JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 6

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 7

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • The job makes use of JS7 - Script Includes: the Crypto Script Include holds the shell functions used in the job.
    • The ##!include Crypto inserts the shell code available from the indicated Crypto Script Include.
    • The Script Include is invoked once per job and can be parameterized to specify the location of the public key.
      • ##!include Crypto --replace="<public-key>","/var/sos-berlin.com/js7/agent/config/agent.pub"
      • The first argument of the --replace option is a placeholder available with the Crypto Script Include.
      • The second argument represents the value by which the placeholder will be replaced. The above value corresponds to above value represents the default value that will be used if the Script Include is invoked without replacement options.
  • The EncryptVariable shell function expects the name of the variable and the value that should be encrypted.:
    • EncryptVariable <name> <value> [<key-name> [,<public-key>]]
      • <name>: The name of the variable is required.
      • <value>: The value of the variable is required.
      • <key-name>: The name of a second variable holding the encrypted symmetric key. Defaults to <name>_key.
      • <public-key>: The path to the public key file is specified. Defaults to <agent-data>/config/agent.pub.
    • The shell function will encrypt the variable value using the indicated public key.
    • The variable and its encrypted variable value will be forwarded to subsequent jobs and instructions in the workflow.

...

  • The job makes use of JS7 - Script Includes: the Crypto Script Include holds the shell functions used in the job.
    • The ##!include Crypto inserts the shell code available from the indicated Crypto Script Include.
    • The Script Include can be parameterized to specify the location of the private key.
      • ##!include Crypto --replace="<private-key>","/var/sos-berlin.com/js7/agent/config/private/agent.keykey"
      • The first argument of the --replace option is a placeholder available with the Crypto Script Include.
      • The second argument represents the value by which the placeholder will be replaced. The above value represents the default value that will be used of the Script Include is invoked without replacementsreplacement options.
    • The Script Include can be parameterized to specify a passphrase required by the private key.
      • ##!include Crypto --replace="<passphrase>","jobscheduler"
      • The Script Include can be invoked with any number of repeated --replace=<what>,<with> options.
  • The DecryptVariable function expects the encrypted value of the variable and the encrypted value of the symmetric key.:
    • DecryptVariable <value> <key-value> [<private-key> [,<passphrase>]]
      • <value>: The encrypted value of the variable is required.
      • <key-value>: The value of the variable holding the encrypted symmetric key is required.
      • <private-key>: The path to the private key file is specified. Defaults to <agent-data>/config/private/agent.key.
      • <passphrase>: The passphrase of the private key is specified.
    • The function will decrypt the encrypted symmetric key and will decrypt the encrypted variable value using the decrypted symmetric key.
  • The DecryptVariable function returns the secret that can be assigned an environment variable.
  • It is recommended not to write the secret to a file or to perform any operation that will expose the secret to logging of output in the stdout and stderr channels.

...

  • The Script Include implements the EncryptVariables and DecryptVariables shell functions.
  • Both functions create a temporary file for the symmetric key. The Script Include implements a trap to reliably remove the symmetric key file on termination of the job.
  • The operation of encryption and decryption is performed using the openssl utility.

...