29/09/23 frontier-tomcat-9.0.80_3.41 (cvuosalo) - Upgrade to tomcat-9.0.80 - Add option to enable hourly rotation of the Catalina log if it is larger than a configured size. 04/12/20 frontier-tomcat-8.5.60_3.41-1 (ekizinev) - Upgrade to tomcat-8.5.60 - Update the oracle jdbc driver to ojdbc8.jar - Update server.xml.O and server.xml.proto - Add requirement for Python 3 - Add support for CentOS 8 31/12/19 frontier-tomcat-7.0.99_3.41-1 (dwd) - Upgrade to tomcat-7.0.99 - Upgrade to servlet 3.41 with the following release note: - When a "X-Frontier-Opts: DontCacheErrors" request header is set, abort error responses before they send the zero-length http/1.1 last chunk. This prevents proxies from caching the response. 22/08/19 frontier-tomcat-7.0.96_3.40-1 (ekizinev) - Upgrade to tomcat-7.0.96 - Switch to using JDBC's built-in connection pool in order to get support for maxAge. - Add maxAge JDBC parameter and set it to 5 minutes. - Add check if tomcat user home directory exists. - Add /usr/lib/tmpfiles.d/frontier-tomcat.conf file for supporting systemd-based systems. - Remove mode set for servlets.conf, servlets.confConstants and servlets.passwd. - Add check if servlets.passwd is only readable by owner. 20/08/18 frontier-tomcat-7.0.90_3.40-1 (dwd) - Upgrade to tomcat-7.0.90 - Upgrade to servlet 3.40 with the following release note: - Ignore any text before the BEGIN line in the private key file. This appears to have been done in 3.33 but lost in 3.34. 05/02/18 frontier-tomcat-7.0.82_3.39-2 (dwd) - Increase the listen backlog to be equal to the total maximum number of threads of all the servlets. Increase sysctl parameters net.core.somaxconn and tcp.ipv4.tcp_max_syn_backlog if needed and the tomcat acceptCount. This is to try to fix errors in /var/log/messages of the format possible SYN flooding on port 8080. Sending cookies. 23/01/18 frontier-tomcat-7.0.82_3.39-1 (dwd) - Upgrade to servlet 3.39 with the following release note: - When responding with an error condition before headers are sent, instead of setting a Last-Modified header to be blank, set it to the oldest possible time of midnight on January 1, 1970. With the old behavior, Squid-3 does not clear the cache even though Squid-2 does. With the new behavior, squid-3 always clears the cache even when another error sends the same Last-Modified time. 13/11/17 frontier-tomcat-7.0.82_3.38-1 (dwd) - Upgrade to tomcat-7.0.82 - Add a systemd service config file for better el7 support - Use /dev/urandom instead of /dev/random to avoid slow starts on systems with low entropy (seen with jdk8 on an el7 test system) 25/05/17 frontier-tomcat-7.0.78_3.38-2 (dwd) - Require java-1.8.0-openjdk insead of java-openjdk >= 1.8.0 because the latter, for some unknown reason, simply does not work; that is, it does not install java8. This means that when java9 comes around people can install it, but they unfortunately won't be able to remove java8 until frontier-tomcat is updated again to require the newer version. 24/05/17 frontier-tomcat-7.0.78_3.38-1 (dwd) - Upgrade to tomcat-7.0.78 - Upgrade to servlet 3.38 with the following release note: - Add log message after DB data transferred including the msecs it took to transfer the data. - Update the oracle jdbc driver to ojdbc7_g.jar. - Require java-openjdk >= 1.8.0 instead of 1.7.0. - Remove leftover files from old apache-tomcat versions when uninstalling the rpm. This will only take effect the next time frontier-tomcat is upgraded (or downgraded), not when this version is installed. 22/03/17 frontier-tomcat-7.0.76_3.37-1 (dwd) - Upgrade to tomcat-7.0.76 - Upgrade to servlet 3.37 with the following release note: - Fix bug introduced in 3.36 that caused a null pointer exception in in the FilePlugin. - Add conf/logging.properties option to eliminate catalina.out INFO messages about scanning TLDs. - When installing a new servlet '.war' file, remove any old version copies. This enables downgrading to an older servlet version with the same tomcat version; previously it would silently stay using the newer servlet version. 08/02/17 frontier-tomcat-7.0.75_3.36-1 (dwd) - Upgrade to servlet 3.36 with the following release notes: - Support HTTP 1.1 chunked encoding to backend FilePlugin http servers. Note that the protocol to the client can now send multiple byte arrays per request instead of just one. An implication is that fn-fileget from frontier-client versions older than 2.8.21 will not always retrieve all of the data when the backend is an http server (although it will when reading directly from files). - Support MySQL as a database backend in the SQLPlugin. This required changing the Last-Modified handling to use the MySQL table that always keeps track of modification times on all tables (it does not require an add-on function like oracle does). - Add Requires: unzip - Change Requires: java7 to Requires: java-openjdk >= 1.7.0, because the init.d script is explicitly looking for an openjdk path and because java7 was only needed to get >= 1.7.0 on EL5. EL5 is no longer suppoprted. 07/02/17 frontier-tomcat-7.0.75_3.35-1 (dwd) - Upgrade to tomcat 7.0.75. Release notes are here: http://www.apache.org/dist/tomcat/tomcat-7/v7.0.75/RELEASE-NOTES - Add support for 'mysqlHost' servlets.conf keyword to use MySQL instead of oracle with jdbc. For now do not use with ValidateLastModifiedSeconds, that is oracle specific. 12/10/16 frontier-tomcat-7.0.72_3.35-1 (dwd) - Upgrade to tomcat 7.0.72. tomcat 6 is reaching end of life at the end of 2016. Release notes are here: http://www.apache.org/dist/tomcat/tomcat-7/v7.0.72/RELEASE-NOTES - Upgrade server.xml.proto from default tomcat 7.0.72 server.xml. Add server.xml.O to the sources containing the tomcat 7 server.xml so frontier-tomcat-specific changes can be easily seen. - Upgrade to frontier servlet 3.35, whose release notes say: - Add new servlet option ExpireEmptyQueriesLikeErrors, default false, which when true causes empty queries to be expired at the same shorter age as errors (default 5 minutes). Previously this was always true. - When ExpireEmptyQueriesLikeErrors is true, mark the returned payload with the shorter max_age so if a cached item age exceeds the time, the client will repeat the request with the shorter max age. This can happen because a later refresh with If-Modified-Since when the Last-Modified time hasn't changed, the regular long expiration time will be returned because the query is not repeated. - Support the new ExpireEmptyQueriesLikeError in config.properties - If using useCopyOfTnsnames, at start time if any part of tnsnames.ora that is used by servlets has changed, install it as the current copy. - Fail with a better error message if there is no matching password in /etc/tomcat/servlets.passwd for a given servlet. Previously it printed a stack trace and proceeded to start tomcat anyway. - Change '/etc/init.d/frontier-tomcat start' to exit with an error if servletsConfUtil.py dies with a stack trace. 29/10/14 frontier-tomcat-6.0.41_3.34-1 (dwd) - Upgrade to tomcat 6.0.41 - Upgrade to frontier servlet 3.34, whose release notes say: - Support host private keys (for digital signatures) that start with 'BEGIN PRIVATE KEY' in addition to 'BEGIN RSA PRIVATE KEY'. That form has begun to be used at CERN with 4096-bit RSA keys; the old form was previously used for 2048-bit keys. - Eliminate an infinite loop when there's an '&' in an error message as sometimes happens with the FilePlugin. - Do one less level of url decoding on the query string put into catalina.out logs, because one level is already done and that better matches the URL seen by a client using the FilePlugin. 26/3/14 frontier-tomcat-6.0.39_3.33-1 (dwd) - Upgrade to tomcat 6.0.39 - Add support for optional FRONTIER_TOMCAT_PORT variable in /etc/tomcat/tomcat.conf to change the port from 8080 to something else. - Calculate the total MaxThreads of all servlets defined, add 25% to the total, and set it as the maxThreads for tomcat in server.xml. If ulimit -u is less than this value, abort start of tomcat. That is the number of processes per user id so it isn't sufficient to set the limit for just tomcat; there needs to be assurance that other processes on the system using the same user id will also be able to run. The number can be set in /etc/security/limits.conf. - Set more reasonable permissions for /usr/share/frontier-tomcat/etc files. - Remove /usr/share/frontier-tomcat/apache-*.tar.gz from rpm 26/12/13 frontier-tomcat-6.0.37_3.33-1 (dwd) - Upgrade to servlet 3.33. The release notes of that were: - Added new "forever" time to live, a third cache expiration time requested by clients, in addition to "short" and "long" times to live. Added config.properties option ForeverCacheExpireSeconds which defaults to a year of seconds. If a "forever" query returns empty results, it is considered to be an error. - Reduced the time that empty query results will be cached for "short" or "long" time to live queries to a maximum of 5 minutes or the "short" time, whichever is smaller. - Added a "max_age" value at the end of the response if the http header has already been sent with a longer Cache-control: max-age than is later determined to be necessary. The things that can cause the http header to be sent are either a keepalive message because the request had to wait longer than 5 seconds to read from the database, or at least a buffer full of data was already sent before an error occurred. The events that can reduce the max age late are some kind of error with the database (which used to be handled by only signalling "global" errors to the client) or an empty result from a database query. - Show a more user friendly error message if the private key file cannot be decoded. - Added removal of any excess text from before the "BEGIN" line in the host certificate. - Changed to require java7 instead of java. - No longer require /etc/tomcat/servlets.passwd to exist before installation. - Change default user id from "dbfrontier" to "tomcat". The default can still be overridden by exporting the FRONTIER_USER environment variable in /etc/tomcat/tomcat.conf. - Create the user account if it is missing. The group id for the account will be the same name as the user id, and it will also be created if it is missing. - Change default log location from "/data/tomcat_logs" to "/var/log/tomcat". The default can still be overridden by exporting the FRONTIER_TOMCAT_LOGS environment variable in /etc/tomcat/tomcat.conf. - Clean up better when removing the rpm: remove hostcert.pem and hostkey.pem if they were copied into /etc/tomcat, and remove /usr/share/frontier-tomcat and /etc/tomcat if they are empty. - Moved servlets.confConstants to /usr/share/frontier-tomcat/etc from /etc/tomcat. 30/10/13 frontier-tomcat-6.0.37_3.32-2 (dwd) - Fix to only set default CertFileName and KeyFileName values when /etc/grid-security/host{cert|key}.pem exist. This was the announced functionality in 6.0.37_3.30-1, but the options were actully getting set even if no .pem files were there, causing a client error message containing: /etc/tomcat/hostkey.pem (No such file or directory) 22/10/13 frontier-tomcat-6.0.37_3.32-1 (dwd) - Upgrade to servlet 3.32. The release notes of that were: - Add support to the FilePlugin for reading from http URLs in addition to files on the local disk. If FileBaseDirectory begins with http://, this new feature is enabled. If the http query returns a Content-Length header, the response is streamed through to the client, otherwise the response is read into a memory buffer to determine the length. Last-Modified headers are passed through from the backend http server to the client, and If-Modified-Since is passed through from the client to the backend http server. - Fix bug in the FilePlugin that prevented it from sending the Last-Modified header for files. - Add queuing and keepalive support to the FilePlugin, similar to the SQLPlugin. The maximum number of simultaneous connections are specified in the new config.properties option MaxFileConnections, default 5. The options MaxDbAcquireSeconds and MaxDbExecuteSeconds then become relevant for sending keepalive messages while waiting, even though it isn't technically a "DB". When reading files (as opposed to http urls) the time to "execute" is instantaneous because it just opens the file, so MaxDbExecuteSeconds isn't important then, but when reading http urls the execute time is significant because the http server can take a while to respond. - Improve the accuracy of the active connection count in the log by moving the counter decrement to be before the connection release. - Remove old unused code that supported reading an "xsd_type" from a database table whose name was specified in config.properties option XsdTableName, and that executed a plugin based on the name read from the database. Also remove related config.properties option UseFdoCache. - Remove old unused code related to MonAlisa monitoring, including config.properties options MonitorNode and MonitorMillisDelay. - Add support for new MaxFileConnections option in servlets.conf, and merge the handling of options for file-based and sql-based servlets. 21/10/13 frontier-tomcat-6.0.37_3.31-1 (dwd) - Upgrade to servlet 3.31. The release note of that was: - Fix off-by-one error in FilePlugin that had the effect of allowing ".." in the file path. 5/7/13 frontier-tomcat-6.0.37_3.30-2 (dwd) - The cron entries weren't executing because of an incorrect mode on /etc/cron.d/frontier-tomcat; correct the permissions to 644. - Rename the cron.d file to /etc/cron.d/frontier-tomcat.cron 29/6/13 frontier-tomcat-6.0.37_3.30-1 (dwd) - Upgrade to tomcat 6.0.37 - Upgrade to frontier servlet 3.30. Release notes of that were: - Add support for sending digital signatures on responses instead of an md5 hash, when the client includes the URL parameter "&sec=sig". Also add support for sending the host certificate when the client requests it as type "cert_request". Requires the certificate to be specified in a new parameter 'CertFileName' and the key in a new parameter 'KeyFileName'. - Change to just print one error message to the log when the client drops the connection instead of multiple stack traces. - Change to not print a stack trace when there's an error getting the last-modified time. - Add msecs= on the DB connection acquired message to show how long it took to acquire the connection. - Change internal errors to force a restart of the servlet just like database close problems do. - If /etc/grid-security/host{cert|key}.pem exist and CertFileName or KeyFileName (respectively) are not set in /etc/tomcat/servlets.conf, then automatically keep copies of those files in /etc/tomcat readable by the frontier user and set the CertFileName/KeyFileName options. - Change the mode of the per-servlet web.xml and config.properties from 600 to 644 - Change the python-based servlet configurator to be writable only by root because it is executed as root - Change /etc/init.d/frontier-tomcat to use runuser instead of su because it is more reliable. - Add sourcing of /etc/sysconfig/frontier-tomcat, if it exists, from /etc/init.d/frontier-tomcat. - Fix /etc/init.d/frontier-tomcat condrestart to only stop && start if tomcat was already running. - Change rpm installation so that it will only start tomcat when it was already running before an upgrade. - Change rpm installation so it does not do chkconfig on. - Remove conf/logging.properties which prevents dated log files from being created in the log directory. If the files already exist, they will still be written-to when tomcat starts, but if they have been removed by hand or rotated out they will no longer be created. - For the useCopyOfTnsnames option, eliminate extra 'tomcat/../' when the updatetnsnames.sh crontab entry is added. - Move the cron entries from the frontier user's crontab to /etc/cron.d/frontier-tomcat. 2/9/12 frontier-tomcat-6.0.35_3.29-13 - Fix using updatetnsnames.sh if the line useCopyOfTnsnames: 1 is in the [defaults] section of /etc/tomcat/servlets.conf. /etc/init.d/frontier-tomcat sets -Doracle.net.tns_admin=/usr/share/frontier-tomcat/etc instead of -Doraclet.net.tns_admin=/etc/tomcat. - log rotate fix: remove the entry 'size 2G' from tomcat.logrotate.proto - The frontier-tomact configuration also supports the parameter: VerbosityLevel (defaulting to 0) 28/6/12 frontier-tomcat-6.0.35_3.29-11 - A small technical change at the spec file to support source rpms for frontier rpms - Use symbolic link to unproto.sh to simplify source tar ball creation 29/4/12 frontier-tomcat-6.0.35_3.29-10 - Following request from Dave Dykstra, Change commands like ps -ef | grep tomcat | grep java &>/dev/null at frontier-tomcat.spec, to be like: ps -wwfu ${FRONTIER_USER} | grep tomcat | grep java &>/dev/null in order to avoid error when installing the rpm when it is already installed for a different user. 27/2/12 frontier-tomcat-6.0.35_3.29-9 - Following request from Serguei Baranov, remove /etc/tomct/servlets.conf from the rpm (It was a commented out example that should be edited by the admin anyways). 24/2/12 frontier-tomcat-6.0.35_3.29-8 - Fix (small) bug related to useCopyOfTnsnames. - Fix (small) bug related to command: frontier-tomcat status 23/2/12 frontier-tomcat-6.0.35_3.29-7 - Replace old ojdbc14_g.jar by new ojdbc5_g.jar - Optional new feature 'useCopyOfTnsnames'. The feature is explained at http://frontier.cern.ch/dist/rpms/_README. 31/1/12 frontier-tomcat-6.0.35_3.29-6 Small (non functional) changes: - default mode of servlets.passwd changed to be 600 (rather than 400). - no printing of ps command of tomcat processes at restart, to avoid confussion, in case of existence of more than one tomcat servlet. - Default servlets.conf content is now commented out because whoever installs this package should supply the specific configuration rather than use this file from the rpm. 25/1/12 frontier-tomcat-6.0.35_3.29-5 - Change the following default record at /etc/tomcat/servlets.conf, for CERN atlas, to avoid the need to use tnsnames.ora at Oracle 11g: tnsName: atlr-scan.cern.ch:10121/atlr.cern.ch 24/01/12 frontier-tomcat-6.0.35_3.29-4 - Now, the rpm has a default /etc/tomcat/servlets.conf file. Be aware that this configuration (%config(noreplace)) file is only good for some Atlas servers (at CERN). Hence, at most installations, this file should be changed by the installer - At /etc/tomcat/servlets.passwd, The key of each password (the name that appears in square brackets) may be either tnsName or username (Detail: if tnsName is not mentioned at the file, the code looks for username). - Fix some typos 17/01/12 frontier-tomcat-6.0.35_3.29-3 - Avoid the (hidden) need to specify a certain set of variables at the servlets configuration. - Fix bug that prevented a servlet not to have a variable that a previous sefrvlet has. 01/01/12 frontier-tomcat-6.0.35_3.29-2 - At: src/conf/server.xml, add: maxParameterCount="10000", as suggested by John Destefano 08/12/11 frontier-tomcat-6.0.35_3.29-1 - Upgrade from tomcat-6.0.33 to tomcat-6.0.35 29/11/11 frontier-tomcat-6.0.33_3.29-10 - Fix bug at src/etc/frontier-tomcat-configurator.proto that prevented the creation of symbolic link /usr/share/frontier-tomcat/tomcat/logs - Do not remove *.unproto files (after usage), in order to cause 'rpm -V' to pass. - The pid file tomcat.pid now defaults to reside at /var/run/tomcat 27/11/11 frontier-tomcat-6.0.33_3.29-9 - Supporting rpm verify, command:'rpm -V': -- Add the prefix '%verify(not user group)' to each %files entry, in order to prevent complaints from 'rpm -V', like: .....UG. -- Note, however, that 'rpm -V' may still create misleading complaints like: missing ... .proto 22/11/11 Release frontier-tomcat-6.0.33_3.29-8 - At server.xml, comment out the following line: - Add virtual package requires to spec file: Requires: java 15/11/11 Release frontier-tomcat-6.0.33_3.29-7 - Remove require frontier-squid, and handle rpm unconfig to be clean, simple and robust 13/11/11 Release frontier-tomcat-6.0.33_3.29-6 - Remove /etc/tomcat/servlets.conf from the rpm because there is not default content that is good for all. - Fix bug: replace /data/tomcat_logs by @@@FRONTIER_TOMCAT_LOGS@@@ at src/etc/modifiedqueries_rotate.sh.proto - Rotate of modifiedqueries.log moved from frontier-tomcat to frontier-awstats rpm, to avoid dependency between user of frontier-tomcat and frontier-squid rpms' 02/11/11 Release frontier-tomcat-6.0.33_3.29-5 - Change the default tns name of servlet DB connection from atlr to atlas_frontier in order to allow better administrative control and monitoring of frontier queries 23/10/11 Release frontier-tomcat-6.0.33_3.29-4 - Adding Frontier_3.29.war into the rpm, in order to debug/avoid problems of wget it (at bnl) 17/10/11 Release frontier-tomcat-6.0.33_3.29-3 - Install ojdbc14_g.jar once at $INSTALL_DIR/lib/ojdbc14_g.jar, rather than per servlet, at $INSTALL_DIR/webapps/$FRONTIER_SERVLET_NAME/WEB-INF/lib/ojdbc14_g.jar. - ojdbc14_g.jar added to the rpm rather than wget it at install time. - Add a licensing notice concerning usage of ojdbc14_g.jar to the documentation 26/9/11 Release frontier-tomcat-6.0.33_3.29-2 - Adding: Obsoletes: frontier-servlet - Change LongCacheExpireSeconds and ShortCacheExpireSeconds at /etc/tomcat/servlets.conf to 3000 (In order for the update to happen once every hour, two 5 minute delays are added for two levels of squid buffers) - Constant meta configuration variables moved to /etc/tomcat/servlets.confConstants - Enhance installation errors to have more clear messages and correct exit code 12/9/11 Version frontier-tomcat-6.0.33_3.29-1 - The functionality of frontier-servlet rpm has been added to frontier-tomcat rpm 11/9/11 Release frontier-tomcat-6.0.33-3 - Call /etc/tomcat/servletsConfUtil.py at restart 26/8/11 Release frontier-tomcat-6.0.33-2 - Fix issue with rpm upgrade when tomcat version has changed: add: cp previous servlet files to new location. 18/8/11 Release frontier-tomcat-6.0.33-1 - Upgrade the underlying release of tomcat from 6.0.32 to 6.0.33 11/8/11 Release frontier-tomcat-6.0.32-7 - increase maxThreads to be "1000" at server.xml 11/8/11 Release frontier-tomcat-6.0.32-6 - fix bug: failure to unproto SQUID_LOGS at /usr/share/frontier-tomcat/etc/modifiedqueries.logrotate 04/8/11 Release frontier-tomcat-6.0.32-5 - change default prefix of frontier-tomcat and frontier-servlet rpms to be /urs/share/frontier-tomcat - increase maxThreads from 500 to 600 at src/conf/server.xml 20/7/11 Release frontier-tomcat-6.0.32-4 - Add dependancy on frontier-squid rpm 15/7/11 Release frontier-tomcat-6.0.32-3 - change default prefix of frontier-tomcat and frontier-servlet rpms to be /urs/share/dbfrontier rather than non standard dir /data/dbfrontier 10/6/2011 Release frontier-tomcat-6.0.32-2 - adding /data/squid_logs/modifiedqueries.log to src/etc/modifiedqueries.logrotate.proto 17/5/2011 Initial release frontier-tomcat-6.0.32-1 Originating from http://grid-deployment.web.cern.ch/grid-deployment/flavia/frontier-tomcat-1.0-8.*.rpm Relies on apache-tomcat 6 Changes: - the tomcat files are taken from the web at build time - file ./etc/frontier-tomcat-configurator changed to be ./etc/frontier-tomcat-configurator.template the apache-tomcat version is written to ./etc/frontier-tomcat-configurator at build time - at file ./etc/frontier-tomcat.template, avoid using locate to find JAVA_HOME, but rather: JAVA_HOME=/usr/lib/jvm/jre - comment out of spec file: Requires: frontier-awstats >= 6.0-1