Ubuntu
tomcat6 package

Tomcat 6 missing directory "Catalina" in /etc/tomcat6 - so impossible to deploy webapp

Bug #294277 reported by Vincent DAVY
14
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tomcat6 (Ubuntu)
Fix Released
Medium
Thierry Carrez
Intrepid
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: tomcat6

Hi,

On ubuntu 8.10, the conf directory for tomcat6 is located in /etc/tomcat6, and this directory is not writable for tomcat6 user, which one tomcat6 process is executed under.
Tomcat 6 version is 6.0.18-0ubuntu3

However, if you try to deploy a webapp with a META-INF/context.xml you can't get it working because when you put a webapp to tomcat to have it autodeployed, tomcat will copy the META-INF/context.xml picked up from the war file to [tomcat-home]/conf/Catalina/localhost/webappname.xml
Here "Catalina" and "localhost" depend on your service name and virtual host name.
"[tomcat-home]/conf/" is "/etc/tomcat6" on the file system.

But due to the fact that the /etc/tomcat6 is not tomcat6 user writable, tomcat can't create subdirectories "Catalina/localhost/webappname.xml" so your webapp can't have its context setted and it won't start access the database you setted in a datasource in the context.xml file.

I solved the problem creating a directory named "Catalina" (take care about the case) under /etc/tomcat6, chowned it to tomcat6:tomcat6 and restarting tomcat.
After restarting, it created the subdirectories listed above.

I think this directory must be available at the installation of tomcat6.

This took me an afternoon to discover it and drove me a bit cray.

Sorry for this awful engish - I'm french. That means all.

Revision history for this message
Thierry Carrez (ttx) wrote :

The "Catalina" directory gets installed when you install one of the applications packages (tomcat6-examples, tomcat6-docs, tomcat6-admin...). But you're right, it should be created by the tomcat6 package itself.

The question of making that directory writable by the tomcat6 user is a question of security/policy/feature tradeoff... So far we made the choice of not allowing Tomcat 6 to modify files below /etc by itself (and by doing so, we break some of the admin webapps features). However I didn't thought we were breaking autodeployment.

Just to be clear, by "autodeploying" you mean put WAR files into the appBase directory ? I thought tomcat would unpack those, but not copy the context.xml file to conf/Catalina/localhost.

Revision history for this message
Vincent DAVY (vincentdavy) wrote :

Hi, thanks for your answer

yes autodeploying is just put war file in the appbase dir.
It works witout errors if you don't have a context file to be copied in the Catalina dir.
but webapp without databases are not very common also you have many cases of webapps with a database connection using a pool, so a context file.

I agree with you about tomcat should not be able to write directly in the /etc/ dir but why not put the catalina dir in the tomcat sand box (/var/lib/tomcat6 if i am right) like it was for the previous release of tomcat (5.5) in the previous release of ubuntu (8.04 lts) - with the config dir in the /usr/share/tomcat5.5
and a link to the /etc/ dir

So what should be done for this issue ?

Revision history for this message
Thierry Carrez (ttx) wrote :

The way the Catalina directory is handled should be modified. It should be provided by the tomcat6 package and (if we want autodeployment to work correctly) be writeable by tomcat6. What still needs to be discussed for the second part of the implementation is if we want to accept that security/feature trade-off, and the location of the Catalina directory (in /etc or retrolinked to /var/lib/tomcat6/something).

As a workaround, sudo apt-get install tomcat6-docs to get the Catalina directory installed and sudo chown -R tomcat6 /etc/tomcat6/Catalina to make it writeable.

Changed in tomcat6:
importance: Undecided → Medium
status: New → Confirmed
Thierry Carrez (ttx)
Changed in tomcat6:
assignee: nobody → tcarrez
status: Confirmed → In Progress
Revision history for this message
Thierry Carrez (ttx) wrote :

Debdiff for proposed new version of tomcat6

tomcat6 (6.0.18-0ubuntu4) jaunty; urgency=low

  * tomcat6.init, tomcat6.postinst, tomcat6.dirs, tomcat6.default,
    README.debian: Use /tmp/tomcat6-temp instead of /var/lib/tomcat6/temp as
    the JVM temporary directory and clean it at each restart (LP: #287452)
  * policy/04webapps.policy: add rules to allow usage of java.io.tmpdir
  * tomcat6.init, rules: Do not use TearDown, as this results in
    LifecycleListener callbacks in webapps being bypassed (LP: #299436)
  * rules: Compile at Java 1.5 level to allow usage of Java 5 JREs
    (LP: #286427)
  * control, rules, libservlet2.5-java-doc.install,
    libservlet2.5-java-doc.links: New libservlet2.5-java-doc package ships
    missing Servlet/JSP API documentation (LP: #279645)
  * patches/use-commons-dbcp.patch: Change default DBCP factory class
    to org.apache.commons.dbcp.BasicDataSourceFactory (LP: #283852)
  * tomcat6.dirs, tomcat6.postinst, default_root/index.html: Create
    Catalina/localhost in /etc/tomcat6 and make it writeable by the tomcat6
    group, so that autodeploy and admin webapps work as expected (LP: #294277)
  * patches/disable-apr-loading.patch: Disable APR library loading until we
    properly provide it.
  * patches/disable-ajp-connector: Do not load AJP13 connector by default
    (LP: #300697)
  * rules: minor fixes to prevent build being called twice.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package tomcat6 - 6.0.18-0ubuntu4

---------------
tomcat6 (6.0.18-0ubuntu4) jaunty; urgency=low

  * tomcat6.init, tomcat6.postinst, tomcat6.dirs, tomcat6.default,
    README.debian: Use /tmp/tomcat6-temp instead of /var/lib/tomcat6/temp as
    the JVM temporary directory and clean it at each restart (LP: #287452)
  * policy/04webapps.policy: add rules to allow usage of java.io.tmpdir
  * tomcat6.init, rules: Do not use TearDown, as this results in
    LifecycleListener callbacks in webapps being bypassed (LP: #299436)
  * rules: Compile at Java 1.5 level to allow usage of Java 5 JREs
    (LP: #286427)
  * control, rules, libservlet2.5-java-doc.install,
    libservlet2.5-java-doc.links: New libservlet2.5-java-doc package ships
    missing Servlet/JSP API documentation (LP: #279645)
  * patches/use-commons-dbcp.patch: Change default DBCP factory class
    to org.apache.commons.dbcp.BasicDataSourceFactory (LP: #283852)
  * tomcat6.dirs, tomcat6.postinst, default_root/index.html: Create
    Catalina/localhost in /etc/tomcat6 and make it writeable by the tomcat6
    group, so that autodeploy and admin webapps work as expected (LP: #294277)
  * patches/disable-apr-loading.patch: Disable APR library loading until we
    properly provide it.
  * patches/disable-ajp-connector: Do not load AJP13 connector by default
    (LP: #300697)
  * rules: minor fixes to prevent build being called twice.

 -- Thierry Carrez <email address hidden> Thu, 27 Nov 2008 12:47:42 +0000

Changed in tomcat6:
status: In Progress → Fix Released
Revision history for this message
Thierry Carrez (ttx) wrote :

Minimal patch for Intrepid SRU

Revision history for this message
Thierry Carrez (ttx) wrote :

Intrepid SRU Report

Bug impact: Tomcat doesn't fully autodeploy applications dropped into /var/lib/tomcat6/webapps: it fails to autodeploy the context file into /etc/tomcat6/Catalina/localhost. This results in half-deployed applications and a difficult problem to troubleshoot.

Versions affected: Intrepid (tomcat6 didn't exist before)
Fix in development branch: Was fixed in 6.0.18-0ubuntu4 (see comment 5)

Minimal patch: see comment 6 just above. This will be released as a combined SRU with bug 283852.

TEST CASE:
Download the attached test-deploy.war, then:
$ sudo apt-get install tomcat6
$ sudo cp test-deploy.war /var/lib/tomcat6/webapps/
After a few seconds, you should be able to access http://localhost:8080/test-deploy/
Without the fix, the displayed context parameter value is "null". /etc/tomcat6/Catalina/localhost doesn't exist.
With the fix, the displayed context parameter value is "My Company, Incorporated". An /etc/tomcat6/Catalina/localhost/test-deploy.xml file was automatically created.

Regression potential:
The patch basically creates the Catalina/localhost directories in tomcat6 (rather than waiting for a webapp package to create them) and changes the permissions from root:root 755 to 775 root:tomcat6. This is a targeted and permissive change, so the regression potential is very low.

Revision history for this message
Martin Pitt (pitti) wrote :

This debdiff doesn't actually create /etc/tomcat6/Catalina, just changes its permissions. The bug description sounds as if it is completely missing?

If I misunderstood this, and the problem is really just wrong permissions, please go ahead and upload.

Changed in tomcat6:
assignee: nobody → tcarrez
Revision history for this message
Thierry Carrez (ttx) wrote :

No, you understand it right, the bug is also about /etc/tomcat6/Catalina and /etc/tomcat6/Catalina/localhost not being created (empty) by tomcat6 but only by the tomcat6 webapps, so if you don't install any webapp, then you can't use autodeploy.

However, the debdiff does create "/etc/tomcat6/Catalina/localhost" (in tomcat6.dirs) which results in the creation of both /etc/tomcat6/Catalina and /etc/tomcat6/Catalina/localhost ?

Revision history for this message
Thierry Carrez (ttx) wrote :

Debdiff for combined SRU (bug 283852 and bug 294277)

tomcat6 (6.0.18-0ubuntu3.1) intrepid-proposed; urgency=low

  * patches/use-commons-dbcp.patch: Change default DBCP factory class
    to org.apache.commons.dbcp.BasicDataSourceFactory (LP: #283852)
  * tomcat6.dirs, tomcat6.postinst, default_root/index.html: Create
    Catalina/localhost in /etc/tomcat6 and make it writeable by the tomcat6
    group, so that autodeploy and admin webapps work as expected (LP: #294277)

Revision history for this message
Martin Pitt (pitti) wrote :

Ah, I didn't see that, sorry. Please go ahead and upload.

Changed in tomcat6:
status: New → Confirmed
Thierry Carrez (ttx)
Changed in tomcat6:
assignee: tcarrez → nobody
Revision history for this message
Martin Pitt (pitti) wrote :

Accepted into intrepid-proposed, please test and give feedback here. Please see https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in tomcat6:
status: Confirmed → Fix Committed
Revision history for this message
Thierry Carrez (ttx) wrote :

Ran test case with current tomcat6-6.0.18-0ubuntu3 : FAIL
Ran test case with proposed tomcat6-6.0.18-0ubuntu3.1 : SUCCESS
Upgrade/removal/purge tests: SUCCESS

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package tomcat6 - 6.0.18-0ubuntu3.1

---------------
tomcat6 (6.0.18-0ubuntu3.1) intrepid-proposed; urgency=low

  * patches/use-commons-dbcp.patch: Change default DBCP factory class
    to org.apache.commons.dbcp.BasicDataSourceFactory (LP: #283852)
  * tomcat6.dirs, tomcat6.postinst, default_root/index.html: Create
    Catalina/localhost in /etc/tomcat6 and make it writeable by the tomcat6
    group, so that autodeploy and admin webapps work as expected (LP: #294277)

 -- Thierry Carrez <email address hidden> Fri, 05 Dec 2008 09:58:55 +0100

Changed in tomcat6:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.