The upgrade from Tomcat 8 to Tomcat 9 is part of the upgrade to Abiquo 5.2.x and environments using HTTPS-SSL between the Tomcat servers. (See Configure Abiquo Tomcat with HTTPS for Remote RS)
As part of the upgrade when using HTTPS-SSL between Tomcat servers:
- The Catalina connector for HTTPS will be lost on upgrade
- The new secretRequired option is not present
- AJP Connector on Tomcat9 won't allow external connections by default.
Before you start the upgrade, do these steps.
On each tomcat server, from the /opt/abiquo/tomcat/conf folder, back up the server.xml files. For example, for the API server:
# cd /opt/abiquo/tomcat/conf # cp server.xml ~/server.api.backup.xml
You will need to restore these files after the upgrade.
Before you restart the tomcat servers, do these steps.
- Restore the server.xml files from their backups
Edit the server.xml files and add the new secretRequired="false" option to the HTTPS connector
<Service name="Catalina"> <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8009" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="/opt/abiquo/tomcat/conf/remoters.jks" keystorePass="changeit" keyAlias="myremoters.bcn.abiquo.com" clientAuth="false" secretRequired="false" sslProtocol="TLS"/>If you have a separate API and UI server, on the API server, edit the server.xml file and allow the AJP connector to listen everywhere, not just on localhost, by setting address="0.0.0.0". Also add secretRequired="false".
<Connector port="8010" protocol="AJP/1.3" enableLookups="false" tomcatAuthentication="false" connectionTimeout="20000" secretRequired="false" address="0.0.0.0" />