4

I've had this working for months but I had a power cycle today and something broke. Sorry, this is a bit detailed and specific, but I'm desperate for help.

I have apache-2.2 and two tomcat-6 servers (simply running from two separate folders). I don't have any http connectors but I have one ajp connector running on each server on ports 8009 and 8010. Upon startup both tomcats report the connector is running and there doesn't seem to be any problem:

INFO: JK: ajp13 listening on /0.0.0.0:8009
...
INFO: JK: ajp13 listening on /0.0.0.0:8010

I'm reasonably sure I have my workers and apache configuration setup correctly. I can reach the connector on 8009 fine, no problems at all, but when I try 8010 apache gives me a 503. Checking the log (mod_jk.log) it says:

jk_open_socket::jk_connect.c (594): connect to 127.0.0.1:8010 failed (errno=13)
ajp_connect_to_endpoint::jk_ajp_common.c (922): Failed opening socket to (127.0.0.1:8010) (errno=13)
ajp_send_request::jk_ajp_common.c (1507): (eis) connecting to backend failed. Tomcat is probably not started or is listening on the wrong port (errno=13)

But what I can't understand is if I do a simple telnet to that port and send a GET:

# telnet 127.0.0.1 8010
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
GET
Connection closed by foreign host.

It hits the correct tomcat (the error is expected):

Oct 25, 2011 6:17:10 PM org.apache.jk.common.MsgAjp processHeader
SEVERE: BAD packet signature 18245
Oct 25, 2011 6:17:10 PM org.apache.jk.common.ChannelSocket processConnection
SEVERE: Error, processing connection

So why can't apache reach it? The telnet works whether I'm a super user or not. What could be going on? I'm completely stumped.

And I've tried restarting both apache and tomcat and nothing changes. Thanks for taking a look.

EDIT-1: Quick update to this ... I added an http connector and it works fine but the ajp connector is still failing.

EDIT-2: Here are the config details per request ...

workers.properties:

worker.list=service1,service2

worker.service1.type=ajp13
worker.service1.host=127.0.0.1
worker.service1.port=8009

worker.service2.type=ajp13
worker.service2.host=127.0.0.1
worker.service2.port=8010

httpd.conf (I see both jkmount and JkMount ... does caps matter?):

JkMount /s1 service1
JkMount /s1/* service1

JkMount /s2 service2
JkMount /s2/* service2

server.xml for service1:

<Connector port="8009" protocol="AJP/1.3" />

server.xml for service2:

<Connector port="8010" protocol="AJP/1.3" />

I think that's it.

rjcarr
  • 2,072
  • 2
  • 22
  • 35
  • You first code block contains the two "ajp13 listening" from the two tomcats. Is that in the same logfile? Do both tomcats log in the same logfile? – cherouvim Oct 26 '11 at 05:54
  • Can you post the relevant configuration sections from 2 tomcats server.xml and apache's mod_jk configuration section? – cherouvim Oct 26 '11 at 05:56
  • cherouvim: There are two completely independent tomcats and those are from two log files. I could post the config sections but I think it complicates things. I'm more interested in how it could be possible that I can telnet to the port but apache can't find it. Still, I'll tack on the config if you think it'll help. Thanks! – rjcarr Oct 26 '11 at 06:17
  • At the point you get the connection error in mod_jk.log, do you get anything in tomcat's catalina log? – cherouvim Oct 26 '11 at 07:34
  • Also, what is your JkLogLevel? Lastly, if you shut down both tomcats, is anything listening on 8010? – cherouvim Oct 26 '11 at 07:36
  • Have you tried enabling the status worker to see the state of your service1 and service2 workers? – cherouvim Oct 26 '11 at 07:44
  • cherouvim: No, nothing gets logged (or makes it) to tomcat; My log level is info, good idea, I'll turn it down; Yes, I'm thinking it might have something to do with port access, I believe my telnet test was done as root so I'll need to test as non-root; I don't think I know what a 'status' worker is but I'll see if I can find more info. Good ideas, thanks again for the help! – rjcarr Oct 26 '11 at 07:54
  • For the status worker have a look at http://tomcat.apache.org/connectors-doc/reference/status.html and http://tomcat.apache.org/connectors-doc/generic_howto/loadbalancers.html – cherouvim Oct 26 '11 at 09:13

2 Answers2

6

Do you have SELinux on the system? Can you try:

setenforce 0

It could be preventing the apache process to connect. Also, check your firewall rules...

Marek Schmidt
  • 76
  • 3
  • I figured this out before I saw your response but you were exactly right. SELinux was open on 8009 but not 8010. I think I must have temporarily disabled it before the power outage. I've been burned by SELinux so many times I should have figured this out. To anyone that cares, SELinux had 8008 open and unused, so I just switched to using that. – rjcarr Jan 27 '12 at 07:54
  • SELinux is disabled but I face the same issue. Can anyone please advice on this? – Java-Seekar Jan 31 '19 at 04:28
0

By default 8009 is opened by selinux, you can open more ports to use.

[goalin@centos63 logs]$ sudo semanage port -l | grep 8009

http_port_t tcp 80, 443, 488, 8008, 8009, 8443

[goalin@centos63 logs]$ sudo semanage port -a -t http_port_t -p tcp 18009

[goalin@centos63 logs]$ sudo semanage port -a -t http_port_t -p tcp 28009

[goalin@centos63 logs]$ sudo semanage port -l | grep 8009

http_port_t tcp 28009, 18009, 80, 443, 488, 8008, 8009, 8443

[goalin@centos63 logs]$

Goal Lin
  • 1
  • 1