JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 25

changes.mady.by.user Santiago Aucejo Petzoldt

Saved on

compared with

New Version 26

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The command line client is available with the Instance Start Script for Unix and Windows

Standard Arguments

The following arguments are used independently from an HTTP or HTTPS connection to JOC Cockpit:

Expand
titleList of Standard Arguments
ArgumentRequiredDescriptionExample
--joc-uriYes

URI of the JOC Cockpit instance from which to receive the private key and certificate.

--joc-uri=http://myhost.example.com:4446
--tokenYes

UUID of the security token for one-time authentication with JOC Cockpit.

--token=73bfc4b8-3f15-44b9-a75b-cdb44aec8f4b
--dn-onlyNoFlag to receive relevant DNs Distinguished Names (DN) to update the private.conf file, without certficate generationgenerating certificates.--dn-only
--subject-dnYes

The subject of the requested certificate includes the Distinguished Name (DN) consisting of CN, OU, O, L, S, C attributes. The hostname of the requesting client is specified as CN.

--subject-dn="CN=myhost, OU=IT Operations, O=SOS,  L=Berlin, S=Berlin, C=DE"
--sanYes

The Subject Alternative Name (SAN) specifies the hostname of the requesting client and optionally variations of the hostname, e.g. the domain part (FQDN). Alternative hostnames are separated by comma.

--san="myhost, myhost.example.com"
--key-aliasYes

Alias name used when storing the requested private key and certificate to the target keystore.

--key-alias="MyKeyAlias"
--ca-aliasYes

Alias name used when storing the requested CA certificate in both, the target keystore and truststore.

--ca-alias="MyTrustedCertificateAlias"




--target-keystoreYes

Path to the keystore to which the requested private key and certificate should be stored.

--target-keystore=/var/sos-berlin.com/js7/controller/var/config/private/https-keystore.p12
--target-keystore-typeNo

Type of the keystore used. Supported values include: PKCS12 (default),
JKS (deprecated).

--target-keystore-type=PKCS12
--target-keystore-passNo

Password for access to the keystore.

--target-keystore-pass="YourKeystorePassword"
--target-keystore-entry-passNo

Password for the requested private key that should be added to the keystore.

--target-keystore-entry-pass="YourKeystoreEntryPassword"




--target-truststoreYes

Path to the truststore to which the trusted CA certificate should be stored.

--target-truststore=/var/sos-berlin.com/js7/controller/var/config/private/https-truststore.p12
--target-truststore-typeNo

Type of the truststore used. Supported values include: PKCS12 (default),
JKS (deprecated).

--target-truststore-type=PKCS12
--target-truststore-passNo

Password for access to the truststore.

--target-truststore-pass="YourTruststorePassword"

--helpNoDisplays usage information, this option has to be specified as the only command line option and has no value.


Explanation:

  • Arguments qualified as required have to be used with any request to JOC Cockpit to create a private key and certificate.
  • The --joc-uri argument specifies the URL for JOC Cockpit. When used with the HTTPS protocol then check the next section for additional arguments.
  • The --target-keystore is located in the Controller or Agent instance's ./config/private directory.

  • The --dn-only argument : If if present , only adds related DNs are added to the private.conf file in the in the Controller or Agent instances./config/private directory. No certificates/keys are generated.

...

Code Block
languagebash
titleHTTP Connection to JOC Cockpit
collapsetrue
java -jar sos-commons-cli.jar com.sos.cli.ExecuteRollOut./bin/controller_instance.sh cert \
    --token=73bfc4b8-3f15-44b9-a75b-cdb44aec8f4b \
    --joc-uri=http://somehost.example.com:4446 \
    --san="myhost.example.com, myhost" \
    --subject-dn="CN=myhost, OU=IT Operations, O=SOS, C=DE, L=Berlin, ST=Berlin" \
    --key-alias=myhost \
    --ca-alias="Root CA" \
    --target-keystore=/var/sos-berlin.com/js7/controller/var/config/private/https-keystore.p12 \
    --target-keystore-pass=jobscheduler \
    --target-keystore-entry-pass=jobscheduler \
    --target-truststore=/var/sos-berlin.com/js7/controller/var/config/private/https-truststore.p12 \
    --target-truststore-pass=jobscheduler

...

Code Block
languagebash
titleHTTPS Connection to JOC Cockpit with Mutual Authentication from a Client Truststore
collapsetrue
java -jar sos-commons-cli.jar com.sos.cli.ExecuteRollOut./bin/controller_instance.sh cert \
     --token=73bfc4b8-3f15-44b9-a75b-cdb44aec8f4b \
     --joc-uri=https://somehost.example.com:4446 \
     --san="myhost.example.com, myhost" \
     --subject-dn="CN=myhost, OU=IT Operations, O=SOS, C=DE, L=Berlin, ST=Berlin" \
     --key-alias=myhost \
     --ca-alias="Root CA" \
     --source-keystore=/home/sos/private/js7-keystore.p12 \
     --source-keystore-pass="" \
     --source-keystore-entry-pass="" \
     --source-truststore=/home/sos/private/js7-truststore.p12 \
     --source-truststore-pass="" \
     --target-keystore=/var/sos-berlin.com/js7/controller/var/config/private/https-keystore.p12 \
     --target-keystore-pass=jobscheduler \
     --target-keystore-entry-pass=jobscheduler \
     --target-truststore=/var/sos-berlin.com/js7/controller/var/config/private/https-truststore.p12 \
     --target-truststore-pass=jobscheduler

...

Code Block
languagebash
titleHTTPS Connection to JOC Cockpit with Mutual Authentication from a Client Key File
collapsetrue
java -jar sos-commons-cli.jar com.sos.cli.ExecuteRollOut./bin/controller_instance.sh cert \
     --token=73bfc4b8-3f15-44b9-a75b-cdb44aec8f4b \
     --joc-uri=https://myhost.example.com:4446 \
     --san="myhost.example.com, myhost" \
     --subject-dn="CN=myhost, OU=IT Operations, O=SOS, C=DE, L=Berlin, ST=Berlin" \
     --key-alias=myhost \
     --ca-alias="Root CA" \
     --source-private-key=/home/sos/private/myhost.key \
     --source-certificate=/home/sos/public/myhost.pem \
     --source-ca-cert="/home/sos/public/intermediate_ca.pem, /home/sos/public/root_ca.pem" \
     --target-keystore=var/sos-berlin.com/js7/controller/var/config/private/https-keystore.p12 \
     --target-keystore-pass=jobscheduler \
     --target-keystore-entry-pass=jobscheduler \
     --target-truststore=var/sos-berlin.com/js7/controller/var/config/private/https-truststore.p12 \
     --target-truststore-pass=jobscheduler


Explanation:

  • tbd

Example for use with the Controller

...

/Agent

...

Instance

...

Start Script and default values

Code Block
languagebash
titlewith instance startscript and default values
collapsetrue
# use with a Controller instance
./bin/controller_instance.sh cert --token=73bfc4b8-3f15-44b9-a75b-cdb44aec8f4b --joc-uri=https://myhost.example.com:4446
OR

# use with an Agent instance
./bin/agent_<Port><port>.sh cert --token=73bfc4b8-3f15-44b9-a75b-cdb44aec8f4b --joc-uri=https://myhost.example.com:4446

Explanation:

  • the cert argument for the instance startscript Instance Start Script to build the Java classpath and to start the java Java executable.
  • The --token argument specifies the one-time token to connect to JOC Cockpit once.
  • The --joc-uri argument specifies the URL for JOC Cockpit. 
  • If other no additional arguments are not set the java executable tries to determine used then the Command Line Client determines default values for the Key-/Trustsstore Keystore and Truststore from the instances./config/private/private.conf configuration, including defaults for the DN and for the SAN of the certificate.

Example for use with the Controller

...

/Agent

...

Instance

...

Start Script to update relevant DN entries

Code Block
languagebash
titlewith instance startscript and default values
collapsetrue
# use with a Controller instance
./bin/controller_instance.sh cert --dn-only --token=73bfc4b8-3f15-44b9-a75b-cdb44aec8f4b --joc-uri=https://myhost.example.com:4446
OR
# use with an Agent instance
./bin/agent_<Port><port>.sh cert --dn-only --token=73bfc4b8-3f15-44b9-a75b-cdb44aec8f4b --joc-uri=https://myhost.example.com:4446

...

  • With the  --dn-only argument set no certificates are generated. Only relevant distinguished names only relevant Distinguished Names (DNs) will be updated in to the ./config/private/private.conf configuration file.