JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 5

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 6

changes.mady.by.user Alan Amos

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

A number of JITL job templates make use of the JS7 - REST Web Service API to retrieve information from the JOC Cockpit:

The following prerequisites apply to operation of such these JITL jobs:

  • Network access from the Agent that executes the job to the JOC Cockpit instance,
  • Availability of the Controller and of the JOC Cockpit,
  • Authentication and authorization with the JOC Cockpit.

The job templates use a common mechanism for authentication with the JS7 - REST Web Service API:

  • by use of a user account/password and/or
  • by use of a certificate, for details see JS7 - Authentication.

...

  • The api-server configuration section specifies authentication details for JITL job templates and can occur in any position be positioned anywhere directly within the js7 configuration block.
  • Configuration items available from this configuration section are explained with in the following chapters.sections:

Certificate Based Authentication

...

  • The url configuration item is required that specifies the URL of the JS7 REST Web Service API. Typically this corresponds to the JOC Cockpit URL.
    • Users can set up a number of JOC Cockpit instances that are clustered for automated fail-over.
    • Users can set up a load balancer that routes requests to a number of available JOC Cockpit instances.
    • For use with JITL job templates both active and standby JOC Cockpit instances can be used.
  • No further configuration items are used.
  • The Client Authentication Certificate has to be available from the keystore file indicated with by the js7.web.https.keystore or js7.web.https.client-keystore settings.
    • This includes requires that JOC Cockpit is configured to use a truststore that holds the Root CA Certificate and Intermediate CA Certificate that was used to sign the Agent's Client Authentication Certificate.
    • For details see JS7 - JOC Cockpit HTTPS Connections.

...

  • The url configuration item is required as explained above.
  • The username and password can be specified from the following options:
    • Option 1: Use of a JS7 - Credential Store
      • with the following settings:
        • cs-file: Specifies the path to a KeePass database file (required).
        • cs-key: Specifies the path to a KeePass key file (optional).
        • cs-password: Specifies the password for the KeePass database file (optional).
        • username: Specifies the path to the entry in the KeePass database that holds the account name (required).
        • password: Specifies the path to the entry in the KeePass database that holds the password (required).
      • that suggest to preferably the use of a KeePass key file (cs-key) to protect the KeePass database is preferrable.  Basically Basically it is pointless to protect a Credential Store by use of a password  (cs-password) that is similarly visible as which has a visibility similar to putting the key under the mat. Use of a key file allows to apply OS ownership and file permissions to be applied to protect to the key file from visibility by being visible to 3rd parties.
    • Option 2: Use of user account and password
      • with the following settings:
        • username: Specifies the account name (required).
        • password: Specifies the plain text password (required).
      • this means that include both settings to will be visible from in the configuration file.