Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

The upgrade from Tomcat 8 to Tomcat 9 is part of the upgrade to Abiquo 5.2.x and environments using HTTPS-SSL between the Tomcat servers. See Configure Abiquo Tomcat with HTTPS for Remote RS.

As part of the upgrade when using HTTPS-SSL between Tomcat servers:

  • The Catalina connector for HTTPS will be lost on upgrade
  • The new secretRequired option is not present
  • AJP Connector in Tomcat 9 won't allow external connections by default. 


Before you start the upgrade, do these steps.

  1. On each Tomcat server, from the /opt/abiquo/tomcat/conf folder, back up the server.xml files. For example, for the API server

    # cd /opt/abiquo/tomcat/conf
    # cp server.xml ~/server.api.backup.xml

    You will need to restore and modify these files after the upgrade.

Before you restart the tomcat servers, do these steps.

  1. Restore the backup of the server.xml files
  2. Edit the server.xml files and add the new secretRequired="false" option to the HTTPS connector

    <Service name="Catalina">
    
            <Connector
               protocol="org.apache.coyote.http11.Http11NioProtocol"
               port="8009" maxThreads="200"
               scheme="https" secure="true" SSLEnabled="true"
               keystoreFile="/opt/abiquo/tomcat/conf/remoters.jks" keystorePass="changeit" keyAlias="myremoters.bcn.abiquo.com"
               clientAuth="false" secretRequired="false" 
               sslProtocol="TLS"/>
  3. If you have a separate API and UI server, on the API server, edit the server.xml file and allow the AJP connector to listen everywhere, not just on localhost, by setting address="0.0.0.0". Also add secretRequired="false".

    <Connector port="8010" protocol="AJP/1.3"
                   enableLookups="false"
                   tomcatAuthentication="false"
                   connectionTimeout="20000"
                   secretRequired="false"
                   address="0.0.0.0"
                   />
  • No labels