JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 18

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 19

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
titleAgent private.conf file configuration
linenumberstrue
js7 {
    auth { ... }
    configuration { ... }
    job { ... }
    web { ... }

	api-server {
    	# API Server URL
	    url = [ "https://joc-2-0-primary:4443" ]

    	# Option 1: use of a Credential Store
	    cs-file=${js7.config-directory}"/private/secret.kdbx"
	    cs-key=${js7.config-directory}"/private/secret.key"
    	cs-password="secret"

	    # Option 1: use of references to credentials 
    	account="cs://myAccounts/joc@username"
	    password="cs://myAccounts/joc@password"


    	# Option 2: Use of account and password
	    # account="root"
    	# password="root"
	}
}

...

Certificate Based Authentication

For JS7 - Certificate based Authentication configured  is configured with the ./config/private/private.conf file:

  • the The url configuration item is required that specifies the URL of the JS7 REST Web Service API. Typically this corresponds to the JOC Cockpit URL.
    • Users can set up a number of JOC Cockpit instances that are clustered for automated fail-over.
    • Users can set up a load balancer that routes requests to a number of available JOC Cockpit instances.
    • For use with the CheckHistoryJob template both active and standby JOC Cockpit instances can be used.
  • the The Client Authentication Certificate has to be available from the keystore file indicated with the js7.web.https.keystore or js7.web.https.client_keystore settings.
    • This includes that JOC Cockpit is configured to use a truststore that holds the Root CA Certificate and Intermediate CA Certificate that was used to sign the Agent's Client Authentication Certificate.
    • For details see JS7 - JOC Cockpit HTTPS Connections.

User Account / Password Authentication

For user User account/password authentication configured authentication is configured with the ./config/private/private.conf file:

  • the The url configuration item is required as explained above.
  • the The user account and password can be specified from the following options:
    • Option 1: Use of a JS7 - Credential Store
      • with the following settings:
        • cs-file: Specifies the path to a KeePass database file (required).
        • cs-key: Specifies the path to a KeePass key file (optional).
        • cs-password: Specifies the password for the KeePass database file (optional).
        • account: Specifies the path to the entry in the KeePass database that holds the account name (required).
        • password: Specifies the path to the entry in the KeePass database that holds the password (required).
      • that suggest to preferably use a KeePass key file (cs-key) to protect the KeePass database. Basically it is pointless to protect a Credential Store by use of a password  (cs-password) that is similarly visible as putting the key under the mat. Use of a key file allows to apply OS ownership and file permissions to protect to the key file from visibility by 3rd parties.
    • Option 2: Use of user account and password
      • with the following settings:
        • account: Specifies the account name (required).
        • password: Specifies the plain text password (required).
      • that include both settings to be visible from the configuration file.

...