Transcription
End-To-End Setup Guide for ApacheTomcatSetup GuideCUSTOMERDocument Version 7.10.20-2014-07-01
This page is left blank for documents that are printed on bothsides.
END-TO-END SETUP GUIDE FOR APACHE TOMCATTABLE OF CONTENTSINTRODUCTION . 6Supported Apache Tomcat Server versions . 6DIAGNOSTICS ARCHITECTURAL OVERVIEW . 7SETUP FOR E2E ROOT CAUSE ANALYSIS AND SYSTEM MONITORING . 91. Install Diagnostics Agent . 92. Install Introscope Java Agent. 93. Install SLD Data Supplier and register Apache Tomcat Server in SLD.104. Configure Tomcat for E2E .114.1 Enable JMX .11JMX remote connection configuration .114.2 JVM GC log file configuration .174.3 Tomcat logging configuration .185. Run Managed System Configuration .205.1 Assign Product .205.2 Check Prerequisites.225.3 Assign Diagnostics Agent .225.4 Enter System Parameters .225.5 Enter Landscape Parameters .235.6 Finalize configuration .246. Technical Monitoring Setup .25MANUAL SETUP STEPS AND TROUBLESHOOTING .26Diagnostics Template .26E2E Exception Analysis .27
END-TO-END RCA SETUP GUIDE FOR APACHE TOMCATE2E Exception Analysis configuration .27Log Viewer .28Log View configuration LV confix.xml .29Example: Tomcat service log in Log Viewer .32E2E Workload Analysis .32Intorscope Java Agent .32Host Agent.33Host Agent Adapter.34GC log file path for Tomcat in Landscape Browser .35E2E Extractor Framework .36Relevant SAP notes .38ADDITIONAL INFORMATION .384
END-TO-END RCA SETUP GUIDE FOR APACHE TOMCATThis page is left blank for documents that are printed on bothsides.5
END-TO-END RCA SETUP GUIDE FOR APACHE TOMCATIntroductionSAP Solution Manager 7.1 supports Apache Tomcat Server products with End-to-End Root Cause Analysisand System Monitoring. The guide documents how to setup E2E RCA and System Monitoring in SAPSolution Manager 7.1 SP12 for Apache Tomcat Server.This guide is part of a global installation and configuration documentation. You may find more informationin the SAP Service MarketplaceRoot Cause Analysis Installation and Upgrade Guide with SOLMAN SETUPhttps://service.sap.com/diagnostics Installation and ConfigurationSolution Manager Installation Guideshttps://service.sap.com/instguidesSAP ComponentsSAP Solution Manager7.1ReleaseAn up-to-date version of this document is attached to the SAP note 1633036.Supported Apache Tomcat Server versionsFollowing Apache Tomcat Server releases are supported:SAP Solution Manager 7.1 SP2o Apache Tomcat 5.5o Apache Tomcat 6.0SAP Solution Manager 7.1 SP8o Apache Tomcat 7.0The screenshots and the navigation in this document apply to the SAP Solution Manager 7.1 SP12. Thedocument is also valid for the older SPs, however.6
END-TO-END RCA SETUP GUIDE FOR APACHE TOMCATDiagnostics architectural overviewThe goal of the section is to provide a ‘ten thousand foot view’ over the architecture of SAP SolutionManager 7.1 and to introduce main components.E2E RCA for Apache Tomcat Server in SAP Solution Manager 7.1 is based on following components:SAP Host AgentSolution Manager Diagnostics AgentSAP Solution Landscape Directory (SLD)SLD Data Supplier for Apache TomcatLandscape Management Database (LMDB)CA Introscope Enterprise ManagerCA Introscope Java AgentThe figure below depicts the key components in the SAP Solution Manager landscape.Solution Manager Diagnostics AgentThe SAP Solution Manager Diagnostics Agent is the remote component of the E2E Root Cause Analysis. Itenables SAP Solution Manager to connect to the satellite system (Apache Tomcat) to gather required datafrom the satellite systems and to report it to the SAP Solution Manager system.7
END-TO-END RCA SETUP GUIDE FOR APACHE TOMCATSAP Host AgentSAP Host Agent can be considered as the component responsible for the monitoring of the host/OS. It isinstalled on the satellite system (the Tomcat host). With the latest Diagnostics Agent versions the SAP HostAgent is installed automatically with the Diagnostics Agent. The SAP Host Agent can also be installedseparately.CA Introscope Enterprise ManagerWily Introscope is an application management solution created to manage Java Application performance.Introscope has three main components: the Enterprise Manager, the Workstation, and agents.CA Introscope Java AgentThe Java Agent is the component of Introscope that collects performance data from your applicationsrunning on Java Virtual Machines (JVMs), and sends it to the Introscope Enterprise Manager.SAP Solution Landscape Directory (SLD)A system landscape consists of a number of hardware and software components that depend on eachother with regard to installation, software updates, upgrades, and demands on interfaces. The SAP SystemLandscape Directory (SLD) is a central repository of system landscape information.SLD Data Supplier for Apache TomcatThe SLD Data Supplier for Apache Tomcat is the software component that runs on the Tomcat andperiodically reports landscape information to the SAP SLD.Landscape Management (LMDB)The Landscape Management Database is the repository of system landscape information in SAP SolutionManager.8
END-TO-END RCA SETUP GUIDE FOR APACHE TOMCATSetup for E2E Root Cause Analysis and System MonitoringThe following table lists the steps required to set up E2E Root Cause Analysis for an Apache Tomcat Serversystem.Step 1Install Diagnostics AgentStep 2Install CA Introscope BC AgentStep 3Install SLD Data Supplier and register ApacheTomcatsystem in SAP SLD/SAP Solution ManagerStep 4Configure Apache Tomcat for monitoringStep 5Run Managed System SetupStep 6Run Technical Monitoring Setup1. Install Diagnostics AgentPlease refer to SAP note 1365123 Installation of Diagnostics Agents.Diagnostics Agent 7.3 installs automatically SAP Host Agent. Please make sure, however, that SAP HostAgent corresponds to the version in the SAP note 1448655. In addition, please refer to SAP Note 1031096“Installing Package SAPHOSTAGENT” for details on how to install the SAP Host Agent package.2. Install Introscope Java AgentPlease refer to SAP note 13438005 “Wily Introscope Agent for Apache Tomcat Server” for details.9
END-TO-END RCA SETUP GUIDE FOR APACHE TOMCAT3. Install SLD Data Supplier and register Apache Tomcat Server in SLDLandscape information is the basis for all processes in SAP Solution Manager 7.1. SAP Solution Managerstores the landscape information in the Landscape Management Database (LMDB).SAP Solution Manager collects and stores detailed data about the system landscape such as:Landscape data of the Apache Tomcat Server systems (hosts/servers) and their properties (paths,ports).Installed software (software and product components versions).Database information.Solution Manager uses one or multiple SAP Software Landscape Directory (SLD) systems to query for thelandscape information. For that purpose SAP Solution Manager 7.1 provides content synchronizationmechanism between SLD and LMDB.More InformationFor more information, see Landscape Data Management Overview and Maintenance of Product in theSystem Landscape in the SAP Community Network.SAP provides SLD Data Supplier for Apache Tomcat. The SLD-DS automatically reports landscape data ofthe Apache Tomcat server to the SAP SLD. The SAP note 1508421 “SAP SLD Data Supplier for ApacheTomcat” describes how to install and configure the SLD-DS for Apache Tomcat. Please refer to the SAP note1508421 for details.NOTE:Consider to assign an appropriate System ID to the Tomcat system. Use the SYSTEM ID configurationproperty of the SLD-DS for that. For example,SYSTEM ID ATC SYSTEMIf you don’t specify the system ID identifier explicitly, it will be automatically assigned in the SAP SolutionManager.10
END-TO-END RCA SETUP GUIDE FOR APACHE TOMCAT4. Configure Tomcat for E2EA default Apache Tomcat installation lacks some configuration settings by the SAP Solution Managerrequired for E2E RCA and System Monitoring. For example, Tomcat is typically installed without any loggingconfiguration and without Java GC logging and with no JMX enabled.Apply following configuration changes and restart the Tomcat:1. Enable JMX.2. Configure Java GC logging.3. Configure Apache Tomcat logging.4.1 Enable JMXThe E2E Workload Analysis and System Monitoring use the performance data reported by the Tomcatthrough JMX. JMX is not enabled in Tomcat by default. To enable JMX data, add the following JVM systemproperty to the Tomcat’s JVM configuration:-Dcom.sun.management.jmxremoteWith the Thread Dump Analyzer application in SAP Solution Manager 7.1 you can trigger and analyzethread dumps from the Tomcat. To trigger thread dumps with the TDA you must additionally setup a JMXremote connection.JMX remote connection configurationTo monitor the Tomcat via JXM and to trigger and analyze thread dumps in the SAP Solution Manager youcan additionally configure a JMX remote connection.Set following JVM system properties in the Tomcat’s JVM startup configuration:com.sun.management.jmxremote.port jmx port Tomcat expects that the remote connection is protected by user/password authentication. You shouldeither disable authentication explicitly or provide valid credentials with JMX remote access and passwordfiles.To disable authentication of JMX remote connection, set the following JVM system property:com.sun.management.jmxremote.authenticate falseTo protect Tomcat from unauthorized access through JMX remote connection you can secure the accesswith user and password. For that add following JVM parameters:com.sun.management.jmxremote.ssl falsecom.sun.management.jmxremote.authenticate true11
END-TO-END RCA SETUP GUIDE FOR APACHE TOMCATcom.sun.management.jmxremote.password.file pathjmxremote.password com.sun.management.jmxremote.access.file path jmxremote.access Example: Tomcat JVM parameters for JMX (Windows)-Dcom.sun.management.jmxremote.port 9004-Dcom.sun.management.jmxremote.ssl false-Dcom.sun.management.jmxremote.authenticate true-Dcom.sun.management.jmxremote.password.file m.sun.management.jmxremote.access.file C:/APACHE/Tomcat6.0.33/conf/jmxremote.accessThere path jmxremote.password and path jmxremote.access are the paths to thepassword and access control files. The password file CATALINA BASE/conf/jmxremote.access definesavailable user roles (user names) and their permissions. The password control file CATALINA BASE/conf/jmxremote.password defines the passwords for each role.NOTE: SSL is currently not supported.Edit the jmxremote.access file.In the jmxremote.access file, add an appropriate role with the readwrite access, for example asmdAgentRole role:smdAgentRole readwriteEdit the jmxremote.password file.In the jmxremote.password file specify the password for the role you defined in the jmxremote.access file:smdAgentRole abcd123412
END-TO-END RCA SETUP GUIDE FOR APACHE TOMCATNoteThe JMX remote connection role/password needs to be specified in the Managed System Setup for theApache Tomcat Server system in the “Enter System Parameters” step.Access to the password fileMake sure that only the Tomcat’s user account has the permission (read and write) to access thejmxremote.password file. For security reasons, because the file contains unencrypted passwords, Tomcatchecks on the file access at stat up and, if Tomcat does not have exclusive access to the file, aborts thestartup.The check causes problems particularly on Windows, if Tomcat runs as a Windows service under the localuser account.The access configuration to the password and access files is platform depended. On Windows it alsodepends whether Tomcat runs as the built-in system account or as a “named” user.13
END-TO-END RCA SETUP GUIDE FOR APACHE TOMCATTomcat Service running as Local System accountTomcat Service running as “user” accountOn Windows for (local) system accountPerform following steps to restrict the access to the jmxremote.password file for a built-in system account1. Right click password file and open Properties.2. On the Security tab, go to “Advanced” dialog.3. In the “Advanced Security Settings” clear the “Include inheritable permissions from this object’sparent” checkbox. Remove all inherited permissions and apply the changes.beforeAfter4. On the Security tab, edit the permissions. Remove the permissions for all groups/user namesexcept the SYSTEM account.14
END-TO-END RCA SETUP GUIDE FOR APACHE TOMCATbeforeafter5. Set the file owner to the “SYSTEM” account.beforeafterOn Windows for user accountPerform the following steps described to restrict the access to the jmxremote.password file for a “named”user account.15
END-TO-END RCA SETUP GUIDE FOR APACHE TOMCATRight click password file and open Properties.1. On the Security tab, go to “Advanced” dialog.2. In the “Advanced Security Settings” clear the “Include inheritable permissions from this object’sparent” checkbox. Remove all inherited permissions and apply the changes.3. On the Security tab, edit the permissions. Remove the permissions for all groups/user namesexcept the user account that Tomcat runs on.On Linux:Logon as the Tomcat user and apply the chmod 600 command.Further ReferencesPlease consult Apache Tomcat documentation for more details. E.g. Apache Tomcat 6.0 - Monitoring andManaging Tomcat - Enable JMX Remote under following link html#Enabling JMX RemotePlease refer also to Java documentation for JMX, e.g. the “Monitoring and Management Using JMX”chapter in Java 1.5 documentation de/management/agent.html.The chapter “How to Secure a Password File on Microsoft Windows Systems” es/guides/management/security-windows.html16
END-TO-END RCA SETUP GUIDE FOR APACHE TOMCAT4.2 JVM GC log file configurationTo monitor memory consumption and Java garbage collection behavior SAP Solution Manager collects andanalyzes the GC log of the JVM. By default no GC logging is enabled in the Tomcat. GC logging can beconfigured with appropriate JVM parameters. The parameters are JDK- specific. Please also consult thespecific JDK’s documentation for more details.Oracle JDKTo enable GC logging on Oracle JDK set the following JVM system properties:–Xloggc: path to GC.log - Enables logging for the JVM GC processes into the log file specified by the pathto GC.log parameter. Please use an absolute path here.-XX: PrintGCDetails - Gives details about the GCs, such as: Size of the young and old generation before andafter GCs; Size of total heap Time it takes for a GC to happen in young and old generation; Size of objectspromoted at every GC-XX: PrintGCTimeStamps - Prints the times at which the GCs happen relative to the start of the application.IBM JDKTo enable GC logging on IBM JDK please set the following JVM system properties:-verbose:gc - Enables logging for the JVM GC processes into a log file–Xverbosegclog: path to GC.log - Enables logging for the JVM GC processes into the log file specified bythe path to GC.log parameter. Please use an absolute path here.Example: GC parameters for Apache Tomcata. If Tomcat is started via a OS script (e.g. on Linux) add following JXM system parameters to the Tomcatstaring script (e.g. catalina.bat/catalina.sh):set CATALINA OPTS %CATALINA OPTS% -Xloggc:C:/APACHE/Tomcat/Tomcat6.0.33/gcTomcat.gc -XX: PrintGCDetails -XX: PrintGCTimeStampsb. If Tomcat is started as a windows service, open the “Configure Tomcat” application add the required JVMsystem properties on the tab “Java” into the field “Java Options”17
END-TO-END RCA SETUP GUIDE FOR APACHE TOMCAT4.3 Tomcat logging configurationMake sure, the logging is properly configured. Check whether the JVM system properties“java.util.logging.manager” and “java.util.logging.config.file” are set. For example,-Djava.util.logging.manager ogging.config.file iesAll logs have to be written in English (e.g. the time format and the severity). To c
Apply following configuration changes and restart the Tomcat: 1. Enable JMX. 2. Configure Java GC logging. 3. Configure Apache Tomcat logging. 4.1 Enable JMX The E2E Workload Analysis and System Monitoring use the performance data reported by the Tomcat through JMX. JMX is not enabled in Tomcat by default. T
