Description

Apache Tomcat is an open source implementation of the Java Servlet and JavaServer Pages (JSP) specifications, and provides a "pure Java" HTTP web server environment for Java web applications to run.

Readme

Overview

Apache Tomcat is an open source implementation of the Java Servlet and JavaServer Pages (JSP) specifications, and provides a "pure Java" HTTP web server environment for Java web applications to run.

Apache Tomcat 7 implements the Java Servlet 3.0 and JSP 2.0 specification from Sun Microsystems/Oracle.

http://tomcat.apache.org

Usage

General

A tomcat deployment consists of a Tomcat service:

juju deploy tomcat

By default, this is Tomcat version 7. You can deploy Tomcat 6 by specifying the version at deployment. First create a YAML file with the contents:

tomcat:
  tomcat_version: tomcat6

Then deploy:

juju deploy --config config.yaml tomcat

Once deployed, you can specify what http port to use:

# use port 80 for http
juju set tomcat http_port=80

(NOTE: You could also do this at deployment with the --config switch)

The Tomcat manager applications, enabled by default, are protected by HTTP basic password protection. To access the applications you must set a password for either the admin or status roles. The admin role has full access to configure Tomcat whereas the status role may only see server status. To set passwords:

juju set tomcat admin_password=<password>
juju set tomcat status_password=<password>

To expose Tomcat to the Internet:

juju expose tomcat

Open web browser to http://<host>/manager or http://<host>/manager/status
using your admin or status username/password respectively.

(Note: Passwords will be sent to the manager in plain text, so it is recommended to enable HTTPS as follows)

To enable HTTPS:

# enable https connector
juju set tomcat https_enabled=True
# use port 443 for https
juju set tomcat https_port=443

Open web browser to https://<host>/manager or https://<host>/manager/status.

A self-signed certificate will be generated for HTTPS use by default. You can specify your own private key and certificate as a PKCS12 file as follows:

# set pkcs12 file
juju set tomcat keystore=`base64 < <pkcs12 file>`
# set pkcs12 file password
juju set tomcat keystore_password=<password>

The PKCS12 file is transmitted securely to your Juju cluster and subsequently used by all service units (added with juju add-unit) for easy certificate management. Should you remove your certificate by setting keystore to an empty string, a new self-signed certificate will be generated for use.

While the manager applications are a useful way of testing a Tomcat installation there is no real usage for them when deploying applications using a Juju subordinate charm like j2ee-deployer. Therefore as a security precaution, it is recommended you disable them in a production environment:

# disable manager applications
juju set tomcat manager_enabled=False

Tomcat offers two pure Java HTTP connectors, Blocking I/O ("bio") and Non-Blocking I/O ("nio").

  • bio is the default connector and uses a thread per connection.
  • nio uses a single thread to read connections asynchronously.

If you have enough traffic to be concerned about performance of each, it is recommended you benchmark both. Better performance can be achieved with either depending on conditions. Traditionally, Java application traffic favors the bio connector and serving of static content with the nio connector.

You may set either as follows:

# set nio connector
juju set tomcat http_connector=nio

# set bio connector
juju set tomcat http_connector=bio

Deploying a WebApp to Tomcat

A webapp can be deployed with the Tomcat charm in one of two ways: it can be provided by another charm, or you can manually upload it.

For another charm to provide a webapp, it must be a subordinate charm that supports the java-webapp relation.

To upload a webapp to Tomcat, simply use the following:

juju scp webapp.war tomcat/0:
juju ssh tomcat/0 'sudo mv webapp.war /var/lib/tomcat7/webapps'

(If you changed the version of tomcat being deployed, you will need to adjust the path appropriately.)

Java Debugger (JDB)

Remote debugging can be useful for application development and diagnosing problems with a deployed application. There are many debugging tools, including jdb, and most Integrated Development Environments (IDEs) provide the ability to attach to remote servers and step through code line by line.
The tomcat charm provides the ability to attach remote debuggers by using the debug_enabled configuration option. The default port 8000 is open when True and closed when False (default).

Java Management Extensions (JMX)

JMX monitoring is disabled by default, but you can enable it with the following commands:

juju set tomcat jmx_enabled=True
juju set tomcat jmx_control_password=<password>
juju set tomcat jmx_monitor_password=<password>

The control role (username = controlRole) allows read/write access, the monitor role (username = monitorRole) read only access. If a password is empty, it disables access for that role.

There is a further JMX option, jmx_localhost. This determines what hostname is given to the JMX client to connect to. If false, the internal hostname or private IP address of the unit will be used, meaning connection is suited to either LXC based deployments or cloud deployments where you have VPN access:

JConsole or VisualVM connect to <private unit address>:10001 with
username/password

For cloud deployments, setting this to True uses hostname localhost, which allows you to connect over a ssh tunnel:

ssh -L 10001:localhost:10001 -L 10002:localhost:10002 <public unit address>
JConsole or VisualVM connect to localhost:10001 with username/password

The latter is much more typical of out of the box deployment, so jmx-localhost defaults to True.

Java Naming and Directory Interface (JNDI)

Tomcat supports adding arbitrary configuration parameters for JNDI lookup by deployed applications. This enables you to develop applications that discover configuration details at runtime simply by referencing pre-determined JNDI names. This charm supports lookup of different Juju services, each of which may be configured using the appropriate jndi_<type>_config option. Unless specified otherwise, options are generally a comma separated list of JNDI name, service and type specific colon separated values:

<name>:<service>,<name>:<service>

This allows you to map Juju services to JNDI names as follows:

# map the JNDI name 'param/Memcached' to the Juju service named 'memcached'
juju set tomcat jndi_memcached_config="param/Memcached:memcached"

# map the JNDI name 'param/Terracotta' to the Juju service named 'terracotta'
juju set tomcat jndi_terracotta_config="param/Terracotta:terracotta"

The charm will take care of mapping the JNDI name with the private addresses of the Juju services. If you add units of memcached or terracotta the charm will add the new addresses appropriately. A brief description of the available JNDI relations is below.

Memcached (jndi_memcached_config) - Provides a space separated string of all unit addresses for specified memcached service. This can be used directly in instantiating an instance of a Memcached client such as spymemcached (see http://code.google.com/p/spymemcached/ for more details).

Terracotta (jndi_terracotta_config) - Provides a comma separated string of all unit addresses for the specified Terracotta service. This can be injected directly into EHCache or Quartz configuration (see http://www.terracotta.org for more details).

Scale out Usage

Clustering

Tomcat supports session clustering, allowing a group of Tomcat units to replicate J2EE session information to each other. This is useful for HA deployments where session contents are important. To enable clustering across units:

# enable clustering
juju set tomcat cluster_enabled=True

# add 2 more units to cluster
juju add-unit -n 2 tomcat

By default, static membership is used over multicast based membership which means units depend on local cluster configuration to determine cluster groups. Multicast uses multicast UDP packets on a pre-determined address/port to determine cluster groups. Where a cloud provider such as EC2 disables multicast traffic between instances, static membership must be used. Where multicast traffic is allowed, it is preferred and may be enabled as follows:

# enable multicast clustering
juju set tomcat multicast=True

# set multicast address
juju set tomcat multicast_address=228.0.0.4

# set multicast port
juju set tomcat multicast_port=34569

For maximum performance with clustering, it is recommended you use a load balancer in front of Tomcat that supports "sticky sessions".

Contact Information

This charm was originally written by Robert Ayres robert.ayres@ubuntu.com and is maintained by Matthew Bruzek matthew.bruzek@canonical.com. If you encounter a bug with the tomcat charm please open a bug.

Apache Tomcat Project Information

Configuration

jmx_jar_url
(string) Catalina JMX JAR distribution URL (only required if using Tomcat 7+)
http://archive.apache.org/dist/tomcat/tomcat-7/v7.0.26/bin/extras/catalina-jmx-remote.jar
manager_enabled
(boolean) Enable management applications
True
https_port
(int) HTTPS port
8443
java_opts
(string) Java options for JVM
-Xms768M -Xmx1024M
tomcat_version
(string) The version of Tomcat to deploy ('tomcat6' or 'tomcat7')
tomcat7
jmx_localhost
(boolean) Use localhost over LAN hostname in connections. Useful for SSH tunnels.
True
multicast_port
(int) Multicast network port for clustering
34569
status_username
(string) Status username
status
status_password
(string) Status password
keystore
(string) PKCS12 keystore containing private key and X.509 certificate (base64 encoded)
http_port
(int) HTTP port
8080
jmx_jar_md5
(string) Catalina JMX JAR MD5 distribution hash (only required if using Tomcat 7+)
82763603dc177d9aabd17d39cef7dcbb
jmx_monitor_password
(string) JMX monitor password
jmx_enabled
(boolean) Enable JMX monitoring
debug_enabled
(boolean) Enable JDWP debugger on port 8000 for remote debugging
terracotta_url
(string) Terracotta distribution URL
http://d2zwv9pap9ylyd.cloudfront.net/terracotta-3.6.2.tar.gz
admin_password
(string) Admin password
terracotta_md5
(string) Terracotta MD5 distribution hash
92c6456f1641b7662b4dedec15eaf3f4
keystore_password
(string) Keystore password
cluster_enabled
(boolean) Enable session clustering
jndi_memcached_config
(string) JNDI Memcached relation configuration
jndi_terracotta_config
(string) JNDI Terracotta relation configuration
https_enabled
(boolean) Enable HTTPS connector
multicast_address
(string) Multicast network address for clustering
228.0.0.4
admin_username
(string) Admin username
admin
jmx_control_password
(string) JMX control password
multicast
(boolean) Use multicast networking for clustering
http_connector
(string) HTTP connector type ('bio' or 'nio')
bio