Page History
...
jq is ships with the MIT license, see https://opensource.org/licenses/MIT.
Download
Download: set_job_resource.shJS7 - Download
Usage
Invoking the script without arguments displays the usage clause:
...
Code Block | ||
---|---|---|
| ||
Usage: js7_set_job_resource.sh [Options] [Switches] Options: --url=<url> | required: JOC Cockpit URL --controller-id=<identifier> | required: Controller ID --user=<account> | required: JOC Cockpit user account --password=<password> | optional: JOC Cockpit password or Client Keystore password --job-resource=<path> | required: path to job resource --key=<identifier> | required: name of argument in job resource --value=<string> | alternate: value of argument in job resource --file=<path> | alternate: value of argument in job resource from a file --env-var=<identifier> | optional: name of environment variable in job resource --encryptjava-public-key=<path>home=<directory> | optional: pathJava toHome Agent'sdirectory publicfor keyuse used to encrypt valuewith encryption --encryptjava-key-var=<identif.>lib=<directory> | optional: name of variable holding the encrypted symmetric key| optional: Java library directory for use with encryption, default: encryptedKey/home/sos/encrypt/enc/lib --encryptjava-key-env=<identif.>options=<options> | optional: nameJava ofOptions environmentfor variableuse holdingwith theencryption encrypted symmetric key, default: ENCRYPTED_KEY --encrypt-cert=<path> | optional: path to Agent's certificate or public key used to encrypt value --cacert=<path> | optional: path to Root CA Certificate for HTTPS connections --client-cert=<path> | optional: path to Client Certificate file (PEM) for HTTPS mutual authentication --client-key=<path> | optional: path to Client Private Key file (PEM) for HTTPS mutual authentication --client-keystore=<path> | optional: path to Client Keystore file (PKCS12) holding Private Key/Certificate for HTTPS mutual authentication --timeout=<seconds> | optional: timeout for connections to JOC Cockpit in seconds, default: 15 --log-dir=<directory> | optional: log directory for log output of this script Switches: -h | --help | displays usage -v | --verbose | shows verbose log output -p | --password | asks for password --show-logs | shows log output if --log-dir is used --make-dirs | creates directories if they do not exist |
...
--url
- Specifies the URL by which JOC Cockpit is accessible using
<http|https>://<host>:<port>
. - Example: http://centostest-primary.sos:4446
- Example: https://centostest-primary.sos:4443
- Specifies the URL by which JOC Cockpit is accessible using
--controller-id
- Specifies the Controller ID to which the updated job resource should be deployed.
--user
- Specifies the user account for login to JOC Cockpit. Specification of the user account can be omitted if a JS7 - Identity Services is available for Client authentication certificates that are specified with the
--client-cert
and--client-key
options.
- Specifies the user account for login to JOC Cockpit. Specification of the user account can be omitted if a JS7 - Identity Services is available for Client authentication certificates that are specified with the
--password
- For user/password authentication the
--password
option can be used to specify a password and the-p
switch can be used to prompt for secure input of a password.
- For user/password authentication the
--job-resource
- Specifies the path to the job resource in the JOC Cockpit inventory.
--key
- Specifies the name of an argument in the job resource specified with the
--job-resource
option. - Job Resource arguments are case-sensitive.
- Specifies the name of an argument in the job resource specified with the
--value
- Specifies the value of the argument in the job resource specified with the
--job-resource
option.
- Specifies the value of the argument in the job resource specified with the
--file
- Job Resources can be used to transfer files to related Agents. The option expects the path to a file that will be added the Job Resource.
- The
--file
option is an alternative to use of the--value
option.
--env-var
- Optionally specifies the name of an environment variable in the job resource specified with the
--job-resource
option. - The environment variable will be assigned a reference to the argument specified by the
--key
option to hold the same value as the argument. - Job Resource environment variables are case-sensitive.
- Optionally specifies the name of an environment variable in the job resource specified with the
--encryptjava-public-keyhome
- Specifies the path to a public key that will be used to encrypt the value of the Job Resource. This applies to values specified with the
--value
option and--file
option.Java home directory. Java is required if Job Resource values should be encrypted.
- Specifies the path to a public key that will be used to encrypt the value of the Job Resource. This applies to values specified with the
--java-lib
- Specifies the directory in which Java libraries are available if Job Resource values should be encrypted.
- The download archive for the Job Resource Script includes the
lib
sub-directory with related Java libraries. By default thelib
directory will be used assuming that the Job Resource Script is located in thebin
directory at the same file system hierarchy level.
--java-options
- Specifies the Java options that are used if Job Resource values should be encrypted.
- If more than one Java option is used then the value has to be quoted, for example
--java-options="-Xms64m -Xmx128m"
.
--encrypt-cert
- Specifies the path to a certificate file or public key file that will be
- An Agent holding the matching private key can decrypt the values of encrypted Job Resource variables, for details see JS7 - How to encrypt and decrypt Variables.
- The script will create a one-time symmetric key that is used to encrypt the value of the Job Resource variable. The symmetric key will be encrypted by use of the recipient's public key. The Job Resource will be added a variable that holds the encrypted copy of the symmetric key, see
--encrypt-key-var
and--encrypt-key-env
options.. The symmetric key will be deleted immediately. This guarantees that the owner of the private key, typically a JS7 Agent, is the only recipient able to decrypt the Job Resource variable's value. Encryption is performed by the script before the Job Resource is added using the JS7 REST Web Service API.
--encrypt-key-var
- Specifies the name of a Job Resource variable that holds the encrypted symmetric key. The variable will be made available for JVM jobs assigned the Job Resource.
- By default the name
encryptedKey
will be used.
- . This applies to values specified with the
--value
option and--file
option. - An Agent holding the matching private key can decrypt the values of encrypted Job Resource variables, for details see JS7 - How to encrypt and decrypt Variables.
- The script will create a one-time symmetric key that is used to encrypt the value of the Job Resource variable. The symmetric key will be encrypted by use of the recipient's public key. The Job Resource will be added a variable that holds the encrypted copy of the symmetric key. The symmetric key will be deleted immediately. This guarantees that the owner of the private key, typically a JS7 Agent, is the only recipient able to decrypt the Job Resource variable's value. Encryption is performed by the script before the Job Resource is added using the JS7 REST Web Service API
--encrypt-key-env
- Specifies the name of an environment variable that holds the encrypted symmetric key. The environment variable will be made available to shell jobs assigned the Job Resource.
- By default the name
ENCRYPTED_KEY
will be used.
- . This applies to values specified with the
--cacert
- Specifies the path to a .pem file that holds the Root CA Certificate and optionally Intermediate CA Certificates to verify HTTPS connections to JOC Cockpit.
--client-cert
- Specifies the path to a .pem file that holds the Client Certificate if HTTPS mutual authentication is used..
--client-key
- Specifies the path to a .pem file that holds the Client Private Key if HTTPS mutual authentication is used..
--client-keystore
- Specifies the path to a keystore that holds the private key and certificate used for HTTPS mutual authentication. The keystore is expected in PKCS12 format, typically using the .p12 or .pft extension.
- Use of a keystore is an alternative to specifying the -
-client-key
and--client-cert
options. - If the keystore is protected then the
--password
option specifies the password.
--timeout
- Specifies the timeout for connecting to JOC Cockpit. If the connection is not established and the timeout is exceeded then the script will be terminated.
- By default the timeout is 15s.
--log-dir
- If a log directory is specified then the script will log information about processing steps to a log file in this directory.
- File names are created according to the pattern:
set_job_resource.<yyyy>-<MM>-<dd>T<hh>-<mm>-<ss>.log
- For example:
set_job_resource.2022-03-19T20-50-45.log
...
Code Block | ||||
---|---|---|---|---|
| ||||
./js7_set_job_resource.sh \
--url=http://joc-2-0-primary:7446 \
--controller-id=controller \
--user=root \
--password=root \
--job-resource=/ProductDemo/Variables/pdBusinessDate \
--key=businessDate \
--value=$(date +'%Y-%m-%d')
# updates the Job Resource argument "businessDate" from the current date
# the connection to JOC Cockpit is established by HTTP |
...
Code Block | ||||
---|---|---|---|---|
| ||||
.//js7_set_job_resource.sh \ --url=https://joc-2-0-primary:7443 \ --cacert=/home/sos/jstest/certs/root-ca.pem \ --controller-id=controller \ --user=root \ --p \ --job-resource=/ProductDemo/Variables/pdBusinessDate \ --key=businessDate \ --env-var=BUSINESS_DATE \ --value=$(TZ=Europe/London date +'%Y-%m-%d') # updates the Job Resource argument "businessDate" from the current date # the environment variable "BUSINESS_DATE" will be assigned the same date from a reference to the argument # the date is specified from the UK time zone # the connection to JOC Cockpit is established by HTTPS and the Root CA Certificate is specified from the path to a .pem file # the user is prompted for input of the password |
...
Code Block | ||||
---|---|---|---|---|
| ||||
./js7_set_job_resource.sh \
--url=https://joc-2-0-primary:7443 \
--cacert=$HOME/certs/root-ca.crt \
--client-key=$HOME/certs/centostest-primary.key \
--client-cert=$HOME/certs/centostest-primary.crt \
--controller-id=controller \
--user=root \
--job-resource=/ProductDemo/Variables/pdBusinessDate \
--key=businessDate \
--value=$(TZ=Europe/London date +'%Y-%m-%d')
# updates the Job Resource argument "businessDate" from the current date in the UK time zone
# the connection to JOC Cockpit is established by HTTPS and is authenticated by Client Key and Client Certificate |
...
Code Block | ||||
---|---|---|---|---|
| ||||
./js7_set_job_resource.sh \
--url=http://joc-2-0-primary:7446 \
--controller-id=controller \
--user=root \
--password=root \
--job-resource=/ProductDemo/Variables/pdConfigurationData \
--key=configurationData \
--env-var=CONFIGURATION_DATA \
--file=./config.ini
# updates the Job Resource argument "configurationData" from the file specified
# the "CONFIGURATION_DATA" environment variable will hold the path to the file |
...
Code Block | ||||
---|---|---|---|---|
| ||||
./js7_set_job_resource.sh \ --url=http://joc-2-0-primary:7446 \ --controller-id=controller \ --user=root \ --password=root \ --job-resource=/ProductDemo/Variables/pdBusinessSecret \ --key=businessSecret \ --value='secret' \ --encrypt-public-keycert=./agent.pubcrt # updates the Job Resource variable "businessSecret" from some value # the value of the variable will be encrypted using the Agent's public keycertificate # an additional variable "encryptedKey" and an environment variable "ENCRYPTED_KEYbusinessSecret_key" will be created that both holdholds the encrypted symmetric key and initialization vector |
Update Job Resource from Encrypted File
Code Block | ||||
---|---|---|---|---|
| ||||
./js7_set_job_resource.sh \ --url=http://joc-2-0-primary:7446 \ --controller-id=controller \ --user=root \ --password=root \ --job-resource=/ProductDemo/Variables/pdConfigurationDataSecret \ --key=configurationDataSecret \ --env-var=CONFIGURATION_DATA_SECRET \ --file=./config.ini \ --encrypt-public-keyfile=./agentconfig.pubini \ --encrypt-key-var=symmetricKey \ --encrypt-key-env=SYMMETRIC_KEY cert./agent.crt # updates the Job Resource variable "configurationDataSecret" from the file specified # the contents of the file will be encrypted using the Agent's public keycertificate # an additional variable "symmetricKeyconfigurationDateSecret_Key" and an environment variable "SYMMETRIC_KEYCONFIGURATION_DATA_SECRET_key" will be created that both hold the encrypted symmetric key and initialization vector |
Overview
Content Tools