--url
- Specifies the URL by which JOC Cockpit is accessible using <http|https>://<host>:<port>.
- Example: http://centostest-primary.sos:4446
- Example: https://centostest-primary.sos:4443
--user
- Specifies the user account for login to JOC Cockpit. If JS7 - Identity Services are available for Client authentication certificates that are specified with the --client-cert and --client-key options then their common name (CN) attribute has to match the user account.
- If a user account is specified then a password can be specified using the --password option or interactive keyboard input can be prompted using the -p switch.
--password
- Specifies the password used for the account specified with the --user option for login to JOC Cockpit.
- Password input from the command line is considered insecure.
  - Consider use of the -p switch offering a secure option for interactive keyboard input.
  - Consider use of the encrypt command to encrypt a password: ./deployoperate-workflowjoc.sh encrypt --in=root --cert=encrypt.crt.
    - The encryption result will include the prefix enc: followed by the encrypted symmetric key, initialization vector and encrypted secret separated by space.
    - If an encrypted password is specified, then it will be decrypted using the Private Key file: ./deployoperate-workflowjoc.sh <command> --password="enc:BF8J8KP7TPlxy..." --key=encrypt.key.
--ca-cert
- Specifies the path to a file in PEM format that holds the Root CA Certificate and optionally Intermediate CA Certificates to verify HTTPS connections to JOC Cockpit.
--client-cert
- Specifies the path to a file in PEM format that holds the Client Certificate if HTTPS mutual authentication is used..
--client-key
- Specifies the path to a file in PEM format that holds the Client Private Key if HTTPS mutual authentication is used..
--timeout
- Specifies the maximum duration for requests to the JS7 REST Web Service. Default: 60 seconds.
--controller-id
- Specifies the identification of the Controller.
--validity-days
- Specifies the number of days before expiration of a JS7 license.
  - Exit code 2 signals an expired license or an inapplicable license check if the Open Source License is used.
  - Exit code 3 signals a valid license that is about to expire within the number of days specified.
--key
- When used with the decrypt command, specifies the path to a file that holds the Private Key used for decrypting in PEM format.
--cert
- When used with the encrypt command, specifies the path to a file that holds the CA signed or self-signed X.509 Certificate. Alternatively the path to a file holding the Public Key can be specified. The Certificate is expected in PEM format.
- For encryption the Certificate must match the Private Key used for later decryption specified with the --key option.
--key-password
- When used with the decrypt command, specifies the password for access to the key file using the --key option.
- Password input from the command line is considered insecure.
  - Consider use of the -k switch or more elaborate mechanisms, for example by temporarily populating the system keystore form a security key such as a YubiKey® or similar.
  - Consider use of encrypted passwords as explained with the --password option.
--in
- When used with the encrypt and decrypt commands, specifies the input value that should be encrypted or decrypted.,
- One of the options --in or --infile can be specified.
--infile
- When used with the encrypt and decrypt commands, specifies the path to the input file that should be encrypted/decrypted.
- One of the options --in or --infile can be specified. This option requires use of the --outfile option.
--outfile
- When used with the encrypt command, specifies the path to the output file that will be created holding the encrypted content of the input file.
- When used with the decrypt command, specifies the path to the output file that will be created holding the decrypted content of the input file.
- The option is required if the --infile option is specified
--java-home
- When used with the encrypt and decrypt commands or with encrypted passwords, specifies the Java home directory. By default the JAVA_HOME environment variable is used to determine the location of Java.
- The Java home directory is the top-level directory of a Java installation. The directory includes the bin sub-directory and java executable.
--java-lib
- When used with the encrypt and decrypt commands or with encrypted passwords, a number of Java libraries are required to perform encryption/decryption.
- The Java libraries are expected in the lib sub-directory of the JS7 Unix Shell CLI. Default: ./lib.
--audit-message
- Specifies a message that is made available to the Audit Log.
- Specification of Audit Log messages can be enforced on a per user basis and for a JS7 environment.
--audit-time-spent
- Specifies the time spent to perform an operation which is added to the Audit Log.
- The option can be specified if the --audit-message option is used.
--audit-link
- Specifies a link (URL) which is added to the Audit Log.
- The option can be specified if the --audit-message option is used.
--log-dir
- If a log directory is specified then the script will log information about processing steps to a log file in this directory.
- File names are created according to the pattern: operate-workflowjoc.<yyyy>-<MM>-<dd>T<hh>-<mm>-<ss>.log
- For example: operate-workflowjoc.2022-03-19T20-50-45.log

Switches

...

Code Block

language	bash
title	Examples for Getting Status Information
linenumbers	true

# common options for connection to JS7 REST API
request_options=(--url=http://localhost:4446 --user=root --password=root --controller-id=controller)

# get status information for Standalone JOC Cockpit
response=$(./operate-joc.sh status "${request_options[@]}")
# returns response
{"clusterState":{"_text":"ClusterUnknown","severity":2},"controllers":[{"componentState":{"_text":"operational","severity":0},"connectionState":{"_text":"established","severity":0},"controllerId":"controller","host":"localhost","id":20,"isCoupled":false,"javaVersion":"21+35-2513","os":{"architecture":"amd64","distribution":"3.10.0-1160.92.1.el7.x86_64","name":"Linux"},"role":"STANDALONE","securityLevel":"HIGH","startedAt":"2024-09-03T09:52:38.918Z","surveyDate":"2024-09-23T10:10:01.496Z","title":"Standalone Controller","url":"http://localhost:4444","version":"2.7.2"}],"database":{"componentState":{"_text":"operational","severity":0},"connectionState":{"_text":"established","severity":0},"dbms":"H2","version":"1.4.200 (2019-10-14)"},"deliveryDate":"2024-09-23T10:10:01.499Z","jocs":[{"componentState":{"_text":"operational","severity":0},"connectionState":{"_text":"established","severity":0},"controllerConnectionStates":[{"role":"STANDALONE","state":{"_text":"established","severity":0}}],"current":true,"host":"localhost","id":1,"instanceId":"joc#0","isApiServer":false,"lastHeartbeat":"2024-09-23T10:09:43.682Z","memberId":"localhost:1ce420678f21a574e6adeb2f218f5bd40ed1b1bf9005414bcf060fba2e4c5a67","os":{"architecture":"amd64","distribution":"3.10.0-1160.92.1.el7.x86_64","name":"Linux"},"securityLevel":"HIGH","startedAt":"2024-09-19T20:55:34.522Z","title":"My JOC Cockpit","url":"http://localhost:4446","version":"2.7.2"}]}
# get severity from status information
echo "$response" | jq -r '.jocs[0].componentState.severity // empty'
echo "$response" | jq -r '.jocs[0].connectionState.severity // empty'
echo "$response" | jq -r '.jocs[0].controllerConnectionStates[0].state.severity // empty'
echo "$response" | jq -r '.jocs[0].version // empty'
echo "$response" | jq -r '.database.componentState.severity // empty'
echo "$response" | jq -r '.database.connectionState.severity // empty'

# get status information for JOC Cockpit Cluster
response=$(./operate-joc.sh status "${request_options[@]}")
# returns response
{"clusterState":{"_text":"ClusterCoupled","severity":0},"controllers":[{"clusterNodeState":{"_text":"inactive","severity":1},"clusterUrl":"http://localhost:4444","componentState":{"_text":"operational","severity":0},"connectionState":{"_text":"established","severity":0},"controllerId":"controller_cluster","host":"localhost","id":2,"isCoupled":true,"javaVersion":"17.0.12+7-alpine-r0","os":{"architecture":"amd64","distribution":"3.10.0-1160.92.1.el7.x86_64","name":"Linux"},"role":"PRIMARY","securityLevel":"MEDIUM","startedAt":"2024-09-18T20:29:33.271Z","surveyDate":"2024-09-23T10:07:16.768Z","title":"PRIMARY CONTROLLER","url":"http://localhost:4444","version":"2.7.2"},{"clusterNodeState":{"_text":"active","severity":0},"clusterUrl":"http://localhost:4444","componentState":{"_text":"operational","severity":0},"connectionState":{"_text":"established","severity":0},"controllerId":"controller_cluster","host":"localhost","id":3,"isCoupled":true,"javaVersion":"17.0.12+7-alpine-r0","os":{"architecture":"amd64","distribution":"3.10.0-1160.92.1.el7.x86_64","name":"Linux"},"role":"BACKUP","securityLevel":"MEDIUM","startedAt":"2024-09-18T20:29:33.972Z","surveyDate":"2024-09-23T10:07:16.737Z","title":"SECONDARY CONTROLLER","url":"http://localhost:44444","version":"2.7.2"}],"database":{"componentState":{"_text":"operational","severity":0},"connectionState":{"_text":"established","severity":0},"dbms":"MySQL","version":"5.7.33"},"deliveryDate":"2024-09-23T10:07:16.773Z","jocs":[{"clusterNodeState":{"_text":"active","severity":0},"componentState":{"_text":"operational","severity":0},"connectionState":{"_text":"established","severity":0},"controllerConnectionStates":[{"role":"PRIMARY","state":{"_text":"established","severity":0}},{"role":"BACKUP","state":{"_text":"established","severity":0}}],"current":true,"host":"localhost","id":3,"instanceId":"joc#0","isApiServer":false,"lastHeartbeat":"2024-09-23T10:07:13Z","memberId":"localhost:97c88ccc3975703ebd0b7277d394ec8768f88b31775e8df038572d2547c240a0","os":{"architecture":"amd64","distribution":"3.10.0-957.1.3.el7.x86_64","name":"Linux"},"securityLevel":"MEDIUM","startedAt":"2024-09-20T15:50:41Z","title":"PRIMARY JOC COCKPIT","url":"http://localhost:4446","version":"2.7.2"},{"clusterNodeState":{"_text":"inactive","severity":1},"componentState":{"_text":"operational","severity":0},"connectionState":{"_text":"established","severity":0},"controllerConnectionStates":[{"role":"PRIMARY","state":{"_text":"established","severity":0}},{"role":"BACKUP","state":{"_text":"established","severity":0}}],"current":false,"host":"localhost","id":1,"instanceId":"joc#1","isApiServer":false,"lastHeartbeat":"2024-09-23T10:07:12Z","memberId":"localhost:97c88ccc3975703ebd0b7277d394ec8768f88b31775e8df038572d2547c240a0","os":{"architecture":"amd64","distribution":"3.10.0-957.1.3.el7.x86_64","name":"Linux"},"securityLevel":"MEDIUM","startedAt":"2024-09-20T15:50:40Z","title":"SECONDARY JOC COCKPIT","url":"http://localhost:4446","version":"2.7.2"}]}
# get severity from status information
echo "$response" | jq -r '.clusterState.severity // empty'
echo "$response" | jq -r '.controllers[0].componentState.severity // empty'
echo "$response" | jq -r '.controllers[0].connectionState.severity // empty'
echo "$response" | jq -r '.controllers[1].componentState.severity // empty'
echo "$response" | jq -r '.controllers[1].connectionState.severity // empty'
echo "$response" | jq -r '.jocs[0].componentState.severity // empty'
echo "$response" | jq -r '.jocs[0].connectionState.severity // empty'
echo "$response" | jq -r '.jocs[0].version // empty'
echo "$response" | jq -r '.database.componentState.severity // empty'
echo "$response" | jq -r '.database.connectionState.severity // empty'

...

Code Block

language	bash
title	Example for Checking JOC Cockpit License
linenumbers	true

# common options for connection to JS7 REST API
request_options=(--url=http://localhost:4446 --user=root --password=root --controller-id=controller)

# check license
./operate-joc.sh check-license "${request_options[@]}"
# returns response
.... License type: COMMERCIAL_VALID
.... License valid: true
.... License valid from: 2021-05-05T12:22:41Z
.... License valid until: 2026-05-04T12:22:41Z

Encrypting and Decrypting

Secrets can be encrypted and decrypted as explaind with JS7 - Encryption and Decryption.
Encryption/decryption require related Java libraries that are available from the ./lib sub-directory.
For creation of a Private Key and Certificate see JS7 - How to create X.509 Encryption Keys.

Code Block

language	bash
title	Example for Encrypting and Decrypting
linenumbers	true

# create Private Key
openssl ecparam -name secp384r1 -genkey -noout -out encrypt.key

# create Certificate Signing Request
openssl req -new -sha512 -nodes -key encrypt.key -out encrypt.csr -subj "/C=DE/ST=Berlin/L=Berlin/O=SOS/OU=IT/CN=Encrypt"

# create Certificate
openssl x509 -req -sha512 -days 1825 -signkey encrypt.key -in encrypt.csr -out encrypt.crt -extfile <(printf "keyUsage=critical,keyEncipherment,keyAgreement\n")


# encrypt a secret such as a password using the Certificate, the encryption result will be returned and will look like: enc:BEXbHYa...
./operate-joc.sh encrypt --in="root" --cert=encrypt.crt

# options for connection to the JS7 REST API can specify the encryption result as password and the Private Key for decryption
request_options=(--url=http://localhost:4446 --user=root --password="enc:BEXbHYa..." --key=encrypt.key --controller-id=controller)

# for example, when restarting a Controller the Private Key is used to decrypt the password for access to the REST API on-the-fly
./operate-joc.sh restart "${request_options[@]}"

# decrypt an encrypted secret using the Private Key
./operate-joc.sh decrypt --in="enc:BEXbHYa..." --key=encrypt.key

Resources

API
- JS7 - REST Web Service API
- JS7 - PowerShell Module
Workflow Deployment Operations
- JS7 - Unix Shell CLI for Workflow Deployment
Workflow Status Operations
- JS7 - Unix Shell CLI for Workflow Status Operations
Controller Deployment Operations
- JS7 - Unix Shell CLI for Controller Deployment
Controller Status Operations
- JS7 - Unix Shell CLI for Controller Status Operations

...

Space shortcuts

Page tree

Versions Compared

Old Version 2

New Version 3

Key

Switches

Encrypting and Decrypting

Resources

Space shortcuts

Page tree

Page History

Versions Compared

Old Version 2

New Version 3

Key

Switches

Encrypting and Decrypting

Resources