JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 2

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 3

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languageyml
titleAgent configuration file: private.conf
linenumberstrue
collapsetrue
# Security configuration
js7 {
    auth {
        # User accounts for https connections
        users {
            # Controller account for connections by primary/secondary Controller instance
            js7_dev {
                 password="plain:secret"
            }
        }
    }
    
    configuration {
        # Locations of certificates and public keys used for signature verification
        trusted-signature-keys {
            PGP=${js7.config-directory}"/private/trusted-pgp-keys"
            X509=${js7.config-directory}"/private/trusted-x509-keys"
        }
    }
    
    job {
        # Enable script execution from signed workflows
        execution {
            signed-script-injection-allowed = yes
        }
    }
    
    web {
        # Locations of keystore and truststore files for HTTPS connections
        https {
            keystore {
                # Default: ${js7.config-directory}"/private/https-keystore.p12"
                file=${js7.config-directory}"/private/https-keystore.p12"
                key-password=jobscheduler
                store-password=jobscheduler
            }
            truststores=[
                {
                    # Default: ${js7.config-directory}"/private/https-truststore.p12"
                    file=${js7.config-directory}"/private/https-truststore.p12"
                    store-password=jobscheduler
                }
            ]
        }

        # disableDisable use of client authentication certificates
        server {
            auth {
                https-client-authentication=off
            }
        }
    }
}

Explanation:

  • Consider that the above configuration has to be deployed to any Agent instances.
  • Find below explanations about configuration items relevant to an Agent.

Specify Controller ID and Password

Code Block
languageyml
titlexx
linenumberstrue
js7 {
    auth {
        # User accounts for https connections
        users {
            # Controller account for connections by primary/secondary Controller instance
            js7_dev {
                 password="plain:secret"
            }
        }
    }

Explanation:

  • In this example js7_dev is the Controller ID used by solo Controller or by a Controller Cluster. A Controller is assigned a unique Controller ID during initial operation. The Controller ID cannot be changed.
  • The password for the Controller ID in the Agent configuration is the same as stated with the Controller configuration.
    • The password has to be preceded with "plain:" if a plain text password is used.
    • The password has to be preceded with "sha512" if a hashed password is used
      • There are a number of ways how to create an sha512 hash value from a password.
      • A possible solution includes: openssl passwd -6

Disable Client Authentication

Code Block
languageyml
titlexx
linenumberstrue
js7 {
    web {
        # disable use of client authentication certificates
        server {
            auth {
                https-client-authentication=off
            }
        }
}

...

Explanation:
  • By default Client Authentication is required if Server Authentication is in place.
  • The above setting disables Client Authentication.