Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tomcat down after kernel update

Discussion in 'EasyApache' started by Patricio dos Santos, Jun 22, 2017.

Tags:
  1. Patricio dos Santos

    Joined:
    Jun 22, 2017
    Messages:
    7
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Luanda
    cPanel Access Level:
    Root Administrator
    I am getting this error message:

    The service “tomcat” appears to be down.The service “tomcat” appears to be down.

    So I log in to WHM and Try to restart manually. But still getting this error:
    Code:
    Waiting for “tomcat” to restart ……waiting for “tomcat” to initialize …………………………………finished.
    
    (XID nw587v) The service “tomcat” failed to start with the message: tomcat is not running
    
    Startup Log
    Command '/usr/local/easy/bin/jsvc -user tomcat -cwd /usr/local/easy/share/easy-tomcat7 -pidfile /var/run/easy-tomcat7.pid -cp /usr/local/easy/bin/bootstrap.jar:/usr/local/easy/bin/tomcat-juli.jar:/usr/local/easy/share/java/commons-daemon.jar -Djava.endorsed.dirs=/usr/local/easy/share/easy-tomcat7/endorsed -outfile /var/log/easy-tomcat7/catalina.out -errfile /var/log/easy-tomcat7/catalina.err -verbose org.apache.catalina.startup.Bootstrap start' returned: 0
    
    tomcat has failed. Please contact your system administrator if the service does not automagically recover.
    
    How can I solve this?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    A recent kernel update for CentOS/RHEL 6.x addresses the privilege escalation bug referenced on the following URL:

    CVE - CVE-2017-1000364

    However, it looks like the changes associated with this kernel update prevent Tomcat from starting. We are tracking reports of this issue through internal case EAL-3164, but no additional information or workarounds are available at this time.

    Note that downgrading to the previously installed kernel does allow Tomcat to start again, but by downgrading the kernel your server loses the security patches included with the recent kernel update. I'll update this thread with more information as soon as it's available.

    Thank you.
     
    Patricio dos Santos likes this.
  3. hseagle2015

    hseagle2015 Registered
    PartnerNOC

    Joined:
    Jun 21, 2010
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    51
    Adding -Xss2m switch to /var/cpanel/tomcat.options and Tomcat restart resolves the problem. It's a confirmed workaround for the bug in question - [DAEMON-363] JSVC Fails to launch (SIGBUS 0x7) on Centos 6.9 Kernel 2.6.32-696.3.2.el6.x86_64 - ASF JIRA

    The mentioned tomcat.options file used by Tomcat 5.5. I'd like to know how can we provide Tomcat 7 the same switch?

    According to the documentation at Migrate from Tomcat 5.5 to Tomcat 7 - EasyApache - cPanel Documentation that should be /etc/sysconfig/easy-tomcat7 however it appears that Tomcat doesn't pick up the custom configuration provided in this file.

    Should there be some special configuration formatting in /etc/sysconfig/easy-tomcat7 ?
     
  4. hseagle2015

    hseagle2015 Registered
    PartnerNOC

    Joined:
    Jun 21, 2010
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    51
    OK, both Tomcat 5.5 and Tomcat 7 use /var/cpanel/tomcat.options even though the documentation suggests that Tomcat 7 uses /etc/sysconfig/easy-tomcat7 file.

    Adding the -Xss2m switch to /var/cpanel/tomcat.options resolves the startup problem on both Tomcat versions.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    To update, here's the link to the corresponding RedHat bug report:

    Bug 1464185 – jsvc doesn't work after kernel update for CVE-2017-1000364

    It does appear that adding the following line to the /var/cpanel/tomcat.options file allows Tomcat to start:

    Code:
    -Xss2m
    However, note that we haven't completed sufficient testing on this workaround to verify it doesn't result in any unwanted side effects. We plan to push out an AutoFixer to automatically add this entry to the /var/cpanel/tomcat.options file once it's gone through additional testing. I'll continue to update this thread with more information as it becomes available.

    You are correct that startup options are configured with the /var/cpanel/tomcat.options file in both Tomcat 5.5 and Tomcat 7. I've opened an internal case (DOC-9141) with our Documentation Team to ensure this is reflected in our documentation.

    Thank you.
     
  6. Patricio dos Santos

    Joined:
    Jun 22, 2017
    Messages:
    7
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Luanda
    cPanel Access Level:
    Root Administrator
    After add "-Xss2m" I was able to restart tomcat service. But "Service Status" page still showing tomcat service as down. But I can open my jsp page normally.
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    The service status page updates once every few minutes as part of Chkservd. You can review /var/log/chkservd.log to see if there are any specific error messages if Tomcat is still detected as failed after it's most recent check.

    Thank you.
     
  8. Patricio dos Santos

    Joined:
    Jun 22, 2017
    Messages:
    7
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Luanda
    cPanel Access Level:
    Root Administrator
    Now "Service Status" is showing tomcat as up.

    Thank you.
     
    cPanelMichael likes this.
Loading...

Share This Page