JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 44

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 45

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • The script is available for Linux and MacOS® using bash shell.
  • The script terminates with exit code 0 to signal successful execution, with exit code 1 for command line argument errors and with exit code 4 for non-recoverable errors. Exit code 3 signals that no matching objects have been found.
  • The script is intended as a baseline example for customization by JS7 users and by SOS within the scope of professional services. Examples make use of JS7 Release 2.7.2, bash 4.2, curl 7.29.0 and jq 1.6.0.

...

  • --url
  • --user
    • Specifies the user account for login to JOC Cockpit. If JS7 - Identity Services are available for Client authentication certificates that are specified with the --client-cert and --client-key options then their common name (CN) attribute has to match the user account.
    • If a user account is specified then a password can be specified using the --password option or interactive keyboard input can be prompted using the -p switch.
  • --password
    • Specifies the password used for the account specified with the --user option for login to JOC Cockpit.
    • Password input from the command line is considered insecure.
      • Consider use of the -p switch offering a secure option for interactive keyboard input.
      • Consider use of the encrypt command to encrypt a password: ./deploy-workflow.sh encrypt --in=root --cert=encrypt.crt.
        • The encryption result will include the prefix enc: followed by the encrypted symmetric key, initialization vector and encrypted secret separated by space.
        • If an encrypted password is specified, then it will be decrypted using the Private Key file: ./deploy-workflow.sh <command> --password="enc:BF8J8KP7TPlxy..." --key=encrypt.key.
  • --controller-id
    • Specifies the identification of the Controller that holds related orders.
    • More than one Controller ID can be specified, separated by comma, for the export operation when using the --for-signing switch.
  • --ca-cert
    • Specifies the path to a file in PEM format that holds the Root CA Certificate and optionally Intermediate CA Certificates to verify HTTPS connections to JOC Cockpit.
  • --client-cert
    • Specifies the path to a file in PEM format that holds the Client Certificate if HTTPS mutual authentication is used..
  • --client-key
    • Specifies the path to a file in PEM format that holds the Client Private Key if HTTPS mutual authentication is used..
  • --timeout
    • Specifies the maximum duration for requests to the JS7 REST Web Service. Default: 60 seconds.
  • --file
    • Specifies the location of an archive file that is used with export, import and import-deploy commands.
    • On export an existing archive file will be overwritten.
  • --format
    • Specifies the format of the archive file indicated with the --file option.
    • The format can be one of ZIP or TAR_GZ. Default: ZIP. The JS7 can process archive files in .zip format on Unix.
  • --folder
    • Specifies the inventory folder used for the related operation.
      • Folder specification starts from a / followed by one or more sub-folders.
      • More than one folder can be specified using comma as in --folder=/ProductDemo/AgentCluster,/ProductDemo/ScheduledExecution.
    • When used with the import and import-deploy commands, a single folder can be specified that is prepended the folders included with the archive file.
  • --start-folder
    • Specifies the inventory folder used for relative paths in archive files when using the export command with the --path option, see --use-short-path switch.
  • --path
    • Specifies the path of an object such as a workflow, job resource, schedule. A path starts from a /, optionally followed by a hierarchy of sub-folders, and the object name.
    • Objects are identified from thier path and object type.
  • --type
    • Specifies the object type such as a workflow or schedule that is indicated together with the --path option to identify an object.
      • Controller Object types include: WORKFLOW,FILEORDERSOURCE,JOBRESOURCE,NOTICEBOARD,LOCK
      • Automation Object types include: SCHEDULE,WORKINGDAYSCALENDAR,NONWORKINGDAYSCALENDAR,JOBTEMPLATE,INCLUDESCRIPT,REPORT
    • When used with the export command for folders then more than one object type can be specified separated by comma, for example --type=WORKFLOW,JOBRESOURCE
  • --new-path
    • When used with the restore command, the new path is specified to which the object will be restored in the inventory.
  • --prefix
    • When used with the import command, a prefix can be specified that is prepended all objects that are imported.
    • If an object with the same name and prefix exists, then the object will not be imported.
  • --suffix
    • When used with the import command, a suffix can be specified that is appended all objects that are imported.
    • If an object with the same name and suffix exists, then the object will not be imported.
  • --algorithm
    • When used with the import-deploy command, the signature algorithm is specified that was used to digitally sign objects. Default: SHA512withECDSA.
    • The algorithm name is made up of the hash algorithm name such as SHA256, SHA512 and the encryption type of the Private Key such as ECDSA or RSA.
    • This offers to specify the following algorithm names: SHA256withECDSA, SHA256withRSA, SHA512withECDSA, SHA512withRSA.
  • --date-from
    • Specifies the date starting from which the Daily Plan will be updated:
      • The --date-from=now option value specifies that the Daily Plan will be updated for orders starting from now.
      • The Daily Plan date in ISO date format can be specified, for example --date-from=2023-10-23.
      • If omitted then the Daily Plan will not be updated.
    • Orders in the Daily Plan can be updated for example if the underlying workflow or schedule is changed.
  • --directory
    • When used with the sign command, specifies the directory in which workflow files with the extension *.workflow.json and job resources holding the extension .jobresource.json are looked up for signing. Sub-directories are looked up recursively.
    • All files found will be digitally signed by creating a signature file with the extension *.json.sig that holds the signature of the related object.
  • --keystore
    • When used with the sign command, specifies the path to a keystore file in PKCS12 format. The keystore is expected to hold the Private Key and Certificate.
    • Only one of the options --keystore and --key can be specified.
  • --key
    • When used with the sign and decrypt commands, specifies the path to a file that holds the Private Key  in PEM format used for signing/decrypting in PEM format.
    • Only one of the options --keystore and --key can be specified.
  • --cert
    • When used with the sign and encrypt commands, specifies the path to a file that holds the CA-signed or self-signed X.509 Certificate. Alternatively, the path to a file holding the Public Key can be specified. The Certificate/Public Key is expected in PEM format.
    • For signing the argument is required if the --key option is used. The argument is optional If the --keystore option is used. The --cert option has precedence if used with the --keystore option.
    • For encryption the Certificate/Public Key must match the Private Key used for later decryption specified with the --key option.
  • --key-password
    • When used with the sign and decrypt commands, specifies the password for access to the keystore using the --keystore option or key file using the --key option.
    • Password input from the command line is considered insecure.
      • Consider use of the -k switch or more elaborate mechanisms, for example by temporarily populating the system keystore form a security key such as a YubiKey® or similar.
      • Consider use of encrypted passwords as explained with the --password option.
  • --hash
    • When used with the sign command,  specifies specifies the hash algorithm used to create a hash from a file that is to should be signed.
    • Possible values include sha256 and sha512. Default: sha256
  • --in
    • When used with the encrypt and decrypt commands, specifies the input value that should be encrypted or decrypted.,
    • One of the options --in or --infile can be specified.
  • --infile
    • When used with the encrypt and decrypt commands, specifies the path to the input file that should be encrypted/decrypted.
    • One of the options --in or --infile can be specified. This option requires use of the --outfile option.
  • --outfile
    • When used with the encrypt command, specifies the path to the output file that will be created holding the encrypted content of the input file.
    • When used with the decrypt command, specifies the path to the output file that will be created holding the decrypted content of the input file.
    • The option is required if the --infile option is specified
  • --java-home
    • When used with the encrypt and decrypt commands or with encrypted passwords, specifies the Java home directory. By default the JAVA_HOME environment variable is used to determine the location of Java.
    • The Java home directory is the top-level directory of a Java installation. The directory includes the bin sub-directory and java executable.
  • --java-lib
    • When used with the encrypt and decrypt commands or with encrypted passwords, a number of Java libraries are required to perform encryption/decryption.
    • The Java libraries are expected in the lib sub-directory of the JS7 Unix Shell CLI. Default: ./lib.
  • --audit-message
    • Specifies a message that is made available to the Audit Log.
    • Specification of Audit Log messages can be enforced on a per user basis and for a JS7 environment.
  • --audit-time-spent
    • Specifies the time spent to perform an operation which is added to the Audit Log.
    • The option can be specified if the --audit-message option is used.
  • --audit-link
    • Specifies a link (URL) which is added to the Audit Log.
    • The option can be specified if the --audit-message option is used.
  • --log-dir
    • If a log directory is specified then the script will log information about processing steps to a log file in this directory.
    • File names are created according to the pattern: deploy-workflow.<yyyy>-<MM>-<dd>T<hh>-<mm>-<ss>.log
    • For example: deploy-workflow.2022-03-19T20-50-45.log

...