Running Wildfly 10.1.0 with limited user permissions - linux

I have a wildfly 10 install running on CentOS Linux 7.3.1611 with kernel3.10.0-514.16.1.el7.x86_64.
Initially when I started running wildfly I was doing so as root in a domain configuration. I have decided to change this practice and configure it as a service. After configuring it as a service, and letting it run for a while I decided to create a user "wildfly", and make the appropriate changes to the systemd service config and directory permissions. Wildfly starts up properly and the application runs fine.
My issue starts when I try and create another server instance from the management console. The console records the server but its never able to start. After some checking I found wildfly is unable to create server directories. This occurs even when having permissions to do so.
The only error I get is this one from /var/log/audit/audit.log;
type=ANOM_ABEND msg=audit(1507241312.223:19650): auid=4294967295 uid=994 gid=994 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 pid=8570 comm="java" reason="memory violation" sig=6
I have disabled SELinux, and checked the ACL's on all files in the directory structure. Any help would be greatly appreciated. Thanks in advance.

Related

service <tomcat8> start fails to start service without any error in servlet.log

I upgraded Apache tomcat from 7.x to 8.5.29 recently. tomcat is deployed inside my application. I have /etc/init.d script which starts tomcat (off course along with some of my project specific other services as well).
Command: service start was working fine till I was on tomcat 7 and then after upgrade to tomcat 8.5.29 this command stopped working. There are no changes in /etc/init.d script at all. Just matter of tomcat upgrade only. Servlet.log is not showing any error but if I compare servlet.log of tomcat 7 and tomcat 8.5.29 then I can figure out that my application is not loading. As such there are no errors in servlet.log of tomcat 8.
Whereas all things works prefectly fine if I use /etc/init.d/<myapp -tomcat8> start.
I'll really appreciate if I can get any help from you all guys.
So after 2-3 days of struggle, I found solution to my own question. Someone may find useful.
I switched on debug mode of apache tomcat 7 (I am using log4j2 and already it was configured) and apache tomcat 8 on two different system and compared working log of apache tomcat 7 with non-working log of apache tomcat 8. I found that tomcat8 is scanning many extra and irrelevant things.
I updated context.xml, located in Tomcat's /conf directory as follow and that worked for me.
<JarScanner scanClassPath="false"/>
Please note following :
Placing above in app specific context.xml didn't worked for me.
Updating catalina.properties file with tomcat.util.scan.StandardJarScanFilter.jarsToSkip=\*.jar was also not working for me.
After doing changes I was facing error : java.lang.IllegalStateException: No output folder but that was due to wrong permission/ownership of tomcat folder.

I can SSH as root into LEMP centos on VULTR, but I can't sftp for the life of me

I tried the exact same thing with an Ubuntu LEMP, and had no issue sftp as root.
I deployed a one-click CENTOS 6 LEMP with Vultr. I can SSH into it fine, but the root credentials don't work to stfp into it. It just times out.
I've tried creating a new user with root access, added to wheel and even tried adding to visudo - with this used I can sftp ok, but when I navigate to...
/usr/share/ngix/html/
... to create folders and upload static websites pages - I get permission error.
All I want to do here is this really, host simple static website.
Why can't I sftp as root?
What am I missing here?
SFTP as root typically requires you to be able to SSH as root. It is common (and good security practice) for the default sshd configs to not allow root login.
Check your sshd configs.

Tomcat Intellij Idea: Remote deploy

RackSpace Cloud Server Ubuntu-12.04, Intellij Idea-11.1.2, Windows-8, Tomcat-7.0.26, JDK-6.
On Intellij Idea when i try to run jsf project on my remote Tomcat 7 server it says:
Error running servername: Unable to connect to the ip-address:1099
It seems problem is about JNDI port which is 1099 but I couldn't activate it I guess. Tomcat config is sth. like that:
What I've tried?
Setting CATALINA_OPTS or JAVA_OPTS on the server side with:
CATALINA_OPTS=-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port=1099
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false
and
JAVA_OPTS=-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port=1099
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false
But this one did not work, any ideas?
My answer to my question:
The correct way to deploy remotely is editing JAVA_OPTS environment variable on the remote server. Just enter the command below:
export JAVA_OPTS="-Dcom.sun.management.jmxremote=
-Dcom.sun.management.jmxremote.port=1099
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false"
If that's not going to work and if you don't have any obsession to deploy your website via Intellij Idea, I've got the solution for this problem. To be able to run your website under Tomcat, you can/should get artifact in form of .war file.
It can be done in Intellij from project settings(ctrl+alt+shift+s) then hit the plus button and add new artifact(web:application archieve)
After rebuilding the artifact, .war file can be seen in project-folder\out\artifacts. Next, you should place this file into your tomcat/webapps folder.
For example if you are using Tomcat-7, the folder that I mean exists in /var/lib/tomcat7/webapps. Before copying your .war file you should rename it as ROOT.war. This provides to access your site directly by http://youripaddress:8080. After restarting Tomcat7 service you can access the site.
But not finished yet, you can debug your project remotely like you are debugging your project at your local machine with Intellij Idea. Open Run/Debug Configuration in Idea, hit the plus button and there must be Remote. This is the way to debug your projects for application servers like JBoss, Glassfish as well in Idea. Enter your host and port numbers, select your project as a module.
Before starting to debug, as Intellij says you should give the following parameter to your server JVM:
JAVA_OPTS="$JAVA_OPTS -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005"
To be able to do that in Ubuntu and for Tomcat-7, modified the catalina.sh file in usr/share/tomcat7 folder. I inserted the parameter above of the if [ -z "$LOGGING_MANAGER" ]; then line. It must be on the middle part of the file. Then you should be able to debug your project with Intellij Idea.

PHP JAVA Bridge

I am very new to Linux but I am trying best to learn. We have dedicated hosting server of CentOS 6. It is configure with Apache Server as our public website. Now we need to install PHP JAVA Bridge on it.
What I did is, I install TomCat 6 and jdk 1.6. Then I copy JavaBridge.war file to $CATALINA_HOME/webapps folder and jar files on $CATALINA_HOME/lib folder. When I check from tomcat 8080 port JavaBridge is working very good.
Then I make symlink of $CATALINA_HOME/webapps/JavaBridge on my apache server. Untill here everything is okay
But when I try to browse from browser like http://www.xxx.com/JavaBridge I will get following error
You don't have permission to access /JavaBridge/ on this server.
Apache Server at www.gizeleonline.com Port 80
Now my question is that do I am doing it in wrong way or do I have to get rid of Apache server or I am missing something.
Kindly help on this experts :)
Actually it was my mistake. I just re-image my server and re-install everything it start working everything. thanx for help every body

Can't deploy Tomcat webapp in Netbeans 6.8

When trying to deploy an Tomcat application in Netbeans I get the following message:
FAIL - Deployed application at context path /Webapp but context failed to start
/some/dir/Webapp/nbproject/build-impl.xml:593: The module has not been deployed.
Looking at catalina.out I found this:
SEVERE: Error starting static Resources
java.lang.IllegalArgumentException: Document base /some/dir/Webapp/build/web does not exist or is not a readable directory
at org.apache.naming.resources.FileDirContext.setDocBase(FileDirContext.java:142)
at org.apache.catalina.core.StandardContext.resourcesStart(StandardContext.java:4086)
(...)
But I can do cd /some/dir/Webapp/build/web without a problem!
So far:
The deployed(?) application appears
listed on Tomcat's manager, but I
can't start it.
Tried to remove Webapp.xml in /usr/share/tomcat6/conf/Catalina/localhost, but the problem persists.
/usr/share/tomcat6/work/Catalina/localhost/Webapp is empty.
I'm using Tomcat 6, Netbeans 6.8, Ubuntu 10.04.
Edit:
I have no trouble deploying the application using Tomcat's manager.
Tomcat was running under tomcat6 user. Doing su tomcat6 I can't cd /some/dir/Webapp/build/web (permission denied).
So finally I had to change permissions, allowing tomcat user to access the directory.
I'm guessing that you're looking at some permission issues. Tomcat is probably trying to deploy that app directly from it's location on your disk. See what user id tomcat is running under with: ps -aux | grep -i tomcat then su <user id> to that user and see if you can get to the application's directory.
Also you can see if the app will deploy via Tomcat's manager app, which is usually found here: http://localhost:8080/manager/html

Resources