We have had a single tomcat with multiple applications (10 or more) for many years (since 2002), and are now separating them. The main reason being that when one application crashes it can bring down the whole tomcat (e.g. oom errors).

Robert Purvis
***@nhs.net<mailto:***@nhs.net>



From: Ahmed, Tarek <***@dimdi.de>
Sent: 29 October 2018 08:00
To: ***@tomcat.apache.org
Subject: Number of Web Applications in one Tomcat


Hi all,

TLDR? Do you deploy one web application per tomcat instance or several?

-----------------------

The long story:

I'd like to sound out your opinion regarding the number of web applications deployed in one tomcat instance. The reason is, that at my place of work the developers prefer one webapp per tomcat, the admins would rather have as many webapps as possible in one tomcat instance (yeah, that's devops at its finest ;-) ). As a developer I'm probably prejudiced, but the argument goes as follows:



OPS (one tomcat, many webapps):

- Saves memory (each tomcat has a memory footprint even without a web application running)

- Saves extra file systems for each tomcat (logs, tomcat installation, temp directory)

- Saves nagios monitoring configuration

- Saves separate ports (security considerations)

- Saves work distributing security patches



DEV (one webapp per tomcat)

- Start-up time of "fat tomcats" multiplies, which leads to worsened availablity (e.g., our fattest tomcat contains 32 web services. It takes 4 minutes to start)

- If one webapp goes haywire, it may crash the rest of them (OOM, no more threads, etc.)

- For bug fixes in one application, you may need to restart the complete tomcat instance. Auto (re)deploy takes you only so far, since loaded classes may not always be unloaded cleanly, threads not closed etc. This is not always something that can be solved in your own code, third party libraries may cause problems, too (we had some issues with quartz and infinispan here).

- If you ever need to profile your application in production, there is much less noise when analysing heap, thread dumps, cpu usage etc.

- I might even think there is some improved security if webapps are isolated in several processes vs. being deployed in one VM (security arguments always work well with OPS :-) )



So, I want to get away from the one-tomcat-multiple-webapps scenario. One thing I started doing to subvert this policy is using spring boot with embedded tomcats which is cool in a lot of ways but not always feasible.

What are your practices? Are there further pros and cons for one way or the other? Thanks so much for any input,

many greetings,

tarek
--
Tarek Ahmed
Softwareentwicklung

DIMDI
Deutsches Institut fÃŒr
Medizinische Dokumentation und Information
Waisenhausgasse 36-38a
50676 Köln

Tel.: +49 221 4724-268
Fax: +49 221 4724-444
***@dimdi.de<mailto:***@dimdi.de>
www.dimdi.de<https://www.dimdi.de>

[tick]

Das DIMDI unterstÃŒtzt die Vereinbarkeit von Beruf und Familie und ist entsprechend zertifiziert.


Das DIMDI ist ein Institut im GeschÀftsbereich des Bundesministeriums fÌr Gesundheit (BMG).


********************************************************************************************************************

This message may contain confidential information. If you are not the intended recipient please inform the
sender that you have received the message in error before deleting it.
Please do not disclose, copy or distribute information in this e-mail or take any action in relation to its contents. To do so is strictly prohibited and may be unlawful. Thank you for your co-operation.

NHSmail is the secure email and directory service available for all NHS staff in England and Scotland. NHSmail is approved for exchanging patient data and other sensitive information with NHSmail and other accredited email services.

For more information and to find out how you can switch, https://portal.nhs.net/help/joiningnhsmail

Clearly one webapp per tomcat. Makes everything easier. Also, if your apps
aren't really tiny, the memory overhead of tomcat is minimal compared to
the advantages.

Leon

As you list the arguments quite well, I'd add my answer "it depends":
General rule of thumb, to be executed in that order: If they're too few
applications to worry about (and if they're stable): Don't worry, One
server.

If they're completely unrelated and have different stakeholders and/or
maintenance intervals: That's a good argument for multiple servers

If there are unstable applications (in the sense of actively maintained,
forcing frequent redeployments): Another good argument for multiple servers.

If there have been problems in the past with load/memory etc: Good
argument for multiple servers.

This /might/ end up as one app per server, but the number one is not the
end goal. There are typically some related apps, with the same
maintenance intervals and stakeholders - unless one of them is
problematic, I group them together.

I hope that helps.

Olaf


---------------------------------------------------------------------
To unsubscribe, e-mail: users-***@tomcat.apache.org
For additional commands, e-mail: users-***@tomcat.apache.org

No firm opinion one way or the other, just some commentary.
The Tomcat overhead is <20MB. Apps are typically a lot more. This
doesn't look like a strong argument to me.
The resources in question are small in number and size. Again, this
doesn't look like a strong argument to me.
This is an interesting one. How well can the monitoring distinguish one
app from another. Given shared memory, shared thread-pools etc., per app
details could be tricky to determine.
I don't follow the argument here.
A split CATALINA_HOME / CATALINA_BASE approach can help a lot with this
issue.
https://tomcat.apache.org/tomcat-9.0-doc/introduction.html#CATALINA_HOME_and_CATALINA_BASE
You can configure Tomcat to load applications in parallel to reduce this
impact.
Fair point.
These issues usually are solvable but you need to know about them in
advance to code the necessary workarounds / protections.
Fair point.
Possibly. The strength of the security argument depends on the
circumstances. I suspect OPS can construct an equally strong security
based argument for single instances.
I've configured Tomcat instances both ways in the past depending on
circumstances. Generally, the more resources an app uses, the more
likely I am to have an app per instance the more business critical the
app is, the more likely I am to use a dedicated instance. Otherwise, I
tend to opt for a single instance for ease of management.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-***@tomcat.apache.org
For additional commands, e-mail: users-***@tomcat.apache.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Tarek,
I usually deploy one webapp per JVM/tomcat instance. I do this so that
a problem in one webapp doesn't take-down the others. It's as simple
as that. The other benefits are being able to service that one JVM
without taking down N webapps -- just one, and also being able to run
under different JVMs, system libraries, etc. without having to test
each application for compatibility.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlvXDYMACgkQHPApP6U8
pFgNgw/+O790RNVYpFtPKotyUT4ucPJbuVgYRcj/h+xcbw2REZurFzinXv82JSf7
A5m2zDYWLKFNi3x5Wu7rEWZvWc7xTCBz2E2BiwV9jfFX/Los8zuk3xo0xzHOJSFR
bNHnVLLws1Uj44dcsdYS4R6ZqZvJkgWTI9fnDlg0WbKW2zXscxgGO/+5887SrEB7
bgvwibe1tyBLosn+Sfx6O0Pab7w206OT8MHK+eFtXeE68bkfr1re4ykZV/DTTE4n
nEMCbysC7M2CCNElkQZNUe4MEIo9UWXkVnpj7zK3sVa9teawFWrZAx2uxGV/gsQX
PL+PqS6AAcQJh5Tesao/KjE83mjGGF0+CjuN1jl68g7U4rhCVPJSThsA11JxIcv4
jxJtPDbygK+11YBxaQZJY5QaeIvmnFQEaA5Svo/Em6HXOfqZHl9QJERdKQErMM5x
2O/8bwOIvYGShEOn2FwMYTMo1UPv9Yeek1BHXGtGdOhuw0/udVbFdCB6uh416uy3
xHfA2hJEXq/gnqJRWDjTj5lEEKAaXAkTm+FjaOW0VQMKKDNT3DKVs3vIpWfsSNnK
qlk4PFRgDZrp3A8OT+MX39lcMrSdvra9zU5lg1nALVrZDP7I2FTI55QNSqCzpo76
cCybiyWgy4urq5fokprewjHwrQzMiE1lKXS9RfrdVSVwYToyi1E=
=5z9/
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-***@tomcat.apache.org
For additional commands, e-mail: users-***@tomcat.apache.org

We have one production host with several related webapp.s in a single
Tomcat instance, and another production host with three instances of
that same single product (i.e. clumps of related webapp.s) in a single
Tomcat instance. It works well.

In development I have at times as many as a dozen of those clumps
running in a single Tomcat, alongside various other applications also
in that single Tomcat. It rarely causes trouble, and in development I
can always bounce it if I need to.

A couple of comments:

o "loaded classes may not always be unloaded cleanly, threads not
closed etc." If I have this, it is either (a) an application bug,
which I should fix, or (b) a buggy dependency, which I should
report and complain about until fixed (or replaced).

o An additional problem with multiple applications per container:
ill-designed dependencies which are only configurable using system
properties, when different applications need different
configurations.
--
Mark H. Wood
Lead Technology Analyst

University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu

Thanks for your input!

To summarize: Most of us seem to prefer not to have too many web
applications running in one tomcat instance. If, however, it is possible
to run a tomcat with many applications in a stable way it reduces
administrative overhead to do so. The prerequisites for this are that
the applications are mature, handle resources well and don't get too
many updates (we _do_ regular dependency updates, though ...).

On the other hand, if there is - for whatever reason - a regular need of
restarts or re-deployments or if the applications deployed need
individual monitoring or special care or whatever, there is a case for
one application per tomcat.

What do I make of this? There might be a compromise here: Identify those
applications that don't cause trouble and put them into one tomcat
instance. Everything else (new applications, buggy ones no one bothers
to fix anymore, applications that get regular feature updates etc.) are
isolated in their own tomcat instances. As soon as those become stable
we can move them to (one of) the fat tomcat(s).

Sounds like something I might get through :-)

Thanks and greetings,
tarek
[...]



---------------------------------------------------------------------
To unsubscribe, e-mail: users-***@tomcat.apache.org
For additional commands, e-mail: users-***@tomcat.apache.org