Page History
...
js7 | journal | cluster | |||||
---|---|---|---|---|---|---|---|
node | |||||||
Primary | <url> | ||||||
Backup | <url> | ||||||
is-backup | <yes>|<no> | watches | <url> [,<url>] |
- This setting is used for Controller instances in cluster mode only, it is not used for standalone Controller instances.
- The registration of Primary and Secondary Controller instances is performed by the JOC Cockpit during initial operation.
- Therefore the only setting required for cluster operation is:
js7.journal.cluster.node.is-backup=yes
: For a Secondary Controller instance this setting specifies that during initial operation the given instance will be the inactive standby node.
- Additional settings can be applied. However, we recommend that the JOC Cockpit is used instead.
nodes
Primary, Backup
: For a Primary Controller instance this setting specifies the URLs of thePrimary
andBackup
(Secondary) instance. The URL includes specification of the http/https protocol, the hostname and port.
watches
- Watches are Agents in a JS7 environment that are involved in the decision about a fail-over situation. If Controller instances in a cluster are not connected to each other any longer, e.g. due to network errors, then the majority of Agents decides if a fail-over should take place.
- At least one Agent has to be specified by its URL.
- Therefore the only setting required for cluster operation is:
Security Configuration File: private.conf
...
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
# Security configuration js7 { auth { # User accounts for HTTPS connections users { # Controller ID for connections by primary/secondary controller instance Controller { distinguished-names=[ "DNQ=SOS CA, CN=controller-2-0-secondary, OU=IT, O=SOS, L=Berlin, ST=Berlin, C=DE" ] } # History account (used to release events) History { distinguished-names=[ "DNQ=SOS CA, CN=joc-2-0-primary, OU=IT, O=SOS, L=Berlin, ST=Berlin, C=DE", "DNQ=SOS CA, CN=joc-2-0-secondary, OU=IT, O=SOS, L=Berlin, ST=Berlin, C=DE" ] password="sha512:B793649879D61613FD3F711B68F7FF3DB19F2FE2D2C136E8523ABC87612219D5AECB4A09035AD88D544E227400A0A56F02BC990CF0D4CB348F8413DE00BCBF08" } # JOC account (requires UpdateRepo permission for deployment) JOC { distinguished-names=[ "DNQ=SOS CA, CN=joc-2-0-primary, OU=IT, O=SOS, L=Berlin, ST=Berlin, C=DE", "DNQ=SOS CA, CN=joc-2-0-secondary, OU=IT, O=SOS, L=Berlin, ST=Berlin, C=DE" ] password="sha512:3662FD6BF84C6B8385FC15F66A137AB75C755147A81CC7AE64092BFE8A18723A7C049D459AB35C059B78FD6028BB61DCFC55801AE3894D2B52401643F17A07FE" permissions=[ UpdateRepo ] } } } configuration { # directory for trusted public keys and certificates used with signatures trusted-signature-keys { PGP=${js7.config-directory}"/private/trusted-pgp-keys" X509=${js7.config-directory}"/private/trusted-x509-keys" } } journal { # allow History account to release events to free space claimed by journals users-allowed-to-release-events=[ History ] } web { # keystore and truststore location for HTTPS connections https { keystore { # Default: ${js7.config-directory}"/private/https-keystore.p12" file=${js7.config-directory}"/private/https-keystore.p12" key-password="jobscheduler" store-password="jobscheduler" # alias= } truststores=[ { # Default: ${js7.config-directory}"/private/https-truststore.p12" file=${js7.config-directory}"/private/https-truststore.p12" store-password="jobscheduler" # alias= } ] } } } |
Client Authentication
...
Overview
Content Tools