[DOCS-7505] Update tomcat.md -JAVA_TOOL_OPTIONS #1174
Conversation
JAVA_TOOL_OPTIONS is not used when starting Tomcat
Prosune
changed the title
| @@ -246,7 +246,8 @@ The new keystore configuration implementation requires it to be configured with | |||
| 2. Add the following line to `catalina.bat`: | |||
|
|
|||
| ```bash | |||
| set “JAVA_TOOL_OPTIONS=-Dencryption.keystore.type=JCEKS -Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding -Dencryption.keyAlgorithm=DESede -Dencryption.keystore.location=<TOMCAT_HOME>/alf_data/keystore/metadata-keystore/keystore -Dmetadata-keystore.password=mp6yc0UD9e -Dmetadata-keystore.aliases=metadata -Dmetadata-keystore.metadata.password=oKIWzVdEdA -Dmetadata-keystore.metadata.algorithm=DESede” | |||
| set "JAVA_OPTS=%JAVA_OPTS% -Dencryption.keystore.type=JCEKS -Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding -Dencryption.keyAlgorithm=DESede -Dencryption.keystore.location=<TOMCAT_HOME>/alf_data/keystore/metadata-keystore/keystore -Dmetadata-keystore.password=mp6yc0UD9e -Dmetadata-keystore.aliases=metadata -Dmetadata-keystore.metadata.password=oKIWzVdEdA -Dmetadata-keystore.metadata.algorithm=DESede" | |||
There was a problem hiding this comment.
Looking at the latest docker-compose from the acs-deployment repository, we still recommend using JAVA_TOOL_OPTIONS to load these specific properties.
Ref: https://github.com/Alfresco/acs-deployment/blob/master/docker-compose/docker-compose.yml#L21-L32
What's the rationale behind changing them here?
There was a problem hiding this comment.
JAVA_TOOL_OPTIONS is not used when starting Tomcat
it should as it's a jvm feature, the issue may lie elsewhere
There was a problem hiding this comment.
I'm referring to manual zip installation documentation.
When using Windows, in the catalina.bat distributed with Tomcat 9/10, the JAVA_TOOL_OPTIONS is not used when launching the executable.
(checked file apache-tomcat-9.0.95-windows-x64.zip and apache-tomcat-10.1.30-windows-x64.zip available for public download on Tomcat site)
There was a problem hiding this comment.
As Giovanni mentioned. The JAVA_TOOL_OPTIONS is a JVM feature. It shouldn't be used by any launcher script. The JVM picks it up if it's set. See https://docs.oracle.com/en/java/javase/17/troubleshoot/environment-variables-and-system-properties.html It mentions that the JAVA_TOOL_OPTIONS might be disabled for a security reasons so maybe this is a case for your env.
There was a problem hiding this comment.
Windows customers usually use the OpenJDK distributed by Microsoft, not by Oracle.
I don't know if it's Windows Server 2016 or 2019 (tested both) that restricts the env variable or the Microsoft OpenJDK that doesn't use it, in any case following the documentation I got the error "Keystore are invalid".
As I don't keep test VM for 1 years, I should try to recreate the issue. I think I will have some time mid-October. I will put on my calendar and involve some of you in the debug session. Ok?
JAVA_TOOL_OPTIONS is not used when starting Tomcat