Versions Compared

Old Version 1

changes.mady.by.user Agne P.

Saved on

compared with

New Version Current

changes.mady.by.user Jonė Š.

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Expand
titleHow to run Teamwork Cloud in FIPS Mode?address Apache Tomcat vulnerabilities found?

Web Application Platform is a component of Teamwork Cloud. Apache Tomcat is the web server environment used by Web Application Platform. Frequent patching of Tomcat is needed to address the latest vulnerabilities (CVE) discovered. 

For detailed instructions, refer to theUpgrading and Patching Apache Tomcat documentation:

  • For Teamwork Cloud 22x and older, find the latest patch for Tomcat 9.X
  • For Teamwork Cloud 24x and newer, find the latest patch for Tomcat 10.X.

Patching on Linux servers can be performed using a script that we provide. Both online and offline patching are supported. Windows Servers will require a manual patching process.

You may encounter an error message similar to the one shown below when running Teamwork Cloud in FIPS Mode. PKCS12 keystore creation and usage are blocked in FIPS Mode for Java 11 and older versions.

Code Block
PBES2 AlgorithmParameters not available

First, make sure the initial installation was able to generate a self-signed certificate and keystore. Look for keystore.p12 and teamworkcloud.crt files in <install_root>/TeamworkCloud/configuration. If these files were not generated, run the genkey script in <install_root>/TeamworkCloud/script/linux. Check for the keystore.p12 and teamworkcloud.crt files again and change ownership to twcloud (or other username that you chose during installation.) Once these two files are generated, version 2024x should be able to run in FIPS Mode.

If the genkey script is not able to generate the self-signed certificate and keystore, set the system Java version to 17 (alternatives --config java) and try again.

For 2022x Refresh 2, append the following line to the end of the jvm.options file located in <install_root>/TeamworkCloud.

Code Block
-Dcom.redhat.fips=false
This configuration will allow Teamwork Cloud to use PKCS #12 keystore in FIPS Mode. Similar configurations will have to be set for Cassandra if encrypted communication is enabled.

Expand
titleWhy is Cassandra failing to start?

Cassandra startup issue could be due to several reasons. The service log should provide clues on what is causing the issue. Use the journalctl -u cassandra command to look through the service startup log for errors.

For JVM error, make sure the default Java version is set to support your Cassandra version (Java 11 for 4.X and Java 1.8 for 3.X).

For JNA errors, such as “failed to link C library against JNA” or fatal error SIGSEGV, system mount is the issue. Verify whether /tmp and /dev/shm are mounted with the noexec option (command: findmnt /tmp). Note that the Cassandra installation script will also check these mounts.

Cassandra uses the Java Native Access (JNA) library to access platform-specific shared libraries. During startup, both /tmp and /dev/shm are used for execution.

While /tmp can be configured to another path, /dev/shm must be remounted with exec. To set the tmp directory to an alternate path, find or create a path where Cassandra will have permission to execute in. Then, append the following line to the cassandra-env.sh file in /etc/cassandra/conf.

Code Block
JVM_OPTS="$JVM_OPTS -Djna.tmpdir=[NEW_PATH] -Djava.io.tmpdir=[NEW_PATH]"

Before restarting Cassandra, make sure to delete all the existing commitlogs. Previous startup attempts would have created numerous commitlog files.

Note that if /tmp or /dev/shm is mounted as noexec, changing permission or ownership of the directory will not resolve the issue. The directory either has to be remounted with noexec removed or use the solution provided above.

Error “/etc/rc.d/init.d/functions: No such file or directory” is related to RHEL 9. However, in some configurations, it can occur on older releases. You can try to solve it by installing initscripts:

Code Block
languagebash
themeDJango
linenumberstrue
dnf install initscripts

or by copying /etc/rc.d/init.d/functions file from an older machine.

...

Expand
titleWhat is causing the System Error when trying to access the web login page?

This error is typically due to an incorrect address entry in the authentication whitelist. Verify addresses specified for authentication.redirect.uri.whitelist in authserver.properties file are correct.

Expand
titleHow to run Teamwork Cloud in FIPS Mode?

You may encounter an error message similar to the one shown below when running Teamwork Cloud in FIPS Mode. PKCS12 keystore creation and usage are blocked in FIPS Mode for Java 11 and older versions.

Code Block
PBES2 AlgorithmParameters not available

First, make sure the initial installation was able to generate a self-signed certificate and keystore. Look for keystore.p12 and teamworkcloud.crt files in <install_root>/TeamworkCloud/configuration. If these files were not generated, run the genkey script in <install_root>/TeamworkCloud/script/linux. Check for the keystore.p12 and teamworkcloud.crt files again and change ownership to twcloud (or other username that you chose during installation.) Once these two files are generated, version 2024x should be able to run in FIPS Mode.

If the genkey script is not able to generate the self-signed certificate and keystore, set the system Java version to 17 (alternatives --config java) and try again.

For 2022x Refresh 2, append the following line to the end of the jvm.options file located in <install_root>/TeamworkCloud.

Code Block
-Dcom.redhat.fips=false

This configuration will allow Teamwork Cloud to use PKCS #12 keystore in FIPS Mode. Similar configurations will have to be set for Cassandra if encrypted communication is enabled.