Highlighted
Absent Member.. Absent Member..
Absent Member..
1250 views

Apache Tomcat update for Service Manager 9.4

We are running Service Manager 9.4 in our environment and had some Nessus scans run recently for a security inspection. The version of of Apache Tomcat that we're running is 7.0.53, and versions prior to 7.0.60 have a list of vulnerabilities that we need to address. Is there a version update to the product that will update Apache Tomcat to a more current version?

Thanks

0 Likes
10 Replies
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Apache Tomcat update for Service Manager 9.4

Hi, 

According to the support matrix, for 9.40 the lates version of Tomcat 7 is recommended. Upgrade your Tomcat 7 to the latest version is a good choice.

https://softwaresupport.hpe.com/km/KM01294591/service_manager_940_support_matrix.pdf

And from 9.41, Tomcat 8 is supported, and latest version of Tomcat 8 is recommended for 9.41.

Thanks,

Ling-Yan

0 Likes
Highlighted
Absent Member.. Absent Member..
Absent Member..

Re: Apache Tomcat update for Service Manager 9.4

Ok, thanks, but what I'm looking for is a step by step guide about *how* to upgrade Apace Tomcat to the latest version (7.0.69 is the most current now, I believe).

Does HP put out such a document?

0 Likes
Highlighted
Absent Member.. Absent Member..
Absent Member..

Re: Apache Tomcat update for Service Manager 9.4

I assume you are referring to the embedded Tomcat in Service Manager, not an instance of Tomcat to support webtier.

The embedded Tomcat can only be updated via an RTE upgrade. I'd recommend opening a support ticket to determine if a current 9.4x RTE patch includes a more recent Tomcat release.

----------------------------------------------------
Kudos - what, where, how, and why
Want Good Answers? Ask Good Questions...
0 Likes
Highlighted
Absent Member.. Absent Member..
Absent Member..

Re: Apache Tomcat update for Service Manager 9.4

Sorry, I missed this reply yesterday.

I am brand new to both Service Manager and Tomcat. In control panel "programs and features", there is a listing for Apache Tomcat installed the same day the original version of Service Manager was installed (9.30). I have no idea if this is "embedded" tomcat or not. (SM has been upgraded twice since then - to 9.33 and then 9.40)

I don't know what an RTE patch is??

If we were to upgrade 9.40 to 9.41, does that upgrade include an update to Tomcat at the same time?

0 Likes
Highlighted
Absent Member.. Absent Member..
Absent Member..

Re: Apache Tomcat update for Service Manager 9.4

Just to add - I did open a support ticket with HP support a few days ago and got back a response "Apache Tomcat isn't an HP product - we don't support it". If Tomcat is actually an embedded product within SM, I don't understand why it wouldn't be supported??

0 Likes
Highlighted
Outstanding Contributor.. Outstanding Contributor..
Outstanding Contributor..

Re: Apache Tomcat update for Service Manager 9.4

Just a quick note (I only have a few minutes):

Tomcat acts as the web host for the Service Manager web application (the user-facing front-end web client). That is (most likely) what the Tomcat you see installed is doing. To upgrade that, you have a few options - easiest is to backup the SM webtier folder in the webapps directory, uninstall Tomcat, re-install a newer version of Tomcat (I'd suggest 8.5), and copy back the previous SM webtier folder into the newly-installed webapps. That's for the webtier-hosting Tomcat.

There are aspects of Tomcat embedded in the SM runtime environment (RTE) files (Program Files (x86)\HP\Service Manager\Server), but as mentioned the only way to upgrade that embedded Tomcat is if a newer version is embedded in an RTE patch. Here are all the current patches (and the patches which have been superceded): https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facetsearch/document/KM01384297

If the scans are picking up on the web-hosting Tomcat, an uninstall/reinstaller newer version should address the issue. If they are picking up the embedded Tomcat and you cannot upgrade your RTE to a non-vulnerable version, then I would make the case that SM is a COTS product and is what it is. If your organization pushes back, they/you can try to make a case to HP to upgrade the embedded Tomcat.

0 Likes
Highlighted
Absent Member.. Absent Member..
Absent Member..

Re: Apache Tomcat update for Service Manager 9.4

There is a c:\program files\apache software foundation\tomcat 7.0 folder, and it's also listed in Control Panel | Programs and Features - does that imply it's a web tier version and not embedded?

If I remove/reinstall new version of tomcat, is copying over the C:\Program Files\Apache Software Foundation\Tomcat 7.0\webapps\sm all that needs to be done? Is there any other configuration that I'd have to do?

 

0 Likes
Highlighted
Absent Member.. Absent Member..
Absent Member..

Re: Apache Tomcat update for Service Manager 9.4

One other thing I'm finding confusing is that some of the youtube videos I've been watching on how to install Tomcat install using a *.exe file that runs a GUI program to install it, but the version you can download from the Apache Tomcat website is just a zip file the expands a folder and a bunch of sub-folders. What's the difference between the two?

0 Likes
Highlighted
Absent Member.. Absent Member..
Absent Member..

Re: Apache Tomcat update for Service Manager 9.4

Sorry if I'm rambling on too much. As I'm making progress on this, different questions are coming out.

I found the Windows *.exe installer on the Tomcat website; feel stupid for not seeing that before. I installed the .53 version on a vmware machine and then running the .69 version over it to see if it would be a simple upgrade. Not so lucky on that - didn't work.

So, if I do a remove on the current version (the .53) and then install .69, will Tomcat run correctly if I just restore some of the existing folders?

For example, under C:\Program Files\Apache Software Foundation\Tomcat 7.0\ there are the following folders - bin, conf, lib, logs, old-splash, old-stuff (these last two are almost certainly stash folders, not part of tomcat), temp, webapps, and work.

Also in the root of Tomcat 7.0 are a *.keystore and a keystore.jks file - I'm assuming these are needed to get SSL working correctly again.?

I'm guessing bin, lib, and logs should be fine from the new version. ?

The conf folder looks like it has some customized files in it.

So, if conf and webapps are copied over to the new install, should that (theoretically) get the server running correctly again?

0 Likes
Highlighted
Outstanding Contributor.. Outstanding Contributor..
Outstanding Contributor..

Re: Apache Tomcat update for Service Manager 9.4

There is a c:\program files\apache software foundation\tomcat 7.0 folder, and it's also listed in Control Panel | Programs and Features - does that imply it's a web tier version and not embedded?

Yes, that would imply it's the industry-standard normal Tomcat, acting as a web host.

If I remove/reinstall new version of tomcat, is copying over the C:\Program Files\Apache Software Foundation\Tomcat 7.0\webapps\sm all that needs to be done? Is there any other configuration that I'd have to do?

The webapps\sm folder is the main thing that you'll want to backup., but you may need to configure a few more things, depending on how your Tomcat is set up now.

One other thing I'm finding confusing is that some of the youtube videos I've been watching on how to install Tomcat install using a *.exe file that runs a GUI program to install it, but the version you can download from the Apache Tomcat website is just a zip file the expands a folder and a bunch of sub-folders. What's the difference between the two?

The .exe file download is a standard Windows installer. The zip file download is just an unpacked copy of the Tomcat runtime; you can then execute a .bat file to create a Tomcat Windows Service.

Sorry if I'm rambling on too much. As I'm making progress on this, different questions are coming out.

I found the Windows *.exe installer on the Tomcat website; feel stupid for not seeing that before. I installed the .53 version on a vmware machine and then running the .69 version over it to see if it would be a simple upgrade. Not so lucky on that - didn't work.

So, if I do a remove on the current version (the .53) and then install .69, will Tomcat run correctly if I just restore some of the existing folders?

Yes, this should work fine. I would look through the files and folders and see if there's any modified dates which make you think they were changed after the Tomcat install. Backup all those, then uninstall Tomcat from the Control Panel, then install the new version, then copy in your backed-up files/folders.

For example, under C:\Program Files\Apache Software Foundation\Tomcat 7.0\ there are the following folders - bin, conf, lib, logs, old-splash, old-stuff (these last two are almost certainly stash folders, not part of tomcat), temp, webapps, and work.

Also in the root of Tomcat 7.0 are a *.keystore and a keystore.jks file - I'm assuming these are needed to get SSL working correctly again.?

You may want to back those SSL files up, but if they are in the ROOT webapp folder, those don't matter for your SM webtier.

I'm guessing bin, lib, and logs should be fine from the new version.?

You definitely need the new bin and the new lib. I doubt anything will have been changed in your current lib, while there may be tweaks in bin; logs, temp, and work don't matter - the new version of those is fine.

The conf folder looks like it has some customized files in it.

So, if conf and webapps are copied over to the new install, should that (theoretically) get the server running correctly again?

Rather than copying in all of conf, I would backup the files and then compare them to the new version (probably server.xml and/or tomcat-users.xml?), because the new version may have added additional things that you would want/need - so it'd be better to manually make any changes in the new files to match the current ones. As for webapps, you only need the SM folder - you can accept all the other default webapp folders that come with the new install, and copy in those SSL files, and manually make any tweaks needed in the ROOT folder.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.