Readme File for RFE 132223
Readme file for: Platform Symphony 7.1 Fix Pack 1
Product/Component Release: 7.1 Fix Pack 1
Fix ID:
sym-7.1-build518751-welfg
Publication date:
April
26, 2019
This enhancement upgrades the Apache Tomcat
version in Platform Symphony 7.1 Fix Pack 1 and Platform Symphony Developer
Edition (DE) 7.1 Fix Pack 1 to version 8.5.40 in order to fix security
vulnerabilities in the original Tomcat version.
Contents
Copyright and trademark information
Before you install this enhancement
to your cluster, note the following requirements:
Operating system |
Management hosts:
RHEL 6.5 64-bit DE hosts: RHEL 6.5 64-bit, Windows 64-bit |
Product version |
Platform Symphony 7.1 Fix Pack 1 Platform
Symphony DE 7.1 Fix Pack 1 |
Follow the instructions
in this section to download and install this enhancement in your cluster.
· Platform
Symphony 7.1 Fix Pack 1 Advanced Edition must be installed on Linux hosts in
your cluster.
· Platform
Symphony DE 7.1 Fix Pack 1 must be installed on Linux or Windows hosts in your
cluster.
Download the installation package for your host type:
Name |
Description |
sym7.1_lnx26-lib23-x64_build518751.tar.gz |
Package to upgrade Tomcat on Linux management hosts. |
symde7.1_lnx26-lib23-x64_build518751.tar.gz |
Package to upgrade Tomcat on Linux DE hosts. |
symde7.1_win-x64_build518751.zip |
Package to upgrade Tomcat on Windows DE hosts. |
Apache Tomcat 8.5.40 package for Linux DE hosts |
|
Apache Tomcat 8.5.40 package for Windows DE hosts |
a. Log
on to the master host as the cluster administrator, disable all applications,
and shut down the cluster:
> soamcontrol
app disable all
>
egosh service stop all
>
egosh ego shutdown all
b. On each Linux management host, back up
the following files:
$EGO_TOP/gui/3.1/tomcat/
$EGO_CONFDIR/../../gui/conf/catalina.policy
$EGO_CONFDIR/../../gui/conf/catalina.properties
$EGO_CONFDIR/../../gui/conf/server.xml
$EGO_TOP/gui/ego/3.1/platform/WEB-INF/web.xml
$EGO_TOP/gui/is/7.1/isgui/WEB-INF/web.xml
$EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/web.xml
$EGO_TOP/gui/soam/7.1/soamgui/WEB-INF/web.xml
$EGO_TOP/gui/soam/7.1/symgui/WEB-INF/web.xml
c. On
each management host, clean up the GUI work directory:
> rm -rf $EGO_TOP/gui/work/*
d. Launch
your web browser and clear the browser cache.
a. Log
on to the Linux DE host and shut down the agent:
> source profile.platform
> soamshutdown
b. On each Linux DE host, back up the
following files:
$SOAM_HOME/gui/3.1/tomcat/
$SOAM_HOME/gui/conf/catalina.policy
$SOAM_HOME/gui/conf/catalina.properties
$SOAM_HOME/gui/conf/server.xml
$SOAM_HOME/gui/ego/3.1/platform/WEB-INF/web.xml
$SOAM_HOME/gui/soam/7.1/soamgui/WEB-INF/web.xml
$SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/web.xml
c. On
each DE host, clean up the GUI work directory:
> rm -rf $SOAM_HOME/gui/work/*
d. Launch
your web browser and clear the browser cache.
a. Log
on to the Windows DE host and shut down the agent:
> soamshutdown
b. On each Windows DE host, back up the
following files:
%SOAM_HOME%\gui\3.1\tomcat
%SOAM_HOME%\gui\conf\catalina.policy
%SOAM_HOME%\gui\conf\catalina.properties
%SOAM_HOME%\gui\conf\server.xml
%SOAM_HOME%\gui\ego\3.1\platform\WEB-INF\web.xml
%SOAM_HOME%\gui\soam\7.1\soamgui\WEB-INF\web.xml
%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\web.xml
c. On
each DE host, clean up the GUI work directory:
> rd /s /q %SOAM_HOME%\gui\work\Catalina
d. Launch
your web browser and clear the browser cache.
a.
Log on to each management host in the cluster as the
cluster administrator.
b.
Copy the apache-tomcat-8.5.40.tar.gz
package to a temporary folder and extract its contents:
> cp
apache-tomcat-8.5.40.tar.gz /tmp
> tar zxvf apache-tomcat-8.5.40.tar.gz
> rm -rf
apache-tomcat-8.5.40/conf/
> rm -rf
apache-tomcat-8.5.40/work/
> rm -rf
apache-tomcat-8.5.40/logs/
c.
Copy the Tomcat folder to the GUI
directory:
> rm -rf
$EGO_TOP/gui/3.1/tomcat
> cp -rf
apache-tomcat-8.5.40 $EGO_TOP/gui/3.1/tomcat
d.
Download the sym7.1_lnx26-lib23-x64_build518751.tar.gz package and extract its contents to the $EGO_TOP directory:
> tar zxfo sym7.1_lnx26-lib23-x64_build518751.tar.gz -C $EGO_TOP
e.
If you ran the “egoconfig mghost shared_dir”
command during installation to set up a shared location for configuration
files, ensure that the following configuration files are changed in the shared
directory:
> cp $EGO_TOP/gui/conf/catalina.policy
$EGO_CONFDIR/../../gui/conf/catalina.policy
> cp $EGO_TOP/gui/conf/catalina.properties
$EGO_CONFDIR/../../gui/conf/catalina.properties
> cp $EGO_TOP/gui/conf/server.xml $EGO_CONFDIR/../../gui/conf/server.xml
f.
If you modified the server.xml
configuration file for details such as the GUI service port, manually redo
those changes:
$EGO_CONFDIR/../../gui/conf/server.xml
g.
Edit the web.xml
files to add the following configuration:
$EGO_TOP/gui/ego/3.1/platform/WEB-INF/web.xml
$EGO_TOP/gui/is/7.1/isgui/WEB-INF/web.xml
$EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/web.xml
$EGO_TOP/gui/soam/7.1/soamgui/WEB-INF/web.xml
$EGO_TOP/gui/soam/7.1/symgui/WEB-INF/web.xml
Find the “<servlet-name>dwr-invoker</servlet-name>” line in the “</servlet>” section and add the following configuration:
<init-param>
<param-name>crossDomainSessionSecurity</param-name>
<param-value>false</param-value>
</init-param>
For example:
<servlet>
<servlet-name>dwr-invoker</servlet-name>
<servlet-class>org.directwebremoting.servlet.DwrServlet</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>crossDomainSessionSecurity</param-name>
<param-value>false</param-value>
</init-param>
</servlet>
a.
Log on to each Linux DE host as the cluster
administrator.
b.
Copy the apache-tomcat-8.5.40.tar.gz
package to a temporary folder and extract its contents:
> cp
apache-tomcat-8.5.40.tar.gz /tmp
> tar zxvf apache-tomcat-8.5.40.tar.gz
> rm -rf apache-tomcat-8.5.40/conf/
> rm -rf
apache-tomcat-8.5.40/work/
> rm -rf
apache-tomcat-8.5.40/logs/
c.
Copy the Tomcat folder to the GUI
directory:
> mv
$SOAM_HOME/gui/3.1/tomcat ./tomcat_bak
> cp -rf apache-tomcat-8.5.40
$SOAM_HOME/gui/3.1/tomcat
> cp -rf
tomcat_bak/bin/startguiservice.sh $SOAM_HOME/gui/3.1/tomcat/bin
> cp -rf
tomcat_bak/bin/stopguiservice.sh $SOAM_HOME/gui/3.1/tomcat/bin
d.
Download the symde7.1_lnx26-lib23-x64_build518751.tar.gz package and extract its contents to the $SOAM_HOME directory:
> tar zxfo symde7.1_lnx26-lib23-x64_build518751.tar.gz -C $SOAM_HOME
e.
If you modified the server.xml
configuration file for details such as the GUI service port, manually redo
those changes:
$SOAM_HOME/gui/conf/server.xml
f.
Edit the web.xml
files to add the following configuration:
$SOAM_HOME/gui/ego/3.1/platform/WEB-INF/web.xml
$SOAM_HOME/gui/soam/7.1/soamgui/WEB-INF/web.xml
$SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/web.xml
Find the “<servlet-name>dwr-invoker</servlet-name>” line in the “</servlet>” section and add the following configuration:
<init-param>
<param-name>crossDomainSessionSecurity</param-name>
<param-value>false</param-value>
</init-param>
For example:
<servlet>
<servlet-name>dwr-invoker</servlet-name>
<servlet-class>org.directwebremoting.servlet.DwrServlet</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>crossDomainSessionSecurity</param-name>
<param-value>false</param-value>
</init-param>
<servlet>
a. Log on to each Windows DE host as
the cluster administrator.
b. Copy
the apache-tomcat-8.5.40-windows-x64.zip
package to a temporary folder and extract its contents:
> copy
apache-tomcat-8.5.40-windows-x64.zip C:\tmp
> rd /s /q apache-tomcat-8.5.40\conf
> rd /s /q apache-tomcat-8.5.40\work
> rd /s /q apache-tomcat-8.5.40\logs
c. Copy
the Tomcat folder to the GUI directory:
> move
%SOAM_HOME%\gui\3.1\tomcat tomcat_bak
> xcopy apache-tomcat-8.5.40 %SOAM_HOME%\gui\3.1\tomcat
> copy tomcat_bak\bin\startguiservice.bat $SOAM_HOME\gui\3.1\tomcat\bin
> copy tomcat_bak\bin\stopguiservice.bat $SOAM_HOME\gui\3.1\tomcat\bin
d. Download the symde7.1_win-x64_build518751.zip package and extract its contents to the %SOAM_HOME% directory:
e. If
you modified the server.xml configuration file for
details such as the GUI service port, manually redo those changes:
%SOAM_HOME%\gui\conf\server.xml
f. Edit
the web.xml files to add the following configuration:
%SOAM_HOME%\gui\ego\3.1\platform\WEB-INF\web.xml
%SOAM_HOME%\gui\soam\7.1\soamgui\WEB-INF\web.xml
%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\web.xml
g. Find the “<servlet-name>dwr-invoker</servlet-name>” line in the “</servlet>” section and add the following configuration:
<init-param>
<param-name>crossDomainSessionSecurity</param-name>
<param-value>false</param-value>
</init-param>
For example:
<servlet>
<servlet-name>dwr-invoker</servlet-name>
<servlet-class>org.directwebremoting.servlet.DwrServlet</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>crossDomainSessionSecurity</param-name>
<param-value>false</param-value>
</init-param>
<servlet>
a.
Log on to the master
host as the cluster administrator, start the cluster, and enable your
applications:
> egosh ego
start all
> soamcontrol app
enable <AppName>
b.
In the $EGO_TOP/gui/logs/catalina.out
file, check whether the GUI version indicates version 8.5.40 for Tomcat:
INFO: Server version:
Apache Tomcat/8.5.40
a.
On each Linux DE
host, start the agent:
> soamstartup
&
b.
In the $SOAM_HOME/gui/logs/catalina.out
file, check whether the GUI version indicates version 8.5.40 for Tomcat:
INFO: Server version:
Apache Tomcat/8.5.40
a.
On each Windows DE
host, start the agent:
> soamstartup
b.
In the %SOAM_HOME%\gui\logs\catalina.out
file, check whether the GUI version indicates version 8.5.40 for
Tomcat:
INFO: Server version:
Apache Tomcat/8.5.40
Follow the instructions in this section to
roll back this enhancement in your cluster.
a.
Log on to the master host as the cluster
administrator, disable all applications, and shut down the cluster:
> soamcontrol app disable all
> egosh service stop all
> egosh ego shutdown all
b.
On all management hosts, restore all the files that
you backed up during installation.
c.
Log on to the master
host as the cluster administrator, start the cluster, and enable your
applications:
> egosh ego start all
> soamcontrol app enable <AppName>
a.
Log on to each Linux
DE host and shut down the agent:
> soamshutdown
b.
On each DE host, restore all the files that you
backed up during installation.
c.
Start the agent:
> soamstartup &
a.
Log on to each
Windows DE host and shut down the agent:
> soamshutdown
b.
On each DE host, restore all the files that you
backed up during installation.
c.
Start the agent:
> soamstartup
To receive information about
product solution and patch updates automatically, subscribe to product
notifications on the My notifications page http://www.ibm.com/support/mynotifications/ on the IBM
Support website (http://support.ibm.com). You can edit your subscription
settings to choose the types of information you want to get notification about,
for example, security bulletins, fixes, troubleshooting, and product
enhancements or documentation changes.
© Copyright IBM Corporation 2019
U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
IBM®, the IBM logo and ibm.com® are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.