java 与仅使用 systemd 相比,我从 JSVC 中获得了什么好处?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/28894008/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
What benefit do I get from JSVC over just using systemd?
提问by
The Tomcat documentation describesthe process of compiling and installing JSVCwhich can be used to run Tomcat as a daemon. As per my understanding, JSVC has two benefits:
Tomcat 文档描述了编译和安装JSVC的过程,JSVC可用于将 Tomcat 作为守护程序运行。据我了解,JSVC 有两个好处:
- It launches as root allowing for the use of a privileged port (like 80 or 443).
- It creates a "controller process" which will monitor a "controlled process" (the main Java thread) and restart the process on failure.
- 它以 root 身份启动,允许使用特权端口(如 80 或 443)。
- 它创建了一个“控制器进程”,它将监视一个“受控进程”(主 Java 线程)并在失败时重新启动进程。
I've been learning systemd, including the service unit configuration. Based on my limited understanding, systemd is able to perform the same tasks as JSVC if I set User=tomcat(using the desired username) and Restart=on-failurein my tomcat.serviceconfiguration file.
我一直在学习systemd,包括服务单元配置。根据我有限的理解,如果我在我的配置文件中设置User=tomcat(使用所需的用户名),systemd 能够执行与 JSVC 相同的任务。Restart=on-failuretomcat.service
Using JSVC, I would expect tomcat.serviceto look something like this:
使用JSVC,我希望tomcat.service看起来像这样:
[Unit]
Description=Apache Tomcat
After=network.target
[Service]
Environment=CATALINA_PID=/var/run/tomcat.pid
Environment=JAVA_HOME=/path/to/java
Environment=CATALINA_HOME=/opt/tomcat
...
ExecStart=/opt/tomcat/bin/jsvc \
-Dcatalina.home=${CATALINA_HOME} \
-user tomcat \
-java-home ${JAVA_HOME} \
-pidfile ${CATALINA_PID} \
...
org.apache.catalina.startup.Bootstrap
ExecStop=/opt/tomcat/bin/jsvc \
-pidfile ${CATALINA_PID} \
...
-stop \
org.apache.catalina.startup.Bootstrap
[Install]
WantedBy=multi-user.target
Using systemd, I would expect tomcat.serviceto look something like this:
使用systemd,我希望tomcat.service看起来像这样:
[Unit]
Description=Apache Tomcat
After=network.target
[Service]
Type=forking
PIDFile=/var/run/tomcat.pid
User=tomcat
Group=tomcat
Environment=JAVA_HOME=/path/to/java
Environment=CATALINA_HOME=/opt/tomcat
...
Restart=on-failure
ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/opt/tomcat/bin/shutdown.sh
[Install]
WantedBy=multi-user.target
My preference is using just systemd as it's already there and I have to (should) use it anyway. I am however uncertain as to whether or not I will be missing any benefit of using JSVC that I am overlooking.
我的偏好是只使用 systemd,因为它已经存在,无论如何我都必须(应该)使用它。然而,我不确定我是否会错过我忽略的使用 JSVC 的任何好处。
What can be achieved by JSVC that cannot be achieved by systemd if I want to run Tomcat as a daemon?
如果我想将Tomcat作为守护进程运行,JSVC可以实现systemd无法实现的功能?
Also, if systemd is able to perform the same tasks as JSVC as well as JSVC, I'd also like to ask for any configuration tips you may offer to best achieve the benefits of JSVC using just systemd.
此外,如果 systemd 能够执行与 JSVC 和 JSVC 相同的任务,我还想询问您可能提供的任何配置技巧,以最好地使用 systemd 实现 JSVC 的好处。
采纳答案by zbyszek
In general, most of the functionality provided by jsvc is provided by systemd, with the exception of opening of privileged ports (see below). If possible, it is a very good idea to switch to using systemd functionality directly, since things become simpler and more efficient.
一般来说,jsvc 提供的大部分功能都是由 systemd 提供的,除了开放特权端口(见下文)。如果可能,最好直接切换到使用 systemd 功能,因为事情变得更简单、更高效。
Your unit file looks mostly OK, with the exception of
你的单元文件看起来基本没问题,除了
ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/opt/tomcat/bin/shutdown.sh
This part looks like another wrapper which can be replaced with a direct to
java -jar ....
这部分看起来像另一个包装器,可以直接替换为
java -jar ....
Opening privileged sockets
打开特权套接字
Under Systemd this is usually done through socket activation. Systemd opens the socket and hands it to the daemon as an open file descriptor (like stdin, stdout, stderr).
在 Systemd 下,这通常是通过套接字激活来完成的。Systemd 打开套接字并将其作为打开的文件描述符(如 stdin、stdout、stderr)交给守护进程。
The daemon can then be started as unprivileged user, and does not drop privileges itself. The daemon has to support this, and instead of opening the socket by itself, it should use the one it was given. Under Java this is made very problematic by the lack of support in the Java stdlib.
然后守护程序可以作为非特权用户启动,并且不会自行删除特权。守护进程必须支持这一点,而不是自己打开套接字,它应该使用给定的套接字。在 Java 下,由于缺乏 Java 标准库的支持,这变得非常成问题。
AFAIK, tomcat does not support socket activation, so if you want to use an privileged port and run the daemon under an unprivileged user, jsvc might still be necessary.
AFAIK,tomcat 不支持套接字激活,因此如果您想使用特权端口并在非特权用户下运行守护程序,可能仍然需要 jsvc。
回答by kervin
At this point, I'd use JSvc. But wrap it with a Systemd script if I had to.
在这一点上,我会使用 JSvc。但如果必须的话,用 Systemd 脚本包装它。
Keep in mind JSvc is just another executable. So a regular system user can configure a JSvc service for instance. It's safe to say that on most distros Systemd requires root privileges to be configured.
I've also written Java programs that use JSvc and ProcRun.exe by wrapping a small Java interface. This allows me to use the same service code and even JUnit integration tests on Unix and Windows OSes. So I would argue JSvc and ProcRun.exe together facilitate cross-platform service code.
JSvc has some interesting Java specific options that may be useful to you. Such as how to start the JVM ( process or DLL ), etc. You can write a lot of those into a Systemd script, but I suspect you'd just be rewriting JSvc in Bash at that point.
请记住 JSvc 只是另一个可执行文件。所以一个普通的系统用户可以配置一个 JSvc 服务。可以肯定地说,在大多数发行版上 Systemd 需要配置 root 权限。
我还编写了通过包装一个小的 Java 接口使用 JSvc 和 ProcRun.exe 的 Java 程序。这允许我在 Unix 和 Windows 操作系统上使用相同的服务代码甚至 JUnit 集成测试。所以我认为 JSvc 和 ProcRun.exe 一起促进跨平台服务代码。
JSvc 有一些有趣的 Java 特定选项,可能对您有用。例如如何启动 JVM(进程或 DLL)等。您可以将其中的很多内容写入 Systemd 脚本,但我怀疑您当时只是在 Bash 中重写 JSvc。
So maybe it's not very compelling for your specific Tomcat example. But there are some advantages to using the tiny JSvc service wrapper over Systemd.
因此,对于您的特定 Tomcat 示例,它可能不是很引人注目。但是与 Systemd 相比,使用微型 JSvc 服务包装器有一些优势。
回答by user3132194
You should use jsvc if you want to run tomcat with non-root privileges but using low port(<1024).
如果您想以非 root 权限运行 tomcat,但使用低端口(<1024),则应使用 jsvc。
Also disabling shutdown portbecomes available. It cannot be used when running Tomcat with the standard shell scripts though, as it will prevent shutdown.bat|.sh and catalina.bat|.sh from stopping it gracefully.
也可以禁用关闭端口。但是,在使用标准 shell 脚本运行 Tomcat 时不能使用它,因为它会阻止 shutdown.bat|.sh 和 catalina.bat|.sh 正常停止它。
