/rc0.d/K02pilot-tomcat ln -s /etc/init.d/pilot-tomcat /etc/rc2.d/S98pilot-tomcat ln -s /var/local/sakai-tomcat-2.2/bin/catalina.sh /etc/init.d/sakai-tomcat ln -s /etc/init.d/sakai-tomcat /etc/rc0.d/K02sakai-tomcat ln -s /etc/init.d/sakai-tomcat /etc/rc2.d/S98sakai-tomcat
$Revision: 31385 $ $Date: 2008-11-26 11:39:46 -0500 (Wed, 26 Nov 2008) $