X
PrevPrev Go to previous topic
NextNext Go to next topic
Last Post 19 Feb 2021 08:38 AM by  Dave Bouwer
License not found calling IDL from a Tomcat Servlet
 1 Replies
Sort:
You are not authorized to post a reply.
Author Messages

Dave Bouwer



New Member


Posts:1
New Member


--
12 Feb 2021 11:40 AM
    This is using Tomcat 9 on an Ubuntu v20 multi-core linux system, IDL v8.8

    We are having a difficult time calling an IDL program from a Linux-based Tomcat Java servlet, while the IDL program we call works fine from a crontab, a Perl script, and interactively, but when the Tomcat Servlet Daemon attempts to call it we get an “ Failed to acquire license” error message from IDL.

    This used to work on a Mac OSX Tomcat installation, but the tomcat daemon set-up is different under linux (Its a /etc/systemd/system/tomcat.service configuration, using a "tomcat" username).

    All the other Tomcat servlets all run OK, so the Tomcat installation is OK. I've added the IDL "export IDL_DIR=/opt/harris/idl" and idl_setup.bash call to the tomcat ~/bin/serenv.sh, the /etc/passwd has a tomcat user with the /bin/bash entry. I've used the systemctl daemon reload command after making changes. all looks correct...

    for example, I think the following should start IDL:
    sudo runuser -l tomcat -c "/opt/harris/idl/bin/idl"

    How do I tell IDL the tomcat user where the IDL license is?

    Any clue would help...

    Thx

    Dave Bouwer



    New Member


    Posts:1
    New Member


    --
    19 Feb 2021 08:38 AM
    The issue has been mostly resolved, thanks to Harris support. The following describes the problem and the solution, with one exception: the sysctl fs.protected regular=0 does not survive a reboot. I am told it will be fixed on the next release.

    --------------
    A new release of systemd – version 241 – is now available for several linux versions.
    This new systemd version includes by default an extra protection level which allows only 1 user per machine to run IDL.
    Please see at this link the list of rpm systemd-241 packages already available, which lets us thinking that this problem will become more frequent in the next time:
    https://rpmfind.net/linux/rpm2html/search.php?query=systemd

    Here the details coming from a customer experiencing this issue:
    After upgrading some of our Linux machines to kernel 4.19+ and systemd-241+, only 1 user (per machine) is able to obtain license to run idl (tried on Linux amd64 with IDL 8.7.0, 8.7.2)

    It appears the root cause is new extra protection of FIFO/regular files implemented in Linux 4.19+ which is enabled by default in systemd-241+ :

    sysctl fs.protected_regular=1

    More info : https://www.phoronix.com/scan.php?page=news_item&px=Systemd-241-Linux-419-Sysctl

    With the above setup, the first user (user11) running idl creates a fne.XXXX file under /tmp directory which usually has sticky bit on :

    ls -al /tmp
    drwxrwxrwt 27 root root 860 Mar 21 15:07 .
    drwxr-xr-x 25 root root 301 Mar 14 10:49 ..
    -rwxrwxrwx 1 user11 grp11 0 Mar 21 14:16 /tmp/fne.erkueytuierytierutyertiuertyeriuteyriuteryituyer

    Then, second user gets the message:

    (null): [1,7e1,8,0[74100008,1,1202014d]] Internal. : Internal. (code : 1947205640) (cll_internal.cpp : 498) (code : 1947205640) (CLLFloatingLicenseThread.cpp : 473) CLLFloatingLicenseInitialize failed to start the license thread.
    Unable to obtain an IDL license.

    strace shows that the openat(O_CREAT) syscall fails :

    1578 stat("/tmp", {st_mode=S_IFDIR|S_ISVTX|0777, st_size=880, ...}) = 0
    1578 openat(AT_FDCWD, "/tmp/fne.erkueytuierytierutyertiuertyeriuteyriuteryituyer", O_WRONLY|O_CREAT, 0777) = -1 EACCES (Permission denied)
    1578 futex(0x7fd6798101a0, FUTEX_WAKE_PRIVATE, 2147483647) = 0
    1578 munmap(0x7fd678288000, 12925792) = 0
    1578 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2696, ...}) = 0
    1578 write(2, "(null): [1,7e1,8,0[74100008,1,1202014d]] Internal. : Internal. (code : 1947205640) (cll_internal.cpp : 498) (code
    : 1947205640) (CLLFloatingLicenseThread.cpp : 473)", 164) = 164
    1578 write(2, "\n", 1) = 1
    1578 write(2, "CLLFloatingLicenseInitialize", 28) = 28
    1578 write(2, " failed to start the license thread.", 36) = 36

    When I disable extra protection with:

    sysctl fs.protected_regular=0

    then second user can run idl.
    You are not authorized to post a reply.