IBM Support

Manually updating Apache Tomcat used for RLKS ART

Technote (FAQ)


Question

A new security advisory has been released regarding Apache Tomcat. How do I manually update the Tomcat instance that is used for the IBM Rational License Key Server (RLKS) Administration and Reporting Tool (ART)?

Answer

To update the Tomcat used by the ART, perform the following actions:

  1. Download the latest/desired tomcat 7.0 (core) version from http://tomcat.apache.org/download-70.cgi
    • For Windows hosts, download the 64-bit Windows version.
  2. Stop the ART
  3. Back up the contents of the following directories:
    • ...\RCL\RLKSAdmin\server\tomcat\lib
    • ...\RCL\RLKSAdmin\server\tomcat\bin
    • ...\RCL\RLKSAdmin\server\tomcat\conf
  4. Extract the archive download in step 1 to a temporary directory.
  5. Navigate to the "bin" directory inside the temporary directory.
  6. Delete the following files from the downloaded "bin" directory.(bat/sh files may not be present on all instances):
    • catalina.bat
    • catalina.sh
    • catalina-tasks.xml
    • cpappend.bat
    • cpappens.sh
    • shutdown.bat
    • shutdown.sh
    • startup.bat
    • startup.sh
  7. Copy all remaining files from the downloaded bin directory into the ART's tomcat\bin directory
  8. Navigate to the "lib" directory inside the temporary directory.
  9. Copy all files into the ART's tomcat\lib directory. The following files should remain from the original install:
    • jtsSetup.jar
    • com.ibm.team.repository.*
    • au.com.bytecode.opencsv_1.8.0.jar
    • ecj-4.3.1.jar (there will also be an newer ecj-*.jar after the copy)
  10. CD to the ART tomcat\conf directory.
  11. Edit the existing server.xml file to change the bolded line (the others are provided as a landmark to prevent changing the wrong ones):
       keystoreFile="ibm-team-ssl.keystore"
       keystorePass="ibm-team"
       protocol="HTTP/1.1"
       ... to ...
       protocol="org.apache.coyote.http11.Http11NioProtocol"
       (See: http://stackoverflow.com/questions/22665723/not-able-to-configure-ssl-with-tomcat-7)

Note 1: The current release of the RLKS ART is based on Tomcat 7.0.52 The latest version a the time this note was last updated was 7.0.68. We recommend downloading the most recent security fix for updates.

Note 2: Step 11 above may cause future ART updates to fail with "Null Pointer Exceptions attempting to shut the agent down for updating. This is APAR PI58487. The workaround is to chenge the protocol line back to the original "HTTP/1.1" for the update. If you are updating TO 8.1.4.x or any ifix of 8.1.4.x, the above steps may need to be performed again as the update may downgrade the Tomcat release.

Related information

Tomcat 7 security update information

Document information

More support for: Rational License Key Server
RLKS Administration and Reporting Tool

Software version: 8.1.4, 8.1.4.7, 8.1.4.8, 8.1.4.9

Operating system(s): AIX, HP-UX, Linux, Solaris, Windows

Reference #: 1973649

Modified date: 07 March 2016