Support announcement
11/1/2022: Grouper v2.5 will not be supported after 5/1/2023. Please upgrade to a newer supported version
v2.5 builds
Grouper container upgrade instructions
These will be marked as stable once they are out for a while without issue and/or as people start using these in production. This is a judgment call by the Grouper team. If you are using a new release please inform us so we can provide better advice.
Date | Container tag (version) | Status | Upgrade instructions | Versions | Enhancements and bugs fixed in this version, known issues with this version |
---|---|---|---|---|---|
2023/11/03 | i2incommon/grouper:2.5.69 sha256:b3c46f8cde0ce2ab8 | EXPIRED | 1 upgrade instruction | Shib: 3.4.1 Apache: 2.4.6 Tomee: 7.0.9 (8.5.57) Openjdk: 1.8.0_392 | Authentication bypass security issue |
2022/12/22 | i2incommon/grouper:2.5.68 sha256:7714455fb50ffcf6e4 | EXPIRED | None | Shib: 3.2.3 Apache: 2.4.6 Tomee: 7.0.9 (8.5.57) Openjdk: 1.8.0_352 | 3 Jiras (library updates for security CVE) |
2022/11/29 | i2incommon/grouper:2.5.66.1 | EXPIRED | None | Shib: 3.4.0 Apache: 2.4.6 Tomee: 7.0.9 (8.5.57) Openjdk: 1.8.0_352 | Upstream SP container pointed to new version |
2022/11/01 | i2incommon/grouper:2.5.66 | EXPIRED | None | Shib: 3.2.3 Apache: 2.4.6 Tomee: 7.0.9 (8.5.57) Openjdk: 1.8.0_352 | |
2022/09/23 | i2incommon/grouper:2.5.65 sha256:e533f25aae4a8d2110 ddd7eb322984339123a3352 011565ec4a3d48db848ca98 | EXPIRED | None | Shib: 3.2.3 Apache: 2.4.6 Tomee: 7.0.9 (8.5.57) Openjdk: 1.8.0_342 | 7 Jiras Upgrade jars Make findBadMemberships full daemon scale for missing composites Run rule if condition with grouper session running with actAs subject Upgrade to latest csrfguard Make ddlutils not a dependency Change grouper client from xml to json (update unsecure libraries) |
2022/06/22 | i2incommon/grouper:2.5.63 sha256:a9b40684e0573731 46a4a44c26f3b685ff768a1 1a2b37838dc9293befc0a53f5 | EXPIRED | None | Shib: 3.2.3 Apache: 2.4.6 Tomee: 7.0.9 (8.5.57) Openjdk: 1.8.0_332 | 1 Jira |
2022/06/13 | i2incommon/grouper:2.5.62 sha256:9170a8b65f560d65e 9e1966e4b57088f7be027daf 16e914e0c1b696045637895 | EXPIRED | None | Shib: 3.2.3 Apache: 2.4.6 Tomee: 7.0.9 (8.5.57) Openjdk: 1.8.0_332 | 2 Jiras PSPNG startup error WS getMemberships paging error |
2022/02/16 | i2incommon/grouper:2.5.60 sha256:793a491d4b5693fc2 2032b8f70fef0e43117787f1 bd8526ea9a671bc56e83e0b | RELEASED | None | Shib: 3.2.3 Apache: 2.4.6 Tomee: 7.0.9 (8.5.57) Openjdk: 1.8.0_322 | 2 Jiras Postgres driver security issue |
2021/12/20 | i2incommon/grouper:2.5.59.3 sha256:45d8e8608ec07bbd3a 29137ba8e1758364ef20be810 a7a55d28acb7ed92c3604 | EXPIRED | None | Shib: 3.2.3 Apache: 2.4.6 Tomee: 7.0.9 (8.5.57) Openjdk: 1.8.0_312 | Log4j security problem fixed (again, again)! [root@0c8d8738e95a bin]# echo $GROUPER_CONTAINER_VERSION 2.5.59.3 [root@0c8d8738e95a bin]# ls /opt/tomee/bin/log4j* /opt/tomee/bin/log4j-api-2.17.0.jar /opt/tomee/bin/log4j-core-2.17.0.jar /opt/tomee/bin/log4j-jul-2.17.0.jar |
2021/12/16 | i2incommon/grouper:2.5.59.2 sha256:6d9b0685f753041f77 b849f136b598af3d380f1b9a 13073dd1f11c74d3475421 | EXPIRED Log4j security problem (log4j v2.16.0) | None | Shib: 3.2.3 Apache: 2.4.6 Tomee: 7.0.9 (8.5.57) Openjdk: 1.8.0_312 | Log4j security problem fixed (again)! [root@0c8d8738e95a bin]# echo $GROUPER_CONTAINER_VERSION 2.5.59.2 [root@0c8d8738e95a bin]# ls /opt/tomee/bin/log4j* /opt/tomee/bin/log4j-api-2.16.0.jar /opt/tomee/bin/log4j-core-2.16.0.jar /opt/tomee/bin/log4j-jul-2.16.0.jar |
2021/12/10 | i2incommon/grouper:2.5.59.1 sha256:5c258cd3c398a47b1e 7c7cba7edc7f682f3d5aedd38 53aa284dfda9ccae99577 | EXPIRED Log4j security problem (log4j v2.15.0) | None | Shib: 3.2.3 Apache: 2.4.6 Tomee: 7.0.9 (8.5.57) Openjdk: 1.8.0_312 | Log4j security problem fixed (NOT)! [root@0c8d8738e95a bin]# echo $GROUPER_CONTAINER_VERSION 2.5.59.1 [root@0c8d8738e95a bin]# ls /opt/tomee/bin/log4j* /opt/tomee/bin/log4j-api-2.15.0.jar /opt/tomee/bin/log4j-core-2.15.0.jar /opt/tomee/bin/log4j-jul-2.15.0.jar |
2021/12/08 | i2incommon/grouper:2.5.59 sha256:347fb78230de81408 1a4ed19929b8dda70d00779 02283184fcd6aecc608f423f | EXPIRED Log4j security problem | None | Shib: 3.2.3 Apache: 2.4.6 Tomee: 7.0.9 (8.5.57) Openjdk: 1.8.0_312 | None |
2021/10/20 | i2incommon/grouper:2.5.58 sha256:5b012b02d72238bb f7c49ee786510539f62d02b1 a84d674bc411f67d1ee17d50 | EXPIRED Log4j security problem | None | Shib: 3.2.3 Apache: 2.4.6 Tomee: 7.0.9 (8.5.57) Openjdk: 1.8.0_312 | 4 Jiras Copy group validation error with invalid (dot) character fix Object type UI fix RabbitMQ configuration fix |
2021/09/17 | i2incommon/grouper:2.5.57 sha256:9fd575e5f2b8feacf1 b86cdd44779f89b23a7b375 da7fdb1c77c50dd105af24b | EXPIRED Log4j security problem | None | Shib: 3.2.3 Apache: 2.4.6 Tomee: 7.0.9 (8.5.57) Openjdk: 1.8.0_302 | 5 Jiras Provisioning framework fixes Chrome 93 header fix |
2021/09/06 | i2incommon/grouper:2.5.56 sha256:13f32e94d90f83dd6 333fee3abad682b6ecb9179 f688fd614f8c23b57ed31680 | EXPIRED NO ENHANCEMENTS AFTER 2.5.56 Log4j security problem | None | Shib: 3.2.3 Apache: 2.4.6 Tomee: 7.0.9 (8.5.57) Openjdk: 1.8.0_302 | 6 Jiras |
2021/09/01 | i2incommon/grouper:2.5.55 sha256:13124e45f77733887 20ae1190f86a5e47cb5de4b a75c8f032b16cf92c2cedc35 | RELEASED Log4j security problem | 3 upgrade instructions | Shib: 3.2.3 Apache: 2.4.6 Tomee: 7.0.9 (8.5.57) Openjdk: 1.8.0_302 | 22 Jiras |
2021/07/27 | i2incommon/grouper:2.5.54 sha256:6fda7bfb9c3998cdc 02b00a3bab63abd4cca3671 6fe701b2b9f13fe1d0554320 | EXPIRED Log4j security problem | None | Shib: 3.2.3 Apache: 2.4.6 Tomee: 7.0.9 (8.5.57) Openjdk: 1.8.0_302 | 9 Jiras |
2021/07/15 | i2incommon/grouper:2.5.53 sha256:a144bbedc1d484b3e b968a973bb1073b0340d0c4 323caa08f7aad8e9460a040b | EXPIRED Misc loader screen: GRP-3530 | 1 upgrade instruction | Shib: 3.2.3 Apache: 2.4.6 Tomee: 7.0.9 (8.5.57) Openjdk: 1.8.0_292 | 25 Jiras SCIM provisioner for AWS Reports can generated from GSH Attestation notifications can be sent to a group Loader can manage group display names Can delegate loader management |
2021/05/27 | i2incommon/grouper:2.5.52 sha256: a8ecd8a4d953321b 37eacdbe50475295e885a83 ef33598cb1de66a4f277ba160 | EXPIRED Log4j security problem | 5 upgrade instructions | Shib: 3.2.2 Apache: 2.4.6 Tomee: 7.0.9 (8.5.57) Openjdk: 1.8.0_292 | 27 Jiras Incremental provisioning performance improvements Custom UI configuration moved from group attributes to UI wizard and config GSH template improvements |
2021/05/01 | i2incommon/grouper:2.5.50 sha256:f108efdceaaf875b7c 8879a091557c6a64969545e 633e4e6efe5803b5520a057 | EXPIRED Log4j security problem | None | Shib: 3.2.2 Apache: 2.4.6 Tomee: 7.0.9 Openjdk: 1.8.0_292 | 6 Jiras Loader doesn't create ancestor folders Incremental LDAP doesn't provision recalc memberships |
2021/04/28 | i2incommon/grouper:2.5.49 sha256:a1d389eb6735d02d4 2c510805c735c05a5824d656 bb6a49034bb19a4eb4cc8ef | RELEASED Loader issue: GRP-3444 Provisioning: GRP-3445 | 4 upgrade instructions | Shib: 3.2.2 Apache: 2.4.6 Tomee: 7.0.9 Openjdk: 1.8.0_292 | 71 Jiras GSH template updates / fixes Incremental provisioning performance improvements Attribute propagation re-write (e.g. "types" daemon) New default validation on Grouper object system names (see upgrade instructions) |
2021/03/29 | i2incommon/grouper:2.5.47 sha256:e1523aed42d6af97f 14267fa31ad0ac765c32831 6c9d3d52e1ab9483508c17de | RELEASED GSH bugs: GRP-3349, For GSH templates use 2.5.50+ | 1 upgrade instruction | Shib: 3.2.1 Apache: 2.4.6 Tomee: 7.0.9 Openjdk: 1.8.0_282 | 46 Jiras |
2021/03/18 | i2incommon/grouper:2.5.46 sha256:e19f928406355cb54 08ba7f271f6915b3db5ef856 2a25ef15458b94d8dc9469a | RELEASED For GSH templates use 2.5.50+ | None | Shib: 3.2.1 Apache: 2.4.6 Tomee: 7.0.9 Openjdk: 1.8.0_282 | 14 Jiras |
2021/03/17 | i2incommon/grouper:2.5.45 sha256:f94bfdf83fc5bd55d3 11164dd77dcf36f4efde8629 b85ea264a55c63528328db | RELEASED For GSH templates use 2.5.50+ | 2 upgrade instructions | Shib: 3.2.1 Apache: 2.4.6 Tomee: 7.0.9 Openjdk: 1.8.0_282 | 33 Jiras GSH templates can be run from UI Provisionable groups and folders improved Provisioning diagnostics starting point Grouper client can be used in multi-app JVM Upgrade mysql/postgres drivers and improve quartz pooling |
2021/03/03 | i2incommon/grouper:2.5.44 sha256:1953b5475f237aba6 44a53124643686d407c7f8e5 8ee12ceaec8db9d815435d1 | RELEASED Log4j security problem | None | Shib: 3.2.0 Apache: 2.4.6 Tomee: 7.0.9 Openjdk: 1.8.0_282 | 29 Jiras |
2021/02/24 | i2incommon/grouper:2.5.43 grouper@sha256:20ab5adf6c2 8834c8945cf6df449a67f4df19a 162a9bfccd865918206c34a3b0 | EXPIRED Log4j security problem | 2 upgrade instructions | Shib: 3.2.0 Apache: 2.4.6 Tomee: 7.0.9 Openjdk: 1.8.0_282 | 12 Jiras GSH templates and WS Sync various objects to Grouper via SQL or another Grouper instance GSH scripts in daemon can have blocks on multiple lines Grouper external subject source issue resolved |
2021/02/12 | i2incommon/grouper:2.5.42 grouper@sha256:00cd2a6d4ba c27025f679ebdcf8a8a372403c2 0da6fa3147dcee320018a8cd2d | EXPIRED (if you do not use Grouper external subject source) Log4j security problem | None | Shib: 3.2.0 Apache: 2.4.6 Tomee: 7.0.9 Openjdk: 1.8.0_282 | 13 Jiras Provisioning improvements LDAP loader improvements MembershipFinder enhancements |
2021/02/01 | i2incommon/grouper:2.5.41 sha256:bb21a34ad75a9fa3a7 5596645ffc75c4a53d3c3bbe 5b13de8180ac4311919990 | EXPIRED (if you do not use Grouper external subject source) Log4j security problem | 1 upgrade instruction | Shib: 3.2.0 Apache: 2.4.6 Tomee: 7.0.9 Openjdk: 1.8.0_282 | Known issue: GRP-3118 (grouperExternal subject source broken) 14 Jiras |
2021/01/27 | i2incommon/grouper:2.5.40 sha256:74f445fb55dea3821 58b79ff88d5d1d27bdbb604 a7fbb4d18bf39402e6c70ce7 | EXPIRED (Azure CLC provisioning | 2 upgrade instructions | Shib: 3.2.0 Apache: 2.4.6 Tomee: 7.0.9 Openjdk: 1.8.0_282 | 33 Jiras |
2020/12/09 | i2incommon/grouper:2.5.39 sha256:df647042eb12ff088a 7cfaff186a387286b23ac782 183923c587daa5f24a47ea | EXPIRED Log4j security problem | 1 upgrade instruction | Shib: 3.1.0 Apache: 2.4.6 Tomee: 7.0.9 Openjdk: 1.8.0_275 | 18 Jiras Grouper provisioning LDAP/DB pools dynamically adjust without restart on config change Custom UI updates Import members audit improvement |
2020/11/09 | i2incommon/grouper:2.5.37.1 sha256:b1708b7e022472b2e9 055676aefe50a7dd773b053b 2d817ee96369712b56a04a | EXPIRED Log4j security problem | None | Shib: 3.1.0 Apache: 2.4.6 Tomee: 7.0.9 Openjdk: 1.8.0_275 | GRP-3015 and os updates |
2020/10/30 | i2incommon/grouper:2.5.37 sha256:d384f0c4f67e18be3b 138649050d6d687b16be5a4 76fcc3c65a0280748365a58 | SECURITY ISSUE GRP-3015 Log4j security problem | None | Shib: 3.1.0 Apache: 2.4.6 Tomee: 7.0.8 Openjdk: 1.8.0_272 | 13 Jiras in total ( -2 bugs, +18 improvements ) |
2020/11/09 | i2incommon/grouper:2.5.36.1 sha256:9ba5d138515246b64 a711fafe451fb7a1730f9aee1 3a7d2af4e1355defacedd8 | EXPIRED Log4j security problem | None | Shib: 3.1.0 Apache: 2.4.6 Tomee: 7.0.8 Openjdk: 1.8.0_275 | GRP-3015 and os updates |
2020/10/20 | i2incommon/grouper:2.5.36 sha256:27f50a205208a48c3e 78ef24b62a6480a7460e4270 31b2c4d71bc34e09000ddc | SECURITY ISSUE GRP-3015 Log4j security problem | 3 upgrade instructions | Shib: 3.1.0 Apache: 2.4.6 Tomee: 7.0.8 Openjdk: 1.8.0_265 | 26 Jiras in total ( -8 bugs, +18 improvements) Lots of PSPNG improvements |
2020/09/16 | i2incommon/grouper:2.5.35 | EXPIRED Log4j security problem | 2 upgrade instructions | Shib: 3.1.0 Apache: 2.4.6 Tomee: 7.0.8 Openjdk: 1.8.0_265 | 22 Jiras in total ( -5 bugs, +15 Improvements, +2 New Features ) |
2020/07/21 | i2incommon/grouper:2.5.33 | EXPIRED Log4j security problem | 7 upgrade instructions | Shib: 3.1.0 Apache: 2.4.6 Tomee: 7.0.8 Openjdk: 1.8.0_262 | Tomee security advisory and update to web profile 7.0.8 48 Jiras in total ( 21 bugs, 25 Improvements, 2 New Features ) Known issue: Container will not stop/start, you need to rm and run it |
2020/05/18 | i2incommon/grouper:2.5.29 | EXPIRED Log4j security problem | None | Shib: 3.1.0 | API fixes: GRP-2806, GRP-2805, GRP-2804, GRP-2797, GRP-2795 Container updates: GRP-2708, GRP-2800, GRP-2802, GRP-2803 Google provisioner: GRP-2788, GRP-2789 12 Jiras in total |
2020/05/13 | i2incommon/grouper:2.5.28 | EXPIRED Log4j security problem | Various google provisioner fixes: GRP-2787, GRP-2786, GRP-2785, GRP-2784, GRP-2783 GRP-2705: configs in UI show unmasked password for properties not in base config34 Jiras in total | ||
2020/05/05 | i2incommon/grouper:2.5.27 sha256:3bad2b55e0e83092 f74de33e2cccc31290802414 4ecd6f515e7ddc5d1bd46b7b | EXPIRED | GRP-2723: Grace periods Known issues | ||
2020/05/04 | i2incommon/grouper:2.5.26 sha256:65c937260c3914bdb 75d277d8aa08257fa7016b9a 5675188bd3362c4079b14c8 | NOT STABLE | None |
| |
2020/04/21 | i 2incommon/grouper:2.5.23 sha256:2d5b05d6cbd006e1 5c28f423757122a8837b20c 38044dfcda524f12fae7d95b4 | EXPIRED Log4j security problem | Various Azure provisioner updates: GRP-2691, GRP-2670, GRP-2668, GRP-2669, GRP-2671 Known issues | ||
2020/04/08 | i2incommon/grouper:2.5.22 sha256:b675bb410bf873483 497b9b231e7a5db208645e5 8a3a42a8048381a33b79fd19 | EXPIRED 2.5 initial release | 2.5 DDL changes | Bugs fixed in this version | |
2020/04/07 | i2incommon/grouper:2.5.20 sha256:6b9e4b9272d06bee aedba25bc4459729c98432e a5f37b111a57d7fa97c8e78a3 | NOT STABLE Log4j security problem | Bugs fixed in this version: GRP-2648, GRP-2642, GRP-2651, GRP-2556 Known issues with this version: GRP-2657, GRP-2654, GRP-2658 | ||
2020/04/05 | i2incommon/grouper:2.5.19 | NOT STABLE Log4j security problem | Bugs fixed in this version: GRP-2635, GRP-2636, GRP-2638, GRP-2637, GRP-2641 | ||
2020/04/01 | i2incommon/grouper:2.5.15 | NOT STABLE Log4j security problem | Enhancements: GRP-2630, GRP-2634 | ||
2020/03/31 | i2incommon/grouper:2.5.14 | NOT STABLE Log4j security problem | Known issues with this version: GRP-2629 |
For more information about upcoming plans, see the Grouper Product Roadmap .
Many other fixes and improvements were also made to all components of the Grouper Toolkit: Grouper API, Administrative & Lite UIs, Grouper Web Services, Grouper Client, Grouper Shell, Grouper Loader, PSP, and the Subject API.
Summary
When selecting which Grouper v2.5 container to use (which build number), review the release notes wiki. You should install the latest stable v2.5.* release (v2.5.43 as of 2021/02/24). When you do a minor build update in the future, look at this wiki to verify the stability of the version
v2.5 is a minor upgrade from the latest v2.4 container. Some defaults have changed in the properties files, and the container layout has drastically changed but it should be easy to adjust your docker file.
If you use v2.4 not in a container, then you will have to start using the container. You don't need orchestration or a container practice in your organization, you can still use the same server you use now, just install docker and use the maturity level 0 advice to run Grouper. This should not be a barrier to running Grouper. If you are forbidden from running a container, at your institution and still want v2.5, it is possible to install docker, get the container, copy files out, and remove docker (sounds painful right? hope you don't have to do that ).
If you are in v2.2.1+, then it is similar to v2.4 not in a container. The DDL upgrade to 2.5 can run automatically from v2.2.1, but you should follow the "v2.4 Upgrade Instructions from v2.3" for everything except DDL. (and "v2.3 Upgrade from v2.2" if applicable) (Note: you need Grouper v2.5.36+ if you are in 2.2.1)
If you are in 2.2.0 or before, you need to upgrade to v2.2.1 before upgrading to v2.5 (or notify the Grouper team for advice)
There are a lot of specifics here based on where you are in Grouper, this document will attempt to unravel that.
Upgrade from v2.4 to v2.5
- If you don't have a morphString.properties, add one to the classpath (e.g. /opt/grouper/conf) and put a random alphanumeric upper/lower 16 char secret in there for all JVMs (UI/WS/daemon/GSH)
- If you are not using configuration in the database, you should migrate to that
- You have various envs, dev, test, prod. In one env, you have various JVMs: UI, WS, daemon, GSH. Multiply that out and you have a lot of config files.
- With configuration in the database you don't need those config files and the configuration is in the database and editable from the UI (no need to deploy your container). So all the JVMs (UI, WS, daemon, GSH) in one env (dev, test, prod) will automatically be consistent.
- The config files not in the database are: grouper.hibernate.properties, morphString.properties, grouper.text.en.us.properties
- Take an env (e.g. dev) and look at all the config files of each type (e.g. grouper-loader.properties), consolidate those, and import into the UI, and dont provide that config file anymore
- This will make config file changes easier (and mostly runtime), you will not have issues when different JVMs are inconsistent (dont need to copy config file to multiple containers)
- Database upgrade. There are a few low risk database changes (a few new tables, views, indexes). Grouper v2.4 will run against a v2.5 registry fyi. Grouper v2.3 should also. (disabled groups in v2.5 could be enabled in v2.4-)
- If Grouper is running the DDL automatically, or you run it from gsh manaually, or you run the script in your DB UI tool or whatever, if it fails part-way through, you need to grab the rest of the DDL scripts (from WEB-INF/ddlScripts) and run the rest manually. Grouper will not be able to start where it left off and you need to fix it.
- Views grouper_groups_v or grouper_roles_v will be changed. Oracle and mysql will replace those views, postgres will drop and create. If you use Postgres, see if there are any grants to those views and recreate them after DDL upgrade. For all three see if views or objects select from those views and make sure everything is intact afterwards (keep source of objects that use grouper objects and keep grants of grouper objects)
- Grouper DDL auto-upgrade. It is recommended to set this in grouper.hibernate.properties to auto-upgrade the database. will work from v2.3+ to v2.5 and will auto upgrade from here on in. Note, your database username that grouper uses needs to be permitted to make DDL changes in its database. You might need to get the DBAs to adjust that user. If you set this in grouper.hibernate.properties, turn on the container, and it will upgrade the database automatically. Any future v2.5 DDL will be backwards compatible with all v2.5.* containers
- If you want the legacy DDL of manual updates, then turn on the container, and run "gsh -registry -check" and review and run that script. Some examples for various databases are here. Compare the generated script with one of these scripts and run against your database. Note: each time you update your container you should check the release notes page about DDL requirements. We will be changing DDL with various 2.5 builds periodically. Auto-DDL is strongly recommended.
- grouper.base.properties: security.show.folders.where.user.can.see.subobjects = false by default. This is the recommended setting. It means everyone can see all folders whether they have objects inside or not. If you want the old default behavior, set that in grouper.properties
- grouper.base.properties. Do you have the rule that vetoes assignments in folder if subject not in group? The default in v2.5 (different than v2.4) is to enforce that by change log and daemon. This is recommended and you probably want this. But it could remove assignments when you turn Grouper on. Which is probably what you want
- Tomcat basic auth and apache basic auth can be replaced. Do you use tomcat-users.xml or apache user file? You should switch to Grouper basic auth (note you dont have to switch).
- Custom Java
- You should check to see if your Java still compiles until 2.5. It should, but check anyways. Tweak it if you need to or ask for advice on slack. You might want to rebuild anyways.
- Note that the daemon runs in tomee now, so calls like ClassLoader.getSystemResource... will not work
- Container changes
- For your overlays of existing files, look at the new container files, and make sure that the changes you made do not overwrite other things in the file. e.g. server.xml, grouper-www.conf, web.xml, etc
- There is no more /opt/tomcat. It is /opt/tomee now. It uses Tomcat 8.5 so things should generally be the same, but if you were overlaying files into /opt/tomcat, then you should redo those changes for tomee (diff your overlay with tomee, and make sure you are only changing your changes, not introducing other changes from the old container)
- If you are doing WS/UI authentication in tomcat (e.g. ldap), you need to merge with the new server.xml and make sure the connector tomcatAuthentication is true (defaults to false now). Also make sure the web.xml is right
- There is only one webapp now, not one webapp for UI/WS/SCIM
- There is no longer a command line daemon
- If you ran v2.4 in a container, then you will need to adjust your mounts and Dockerfile
- The path to Grouper is: /opt/grouper/grouperWebapp
- If used this previous path: /opt/grouper/conf, change to /opt/grouper/grouperWebapp/WEB-INF/classes
- If used this previous path: /opt/grouper/lib, it will not work. If the jar is for the UI/daemon/GSH. e.g. a new change log consumer, use /opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon. If it is a driver that should be in those things and WS and SCIM, then put it in /opt/grouper/grouperWebapp/WEB-INF/lib instead
- Note: there is no Oracle driver anymore in the container (unless you used installer and agreed to Oracle terms). You need to download the oracle driver and put in /opt/grouper/grouperWebapp/WEB-INF/lib. Might want to use this: https://repo1.maven.org/maven2/com/oracle/ojdbc/ojdbc8/19.3.0.0/ojdbc8-19.3.0.0.jar
- If you used /opt/grouper/grouper.ui, grouper.ws, grouper.apiBinary, grouper.scim, you need to adjust those. There is one webapp dir in /opt/grouper/grouperWebapp
- It is recommended to just put files here: /opt/grouper/slashRoot especially for mounting (will copy the structure to the root dir / in the container)
- If you do not have a Dockerfile, you only need one mount path to the container
- Example for classpath file: /opt/grouper/conf/grouper.hibernate.properties or /opt/grouper/slashRoot/opt/grouper/conf/grouper.hibernate.properties
All things run in tomee (not daemon command line anymore). So this is how to set memory for all envs. Note, it used to be different for daemon envs, so adjust those accordingly. Daemon should have 12gigs at least
ENV GROUPER_MAX_MEMORY="3g" Test the memory setting in all your containers: # ps -ef | grep tom (get pid) # sudo -u tomcat jmap -heap <pid> (see max heap, should be approx what you expect)
If you copy files into the container, you should end your (Dockerfile or whatever) script by setting the owner of the webapp dir
RUN chown -R tomcat:tomcat /opt/grouper/grouperWebapp
- vt-ldap is no longer supported. Make sure you are not using it in grouper-loader.properties
This gets you to v2.5.X. Now look at the v2.5.X upgrade steps and see which ones apply to you
See Also
See Also
Blog on Grouper 2.5 (April 2020)
Blog on Grouper Deprovisioning with Grouper 2.4 (September 2018)