12/1/2021

Tomcat Azure

Bitnami has partnered with Azure to make Tomcat available in the Microsoft Azure. Launch Tomcat with one click from the Bitnami Launchpad for Microsoft Azure. It is free and it takes only a minute. Follow the next steps to get started. The Apache Tomcat® software is an open source implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies. The Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket specifications are developed under the Java.

Purpose

The purpose of this blog is to provide guidelines to configure tomcat cluster in order to achieve high-availability for SAP BusinessObjects BI Platform web application servers on Azure.

Tomcat Azure Paas

SAP Note 2808640 provide detailed steps to configure tomcat cluster using multicast but in Azure multicast is not supported. Refer SAP Note 2764907 and FAQs – Azure Virtual Network.

So to configure tomcat cluster on Azure, we need to use

Azure Tomcat App Service

Overview

The deployment of SAP BusinessObjects BI Platform on Azure is similar to on-premise deployment. But in Azure, you can leverage some of their offerings to build the application which can reduces maintenance work for some application components like DBaaS (Azure SQL Database) for CMS Database, Azure Files or Azure NetApp Files (ANF) for File Repository Server, Azure Load Balancer or Application Gateway for load balancing traffic to web server, .

In below figure, SAP BusinessObjects BI Platform is installed on two Azure Virtual Machines (VM) along with tomcat. To load balance the traffic between two web servers, application gateway is used. The application gateway IP address (10.31.3.20) act as an entry point for the users, handles incoming TLS/SSL (HTTPS – TCP/443) connections, decrypt the TLS/SSL and passing on the un-encrypted request (HTTP – TCP/8080) to the servers (azusbosl1 or azusbosl2) in the backend pool. With in-built TLS/SSL termination feature, we just need to maintain only one TLS/SSL certificate i.e. on Azure Application Gateway which simplifies operations.

When one of the web server goes down, application gateway route all the traffic to other host(s). This way we can attain high availability of tomcat server at host level. But the problem here is that, we lose user session along with the host. So user needs to login again to access application via different tomcat server. To ensure user sessions remain intact during tomcat service disruption, we need to configure session replication in tomcat which replicates user session to other hosts that are member of the cluster group.

Traditionally in on-premise deployment, tomcat cluster is configured using multicast but as this is not supported on Azure (SAP Note ), we need to configure tomcat cluster using Static Membership Interceptor.

Configuration Steps

To configure tomcat cluster on Azure, follow SAP Note with some changes in member verification option – instead of using McastService attribute we will be using StaticMember attribute for cluster membership. In this illustration, we are using two web servers azusbosl1 and azusbosl1 on Linux.

  • Copy forcereplicationvalve.jar from INSTALLDIR/enterprise_xi40/java/lib to TOMCATINSTALLDIR/tomcat/lib (in all tomcat nodes – azusbosl1 and azusbosl2)
  • Open INSTALLDIR/tomcat/conf/server.xml
  • Perform below action in azusbosl1

    where org.apache.catalina.tribes.group.interceptors.StaticMembershipInterceptor class include the information of all the other web server host that you want to be part of tomcat cluster. In this example, it includes information about azusbosl2. uniqueID is a universally unique ID for static member. The value must be 16 bytes in format {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}. For more information on attribute and option, refer Tomcat cluster guide.

  • Perform below action in azusbosl2

    where org.apache.catalina.tribes.group.interceptors.StaticMembershipInterceptor class include the information of all the other web server host that you want to be part of tomcat cluster. In this example, it includes information about azusbosl1. uniqueID is a universally unique ID for static member. The value must be 16 bytes in format {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}. For more information on attribute and option, refer Tomcat cluster guide

  • In the web.xml of all web applications (azusbosl1 and azusbosl2) desired to have failover, the following tag must be added within <web-app> and </web-app> tags:
  • Restart Tomcat. If there is no error then your tomcat server will start without any issue.You will find below message in catalina*.log file under INSTALLDIR/tomcat/logs directory, when tomcat service get started.

    – On azusbosl1 (restarted first after changes)

    – On azusbosl2 (started after azusbosl1 is up and running).

    – On azusbosl1 log file, you will see that a cluster member is added as soon as tomcat on azusbosl2 is started.


NOTE:
To have these changes persist through wdeploy / install / upgrade / repair actions, step 4 must also be performed to the web.xml of the web applications stored in warfiles/webapps, eg: INSTALLDIR/enterprise_xi40/warfiles/webapps/BOE/WEB-INF/web.xml

Testing Tomcat Cluster

  • We have tomcat running on azusbosl1 and azusbosl2, but to simplify the test case we will first stop tomcat on azusbosl2 and make sure that our connection to CMC application happens through tomcat server running on azusbosl1.
  • Application Gateway URL: https://10.31.3.20/BOE/CMCNOTE: We have only stopped tomcat service on azusbosl2, not BOBI application. So it might happen that even though the tomcat session is established on azusbosl1, it get connected to CMS service running on azusbosl2. It is not the case here, but it might happen.
  • Now start tomcat on azusbosl2. It will immediately become part of tomcat cluster, which you can verify in azusbosl1 tomcat catalina*.log fileIn azusbosl2 catalina*.log file, you will see that server request session state from azusbosl1 (10.31.0.8)
  • Session states are transferred, now we will kill the tomcat process in azusbosl1
  • It takes few seconds to fail-over. But once the fail-over is completed, you can continue using CMC/BI application with the same user session. So you don’t need to login again

Issue

When user try to access the application during tomcat service crash, it might happen that user will get 502 - Web server received an invalid response while acting as a gateway or proxy server error message. It is because session fail-over is still happening and it takes few seconds before user can connect to the same user session.

Resolution: Wait for few seconds and then click on any options in CMC/BI application. User will be able to access the application with the same session.

Tomcat Azure Authentication

References

Tomcat Catalina Configuration

Regards,

Dennis Padia.

Azure makes it easy to deploy and scale Java apps, using the tools you know and love. You can easily get started following below linkhttps://docs.microsoft.com/en-us/java/azure/

There are multiple approaches to run Java app on Azure App Services. One such would be to use Application Settings for enabling Java and Web Container.

After Enabling above options,

  • Navigate to kudu Console https://<Your_App_Name>.scm.azurewebsites.net/DebugConsole
  • Go to D:homesitewwwroot folder and you should find a webapps folder inside it.
  • You can drop your app’s .war file inside webapps folder (as in below image)
  • It would explode automatically and your app should be up and running

Here is how it works internally, Request reaches one of your worker instance and hits IIS which in-turn forwards it to Tomcat.

After couple of days, you might want to Add/Change tomcat config while using existing approach. You should be able to find tomcat config files in D:Program Files (x86)apache-tomcat-x.x.xxconf but unfortunately these files are not editable.

Scienario : By Default, Tomcat doesn’t print time taken for request in site access log. Here i would alter tomcat config using a workaround for above approach to print time_taken.

  • Create a web.config file inside D:homesitewwwroot with below content in it
Tomcat Azure

web.config is an IIS configuration file and we are using it to pass extra config in arguments to tomcat when it starts tomcat for the first request.

Note: Here i have set processPath to D:Program Files (x86)apache-tomcat-8.5.20binstartup.bat. Change it as per your requirement

Tomcat Azure Vm

As you can see above, we are passing D:homesitewwwrootconfserver.xml as our new tomcat config file.

  • Create new server.xml file at above mentioned location and copy content fromD:Program Files (x86)apache-tomcat-x.x.xxconfserver.xml

Alter its value to obtain required config. I have added %T in pattern for site_access_log as below

Here is my site_access_log with time_taken printed in it.

Troubleshoot:

  1. App did not start after above configuration. Make sure your app is using 64-bit java/platform. In above web.config file we have added few extra CATALINA_OPTS that doesn’t go well on 32-bit.

Reference:

https://docs.microsoft.com/en-us/iis/extensions/httpplatformhandler/httpplatformhandler-configuration-reference