diff --git a/tomcat-7.0-jsvc.service b/tomcat-7.0-jsvc.service index 519f38e..77c220c 100644 --- a/tomcat-7.0-jsvc.service +++ b/tomcat-7.0-jsvc.service @@ -1,17 +1,18 @@ # Systemd unit file for tomcat # -# To create clones of this service: -# 1) By default SERVICE_NAME=tomcat. When cloned, the value must be defined -# before tomcat-sysd is called. -# 2) Create /etc/sysconfig/${SERVICE_NAME} from /etc/sysconfig/tomcat -# to override tomcat defaults +# You can clone this service by: +# 1.) Add a new EnvironmentFile declaring the new values for CATALINA_BASE +# and others +# 2.) Define new Environment=JSVC_PIDFILE=/var/run/tomcat-foo.pid if you want +# to run more than one service [Unit] Description=Apache Tomcat Web Application Container JSVC wrapper -After=syslog.target network.target +After=network.target [Service] -Type=forking +Type=simple +EnvironmentFile=/etc/tomcat/tomcat.conf ExecStart=/usr/sbin/tomcat-jsvc-sysd start ExecStop=/usr/sbin/tomcat-jsvc-sysd stop diff --git a/tomcat-7.0-jsvc.wrapper b/tomcat-7.0-jsvc.wrapper deleted file mode 100644 index 7c59d55..0000000 --- a/tomcat-7.0-jsvc.wrapper +++ /dev/null @@ -1,83 +0,0 @@ -#!/bin/bash - -if [ -r /usr/share/java-utils/java-functions ]; then - . /usr/share/java-utils/java-functions -else - echo "Can't read Java functions library, aborting" - exit 1 -fi - -# Get the tomcat config (use this for environment specific settings) -#if [ -z "${TOMCAT_CFG}" ]; then -# TOMCAT_CFG="/etc/tomcat/tomcat.conf" -#fi - -#if [ -r "$TOMCAT_CFG" ]; then -# . $TOMCAT_CFG -#fi - -set_javacmd - -# CLASSPATH munging -if [ -n "$JSSE_HOME" ]; then - CLASSPATH="${CLASSPATH}:$(build-classpath jcert jnet jsse 2>/dev/null)" -fi -CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/bootstrap.jar" -CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/tomcat-juli.jar" -CLASSPATH="${CLASSPATH}:$(build-classpath commons-daemon 2>/dev/null)" - -# if jsvc installed and USE_JSVC=true -# then use jsvc instead of calling java directly -if [ -x /usr/bin/jsvc ]; then - JAVACMD="/usr/bin/jsvc -nodetach -user ${TOMCAT_USER} -outfile ${CATALINA_BASE}/logs/catalina.out -errfile ${CATALINA_BASE}/logs/catalina.out" - if [ "$1" = "stop" ]; then - JAVACMD="${JAVACMD} -stop" - fi -fi - -if [ "$1" = "start" ]; then - ${JAVACMD} $JAVA_OPTS $CATALINA_OPTS \ - -classpath "$CLASSPATH" \ - -Dcatalina.base="$CATALINA_BASE" \ - -Dcatalina.home="$CATALINA_HOME" \ - -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" \ - -Djava.io.tmpdir="$CATALINA_TMPDIR" \ - -Djava.util.logging.config.file="${CATALINA_BASE}/conf/logging.properties" \ - -Djava.util.logging.manager="org.apache.juli.ClassLoaderLogManager" \ - org.apache.catalina.startup.Bootstrap start \ - >> ${CATALINA_BASE}/logs/catalina.out 2>&1 & - if [ ! -z "$CATALINA_PID" ]; then - echo $! > $CATALINA_PID - fi -elif [ "$1" = "start-security" ]; then - ${JAVACMD} $JAVA_OPTS $CATALINA_OPTS \ - -classpath "$CLASSPATH" \ - -Dcatalina.base="$CATALINA_BASE" \ - -Dcatalina.home="$CATALINA_HOME" \ - -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" \ - -Djava.io.tmpdir="$CATALINA_TMPDIR" \ - -Djava.security.manager \ - -Djava.security.policy=="${CATALINA_BASE}/conf/catalina.policy" \ - -Djava.util.logging.config.file="${CATALINA_BASE}/conf/logging.properties" \ - -Djava.util.logging.manager="org.apache.juli.ClassLoaderLogManager" \ - org.apache.catalina.startup.Bootstrap start \ - >> ${CATALINA_BASE}/logs/catalina.out 2>&1 & - if [ ! -z "$CATALINA_PID" ]; then - echo $! > $CATALINA_PID - fi -elif [ "$1" = "stop" ]; then - ${JAVACMD} $JAVA_OPTS \ - -classpath "$CLASSPATH" \ - -Dcatalina.base="$CATALINA_BASE" \ - -Dcatalina.home="$CATALINA_HOME" \ - -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" \ - -Djava.io.tmpdir="$CATALINA_TMPDIR" \ - org.apache.catalina.startup.Bootstrap stop \ - >> ${CATALINA_BASE}/logs/catalina.out 2>&1 -elif [ "$1" = "version" ]; then - ${JAVACMD} -classpath ${CATALINA_HOME}/lib/catalina.jar \ - org.apache.catalina.util.ServerInfo -else - echo "Usage: $0 {start|start-security|stop|version}" - exit 1 -fi diff --git a/tomcat-7.0-tomcat-jsvc-sysd b/tomcat-7.0-tomcat-jsvc-sysd deleted file mode 100644 index 3e0373a..0000000 --- a/tomcat-7.0-tomcat-jsvc-sysd +++ /dev/null @@ -1,113 +0,0 @@ -#!/bin/bash -# -# This script provides systemd activation of the tomcat service -# To create clones of this service: -# 1) SERVICE_NAME must be defined before calling this script -# 2) Create /etc/sysconfig/${SERVICE_NAME} from /etc/sysconfig/tomcat -# to override tomcat defaults - -# SERVICE_NAME is a required value only if the service name is -# different from 'tomcat' -# -NAME="${SERVICE_NAME:-tomcat}" - -#I'll bet this isn't required. -# unset ISBOOT - -# For SELinux we need to use 'runuser' not 'su' -if [ -x "/sbin/runuser" ]; then - SU="/sbin/runuser -s /bin/sh" -else - SU="/bin/su -s /bin/sh" -fi - -# Path to the tomcat launch script -TOMCAT_SCRIPT="/usr/sbin/tomcat-jsvc" - -# Define the tomcat username -TOMCAT_USER="${TOMCAT_USER:-tomcat}" - -# TOMCAT_LOG should be different from catalina.out. -# Usually the below config is all that is necessary -TOMCAT_LOG=/var/log/${NAME}/${SERVICE_NAME}-jsvc-sysd.log - -# Get the tomcat config (use this for environment specific settings) -TOMCAT_CFG="/etc/tomcat/tomcat.conf" -if [ -r "$TOMCAT_CFG" ]; then - . $TOMCAT_CFG -fi - -# Get instance specific config file -if [ -r "/etc/sysconfig/${NAME}" ]; then - . /etc/sysconfig/${NAME} -fi - -function parseOptions() { - options="" - options="$options $( - awk '!/^#/ && !/^$/ { ORS=" "; print "export ", $0, ";" }' \ - $TOMCAT_CFG - )" - if [ -r "/etc/sysconfig/${NAME}" ]; then - options="$options $( - awk '!/^#/ && !/^$/ { ORS=" "; - print "export ", $0, ";" }' \ - /etc/sysconfig/${NAME} - )" - fi - TOMCAT_SCRIPT="$options ${TOMCAT_SCRIPT}" -} - -# See how we were called. -function start() { - # fix permissions on the log and pid files - export CATALINA_PID="/var/run/${NAME}.pid" - touch $CATALINA_PID 2>&1 - if [ "$?" -eq "0" ]; then - chown ${TOMCAT_USER}:${TOMCAT_USER} $CATALINA_PID - fi - - touch $TOMCAT_LOG 2>&1 - if [ "$?" -eq "0" ]; then - chown ${TOMCAT_USER}:${TOMCAT_USER} $TOMCAT_LOG - fi - - # if jsvc installed and USE_JSVC=true - # then start as root and use jsvc to drop privileges - if [ -x /usr/bin/jsvc ]; then - TOMCAT_USER="root" - fi - - parseOptions - if [ "$SECURITY_MANAGER" = "true" ]; then - $SU - $TOMCAT_USER -c "${TOMCAT_SCRIPT} start-security" >> $TOMCAT_LOG 2>&1 - else - $SU - $TOMCAT_USER -c "${TOMCAT_SCRIPT} start" >> $TOMCAT_LOG 2>&1 - fi -} - -function stop() { - # if jsvc installed and USE_JSVC=true - # then start as root and use jsvc to drop privileges - if [ -x /usr/bin/jsvc ]; then - TOMCAT_USER="root" - fi - - parseOptions - $SU - $TOMCAT_USER -c "${TOMCAT_SCRIPT} stop" >> $TOMCAT_LOG 2>&1 -} - -# See how we were called. -case "$1" in - start) - start - ;; - stop) - stop - ;; - restart) - stop - start - ;; -esac - diff --git a/tomcat-7.0-tomcat-sysd b/tomcat-7.0-tomcat-sysd index 2fe0eb8..4388021 100644 --- a/tomcat-7.0-tomcat-sysd +++ b/tomcat-7.0-tomcat-sysd @@ -1,88 +1,122 @@ #!/bin/bash # -# This script provides systemd activation of the tomcat service -# To create clones of this service: -# 1) SERVICE_NAME must be defined before calling this script -# 2) Create /etc/sysconfig/${SERVICE_NAME} from /etc/sysconfig/tomcat -# to override tomcat defaults +# This script provides systemd activation of the tomcat service and tomcat +# throught jsvc wrapper -# SERVICE_NAME is a required value only if the service name is -# different from 'tomcat' -# -NAME="${SERVICE_NAME:-tomcat}" +# check the basic environment variables +if [[ -z "${CATALINA_BASE}" || \ + -z "${CATALINA_HOME}" || \ + -z "${CATALINA_TMPDIR}" ]]; then -#I'll bet this isn't required. -# unset ISBOOT +echo "ERROR: one of CATALINA_BASE, CATALINA_HOME or CATALINA_TMPDIR is not defined" >&2 +echo " use proper EnvironmentFile= in your .service file" >&2 +exit 1 -# For SELinux we need to use 'runuser' not 'su' -if [ -x "/sbin/runuser" ]; then - SU="/sbin/runuser -s /bin/sh" -else - SU="/bin/su -s /bin/sh" fi -# Path to the tomcat launch script -TOMCAT_SCRIPT="/usr/sbin/tomcat" - -# Define the tomcat username -TOMCAT_USER="${TOMCAT_USER:-tomcat}" - -# TOMCAT_LOG should be different from catalina.out. -# Usually the below config is all that is necessary -TOMCAT_LOG=/var/log/${NAME}/${NAME}-sysd.log - -# Get the tomcat config (use this for environment specific settings) -TOMCAT_CFG="/etc/tomcat/tomcat.conf" -if [ -r "$TOMCAT_CFG" ]; then - . $TOMCAT_CFG -fi - -# Get instance specific config file -if [ -r "/etc/sysconfig/${NAME}" ]; then - . /etc/sysconfig/${NAME} -fi - -function parseOptions() { - options="" - options="$options $( - awk '!/^#/ && !/^$/ { ORS=" "; print "export ", $0, ";" }' \ - $TOMCAT_CFG - )" - if [ -r "/etc/sysconfig/${NAME}" ]; then - options="$options $( - awk '!/^#/ && !/^$/ { ORS=" "; - print "export ", $0, ";" }' \ - /etc/sysconfig/${NAME} - )" +if [[ "${0}" =~ tomcat-jsvc ]]; then + if [[ ! -x /usr/bin/jsvc ]]; then + echo "ERROR: cannot use ${0}, /usr/bin/jsvc does not exists" >&2 + exit 1 fi - TOMCAT_SCRIPT="$options ${TOMCAT_SCRIPT}" -} + USE_JSVC=true + JSVC_PIDFILE=${JSVC_PIDFILE:-/var/run/${0##*/}} +else + USE_JSVC=false +fi + +#### from /usr/sbin/dtomcat +if [[ -r /usr/share/java-utils/java-functions ]]; then + . /usr/share/java-utils/java-functions +else + echo "ERROR: Can't read Java functions library, aborting" >&2 + exit 1 +fi + +set_javacmd + +# CLASSPATH munging +if [[ -n "$JSSE_HOME" ]]; then + CLASSPATH="${CLASSPATH}:$(build-classpath jcert jnet jsse 2>/dev/null)" +fi +CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/bootstrap.jar" +CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/tomcat-juli.jar" +CLASSPATH="${CLASSPATH}:$(build-classpath commons-daemon 2>/dev/null)" # See how we were called. function start() { - # fix permissions on the log and pid files - export CATALINA_PID="/var/run/${NAME}.pid" - touch $CATALINA_PID 2>&1 - if [ "$?" -eq "0" ]; then - chown ${TOMCAT_USER}:${TOMCAT_USER} $CATALINA_PID + + local ret + + # running as root is not allowed if not running with jsvc + if ! ${USE_JSVC} && [[ $(id -u) == 0 ]]; then + echo "ERROR: starting tomcat under uid 0 is not supported" >&2 + echo " use appropriate User/Group settings in service file" >&2 + echo " see man systemd.exec for details" >&2 + exit 2 fi - touch $TOMCAT_LOG 2>&1 - if [ "$?" -eq "0" ]; then - chown ${TOMCAT_USER}:${TOMCAT_USER} $TOMCAT_LOG - fi - - parseOptions - if [ "$SECURITY_MANAGER" = "true" ]; then - $SU - $TOMCAT_USER -c "${TOMCAT_SCRIPT} start-security" >> $TOMCAT_LOG 2>&1 + if [[ "$SECURITY_MANAGER" = "true" ]]; then + DSECURITY_MANAGER="-Djava.security.manager" else - $SU - $TOMCAT_USER -c "${TOMCAT_SCRIPT} start" >> $TOMCAT_LOG 2>&1 + unset DSECURITY_MANAGER fi + + if ${USE_JSVC}; then + JAVACMD="/usr/bin/jsvc -pidfile ${JSVC_PIDFILE} -nodetach -user ${TOMCAT_USER:-tomcat}" + fi + + ${JAVACMD} $JAVA_OPTS $CATALINA_OPTS \ + -classpath "$CLASSPATH" \ + -Dcatalina.base="$CATALINA_BASE" \ + -Dcatalina.home="$CATALINA_HOME" \ + -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" \ + -Djava.io.tmpdir="$CATALINA_TMPDIR" ${DSECURITY_MANAGER} \ + -Djava.util.logging.config.file="${CATALINA_BASE}/conf/logging.properties" \ + -Djava.util.logging.manager="org.apache.juli.ClassLoaderLogManager" \ + org.apache.catalina.startup.Bootstrap start + ret=${?} + + return $ret } function stop() { - parseOptions - $SU - $TOMCAT_USER -c "${TOMCAT_SCRIPT} stop" >> $TOMCAT_LOG 2>&1 + + local ret + + if ${USE_JSVC}; then + #XXX: foo is needed because of funny jsvc parser needs a class name + /usr/bin/jsvc -stop -pidfile ${JSVC_PIDFILE} foo + ret=${?} + + if [[ $ret == 0 ]]; then + rm -f ${JSVC_PIDFILE} + fi + else + ${JAVACMD} $JAVA_OPTS \ + -classpath "$CLASSPATH" \ + -Dcatalina.base="$CATALINA_BASE" \ + -Dcatalina.home="$CATALINA_HOME" \ + -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" \ + -Djava.io.tmpdir="$CATALINA_TMPDIR" \ + org.apache.catalina.startup.Bootstrap stop + ret=${?} + + # workaround the 143 code emmited by jvm in case of sigterm + # using ExecStart=- will ignore all other failures as well + if [[ ret == 143 ]]; then + ret=0 + fi + fi + + return $ret +} + +function version() { + + exec ${JAVACMD} -classpath ${CATALINA_HOME}/lib/catalina.jar \ + org.apache.catalina.util.ServerInfo + } # See how we were called. @@ -97,5 +131,11 @@ case "$1" in stop start ;; + version) + version + ;; + *) + echo "Usage: $0 {start|stop|restart|version}" >&2 + exit 1 esac diff --git a/tomcat-7.0.conf b/tomcat-7.0.conf index 5ed858d..59b70a9 100644 --- a/tomcat-7.0.conf +++ b/tomcat-7.0.conf @@ -7,7 +7,6 @@ JAVA_HOME="@@@JAVAHOME@@@" # Where your tomcat installation lives CATALINA_BASE="@@@TCHOME@@@" CATALINA_HOME="@@@TCHOME@@@" -JASPER_HOME="@@@TCHOME@@@" CATALINA_TMPDIR="@@@TCTEMP@@@" # You can pass some parameters to java here if you wish to @@ -17,7 +16,11 @@ CATALINA_TMPDIR="@@@TCTEMP@@@" #JAVA_OPTS="-Djava.library.path=@@@LIBDIR@@@" # What user should run tomcat -TOMCAT_USER="tomcat" +# This value is interpreted differently +# 1.) for systemd units derived from tomcat.service, the User/Group settings is used +# 2.) for systemd units derived from tomcat-jsvc.service this value is respected (with tomcat as a default) +# 3.) for sysv init script, this value is respected (with tomcat as a default) +#TOMCAT_USER="tomcat" # You can change your tomcat locale here #LANG="en_US" @@ -32,7 +35,8 @@ SHUTDOWN_WAIT="30" SHUTDOWN_VERBOSE="false" # Set the TOMCAT_PID location -CATALINA_PID="/var/run/tomcat.pid" +# WARNING: does not make any sense for systemd users +#CATALINA_PID="/var/run/tomcat.pid" # Connector port is 8080 for this tomcat instance #CONNECTOR_PORT="8080" diff --git a/tomcat-7.0.service b/tomcat-7.0.service index 9388905..c6c24ca 100644 --- a/tomcat-7.0.service +++ b/tomcat-7.0.service @@ -1,17 +1,18 @@ # Systemd unit file for tomcat -# -# To create clones of this service: -# 1) By default SERVICE_NAME=tomcat. When cloned, the value must be defined -# before tomcat-sysd is called. -# 2) Create /etc/sysconfig/${SERVICE_NAME} from /etc/sysconfig/tomcat -# to override tomcat defaults +# +# You can clone this service by: +# 1.) Add a new EnvironmentFile declaring the new values for CATALINA_BASE +# and others [Unit] Description=Apache Tomcat Web Application Container -After=syslog.target network.target +After=network.target [Service] -Type=forking +Type=simple +EnvironmentFile=/etc/tomcat/tomcat.conf +User=tomcat +Group=tomcat ExecStart=/usr/sbin/tomcat-sysd start ExecStop=/usr/sbin/tomcat-sysd stop diff --git a/tomcat.changes b/tomcat.changes index 6ddb3de..f15fee6 100644 --- a/tomcat.changes +++ b/tomcat.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Thu Jul 19 08:48:31 UTC 2012 - mvyskocil@suse.cz + +- fix bnc#771802 - systemd support is broken + * change type froking to simple as it does not make a sense run java in a + background to emulate that + * remove the need of nested wrappers, so /usr/sbin/tomcat-sysd now relies on + systemd features like User/EnvironmentFile + * workaround the 143 exit code in Stop phase - return 0 in this case + * merge the jsvc into tomcat-sysd code, the -jsvc-sysd is a symlink + * properly use jsvc with pid file to start and stop + ------------------------------------------------------------------- Wed Jun 13 12:37:49 UTC 2012 - mvyskocil@suse.cz diff --git a/tomcat.spec b/tomcat.spec index 5bea3a1..8aa03a5 100644 --- a/tomcat.spec +++ b/tomcat.spec @@ -61,16 +61,14 @@ Source7: %{name}-%{major_version}.%{minor_version}-tool-wrapper.script Source8: servlet-api-OSGi-MANIFEST.MF Source9: jsp-api-OSGi-MANIFEST.MF Source10: %{name}-%{major_version}.%{minor_version}-log4j.properties -Source11: %{name}-%{major_version}.%{minor_version}.service +Source11: tomcat-7.0.service Source12: el-api-OSGi-MANIFEST.MF Source13: jasper-el-OSGi-MANIFEST.MF Source14: jasper-OSGi-MANIFEST.MF Source15: tomcat-api-OSGi-MANIFEST.MF Source16: tomcat-juli-OSGi-MANIFEST.MF -Source17: %{name}-%{major_version}.%{minor_version}-tomcat-sysd -Source18: %{name}-%{major_version}.%{minor_version}-tomcat-jsvc-sysd -Source19: %{name}-%{major_version}.%{minor_version}-jsvc.wrapper -Source20: %{name}-%{major_version}.%{minor_version}-jsvc.service +Source17: tomcat-7.0-tomcat-sysd +Source20: tomcat-7.0-jsvc.service Source1000: tomcat-rpmlintrc #PATCH-FIX-UPSTREAM: from jpackage.org package @@ -189,6 +187,7 @@ Requires(postun): %{_sbindir}/update-alternatives %description jsp-2_2-api Apache Tomcat JSP API implementation classes +%if 0%{?suse_version} > 1140 %package jsvc Summary: Apache jsvc wrapper for Apache Tomcat as separate service Group: Productivity/Networking/Web/Servers @@ -199,7 +198,7 @@ Requires: apache-commons-daemon-jsvc Systemd service and wrapper scripts to start tomcat with jsvc, which allows tomcat to perform some privileged operations (e.g. bind to a port < 1024) and then switch identity to a non-privileged user. - +%endif %package lib Summary: Libraries needed to run the Tomcat Web container @@ -385,14 +384,9 @@ popd ${RPM_BUILD_ROOT}%{_unitdir}/%{name}.service %{__install} -m 0644 %{SOURCE17} \ ${RPM_BUILD_ROOT}%{_sbindir}/%{name}-sysd -%endif -%{__install} -m 0644 %{SOURCE19} \ - ${RPM_BUILD_ROOT}%{_sbindir}/%{name}-jsvc -%if 0%{?suse_version} > 1140 %{__install} -m 0644 %{SOURCE20} \ ${RPM_BUILD_ROOT}%{_unitdir}/%{name}-jsvc.service -%{__install} -m 0644 %{SOURCE18} \ - ${RPM_BUILD_ROOT}%{_sbindir}/%{name}-jsvc-sysd +(cd ${RPM_BUILD_ROOT}%{_sbindir}; ln -s %{name}-sysd %{name}-jsvc-sysd) %endif %{__sed} -e "s|\@\@\@TCLOG\@\@\@|%{logdir}|g" %{SOURCE5} \ > ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d/%{name} @@ -708,10 +702,9 @@ fi %{appdir}/examples %{appdir}/sample +%if 0%{?suse_version} > 1140 %files jsvc %defattr(755,root,root,0755) -%{_sbindir}/%{name}-jsvc -%if 0%{?suse_version} > 1140 %{_sbindir}/%{name}-jsvc-sysd %attr(0644,root,root) %{_unitdir}/%{name}-jsvc.service %endif