JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 34

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 35

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • --url
  • --user
    • Specifies the user account for login to JOC Cockpit. If JS7 - Identity Services are available for Client authentication certificates that are specified with the --client-cert and --client-key options then their common name (CN) attribute has to match the user account.
    • If a user account is specified then a password can be specified using the --password option or interactive keyboard input can be prompted using the -p switch.
  • --password
    • Specifies the password used for the account specified with the --user option for login to JOC Cockpit.
    • Password input from the command line is considered insecure.
      • Consider use of the -p switch offering a secure option for interactive keyboard input.
      • Consider use of the encrypt command to encrypt a password: ./deploy-workflow.sh encrypt --in=root --cert=encrypt.crt.
        • The encryption result will include the prefix enc: followed by the encrypted symmetric key, initialization vector and encrypted secret separated by space.
        • If an encrypted password is specified, then it will be decrypted using the Private Key file: ./deploy-workflow.sh <command> --password="enc:BF8J8KP7TPlxy..." --key=encrypt.key.
  • --controller-id
    • Specifies the identification of the Controller that holds related orders.
    • More than one Controller ID can be specified, separated by comma, for the export operation when using the --for-signing switch.
  • --ca-cert
    • Specifies the path to a file in PEM format that holds the Root CA Certificate and optionally Intermediate CA Certificates to verify HTTPS connections to JOC Cockpit.
  • --client-cert
    • Specifies the path to a file in PEM format that holds the Client Certificate if HTTPS mutual authentication is used..
  • --client-key
    • Specifies the path to a file in PEM format that holds the Client Private Key if HTTPS mutual authentication is used..
  • --timeout
    • Specifies the maximum duration for requests to the JS7 REST Web Service. Default: 60 seconds.
  • --file
    • Specifies the location of an archive file that is used with export, import and import-deploy commands.
    • On export an existing archive file will be overwritten.
  • --format
    • Specifies the format of the archive file indicated with the --file option.
    • The format can be one of ZIP or TAR_GZ. Default: ZIP. The JS7 can process archive files in .zip format on Unix.
  • --folder
    • Specifies the inventory folder used for the related operation.
      • Folder specification starts from a / followed by one or more sub-folders.
      • More than one folder can be specified using comma as in --folder=/ProductDemo/AgentCluster,/ProductDemo/ScheduledExecution.
    • When used with the import and import-deploy commands, a single folder can be specified that is prepended the folders included with the archive file.
  • --start-folder
    • Specifies the inventory folder used for relative paths in archive files when using the export command with the --path option, see --use-short-path switch.
  • --path
    • Specifies the path of an object such as a workflow, job resource, schedule. A path starts from a /, optionally followed by a hierarchy of sub-folders, and the object name.
    • Objects are identified from thier path and object type.
  • --type
    • Specifies the object type such as a workflow or schedule that is indicated together with the --path option to identify an object.
      • Controller Object types include: WORKFLOW,FILEORDERSOURCE,JOBRESOURCE,NOTICEBOARD,LOCK
      • Automation Object types include: SCHEDULE,WORKINGDAYSCALENDAR,NONWORKINGDAYSCALENDAR,JOBTEMPLATE,INCLUDESCRIPT,REPORT
    • When used with the export command for folders then more than one object type can be specified separated by comma, for example --type=WORKFLOW,JOBRESOURCE
  • --new-path
    • When used with the restore command, the new path is specified to which the object will be restored in the inventory.
  • --prefix
    • When used with the import command, a prefix can be specified that is prepended all objects that are imported.
    • If an object with the same name and prefix exists, then the object will not be imported.
  • --suffix
    • When used with the import command, a suffix can be specified that is appended all objects that are imported.
    • If an object with the same name and suffix exists, then the object will not be imported.
  • --algorithm
    • When used with the import-deploy command, the signature algorithm is specified that was used to digitally sign objects. Default: SHA512withECDSA.
    • The algorithm name is made up of the hash algorithm name such as SHA256, SHA512 and the encryption type of the Private Key such as ECDSA or RSA.
    • This offers to specify the following algorithm names: SHA256withECDSA, SHA256withRSA, SHA512withECDSA, SHA512withRSA.
  • --date-from
    • Specifies the date starting from which the Daily Plan will be updated:
      • The --date-from=now option value specifies that the Daily Plan will be updated for orders starting from now.
      • The Daily Plan date in ISO date format can be specified, for example --date-from=2023-10-23.
      • If omitted then the Daily Plan will not be updated.
    • Orders in the Daily Plan can be updated for example if the underlying workflow or schedule is changed.
  • --directory
    • When used with the sign command, specifies the directory in which workflow files with the extension *.workflow.json and job resources holding the extension .jobresource.json are looked up for signing. Sub-directories are looked up recursively.
    • All files found will be digitally signed by creating a signature file with the extension *.json.sig that holds the signature of the related object.
  • --keystore
    • When used with the sign command, specifies the path to a keystore file in PKCS12 format. The keystore is expected to hold the Private Key and Certificate.
    • Only one of the options --keystore and --key can be specified.
  • --key
    • When used with the sign command and decrypt commands,  specifies specifies the path to a key file that holds the private key Private Key used for signing/decrypting in PEM format.
    • Only one of the options --keystore and --key can be specified.
  • --cert
    • When used with the sign and encrypt commands, specifies the path to a file that holds the CA signed or self-signed X.509 Certificate. Alternatively the path to a file holding the Public Key can be specified. The Certificate is expected in PEM format.
    • For signing the argument is required if the --key option is used. The argument is optional If the --keystore option is used. The --cert option has precedence if used with the --keystore option.
    • For encryption the Certificate must match the Private Key used for later decryption specified with the --key option.
  • --key-password
    • When used with the sign and decrypt commands, specifies the password for access to the keystore using the --keystore option or key file using the --key option.
    • Password input from the command line is considered insecure.
      • Consider use of the -k switch or more elaborate mechanisms, for example by temporarily populating the system keystore form a security key such as a YubiKey® or similar.
      • Consider use of encrypted passwords as explained with the --password option.
  • --hash
    • When used with the sign command, specifies the hash algorithm used to create a hash from a file that is to be signed.
    • Possible values include sha256 and sha512. Default: sha256
  • --in
    • When used with the encrypt and decrypt commands, specifies the input value that should be encrypted or decrypted.,
    • One of the options --in or --infile can be specified.
  • --infile
    • When used with the encrypt and decrypt commands, specifies the path to the input file that should be encrypted/decrypted.
    • One of the options --in or --infile can be specified. This option requires use of the --outfile option.
  • --outfile
    • When used with the encrypt command, specifies the path to the output file that will be created holding the encrypted content of the input file.
    • When used with the decrypt command, specifies the path to the output file that will be created holding the decrypted content of the input file.
    • The option is required if the --infile option is specified
  • --java-home
    • When used with the encrypt and decrypt commands or with encrypted passwords, specifies the Java home directory. By default the JAVA_HOME environment variable is used to determine the location of Java.
    • The Java home directory is the top-level directory of a Java installation. The directory includes the bin sub-directory and java executable.
  • --java-lib
    • When used with the encrypt and decrypt commands or with encrypted passwords, a number of Java libraries are required to perform encryption/decryption.
    • The Java libraries are expected in the lib sub-directory of the script. Default: ./lib.
  • --audit-message
    • Specifies a message that is made available to the Audit Log.
    • Specification of Audit Log messages can be enforced on a per user basis and for a JS7 environment.
  • --audit-time-spent
    • Specifies the time spent to perform an operation which is added to the Audit Log.
    • The option can be specified if the --audit-message option is used.
  • --audit-link
    • Specifies a link (URL) which is added to the Audit Log.
    • The option can be specified if the --audit-message option is used.
  • --log-dir
    • If a log directory is specified then the script will log information about processing steps to a log file in this directory.
    • File names are created according to the pattern: deploy-workflow.<yyyy>-<MM>-<dd>T<hh>-<mm>-<ss>.log
    • For example: deploy-workflow.2022-03-19T20-50-45.log

...