Skip to main content
Redhat Developers  Logo
  • Products

    Featured

    • Red Hat Enterprise Linux
      Red Hat Enterprise Linux Icon
    • Red Hat OpenShift AI
      Red Hat OpenShift AI
    • Red Hat Enterprise Linux AI
      Linux icon inside of a brain
    • Image mode for Red Hat Enterprise Linux
      RHEL image mode
    • Red Hat OpenShift
      Openshift icon
    • Red Hat Ansible Automation Platform
      Ansible icon
    • Red Hat Developer Hub
      Developer Hub
    • View All Red Hat Products
    • Linux

      • Red Hat Enterprise Linux
      • Image mode for Red Hat Enterprise Linux
      • Red Hat Universal Base Images (UBI)
    • Java runtimes & frameworks

      • JBoss Enterprise Application Platform
      • Red Hat build of OpenJDK
    • Kubernetes

      • Red Hat OpenShift
      • Microsoft Azure Red Hat OpenShift
      • Red Hat OpenShift Virtualization
      • Red Hat OpenShift Lightspeed
    • Integration & App Connectivity

      • Red Hat Build of Apache Camel
      • Red Hat Service Interconnect
      • Red Hat Connectivity Link
    • AI/ML

      • Red Hat OpenShift AI
      • Red Hat Enterprise Linux AI
    • Automation

      • Red Hat Ansible Automation Platform
      • Red Hat Ansible Lightspeed
    • Developer tools

      • Red Hat Trusted Software Supply Chain
      • Podman Desktop
      • Red Hat OpenShift Dev Spaces
    • Developer Sandbox

      Developer Sandbox
      Try Red Hat products and technologies without setup or configuration fees for 30 days with this shared Openshift and Kubernetes cluster.
    • Try at no cost
  • Technologies

    Featured

    • AI/ML
      AI/ML Icon
    • Linux
      Linux Icon
    • Kubernetes
      Cloud icon
    • Automation
      Automation Icon showing arrows moving in a circle around a gear
    • View All Technologies
    • Programming Languages & Frameworks

      • Java
      • Python
      • JavaScript
    • System Design & Architecture

      • Red Hat architecture and design patterns
      • Microservices
      • Event-Driven Architecture
      • Databases
    • Developer Productivity

      • Developer productivity
      • Developer Tools
      • GitOps
    • Secure Development & Architectures

      • Security
      • Secure coding
    • Platform Engineering

      • DevOps
      • DevSecOps
      • Ansible automation for applications and services
    • Automated Data Processing

      • AI/ML
      • Data Science
      • Apache Kafka on Kubernetes
      • View All Technologies
    • Start exploring in the Developer Sandbox for free

      sandbox graphic
      Try Red Hat's products and technologies without setup or configuration.
    • Try at no cost
  • Learn

    Featured

    • Kubernetes & Cloud Native
      Openshift icon
    • Linux
      Rhel icon
    • Automation
      Ansible cloud icon
    • Java
      Java icon
    • AI/ML
      AI/ML Icon
    • View All Learning Resources

    E-Books

    • GitOps Cookbook
    • Podman in Action
    • Kubernetes Operators
    • The Path to GitOps
    • View All E-books

    Cheat Sheets

    • Linux Commands
    • Bash Commands
    • Git
    • systemd Commands
    • View All Cheat Sheets

    Documentation

    • API Catalog
    • Product Documentation
    • Legacy Documentation
    • Red Hat Learning

      Learning image
      Boost your technical skills to expert-level with the help of interactive lessons offered by various Red Hat Learning programs.
    • Explore Red Hat Learning
  • Developer Sandbox

    Developer Sandbox

    • Access Red Hat’s products and technologies without setup or configuration, and start developing quicker than ever before with our new, no-cost sandbox environments.
    • Explore Developer Sandbox

    Featured Developer Sandbox activities

    • Get started with your Developer Sandbox
    • OpenShift virtualization and application modernization using the Developer Sandbox
    • Explore all Developer Sandbox activities

    Ready to start developing apps?

    • Try at no cost
  • Blog
  • Events
  • Videos

Install Apache Tomcat and deploy a Java web application on Red Hat OpenShift

July 1, 2020
Pandurang Memane
Related topics:
ContainersJavaKubernetes
Related products:
Red Hat JBoss Web Server

Share:

    If you are new to OpenShift, then you might want to install Apache Tomcat on top of it for simpler experimentation. This article guides you through installing Apache Tomcat from a Docker image and then using it to deploy a Java web app on Red Hat OpenShift. I also show you how to access the Tomcat management console on OpenShift.

    To follow the examples, you must have an OpenShift account. We will use the OpenShift command-line interface (CLI) for this demonstration, so be sure to install the CLI (oc) before you begin.

    A note about the sample application: You will need a Java web application to use for the deployment example. I am using the Sample Java Web Application from the OpenShift Demos GitHub repository. It is a simple application that is useful for understanding basic concepts. You may use the provided sample or choose your own application to work with.

    About the Tomcat management console

    The Tomcat Manager is for deploying a new web application (or undeploying an existing one) without having to shut down and restart the entire container. In addition, the Tomcat Manager lets you request that an existing application reload itself, even if you have not declared it to be reloadable in the Tomcat server configuration file.

    This manager consists of a web application (installed by default on the context path /manager) that supports the following functions:

    • Deploy a new web application from the uploaded contents of a WAR file.
    • Deploy a new web application, on a specified context path, from the server file system.
    • List the currently deployed web applications, as well as the sessions that are currently active for those web applications.
    • Reload an existing web application, to reflect changes in the contents of /WEB-INF/classes or /WEB-INF/lib.
    • List the OS and JVM property values.
    • List the available global JNDI resources, for use in deployment tools that prepare <ResourceLink> elements nested in a <Context> deployment description.
    • Start a stopped application (thus making it available again).
    • Stop an existing application (so that it becomes unavailable), but do not undeploy it.
    • Undeploy a deployed web application and delete its document base directory (unless it was deployed from the file system).

    Step 1: Install Tomcat on OpenShift

    To start, let's install Apache Tomcat 9 from a Docker image. As previously mentioned, we'll use the OpenShift command-line tool, oc, for our installation:

    1. From the command line, log in to your OpenShift console:
      $ oc login --server=https://openshift.testcluster.lab.redhat.com -u user -p password
    2. Enter your Red Hat registry service account username and password:
      sh-4.2# sudo sh -
      
      sh-4.2# docker login
      
      Username: {REGISTRY-SERVICE-ACCOUNT-USERNAME}
      
      Password: {REGISTRY-SERVICE-ACCOUNT-PASSWORD}
      
      Login Succeeded
      
    3. Here is the command to pull the Docker image from the Red Hat container registry, followed by status output:
      sh-4.2# docker pull registry.redhat.io/jboss-webserver-5/webserver53-openjdk8-tomcat9-openshift-rhel7
      
      Using default tag: latest
      
      Trying to pull repository registry.redhat.io/jboss-webserver-5/webserver53-openjdk8-tomcat9-openshift-rhel7 ...
      
      latest: Pulling from registry.redhat.io/jboss-webserver-5/webserver53-openjdk8-tomcat9-openshift-rhel7
      
      1f1202c893ce: Pull complete
      
      32be9843afa0: Pull complete
      
      c927648f9ad0: Pull complete
      
      8ac7bcea2a65: Pull complete
      
      Digest: sha256:bd637c88fdc94cd4e4476e00af1baeb3c1f3a6d9a873a73bee646950cdf076fc
      
      Status: Downloaded newer image for registry.redhat.io/jboss-webserver-5/webserver53-openjdk8-tomcat9-openshift-rhel7:latest
      

    Step 2: Create a new project

    Next, we'll create a new project to deploy the web application using Tomcat.

    1. Enter the following to create a new project:
      sh-4.2# oc new-project tomcat
      
      Now using project "tomcat" on server "https://openshift.testcluster.lab.redhat.com:443".
      
    2. Go to your new tomcat project:
      sh-4.2# oc project tomcat
      
      Already on project "tomcat" on server "https://openshift.testcluster.lab.redhat.com:443".
      

    Step 3: Create the Java web application

    Now, we create a Java web application.

    1. Create a new-app using the sample application that you chose (mine is os-sample-java-web):
      $ oc new-app registry.redhat.io/jboss-webserver-5/webserver53-openjdk8-tomcat9-openshift-rhel7~https://github.com/openshiftdemos/os-sample-java-web.git
    2. Verify that the application was deployed and the pod was created:
      sh-4.2# oc get pods
      
      NAME READY STATUS RESTARTS AGE
      
      os-sample-java-web-1-build 0/1 Completed 0 2m
      
      os-sample-java-web-1-k5sqz 1/1 Running 0 1m
    3. Verify that the cluster service was created:
      sh-4.2# oc get svc
      
      NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
      
      os-sample-java-web ClusterIP x.x.x.x <none> 8080/TCP,8443/TCP,8778/TCP 1m
      
      sh-4.2#
      
    4. Verify whether or not the route was created. If the route is not present (as shown below), then run the following command to expose the service:
      sh-4.2# oc get route
      
      No resources found.sh-4.2# oc expose svc os-sample-java-web
      
      route.route.openshift.io/os-sample-java-web exposedsh-4.2# oc get route
      
      NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
      
      os-sample-java-web os-sample-java-web-tomcat.openshift.testcluster.lab.redhat.com os-sample-java-web 8080-tcp None
      
    5. Using the route that you have just discovered, confirm that you can access application:
      os-sample-java-web-tomcat.openshift.testcluster.lab.redhat.com

    Step 4: Access the Tomcat Manager on OpenShift

    For security purposes, you can only access the Tomcat Manager on localhost. If you tried entering the following, for example, you would receive a "403 forbidden" error:

    os-sample-java-web-tomcat.openshift.testcluster.lab.redhat.com/manager

    Here is the command-line procedure to access the management console for Tomcat:

    1. Copy the secure-mgmt-console.sh and context.xml file from your pods to your master machine:
      sh-4.2# oc cp os-sample-java-web-1-k5sqz:/opt/jws-5.3/tomcat/bin/launch/secure-mgmt-console.sh secure-mgmt-console.sh
      
      sh-4.2# oc cp os-sample-java-web-1-k5sqz:/opt/jws-5.3/tomcat/webapps/manager/META-INF/context.xml context.xml
      
      sh-4.2# ls
      
      ansible.cfg context.xml hosts htpasswd log openshift-ansible secure-mgmt-console.sh
      
    2. Back up the main secure-mgmt-console.sh file:
      cp -pr secure-mgmt-console.sh secure-mgmt-console.sh_ORIG
      
    3. Make the following changes in the new secure-mgmt-console.sh file (note that users with the manager-gui role should not be granted the manager-script or manager-jmx role):
      sh-4.2# diff secure-mgmt-console.sh secure-mgmt-console.sh_ORIG
      
      13c13
      
      < sed -i -e"s|</tomcat-users>|\n<role rolename=\"manager-gui\"/>\n<user username=\"${JWS_ADMIN_USERNAME}\" password=\"${JWS_ADMIN_PASSWORD}\" roles=\"manager-gui\"/>\n</tomcat-users>|" $JWS_HOME/conf/tomcat-users.xml
      
      ---
      
      > sed -i -e"s|</tomcat-users>|\n<user username=\"${JWS_ADMIN_USERNAME}\" password=\"${JWS_ADMIN_PASSWORD}\" roles=\"manager-jmx,manager-script\"/>\n</tomcat-users>|" $JWS_HOME/conf/tomcat-users.xml
      
    4. Now, back up the main context.xml file:
      sh-4.2# cp -pr context.xml context.xml_ORIG
      
      sh-4.2# diff context.xml context.xml_ORIG
      
      19,20c19,20
      
      < <!-- <Valve className="org.apache.catalina.valves.RemoteAddrValve"
      
      < allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" /> -->
      
      ---
      
      > <Valve className="org.apache.catalina.valves.RemoteAddrValve"
      
      > allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
      
      23c23
      
      < <!-- <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1"/> -->
      
      > <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1"/>
      
    5. Create config maps for secure-mgmt-console.sh and context.xml, respectively:
      sh-4.2# oc create configmap mgmtsecure --from-file=secure-mgmt-console.sh
      
      configmap/mgmtsecure created
      
      sh-4.2# oc create configmap mgmtcontext --from-file=context.xml
      
      configmap/mgmtcontext created
      
    6. Set the volume for the mgmtsecure and mgmtcontext config maps:
      sh-4.2# oc set volume dc/os-sample-java-web --add --name=mgmtsecure --configmap-name=mgmtsecure --default-mode=0777 --mount-path=/opt/jws-5.3/tomcat/bin/launch/secure-mgmt-console.sh --sub-path=secure-mgmt-console.sh
      
      deploymentconfig.apps.openshift.io/os-sample-java-web volume updated
      
      sh-4.2# oc set volume dc/os-sample-java-web --add --name=mgmtcontext --configmap-name=mgmtcontext --default-mode=0777 --mount-path=/opt/jws-5.3/tomcat/webapps/manager/META-INF/context.xml --sub-path=context.xml
      
      deploymentconfig.apps.openshift.io/os-sample-java-web volume updated
      
    7. Overwrite JWS_ADMIN_USERNAME and JWS_ADMIN_PASSWORD as shown:
      sh-4.2# oc set env dc/os-sample-java-web --overwrite JWS_ADMIN_USERNAME=jwsadmin
      
      deploymentconfig.apps.openshift.io/os-sample-java-web updated
      
      sh-4.2# oc set env dc/os-sample-java-web --overwrite JWS_ADMIN_PASSWORD=jwsadmin
      
      deploymentconfig.apps.openshift.io/os-sample-java-web update
      
      sh-4.2# oc set env dc/os-sample-java-web --overwrite SCRIPT_DEBUG=true
      
      deploymentconfig.apps.openshift.io/os-sample-java-web updated
      
    8. Verify that the application was deployed and the pod was created with your changes:
      os-sample-java-web-2-build 0/1 Completed 0 27m
      
      os-sample-java-web-7-rghgk 1/1 Running 0 26m
      

    Open the Tomcat Manager

    The last step is to open the /manager page. It will pop up a login console. Enter your user ID (jwsadmin) and password (jwsadmin) to access the Tomcat Manager in the OpenShift console.

    Open the Tomcat manager

    Conclusion

    You now know how to install Tomcat on OpenShift, use Tomcat to deploy a web application to OpenShift, and access the Tomcat /manager page. I hope this tutorial helps you get started with your OpenShift explorations.

    Last updated: January 12, 2024

    Recent Posts

    • Why Models-as-a-Service architecture is ideal for AI models

    • How to run MicroShift as a container using MINC

    • OpenShift 4.19 brings a unified console for developers and admins

    • 3 steps to secure network segmentation with Ansible and AWS

    • Integrate vLLM inference on macOS/iOS using OpenAI APIs

    Red Hat Developers logo LinkedIn YouTube Twitter Facebook

    Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform

    Build

    • Developer Sandbox
    • Developer Tools
    • Interactive Tutorials
    • API Catalog

    Quicklinks

    • Learning Resources
    • E-books
    • Cheat Sheets
    • Blog
    • Events
    • Newsletter

    Communicate

    • About us
    • Contact sales
    • Find a partner
    • Report a website issue
    • Site Status Dashboard
    • Report a security problem

    RED HAT DEVELOPER

    Build here. Go anywhere.

    We serve the builders. The problem solvers who create careers with code.

    Join us if you’re a developer, software engineer, web designer, front-end designer, UX designer, computer scientist, architect, tester, product manager, project manager or team lead.

    Sign me up

    Red Hat legal and privacy links

    • About Red Hat
    • Jobs
    • Events
    • Locations
    • Contact Red Hat
    • Red Hat Blog
    • Inclusion at Red Hat
    • Cool Stuff Store
    • Red Hat Summit

    Red Hat legal and privacy links

    • Privacy statement
    • Terms of use
    • All policies and guidelines
    • Digital accessibility

    Report a website issue