The upgrade from Tomcat 8 to Tomcat 9 is part of the upgrade to Abiquo 5.2.x and environments using HTTPS -SSL TLS between the Tomcat servers. (See Configure Abiquo Tomcat with HTTPS for Remote RS)
As part of the upgrade when using HTTPS -SSL TLS between Tomcat servers:
- The Catalina connector for HTTPS will be lost on upgrade
- The new secretRequired option is not present
- AJP Connector on Tomcat9 won't allow external connections by default.
- During the upgrade from Java 8 to Java 11, the default keystore folder location changes, for example:
- OLD: keystoreFile="/usr/java/default/jre/lib/security/cacerts"
NEW: keystoreFile="/usr/java/default/lib/security/cacerts"
- OLD: keystoreFile="/usr/java/default/jre/lib/security/cacerts"
Before you start the upgrade, do these steps.
On each tomcat Tomcat server, from the /opt/abiquo/tomcat/conf folder, back up the server.xml files. For example, for the API server:
Code Block # cd /opt/abiquo/tomcat/conf # cp server.xml ~/server.api.backup.xml
You will need to restore these files after the upgrade.
Before you restart the tomcat Tomcat servers, do these steps.
- Restore the server.xml files from their backups
Edit the server.xml files and add the new secretRequired="false" option to the HTTPS connector
Code Block <Service name="Catalina"> <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8009" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="/opt/abiquo/tomcat/conf/remoters.jks" keystorePass="changeit" keyAlias="myremoters.bcn.abiquo.com" clientAuth="false" secretRequired="false" sslProtocol="TLS"/>
If you have a separate API and UI server, on the API server, edit the server.xml file and allow the AJP connector to listen everywhere, not just on localhost, by setting address="0.0.0.0". Also add secretRequired="false".
Code Block <Connector port="8010" protocol="AJP/1.3" enableLookups="false" tomcatAuthentication="false" connectionTimeout="20000" secretRequired="false" address="0.0.0.0" />
...