Readme File for RFE 132223

Readme file for: Platform Symphony 7.1 Fix Pack 1

Product/Component Release: 7.1 Fix Pack 1

Fix ID: sym-7.1-build518751-welfg

Publication date: April 26, 2019

This enhancement upgrades the Apache Tomcat version in Platform Symphony 7.1 Fix Pack 1 and Platform Symphony Developer Edition (DE) 7.1 Fix Pack 1 to version 8.5.40 in order to fix security vulnerabilities in the original Tomcat version.

Contents

Scope

Installation and verification

Uninstallation

Product notifications

Copyright and trademark information


1.   Scope

Before you install this enhancement to your cluster, note the following requirements:

Operating system

Management hosts: RHEL 6.5 64-bit

DE hosts: RHEL 6.5 64-bit, Windows 64-bit

Product version

Platform Symphony 7.1 Fix Pack 1

Platform Symphony DE 7.1 Fix Pack 1

2.   Installation and verification

Follow the instructions in this section to download and install this enhancement in your cluster.

Prerequisites 

·       Platform Symphony 7.1 Fix Pack 1 Advanced Edition must be installed on Linux hosts in your cluster.

·       Platform Symphony DE 7.1 Fix Pack 1 must be installed on Linux or Windows hosts in your cluster.

Packages

Download the installation package for your host type:

Name

Description

sym7.1_lnx26-lib23-x64_build518751.tar.gz

Package to upgrade Tomcat on Linux management hosts.

symde7.1_lnx26-lib23-x64_build518751.tar.gz

Package to upgrade Tomcat on Linux DE hosts.

symde7.1_win-x64_build518751.zip

Package to upgrade Tomcat on Windows DE hosts.

apache-tomcat-8.5.40.tar.gz

Apache Tomcat 8.5.40 package for Linux DE hosts

apache-tomcat-8.5.40-windows-x64.zip

Apache Tomcat 8.5.40 package for Windows DE hosts

Before installing on Linux management hosts

a.      Log on to the master host as the cluster administrator, disable all applications, and shut down the cluster:

> soamcontrol app disable all

> egosh service stop all

> egosh ego shutdown all

b.      On each Linux management host, back up the following files:

$EGO_TOP/gui/3.1/tomcat/

$EGO_CONFDIR/../../gui/conf/catalina.policy

$EGO_CONFDIR/../../gui/conf/catalina.properties

$EGO_CONFDIR/../../gui/conf/server.xml

$EGO_TOP/gui/ego/3.1/platform/WEB-INF/web.xml

$EGO_TOP/gui/is/7.1/isgui/WEB-INF/web.xml

$EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/web.xml

$EGO_TOP/gui/soam/7.1/soamgui/WEB-INF/web.xml

$EGO_TOP/gui/soam/7.1/symgui/WEB-INF/web.xml

c.      On each management host, clean up the GUI work directory:

> rm -rf $EGO_TOP/gui/work/*

d.      Launch your web browser and clear the browser cache.

Before installing on Linux DE hosts

a.      Log on to the Linux DE host and shut down the agent:

> source profile.platform

> soamshutdown

b.      On each Linux DE host, back up the following files:

$SOAM_HOME/gui/3.1/tomcat/

$SOAM_HOME/gui/conf/catalina.policy

$SOAM_HOME/gui/conf/catalina.properties

$SOAM_HOME/gui/conf/server.xml

$SOAM_HOME/gui/ego/3.1/platform/WEB-INF/web.xml

$SOAM_HOME/gui/soam/7.1/soamgui/WEB-INF/web.xml

$SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/web.xml

c.      On each DE host, clean up the GUI work directory:

> rm -rf $SOAM_HOME/gui/work/*

d.      Launch your web browser and clear the browser cache.

Before installing on Windows DE hosts

a.      Log on to the Windows DE host and shut down the agent:

> soamshutdown

b.      On each Windows DE host, back up the following files:

%SOAM_HOME%\gui\3.1\tomcat

%SOAM_HOME%\gui\conf\catalina.policy

%SOAM_HOME%\gui\conf\catalina.properties

%SOAM_HOME%\gui\conf\server.xml

%SOAM_HOME%\gui\ego\3.1\platform\WEB-INF\web.xml

%SOAM_HOME%\gui\soam\7.1\soamgui\WEB-INF\web.xml

%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\web.xml

c.      On each DE host, clean up the GUI work directory:

> rd /s /q %SOAM_HOME%\gui\work\Catalina

d.      Launch your web browser and clear the browser cache.

Installing on Linux management hosts

a.      Log on to each management host in the cluster as the cluster administrator.

b.      Copy the apache-tomcat-8.5.40.tar.gz package to a temporary folder and extract its contents:

> cp apache-tomcat-8.5.40.tar.gz /tmp

> tar zxvf apache-tomcat-8.5.40.tar.gz

> rm -rf apache-tomcat-8.5.40/conf/

> rm -rf apache-tomcat-8.5.40/work/

> rm -rf apache-tomcat-8.5.40/logs/

c.      Copy the Tomcat folder to the GUI directory:

> rm -rf $EGO_TOP/gui/3.1/tomcat

> cp -rf apache-tomcat-8.5.40 $EGO_TOP/gui/3.1/tomcat

d.      Download the sym7.1_lnx26-lib23-x64_build518751.tar.gz package and extract its contents to the $EGO_TOP directory:

> tar zxfo sym7.1_lnx26-lib23-x64_build518751.tar.gz -C $EGO_TOP

e.      If you ran the “egoconfig mghost shared_dir” command during installation to set up a shared location for configuration files, ensure that the following configuration files are changed in the shared directory:

> cp $EGO_TOP/gui/conf/catalina.policy $EGO_CONFDIR/../../gui/conf/catalina.policy

> cp $EGO_TOP/gui/conf/catalina.properties $EGO_CONFDIR/../../gui/conf/catalina.properties

> cp $EGO_TOP/gui/conf/server.xml $EGO_CONFDIR/../../gui/conf/server.xml

f.       If you modified the server.xml configuration file for details such as the GUI service port, manually redo those changes:

$EGO_CONFDIR/../../gui/conf/server.xml

g.      Edit the web.xml files to add the following configuration:

$EGO_TOP/gui/ego/3.1/platform/WEB-INF/web.xml

$EGO_TOP/gui/is/7.1/isgui/WEB-INF/web.xml

$EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/web.xml

$EGO_TOP/gui/soam/7.1/soamgui/WEB-INF/web.xml

$EGO_TOP/gui/soam/7.1/symgui/WEB-INF/web.xml

Find the “<servlet-name>dwr-invoker</servlet-name>” line in the “</servlet>” section and add the following configuration:

<init-param>

<param-name>crossDomainSessionSecurity</param-name>

<param-value>false</param-value>

</init-param>

For example:

      <servlet>

         <servlet-name>dwr-invoker</servlet-name>

         <servlet-class>org.directwebremoting.servlet.DwrServlet</servlet-class>

             <init-param>

                 <param-name>debug</param-name>

                 <param-value>true</param-value>

             </init-param>

             <init-param>

                 <param-name>crossDomainSessionSecurity</param-name>

                 <param-value>false</param-value>

             </init-param>

      </servlet>

Installing on Linux DE hosts

a.      Log on to each Linux DE host as the cluster administrator.

b.      Copy the apache-tomcat-8.5.40.tar.gz package to a temporary folder and extract its contents:

> cp apache-tomcat-8.5.40.tar.gz /tmp

> tar zxvf apache-tomcat-8.5.40.tar.gz

> rm -rf apache-tomcat-8.5.40/conf/

> rm -rf apache-tomcat-8.5.40/work/

> rm -rf apache-tomcat-8.5.40/logs/

c.      Copy the Tomcat folder to the GUI directory:

> mv $SOAM_HOME/gui/3.1/tomcat ./tomcat_bak

> cp -rf apache-tomcat-8.5.40 $SOAM_HOME/gui/3.1/tomcat

> cp -rf tomcat_bak/bin/startguiservice.sh $SOAM_HOME/gui/3.1/tomcat/bin

> cp -rf tomcat_bak/bin/stopguiservice.sh $SOAM_HOME/gui/3.1/tomcat/bin

d.      Download the symde7.1_lnx26-lib23-x64_build518751.tar.gz package and extract its contents to the $SOAM_HOME directory:

> tar zxfo symde7.1_lnx26-lib23-x64_build518751.tar.gz -C $SOAM_HOME

e.      If you modified the server.xml configuration file for details such as the GUI service port, manually redo those changes:

$SOAM_HOME/gui/conf/server.xml

f.       Edit the web.xml files to add the following configuration:

$SOAM_HOME/gui/ego/3.1/platform/WEB-INF/web.xml

$SOAM_HOME/gui/soam/7.1/soamgui/WEB-INF/web.xml

$SOAM_HOME/gui/soam/7.1/symgui/WEB-INF/web.xml

Find the “<servlet-name>dwr-invoker</servlet-name>” line in the “</servlet>” section and add the following configuration:

<init-param>

<param-name>crossDomainSessionSecurity</param-name>

<param-value>false</param-value>

</init-param>

For example:

      <servlet>

         <servlet-name>dwr-invoker</servlet-name>

         <servlet-class>org.directwebremoting.servlet.DwrServlet</servlet-class>

             <init-param>

                 <param-name>debug</param-name>

                 <param-value>true</param-value>

             </init-param>

             <init-param>

                 <param-name>crossDomainSessionSecurity</param-name>

                 <param-value>false</param-value>

             </init-param>

      <servlet>

Installing on Windows DE hosts

a.      Log on to each Windows DE host as the cluster administrator.

b.      Copy the apache-tomcat-8.5.40-windows-x64.zip package to a temporary folder and extract its contents:

> copy apache-tomcat-8.5.40-windows-x64.zip C:\tmp

> rd /s /q apache-tomcat-8.5.40\conf

> rd /s /q apache-tomcat-8.5.40\work

> rd /s /q apache-tomcat-8.5.40\logs

c.      Copy the Tomcat folder to the GUI directory:

> move %SOAM_HOME%\gui\3.1\tomcat tomcat_bak

> xcopy apache-tomcat-8.5.40 %SOAM_HOME%\gui\3.1\tomcat

> copy tomcat_bak\bin\startguiservice.bat $SOAM_HOME\gui\3.1\tomcat\bin

> copy tomcat_bak\bin\stopguiservice.bat $SOAM_HOME\gui\3.1\tomcat\bin

d.      Download the symde7.1_win-x64_build518751.zip package and extract its contents to the %SOAM_HOME% directory:

e.      If you modified the server.xml configuration file for details such as the GUI service port, manually redo those changes:

%SOAM_HOME%\gui\conf\server.xml

f.       Edit the web.xml files to add the following configuration:

%SOAM_HOME%\gui\ego\3.1\platform\WEB-INF\web.xml

%SOAM_HOME%\gui\soam\7.1\soamgui\WEB-INF\web.xml

%SOAM_HOME%\gui\soam\7.1\symgui\WEB-INF\web.xml

g.      Find the “<servlet-name>dwr-invoker</servlet-name>” line in the “</servlet>” section and add the following configuration:

<init-param>

<param-name>crossDomainSessionSecurity</param-name>

<param-value>false</param-value>

</init-param>

For example:

      <servlet>

         <servlet-name>dwr-invoker</servlet-name>

         <servlet-class>org.directwebremoting.servlet.DwrServlet</servlet-class>

             <init-param>

                 <param-name>debug</param-name>

                 <param-value>true</param-value>

             </init-param>

             <init-param>

                 <param-name>crossDomainSessionSecurity</param-name>

                 <param-value>false</param-value>

             </init-param>

      <servlet>

After installing on Linux management hosts

a.      Log on to the master host as the cluster administrator, start the cluster, and enable your applications:

> egosh ego start all

> soamcontrol app enable <AppName>

b.      In the $EGO_TOP/gui/logs/catalina.out file, check whether the GUI version indicates version 8.5.40 for Tomcat:

INFO: Server version:        Apache Tomcat/8.5.40

After installing on Linux DE hosts

a.      On each Linux DE host, start the agent:

> soamstartup &

b.      In the $SOAM_HOME/gui/logs/catalina.out file, check whether the GUI version indicates version 8.5.40 for Tomcat:

INFO: Server version:        Apache Tomcat/8.5.40

After installing on Windows DE hosts

a.      On each Windows DE host, start the agent:

> soamstartup

b.      In the %SOAM_HOME%\gui\logs\catalina.out file, check whether the GUI version indicates version 8.5.40 for Tomcat:

INFO: Server version:        Apache Tomcat/8.5.40

3.   Uninstallation

Follow the instructions in this section to roll back this enhancement in your cluster.

Uninstalling on Linux management hosts

a.      Log on to the master host as the cluster administrator, disable all applications, and shut down the cluster:

> soamcontrol app disable all

> egosh service stop all

> egosh ego shutdown all 

b.      On all management hosts, restore all the files that you backed up during installation.

c.      Log on to the master host as the cluster administrator, start the cluster, and enable your applications:

> egosh ego start all

> soamcontrol app enable <AppName>

Uninstalling on Linux DE hosts

a.      Log on to each Linux DE host and shut down the agent:

> soamshutdown

b.      On each DE host, restore all the files that you backed up during installation.

c.      Start the agent:

> soamstartup &

Uninstalling on Windows DE hosts

a.      Log on to each Windows DE host and shut down the agent:

> soamshutdown

b.      On each DE host, restore all the files that you backed up during installation.

c.      Start the agent:

> soamstartup

4.   Product notifications

To receive information about product solution and patch updates automatically, subscribe to product notifications on the My notifications page http://www.ibm.com/support/mynotifications/ on the IBM Support website (http://support.ibm.com). You can edit your subscription settings to choose the types of information you want to get notification about, for example, security bulletins, fixes, troubleshooting, and product enhancements or documentation changes.

5.   Copyright and trademark information

© Copyright IBM Corporation 2019

U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

IBM®, the IBM logo and ibm.com® are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.