JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 5

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 6

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagebash
titleRun the env.sh Environment Script
linenumberstrue
. ./env.sh

Creating the Root Certificate Authority

Connections between the JS7 JOC Cockpit, Controller and Agents can be secured by TLS/SSL certificates used for HTTPS connections.

Users who do not wish to use HTTPS connections or who are provided certificates from their organization can skip this step.

Creating the Root CA Certificate

A Root CA Certificate is created and is later on used to create self-signed certificates

The script is included with the ca directory and is executed without arguments.

Code Block
languagebash
titleRunning the create_root_ca.sh Script
linenumberstrue
./ca/create_root_ca.sh

Explanation:

  • When the script is executed it prompts for a number of options. Find more details about use of the script with the JS7 - How to create self-signed Certificates article.
  • The following files will be created:
    • ./ca/private/root-ca.key: This file holds the Root CA private key.
    • ./ca/certs/root-ca.crt:  This file holds the Root CA Certificate.

Download JS7 Release

It is good practice to download the installation .tar.gz files for the desired JS7 releases from the SOS Web Site and to store them to a directory hierarchy like this:

...

Code Block
languagebash
titleDownload JS7 Release from SOS Web Site
linenumberstrue
curl "https://download.sos-berlin.com/JobScheduler.2.5/js7_agent_unix.2.5.0.tar.gz" --output "js7_agent_unix.2.5.0.tar.gz"
curl "https://download.sos-berlin.com/JobScheduler.2.5/js7_controller_unix.2.5.0.tar.gz" --output "js7_controller_unix.2.5.0.tar.gz"
curl "https://download.sos-berlin.com/JobScheduler.2.5/js7_joc_linux.2.5.0.tar.gz" --output "js7_joc_linux.2.5.0.tar.gz"

Creating Certificates

Users who do not wish to use HTTPS connections or who are provided certificates from their organization can skip this step.

Code Block
languagebash
titleCreate and add certificates to configuration
linenumberstrue
collapsetrue
#!/bin/sh

set -e

SCRIPT_HOME=$(cd "$(dirname "$0")" >/dev/null && pwd)

DEP_CA=${DEP_CA:-$(dirname "${SCRIPT_HOME}")/ca}
DEP_BIN=${DEP_BIN:-$(dirname "${SCRIPT_HOME}")/bin}
DEP_CONFIG=${DEP_CONFIG:-$(dirname "${SCRIPT_HOME}")/config}

create_self_signed_certs()
{
  server=$1
  config=$2

  ${DEP_CA}/create_certificate.sh --dns=${server},${server}.sos --days=365

  if [ ! -d "${config}" ]
  then
      mkdir -p "${config}"
  fi

  cp ${DEP_CA}/certs/${server}.crt ${config}/

  ${DEP_BIN}/js7_create_certificate_store.sh \
    --keystore=${config}/https-keystore.p12 \
    --truststore=${config}/https-truststore.p12 \
    --key=${DEP_CA}/private/${server}.key \
    --cert=${DEP_CA}/certs/${server}.crt \
    --alias=${server} \
    --password=jobscheduler \
    --ca-root=${DEP_CA}/certs/root-ca.crt \
    --chain \
    --make-dirs
}


# Function               Host                 Location
create_self_signed_certs centostest-primary   ${DEP_CONFIG}/agents/instances/agent_001/config/private
create_self_signed_certs centostest-secondary ${DEP_CONFIG}/agents/instances/agent_002/config/private

create_self_signed_certs centostest-primary   ${DEP_CONFIG}/controllers/instances/standalone/config/private
create_self_signed_certs centostest-primary   ${DEP_CONFIG}/controllers/instances/cluster.primary/config/private
create_self_signed_certs centostest-secondary ${DEP_CONFIG}/controllers/instances/cluster.secondary/config/private

create_self_signed_certs centostest-primary   ${DEP_CONFIG}/joc/instances/standalone/resources
create_self_signed_certs centostest-primary   ${DEP_CONFIG}/joc/instances/cluster.primary/resources
create_self_signed_certs centostest-secondary ${DEP_CONFIG}/joc/instances/cluster.secondary/resources

Creating Deployment Packages

...