使用脚本为tomcat 构建chroot non
最近为线上tomcat 构建chroot non-root环境,看了官方文档后,操作步骤还是不少。整个脚本以便批量创建,在这里对我当前的环境做个说明。关于脚本在使用过程中出现问题,请直接回复!具体环境:tomcat 6.0.3x+apr+apr-util+apr-iconv+jdk1.6+cronolog
根据官方的建议,对jbchroot.c进行编译,获得jbchroot的可执行文件. 使用的好处是,它能够在chroot环境下,使用非root权限进行运行。在于lib64里库文件复制,可以参照物我的。我根据自己当前环境,添加了一下相应的文件。如 cp /usr/local/sbin/cronologusr/local/sbin
脚本使用方法: ./scriptname 后,输入chroot目录路径,以及tomcat解压后的目录环境。
脚本会根据你当前的系统环境变量进行jdk1.6目录复制。
关于脚本中提到的jbchroot.c 在这里可以复制保存并上传到/tmp目录下!
http://my.safaribooksonline.com/book/programming/java/0596003188/jbchrootdotc/tomcat-app-c
[*]#!/bin/bash -x
[*]#used for create tomcat chroot
[*]#myhat.blog.运维网.com
[*]JAVA_HOME=/usr/local/jdk1.6
[*]
[*]while true
[*]do
[*] read -p "please input your chroot directory :"CHROOT
[*] read -p "please input tomcat direcotry :" TOM_PATH
[*] if [ "$CHROOT" = "" ];then
[*] echo "Your must input chroot directory"
[*] exit 1
[*] else
[*] test -e $CHROOT || mkdir $CHROOT
[*] if [ "$TOM_PATH" = "" ];then
[*] echo "Your must input tomcat directory"
[*] exit 1
[*] else
[*] test -e $TOM_PATH || mkdir $TOM_PATH
[*] fi
[*] fi
[*] break
[*]done
[*]
[*]
[*]#mkdir base dir
[*]mkdir -p $CHROOT/chroot/usr/local/sbin/
[*]mkdir -p $CHROOT/chroot/{lib,lib64,etc,tmp,dev,usr,proc,bin}
[*]
[*]cd $CHROOT/chroot/
[*]chmod 755 etc dev usr
[*]chmod 1777 tmp
[*]#copy base file
[*]cp -af /etc/hosts etc/
[*]cp -af /etc/resolv.conf etc/
[*]cp -af /etc/nsswitch.conf etc/
[*]
[*]#command file
[*]cp /bin/uname bin/
[*]mkdir -p usr/bin/
[*]mkdir -p usr/local/
[*]cp -f /usr/bin/dirname usr/bin/
[*]cp -f /usr/bin/tty usr/bin/
[*]cp -f /bin/touch bin/
[*]cp -f /bin/bash bin/
[*]ln -s /bin/bash bin/sh
[*]cp /usr/local/sbin/cronologusr/local/sbin
[*]#make dir and copy libs
[*]cp -rva $JAVA_HOME $CHROOT/chroot/$JAVA_HOME
[*]cd /lib64
[*]for i in libpthread.so.0 ld-linux-x86-64.so.2libc.so.6libdl.so.2 libm.so.6 libnsl.so.1 libnss_dns.so.2 libnss_files.so.2libresolv.so.2 librt.so.1 libtermcap.so.2
[*]do
[*]cp -p$i$CHROOT/chroot/lib64
[*]done
[*]
[*]#make dev
[*]mkdir -p $CHROOT/chroot/dev/pts
[*]cd /dev
[*]./MAKEDEV -d $CHROOT/chroot/dev null random urandom zero loop* log console
[*]cp -a MAKEDEV $CHROOT/chroot/dev
[*]cp -a /dev/shm $CHROOT/chroot/dev
[*]# make proc
[*]mkdir -p $CHROOT/chroot/proc
[*]mount -t proc proc $CHROOT/chroot/proc
[*]
[*]# test
[*]chroot $CHROOT/chroot$JAVA_HOME/bin/java -version&& echo "tomcat chroot env is ok"
[*]
[*]sleep 3
[*]cp -r $TOM_PATH$CHROOT/chroot/usr/local/
[*]# create user
[*]id tomcat || useradd -M -s /sbin/nologin tomcat
[*]chown tomcat.tomcat -R $CHROOT/chroot/usr/local/tomcat6.0
[*]chown 755$CHROOT/chroot/usr/local/tomcat6.0
[*]cd$CHROOT/chroot/usr/local/tomcat6.0
[*]chown -R tomcat logs/ temp/ work/ webapps/ conf/
[*]
[*]gcc -O /tmp/jbchroot.c -o/usr/local/bin/jbchroot
[*]chmod 755/usr/local/bin/jbchroot
[*]chown root.root /usr/local/bin/jbchroot
在这里有一个地方需要注意:就是挂载proc文件,有时候机器发生重启,如果直接启动会导致tomcat 启动失败,并且在启动过程中不会有任何提示。如果有重启系统,请记得挂载proc文件。
在此写一个小脚本做备用:假定我使用的chroot目录为 /opt/chroot ,我的tomcat路径为/usr/local/tomcat6.0
[*]#!/bin/bash
[*]case $1 in
[*]start)
[*] mount | grep /opt/chroot
[*] if [ "$?" != "0" ];then
[*] mount -t proc proc /opt/chroot/proc
[*] fi
[*] sleep 3
[*] /usr/local/bin/jbchroot -U tomcat -- /opt/chroot/ /bin/bash /usr/local/tomcat6.0/bin/startup.sh
[*];;
[*]
[*]stop)
[*] if [ "$?" = "0" ];then
[*] umount /opt/chroot/proc
[*] fi
[*] kill -9 `ps aux | grep java| grep -v grep | awk '{print $2}'`
[*];;
[*]*)
[*] echo "USAGE:{start|stop}"
[*];;
[*]esac
以上脚本均经过测试,修改后可以正常使用。
[*]使用以上脚本在建立完chroot环境后,运行很正常,但是面临另外一个问题:
[*]a、tomcat 的输出日志里面有中文,会乱码;里面项目日志也同样会乱码!
[*]具体方法:修改tomcat配置
[*]# vim /opt/chroot/usr/local/tomcat6.0/bin/catalina.sh
[*]JAVA_OPTS="-Xms1536m -Xmx1536m -XX:PermSize=128M -XX:MaxNewSize=256m -XX:MaxPermSize=256m"
[*]JAVA_OPTS="$JAVA_OPTS -Dclient.encoding.override=UTF-8 -Dfile.encoding=UTF-8 -Duser.language=zh -Duser.region=CN"
[*]export JAVA_OPTS;
[*]//解决了catalina.out里面的中文乱码
[*]
[*]如果在项目里的中文乱码:
[*]# cat /opt/chroot/usr/local/tomcat6.0/webapps/ccc/WEB-INF/classes/log4j.properties
[*] log4j.appender.ROLLING_FILE.encoding=UTF-8
# ps aux |grep java
tomcat 6581 17.6 22.0 2392632 668824 pts/2Sl 09:15 2:33 /usr/local/jdk1.6/bin/java -Djava.util.logging.config.file=/usr/local/tomcat6.0/conf/logging.properties -Xms1536m -Xmx1536m -XX:PermSize=128M -XX:MaxNewSize=256m -XX:MaxPermSize=256m -Dclient.encoding.override=UTF-8 -Dfile.encoding=UTF-8 -Duser.language=zh -Duser.region=CN -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.endorsed.dirs=/usr/local/tomcat6.0/endorsed -classpath /usr/local/tomcat6.0/bin/bootstrap.jar -Dcatalina.base=/usr/local/tomcat6.0 -Dcatalina.home=/usr/local/tomcat6.0 -Djava.io.tmpdir=/usr/local/tomcat6.0/temp org.apache.catalina.startup.Bootstrap start
附件:http://down.运维网.com/data/2362007
页:
[1]