Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Tomcat is a single process in the container, there is no apache, shib, supervisor, logpipes
    1. Adjust UI authentication in v4, and run tomcat as a single process in the container.  You can either
      1. Use the built-in OIDC
      2. Use the Unicon authentication plugin that does SAML
      3. Install apache/shib/supervisor in your derived image
      4. Run an authentication container separate from Grouper and reverse proxy
    2. You might want to set GROUPER_TOMCAT_REMOTE_IP_VALVE=true, read the docs, there are other related settings too
    3. Make sure you only have traffic from the load balancer or external web server and not allowed directly to tomcat (if shouldnt be allowed)
  2. Migrate from legacy provisioners to the provisioning framework
    1. pspng
    2. googleapps
    3. grouperAtlassianConnector
    4. grouper-azure
    5. grouper-box
    6. grouper-duo
    7. grouperKimConnector
    8. grouper-shib (use SQL or LDAP)
  3. If someone is using SOAP (there are logs to alert you if so), migrate to REST

Upgrade from v4 to v5

  • Change this property in grouper.hibernate.properties, run the container, it will upgrade your database
    • GROUPER_AUTO_DDL_UPTOVERSION=v5
    • You can run this to see if you have everything, do not run the generated script though
      • gsh.sh -registry -check -runscript   
  • Make sure ports are listening as expected, e.g. if you expect AJP 8009 you need to set the env variable: GROUPER_TOMCAT_AJP_PORT=8009.  If you do not want tomcat ssl to listen, set GROUPER_TOMCAT_HTTPS_PORT=false
  • Make sure the upgrade task daemon runs successfully
  • Custom Java
    • You should check to see if your Java still compiles until 2.5.  It should, but check anyways.  Tweak it if you need to or ask for advice on slack.  You might want to rebuild anyways.
  • There are no logpipes in the logging anymore, if you customized logging, make sure you use the std out/err appender and not e.g. <AppenderRef ref="logpipe_grouper_daemon"/>

...