JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 33

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 34

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
titleUsage
Usage: deploy-workflow.sh [Command] [Options] [Switches]

  Commands:
    export            --file [--format] --path --type [--use-short-path] [--start-folder] [--for-signing] 
    ..                --file [--format] --folder [--recursive] [--type] [--use-short-path] [--for-signing]]
                             [--no-draft] [--no-deployed] [--no-released] [--no-invalid]
    import            --file [--format] [--folder] [--overwrite] [--prefix] [--suffix]
    import-deploy     --file [--format] [--folder] [--algorithm]
    deploy            --path --type [--date-from] [--no-draft] [--no-deployed]
    ..                --folder [--recursive] [--date-from] [--no-draft] [--no-deployed]
    revoke            --path --type
    ..                --folder [--recursive]
    release           --path --type [--date-from]
    ..                --folder [--recursive] [--date-from]
    recall            --path --type
    ..                --folder [--recursive]
    store             --path --type --file
    remove            --path --type [--date-from]
    ..                --folder [--date-from]
    restore           --path --type --new-path [--prefix] [--suffix]
    ..                --folder --new-path [--prefix] [--suffix]
    delete            --path --type
    ..                --folder
    revalidate        --folder [--recursive]
    sign              --file      [--keystore |--key --cert] [--key-password] [--hash]
    ..                --directory [--keystore |--key --cert] [--key-password] [--hash]
    encrypt           --in [--infile --outfile] --cert [--java-home] [--java-lib]
    decrypt           --in [--infile --outfile] --key [--key-password] [--java-home] [--java-lib]

  Options:
    --url=<url>                        | required: JOC Cockpit URL
    --controller-id=<id[,id]>          | required: Controller ID
    --user=<account>                   | required: JOC Cockpit user account
    --password=<password>              | optional: JOC Cockpit password
    --ca-cert=<path>                   | optional: path to CA Certificate used for JOC Cockpit login
    --client-cert=<path>               | optional: path to Client Certificate used for login
    --client-key=<path>                | optional: path to Client Key used for login
    --timeout=<seconds>                | optional: timeout for request, default: 60
    --file=<path>                      | optional: path to export file or import file
    --format=<ZIP|TAR_GZ>              | optional: format of export file or import file
    --folder=<folder[,folder]>         | optional: list of inventory folders holding objects
    --start-folder=<folder>            | optional: start folder for export with relative paths
    --path=<path[,path]>               | optional: list of inventory paths to objects
    --type=<type[,type]>               | optional: list of object types such as WORKFLOW,SCHEDDULE
    --new-path=<path>                  | optional: new object path on restore
    --prefix=<string>                  | optional: prefix for duplicate objects on import
    --suffix=<string>                  | optional: suffix for duplicate objects on import
    --algorithm=<identifier>           | optional: signature algorithm for import, default: SHA512withECDSA
    --date-from=<date>                 | optional: update daily plan start date for deploy/release operation
    --directory=<directory>            | optional: path to directory with files that should be signed
    --keystore=<path>                  | optional: path to keystore file in PKCS12 format
    --key=<path>                       | optional: path to private key file in PEM format
    --key-password=<password>          | optional: password for keystore/private key file
    --cert=<path>                      | optional: path to certificate file in PEM format
    --hash=<sha256|sha512>             | optional: hash algorithm for signing such as sha256, sha512, default: sha256
    --in=<string>                      | optional: input string for encryption/decryption
    --infile=<path>                    | optional: input file for encryption/decryption
    --outfile=<path>                   | optional: output file for encryption/decryption
    --java-home=<directory>            | optional: Java Home directory for encryption/decryption, default: $JAVA_HOME
    --java-lib=<directory>             | optional: Java library directory for encryption/decryption, default: ./lib
    --audit-message=<string>           | optional: audit log message
    --audit-time-spent=<number>        | optional: audit log time spent in minutes
    --audit-link=<url>                 | optional: audit log link
    --log-dir=<directory>              | optional: path to directory holding the script's log files

  Switches:
    -h | --help                        | displays usage
    -v | --verbose                     | displays verbose output, repeat to increase verbosity
    -p | --password                    | asks for password
    -k | --key-password                | asks for keystore/key password
    -r | --recursive                   | specifies folders to be looked up recursively
    -o | --overwrite                   | overwrites objects on import
    -s | --for-signing                 | exports objects for digital signing
    -u | --use-short-path              | exports relative paths
    --no-draft                         | excludes draft objects
    --no-deployed                      | excludes deployed objects
    --no-released                      | excludes released objects
    --no-invalid                       | excludes invalid objects
    --show-logs                        | shows log output if --log-dir is used
    --make-dirs                        | creates directories if they do not exist

...

  • export
    • Allows to export objects such as workflows to an archive file in .zip or .tar.gz format. The command comes in two flavors:
      • export individual objects specified by the --path and --type options.
        • Should relative paths be used in the archive file then the --start-folder option and --use-short-path switch can be applied.
      • export objects from folders using the --folder option and --recursive switch.
        • Optionally one or more object types can be specified and otherwise all objects will be exported, see --type option.
        • Should relative paths be used in the archive file then the  --use-short-path switch can be applied.
        • Export of objects can further be limited by use of the --no-* switches, see section Switches.
    • The archive file is specified from the --file and --format options.
    • If JOC Cockpit is operated for the High Security Level then the --for-signing switch can be used to export Controller Objects that should be digitally signed. Objects and signatures can be imported using the import-deploy command.
  • import
    • Imports an archive file to the inventory. The operation applies to use of JOC Cockpit with the Low and Medium Security Level.
    • Users can specify if existing objects will be overwritten or if duplicate objects from the import file will be assigned a prefix or suffix or will be ignored.
  • sign
    • Digitally signs workflows and job resources from an export archive file. The operation applies to use of JOC Cockpit with the High Security Level.
    • Signing includes to specify the Private Key and Certificate from files in PEM format or from a keystore. Optionally the hash algorithm sha256 or sha512 is specified.
    • The sequence of operations includes to export, to sign and to import-deploy signed objects.
    • The sign command works without access to the JS7 REST Web Service and does not require to specify options for connecting to JOC Cockpit.
  • import-deploy
    • Imports an archive file to the inventory and deploys the included objects. The operation is applicable if JOC Cockpit is operated for the High Security Level.
      • As a prerequisite the archive file must be exported using the --for-signing switch.
      • Workflows and Job Resources from the archive file are digitally signed by the user. Signature files are added to the archive file.
    • On import the objects in the archive file are deployed to related Controllers as specified during export.
  • deploy
    • Allows to deploy Controller Objects such as workflows. The command can be used in two flavors:
      • deploy individual objects specified by the --path and --type options.
      • deploy objects from folders using the --folder option and --recursive switch.
    • Deploying objects forwards them to Controllers and Agents.
      • More than one Controller ID can be specified like this: --controller-id=controller-uat-1,controller-uat-2
  • revoke
    • Allows to undeploy Controller Objects such as workflows. The command can be used in two flavors:
      • revoke individual objects specified by the --path and --type options.
      • revoke objects from folders using the --folder option and --recursive switch.
    • Revoking Controller objects deletes them from the Controller and Agents, objects remain in draft status in the inventory.
      • More than one Controller ID can be specified like this: --controller-id=controller-uat-1,controller-uat-2
  • release
    • Allows to release Automation Objects such as schedules. The command can be used in two flavors:
      • release individual objects specified by the --path and --type options.
      • release objects from folders using the --folder option and --recursive switch.
    • Releasing objects activates them for example for use by the Daily Plan.
  • recall
    • Allows to unrelease Automation Objects such as schedules. The command can be used in two flavors:
      • recall individual objects specified by the --path and --type options.
      • recall objects from folders using the --folder option and --recursive switch.
    • Recalling objects deactivates them from further use, objects remain in draft status in the inventory.
  • store
    • Allows to store an object such as a workflow or schedule from a file to the inventory.
      • The --file option specifies the file that holds the JSON representation of an object.
      • The --type option specifies the object type. 
      • The --path option specifies the folders and object name of the objects inventory location.
    • Objects are stored to the inventory in draft status and can be deployed or released using the related commands.
  • remove
    • Allows to remove objects such as workflows or schedules from the inventory. The command can be used in two flavors:
      • remove individual objects specified by the --path and --type options.
      • remove objects from folders recursively using the --folder option.
    • Controller objects such as workflows are removed from the Controller and from the inventory. Automation objects such as schedules are removed from the inventory.
    • Removing objects moves them to the trash from which they can be restored or deleted
  • restore
    • Allows to restore objects such as workflows or schedules from the trash. The command can be used in two flavors:
      • restore individual objects specified by the --path and --type options.
      • restore objects from folders recursively using the --folder option.
    • Restoring objects moves them from the trash to the inventory from which they can be deployed or released.
  • delete
    • Allows to delete objects such as workflows or schedules from the trash. The command can be used in two flavors:
      • delete individual objects specified by the --path and --type options.
      • delete objects from folders recursively using the --folder option.
    • Deleting objects will permanently wipe them from the trash.
  • revalidate
    • Allows to revalildate objects such as workflows or schedules from the inventory, for example after import. The command can be used for inventory folders.
  • encrypt
    • Allows to encrypt a value using the --in option. If used to encrypt a file then the --infile and --outfile options must be specified.
    • The --cert option specifies the path to a file holding the Certificate used for encryption.
    • Encryption is performed by Java libraries that are looked up in the ./lib sub-directory of the Workflow Deployment Script. For details see JS7 - Encryption and Decryption.
  • decrypt
    • Allows to decrypt a value using the --in option. If used to decrypt a file then the --infile and --outfile options must be specified.
    • The --key option specifies the path to the Private Key used for decryption. If the Private Key is protected by a password, then the --key-password option or switch must be usedspecified.
    • Decryption is performed by Java libraries that are looked up in the ./lib sub-directory of the Workflow Deployment Script.

...

Code Block
languagebash
titleExample for Encrypting and Decrypting
linenumberstrue
# create Private Key
openssl ecparam -name secp384r1 -genkey -noout -out encrypt.key

# create Certificate Signing Request
openssl req -new -sha512 -nodes -key encrypt.key -out encrypt.csr -subj "/C=DE/ST=Berlin/L=Berlin/O=SOS/OU=IT/CN=Encrypt"

# create Certificate
openssl x509 -req -sha512 -days 1825 -signkey encrypt.key -in encrypt.csr -out encrypt.crt -extfile <(printf "keyUsage=critical,keyEncipherment,keyAgreement\n")


# encrypt a secret such as a password using the Certificate, the encryption result is returned that looks like: enc:BEXbHYa...
 ./deploy-workflow.sh encrypt --in="root" --cert=encrypt.crt

# common options for connections to the JS7 REST API can includespecify the encryption result returned from a previous encryption step as password and the Private Key usedfor to decryptdecryption
request_options=(--url=http://localhost:4446 --user=root --password="enc:BEXbHYa..." --key=encrypt.key --controller-id=controller)

# for example, when exporting workflows the encrypted password and Private Key are used to decrypt the password on-the-fly for access to the REST API 
./deploy-workflow.sh export "${request_options[@]}" --file=export.zip --path=/ap/ap3jobs,/ap/Agent/apRunAsUser --type=WORKFLOW

# decrypt an encrypted secret using the Private Key
./deploy-workflow.sh decrypt --in="enc:BEXbHYa..." --key=encrypt.key

...