This is an old revision of the document!
"Server startup in"
The following script (/etc/init.d/tomcat6) will start Tomcat6 and can be added with “chkconfig tomcat6 on”.
#! /bin/sh
#
# Author: Thomas Roehm
#
# /etc/init.d/tomcat6
#
# and symbolic its link
#
# /sbin/rctomcat6
#
### BEGIN INIT INFO
# Provides: tomcat6
# Required-Start: $network $remote_fs
# Required-Stop: $network $remote_fs
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Description: Start Tomcat6
# Startup script for Tomcat
# description: Tomcat jakarta JSP server
### END INIT INFO
#Necessary environment variables
export CATALINA_HOME="/srv/www/tomcat6"
CATALINA_PID=/var/log/tomcat6/tomcat.pid
if [ ! -f $CATALINA_HOME/bin/catalina.sh ]
then
echo "Tomcat not available..."
exit
fi
start() {
echo -n -e '\E[0;0m'"\033[1;32mStarting Tomcat: \033[0m \n"
su -l tomcat -c $CATALINA_HOME/bin/startup.sh
sleep 3
}
stop() {
PID=`(cat /var/log/tomcat6/tomcat.pid)`
echo -n -e '\E[0;0m'"\033[1;31mShutting down Tomcat: \033[m \n"
su -l tomcat -c $CATALINA_HOME/bin/shutdown.sh
sleep 10
kill $PID
rm /var/log/tomcat6/tomcat.pid
}
status() {
ps ax | grep "org.apache.catalina.startup.Bootstrap start" | grep tomcat | awk '{printf $1 " "}' > /tmp/tomcat_process.txt
process=`(cat /tmp/tomcat_process.txt)`
if [ -s /tmp/tomcat_process.txt ]
then
echo "Tomcat is running with PID $process"
else
echo "Tomcat has been stopped"
fi
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
sleep 15
start
;;
status)
status
;;
*)
echo "Usage: tomcat6 {start|stop|restart|status}"
exit 1
esac
Additionally to start/stop with “rctomcat6 option”:
ln –s /ect/init.d/tomcat6 /sbin/rctomcat6
The file „/usr/lib/ocf/resources.d/heartbeat/tomcat6“ has to be created.
#!/bin/sh
export OCF_ROOT=/usr/lib/ocf
CATALINA_HOME="${OCF_RESKEY_catalina_home}"
export CATALINA_HOME
. ${OCF_ROOT}/resource.d/heartbeat/.ocf-shellfuncs
INIT_SCRIPT=/etc/init.d/tomcat6
case "$1" in
start)
cd "$CATALINA_HOME/bin"
${INIT_SCRIPT} start > /dev/null 2>&1 && exit || exit 1
;;
stop)
cd "$CATALINA_HOME/bin"
${INIT_SCRIPT} stop > /dev/null 2>&1 && exit || exit 1
;;
status)
cd "$CATALINA_HOME/bin"
${INIT_SCRIPT} status > /dev/null 2>&1 && exit || exit 1
;;
monitor)
cd "$CATALINA_HOME/bin"
# Check if Ressource is stopped
${INIT_SCRIPT} status > /dev/null 2>&1 || exit 7
# Otherwise check services (XXX: Maybe loosen retry / timeout)
wget --no-proxy -O /dev/null http://localhost:8080/i52server/ 2>&1 | grep 'connected' && exit || exit 1
;;
meta-data)
cat <<END
<?xml version="1.0"?>
<!DOCTYPE resource-agent SYSTEM "ra-api-1.dtd">
<resource-agent name="tomcat6">
<version>1.0</version>
<longdesc lang="en">
OCF Ressource Agent for Tomcat6.
</longdesc>
<shortdesc lang="en">OCF Ressource Agent for Tomcat 6</shortdesc>
<parameters>
<parameter name="catalina_home" unique="1" required="1">
<longdesc lang="en">
Home directory of Tomcat
</longdesc>
<shortdesc>Home directory of Tomcat</shortdesc>
<content type="string" default="" />
</parameter>
</parameters>
<actions>
<action name="start" timeout="60s" />
<action name="stop" timeout="120s" />
<action name="status" timeout="60" />
<action name="monitor" depth="0" timeout="30s" interval="10s" start-delay="10s" />
<action name="meta-data" timeout="5s" />
<action name="validate-all" timeout="5"/>
</actions>
</resource-agent>
END
;;
esac
CATALINA_PID=/var/log/tomcat6/tomcat.pid --DisplayName ServiceName #Service display name in processlist
Examples of paramters set in {$Tomcat}/bin/catalina.sh
CATALINA_OPTS="
-Djava.awt.headless=true \
-Dcatalina.home=$CATALINA_BASE \
-Dcatalina.base=$CATALINA_BASE \
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
-Djava.util.logging.config.file=conf\logging.properties \
-Djavax.xml.validation.SchemaFactory:http://www.w3.org/2001/XMLSchema=org.apache.xerces.jaxp.validation.XMLSchemaFactory \
-Xmx5021M \
-XX:MaxPermSize=256m \
-XX:+HeapDumpOnOutOfMemoryError \
-XX:HeapDumpPath=/srv/www/tomcat6/logs \
-Djava.compiler=NONE \
-Xdebug \
-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=8000 \
-Xnoagent \
-Dcom.sun.management.jmxremote=true \
-Dorg.eclipse.jdt.core.compiler.source=1.5 \
-Dorg.eclipse.jdt.core.compiler.compliance=1.5 \
-Djavax.xml.datatype.DatatypeFactory=com.sun.org.apache.xerces.internal.jaxp.datatype.DatatypeFactoryImpl \
-DconfigurationsFilePath=/etc/cas_open \
-DoptionalConfigurationsFilePath=/etc/cas_open/hostdependant \
-Dcompression=false \
-Duser.language=de \
-Duser.country=DE \
-Dcontentgrabber.default.charset=iso-8859-1 \
-Dmail.mime.charset=UTF-8 \
-Djavax.xml.bind.JAXBContext=com.sun.xml.bind.v2.ContextFactory \
-Djavax.net.ssl.keyStore=/srv/www/tomcat6/keystore/ecrm.keystore \
-Djavax.net.ssl.keyStorePassword=ecrm \
-Dhttp.proxyHost=10.6.3.15 \
-Dhttp.proxyPort=8080 \
-Djava.io.tmpdir=/var/log/tomcat6/temp \
-Dorg.eclipse.jdt.core.compiler.codegen.TargetPlatform=1.5 \
-DlogsFilePath=/var/log/tomcat6 \
-Dhttp.nonProxyHosts=localhost|127.0.0.1 \
-Dhttps.nonProxyHosts=localhost|127.0.0.1 "
# -Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Jdk15Logger \
Edit /srv/www/tomcat/webapps/ROOT/index.html to:
<html> <head> <meta http-equiv="refresh" content="0;URL=/i5server"> </head> <body> </body> </html>
Tomcat:
Create a local Certificate:
keytool -genkey -alias tomcat –keysize 2048 -keyalg RSA -keystore <your_keystore_filename> #keystore_filename: E.g. tomcatSSL
The CSR is then created with:
keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore <your_keystore_filename>
Import the Chain Certificate into you keystore:
keytool -import -alias root -keystore <your_keystore_filename> -trustcacerts -file <filename_of_the_chain_certificate>
And finally import your new Certificate:
keytool -import -alias tomcat -keystore <your_keystore_filename> -trustcacerts -file <your_certificate_filename>
Official:
Tomcat (keytool) This document provides instructions for installing TC Trust SSL certificate. If you are unable to use these instructions for your server, we recommend that you contact either the vendor of your server software or an organisation that supports Tomcat. 1 Install the Root CA certificate You must first obtain the Root CA certificate (TC TrustCenter Class 2 CA II) and save the Root CA certificate as root.cer. In the following example please replace the example keystore name 'keystore.key' with your keystore name. Use the following command to import this certificate in the keystore: keytool -import -alias root -keystore keystore.key -trustcacerts -file root.cer 2 Install the Intermediate CA certificate Create a file in Notepad and save the Intermediate CA certificate (TC TrustCenter Class 2 L1 CA XI) as intermediate.cer. Use the following command to import this certificate in the keystore: keytool -import -alias intermediate -keystore keystore.key -trustcacerts -file intermediate.cer 3 Install the TC Trust SSL certificate Your TC Trust SSL certificate will be sent via email. Look for the TC Trust SSL certificate text in the body of the email and copy and paste it into a .crt file (such as tc_server.crt) using Vi or Notepad. Please be sure to include the header and footer as well as the surrounding dashes including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines. NOTE: Do not use Microsoft Word or other word processing programs that may add characters. Confirm that there are no extra lines or spaces in the file otherwise additional characters may render the certificate unusable. Enter the following command to import your TC Trust SSL certificate (certreq.csr is the alias specified during CSR creation): keytool -import -alias server.crt -file server.crt -keystore keystore.key