JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 13

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 14

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • --url
  • --user
    • Specifies the user account for login to JOC Cockpit. If JS7 - Identity Services are available for Client authentication certificates that are specified with the --client-cert and --client-key options then their common name (CN) attribute has to match the user account.
    • If a user account is specified then a password can be specified using the --password option or interactive keyboard input can be prompted using the -p switch.
  • --password
    • Specifies the password used for the account specified with the --user option for login to JOC Cockpit.
    • Password input from the command line is considered insecure.
      • Consider use of the -p switch offering a secure option for interactive keyboard input.
      • Consider use of the encrypt command to encrypt a password: ./operate-joc.sh encrypt --in=root --cert=encrypt.crt.
        • The encryption result will include the prefix enc: followed by the encrypted symmetric key, initialization vector and encrypted secret separated by space.
        • If an encrypted password is specified, then it will be decrypted using the Private Key file: ./operate-joc.sh <command> --password="enc:BF8J8KP7TPlxy..." --key=encrypt.key.
  • --ca-cert
    • Specifies the path to a file in PEM format that holds the Root CA Certificate and optionally Intermediate CA Certificates to verify HTTPS connections to JOC Cockpit.
  • --client-cert
    • Specifies the path to a file in PEM format that holds the Client Certificate if HTTPS mutual authentication is used..
  • --client-key
    • Specifies the path to a file in PEM format that holds the Client Private Key if HTTPS mutual authentication is used..
  • --timeout
    • Specifies the maximum duration for requests to the JS7 REST Web Service. Default: 60 seconds.
  • --controller-id
    • Specifies the identification of the Controller.
  • --validityagent-days
    • Specifies the number of days before expiration of a JS7 license.
      • Exit code 2 signals an expired license or an inapplicable license check if the Open Source License is used.
      • Exit code 3 signals a valid license that is about to expire within the number of days specified.
    id
    • The Agent ID specifies a unique identifier for a Standalone Agent or Agent Cluster that cannot be changed later on.
    • Agents are identified from their Agent ID.
  • --service-type--key
    • When used with the decrypt restart-service command, specifies the path to a file that holds the Private Key in PEM format used for decryption.
  • --cert
    • When used with the encrypt command, specifies the path to a file that holds the CA-signed or self-signed X.509 Certificate. Alternatively, the path to a file holding the Public Key can be specified. The Certificate/Public Key is expected in PEM format.
    • For encryption the Certificate/Public Key must match the Private Key used for later decryption specified with the --key option.
    • service that should be restarted.
    • One of the following services can be specified: cluster, history, dailyplan, cleanup, monitor
  • --validity-days
    • When used with the checck-license command, specifies the number of days before expiration of a JS7 license.
      • Exit code 2 signals an expired license or an inapplicable license check if the Open Source License is used.
      • Exit code 3 signals a valid license that is about to expire within the number of days specified.
  • --settings
    • When used with the store-settings command, specifies settings from their JSON format.
  • --key--key-password
    • When used with the decrypt command, specifies the password for access path to the key a file using the --key option.
    • Password input from the command line is considered insecure.
      • Consider use of the -k switch or more elaborate mechanisms, for example by temporarily populating the system keystore form a security key such as a YubiKey® or similar.
      • Consider use of encrypted passwords as explained with the --password option.
  • --in
    • When used with the encrypt and decrypt commands, specifies the input value that should be encrypted or decrypted.,
    • One of the options --in or --infile can be specified.
  • --infile
    • When used with the encrypt and decrypt commands, specifies the path to the input file that should be encrypted/decrypted.
    • One of the options --in or --infile can be specified. This option requires use of the --outfile option.
  • --outfile
    • When used with the encrypt command, specifies the path to the output file that will be created holding the encrypted content of the input file.
    • When used with the decrypt command, specifies the path to the output file that will be created holding the decrypted content of the input file.
    • The option is required if the --infile option is specified
    • that holds the Private Key in PEM format used for decryption.
  • --cert
    • When used with the encrypt command, specifies the path to a file that holds the CA-signed or self-signed X.509 Certificate. Alternatively, the path to a file holding the Public Key can be specified. The Certificate/Public Key is expected in PEM format.
    • For encryption the Certificate/Public Key must match the Private Key used for later decryption specified with the --key option.
  • --key-password
    • When used with the decrypt command, specifies the password for access to the key file using the --key option.
    • Password input from the command line is considered insecure.
      • Consider use of the -k switch or more elaborate mechanisms, for example by temporarily populating the system keystore form a security key such as a YubiKey® or similar.
      • Consider use of encrypted passwords as explained with the --password option.
  • --in
    • When used with the encrypt and decrypt commands, specifies the input value that should be encrypted or decrypted.,
    • One of the options --in or --infile can be specified.
  • --infile
    • When used with the encrypt and decrypt commands, specifies the path to the input file that should be encrypted/decrypted.
    • One of the options --in or --infile can be specified. This option requires use of the --outfile option.
  • --outfile
    • When used with the encrypt command, specifies the path to the output file that will be created holding the encrypted content of the input file.
    • When used with the decrypt command, specifies the path to the output file that will be created holding the decrypted content of the input file.
    • The option is required if the --infile option is specified
  • --java-home
    • When used with the encrypt and decrypt commands or with encrypted passwords, specifies the Java home directory. By default the 
    --java-home
    • When used with the encrypt and decrypt commands or with encrypted passwords, specifies the Java home directory. By default the JAVA_HOME environment variable is used to determine the location of Java.
    • The Java home directory is the top-level directory of a Java installation. The directory includes the bin sub-directory and java executable.
  • --java-lib
    • When used with the encrypt and decrypt commands or with encrypted passwords, a number of Java libraries are required to perform encryption/decryption.
    • The Java libraries are expected in the lib sub-directory of the JS7 Unix Shell CLI. Default: ./lib.
  • --audit-message
    • Specifies a message that is made available to the Audit Log.
    • Specification of Audit Log messages can be enforced on a per user basis and for a JS7 environment.
  • --audit-time-spent
    • Specifies the time spent to perform an operation which is added to the Audit Log.
    • The option can be specified if the --audit-message option is used.
  • --audit-link
    • Specifies a link (URL) which is added to the Audit Log.
    • The option can be specified if the --audit-message option is used.
  • --log-dir
    • If a log directory is specified then the script will log information about processing steps to a log file in this directory.
    • File names are created according to the pattern: operate-joc.<yyyy>-<MM>-<dd>T<hh>-<mm>-<ss>.log
    • For example: operate-joc.2022-03-19T20-50-45.log

...

  • -h | --help
    • Displays usage.
  • -v | --verbose
    • Displays verbose log output that includes requests and responses with the JS7 REST Web Service.
    • When used twice as with -v -v then curl verbose output will be displayed.
  • -p | --password
    • Asks the user for interactive keyboard input of the password used for the account specified with the --user option..
    • The switch is used for secure interactive input as an alternative to use of the option --password=<password>.
  • -k | --key-password
    • Asks the user for interactive keyboard input of the password used for access to a keystore or key file specified with the --keystore or --key options.
    • The switch is used for secure interactive input as an alternative to use of the --key-password=<password> option.
  • -l | -show-logslist
    • Lists version information in JSON format when used with the version command.
  • --show-logs
    • Displays
    • Displays the log output created by the script if the --log-dir option is used.
  • --make-dirs
    • If directories are missing that are indicated with the --log-dir option then they will be created.

...

Code Block
languagebash
titleExample for Getting Version Information
linenumberstrue
# common options for connection to JS7 REST API
request_options=(--url=http://localhost:4446 --user=root --password=root)

# get JOC Cockpit version
./operate-joc.sh version "${request_options[@]}"
# returns
2.7.2

# get Controller version
./operate-joc.sh version "${request_options[@]}" --controller-id=controller
# returns
2.7.2

# get Standalone Agent version
./operate-joc.sh version "${request_options[@]}" --agent-id=StandaloneAgent
# returns
2.7.2

# get Agent Cluster version
./operate-joc.sh version "${request_options[@]}" --agent-id=AgentCluster
# returns
2.7.2

# get version of all Agents in Agent Cluster
./operate-joc.sh version "${request_options[@]}" --controller-id=controller --agent-id=AgentCluster --list
# returns
{
  "agentVersions":[
    {"agentId":"AgentCluster","compatibility":"COMPATIBLE","uri":"https://diragent-2-0-primary:4443","version":"2.7.2"},
    {"agentId":"AgentCluster","compatibility":"COMPATIBLE","subagentId":"director_primary_001","uri":"https://diragent-2-0-primary:4443","version":"2.7.2"},
    {"agentId":"AgentCluster","compatibility":"COMPATIBLE","subagentId":"director_secondary_001","uri":"https://diragent-2-0-secondary:4443","version":"2.7.2"},
    {"agentId":"AgentCluster","compatibility":"COMPATIBLE","subagentId":"subagent_primary_001","uri":"https://subagent-2-0-primary:4443","version":"2.7.2"},
    {"agentId":"AgentCluster","compatibility":"COMPATIBLE","subagentId":"subagent_secondary_001","uri":"https://subagent-2-0-secondary:4443","version":"2.7.2"},
    {"agentId":"AgentCluster","compatibility":"COMPATIBLE","subagentId":"subagent_third_001","uri":"https://subagent-2-0-third:4443","version":"2.7.2"}
  ],
  "controllerVersions":[
    {"compatibility":"COMPATIBLE","controllerId":"controller","uri":"https://controller-2-0-standalone:4443","version":"2.7.2"}
  ],
  "jocVersion":"2.7.2"
}"}
  ],
  "controllerVersions":[
    {"compatibility":"COMPATIBLE","controllerId":"controller","uri":"https://controller-2-0-standalone:4443","version":"2.7.2"}
  ],
  "jocVersion":"2.7.2"
}

Switching-over JOC Cockpit

Code Block
languagebash
titleExample for Switching-over JOC Cockpit
linenumberstrue
# common options for connection to JS7 REST API
request_options=(--url=http://localhost:4446 --user=root --password=root)

# switch-over active role
./operate-joc.sh switch-over "${request_options[@]}" --controller-id=controller

Restarting Service

Code Block
languagebash
titleExample for Restarting Service
linenumberstrue
# common options for connection to JS7 REST API
request_options=(--url=http://localhost:4446 --user=root --password=root)

# restart service: cluster, history, dailyplan, cleanup, monitor
./operate-joc.sh restart-service "${request_options[@]}" --service-type=dailyplan

Checking License

Code Block
languagebash
titleExample for Checking JOC Cockpit License
linenumberstrue
# common options for connection to JS7 REST API
request_options=(--url=http://localhost:4446 --user=root --password=root --controller-id=controller)

# check license
./operate-joc.sh check-license "${request_options[@]}"
# returns response
.... License type: COMMERCIAL_VALID
.... License valid: true
.... License valid from: 2021-05-05T12:22:41Z
.... License valid until: 2026-05-04T12:22:41Z

...

Code Block
languagebash
titleExample for Encrypting and Decrypting
linenumberstrue
# create Private Key
openssl ecparam -name secp384r1 -genkey -noout -out encrypt.key

# create Certificate Signing Request
openssl req -new -sha512 -nodes -key encrypt.key -out encrypt.csr -subj "/C=DE/ST=Berlin/L=Berlin/O=SOS/OU=IT/CN=Encrypt"

# create Certificate
openssl x509 -req -sha512 -days 1825 -signkey encrypt.key -in encrypt.csr -out encrypt.crt -extfile <(printf "keyUsage=critical,keyEncipherment,keyAgreement\n")


# encrypt a secret such as a password using the Certificate, the encryption result will be returned and will look like: enc:BEXbHYa...
./operate-joc.sh encrypt --in="root" --cert=encrypt.crt

# options for connection to the JS7 REST API can specify the encryption result as password and the Private Key for decryption
request_options=(--url=http://localhost:4446 --user=root --password="enc:BEXbHYa..." --key=encrypt.key --controller-id=controller)

# for example, when restartinggetting aversion Controllerinformation, the Private Key is used to decrypt the password for access to the REST API on-the-fly
./operate-joc.sh restartversion "${request_options[@]}"

# decrypt an encrypted secret using the Private Key
./operate-joc.sh decrypt --in="enc:BEXbHYa..." --key=encrypt.key

...