Page History
...
- JS7 - Installation instructions apply.
- For environments with a larger number of Agents the installation, update, upgrade and patch processes can be automated in a number of ways:
- Users can use their preferred tools such as Ansible®, Puppet®, Chef®.
- Users can apply the Agent Installer Installation Script that is described in this article either standalone or in combination with such tools.
...
- Rollout of JS7 Agents is considered critical as the software allows jobs to be executed on a larger number of servers.
- Integrity of the sources for downloads of JS7 components deserves attention.
- This includes intermediate devices to which JS7 software installers are stored in a user's environment.
- It is an option to run the Agent Installer Installation Script from
sudo
and to use the digest functionality that compares the script to a hash value stored with thesudoers
file.
- The solution provided for updating, upgrading and patching JS7 Agents is based on shell scripting by design:
- to provide readability and to rely on OS commands only,
- to deny the use of any 3rd-party components and additional dependencies that require code to be executed on the machines that run Agents.
- The Agent Installer Installation Script can be integrated in a number of ways:
- by running one's own SSH scripts on top of the Agent Installer Installation Script,
- by use with tools such as Ansible®, Puppet® that make use of an SSH Client,
- by use of JS7 workflow automation as explained below.
- It is recommended that a separate standalone Controller and Agent are set up for deployment purposes, for details see JS7 - Deployment.
- Access to the Controller and Agent for rollout should be securely managed.
- JS7 Agents can be rolled out from a Controller to which the Agents are not registered.
Agent
...
Installation Script
The Agent Installer Installation Script is provided for download and can be used to automate updates, upgrades and patches of JS7 Agents.
- The script is available for Linux, MacOS®, AIX® and Solaris® using bash, dash, ksh and zsh POSIX-compatible shells. For AIX® and Solaris® automated installation is supported, automated configuration is not.
- The script can be used to install, update or patch an Agent using the installation options. In addition it can be used to configure an Agent, for example in case of certificate renewal.
- The script creates
- the
agent_<http-port>.sh
Instance Start Script in the Agent'sbin
directory if no such file exists, - the
agent_<http-port>.service
systemd Service File in the Agent'sbin
directory, see JS7 - systemd Service Files for automated Startup and Shutdown with Unix Systems.
- the
- The script terminates with exit code 0 to signal success, with exit code 1 for command line argument errors and with exit code 2 for non-recoverable errors.
- The script is intended as a baseline example for customization by JS7 users and by SOS within the scope of professional services.
- See the information in the JS7 - Agent Command Line Operation article.
Download
Find the Agent Installer Installation Script for download from JS7 - Download.
Usage
Invoking the Agent Installer Installation Script without arguments displays the usage clause:
...
--home
- Specifies the directory in which the Agent should be installed.
--data
- Specifies the directory in which Agent data such as configuration files should be stored.
- By default the
<home>/var_<http-port>
directory is used, see options--home
and--http-port
.
--config
- Specifies the directory from which the Agent reads configuration files.
- By default the
<data>/config
directory is used, see option--data
.
--logs
- Specifies the directory to which the Agent stores log files.
- By default the
<data>/logs
directory is used, see option--data
.
--work
- Specifies the working directory of the Agent.
- By default the
<data>
directory is used, see option--data
.
--user
- Specifies the user account for the Agent daemon.
- By default the account of the user running the Agent Installer Installation Script is used.
--release
- Specifies a release number such as 2.3.1 for download from the SOS web site if the
--tarball
option is not used.
- Specifies a release number such as 2.3.1 for download from the SOS web site if the
--tarball
- Optionally specifies the path to a .tar.gz file that holds the Agent installation files. If this option is not used the installer installation tarball will be downloaded from the SOS web site for the release indicated with the
--release
option. - Download is performed with
curl
that considershttp_proxy
andhttps_proxy
environment variables and respective settings from a.curlrc
file.
- Optionally specifies the path to a .tar.gz file that holds the Agent installation files. If this option is not used the installer installation tarball will be downloaded from the SOS web site for the release indicated with the
--patch
- A patch is identified by an issue key in the Change Management System, for example JS-1984.
- Patches are downloaded from the SOS web site if the
--tarball
option is not used. - Patches are added to the Agent's
<home>/lib/patches
directory. Note that thepatches
sub-directory will be emptied when updating an Agent installation later on. - If a backup directory is specified then an Agent's existing installation directory will be added to a .tar.gz backup file in this directory.
--instance-script
- Specifies the path to an Instance Start Script that acts as a template and that is copied to the
bin
directory. Typically the nameagent_<http-port>.sh
. is used. Users are free to choose any name for the Instance Start Script. The script has to be executable for the Agent daemon, see--user
option. Permissions of the script are not changed by the Agent Installer Installation Script. - The Agent Installer Installation Script will perform replacements in the Instance Start Script template for known placeholders such as
<JS7_AGENT_USER>
, for details see./bin/agent_instance.sh-example
.
- Specifies the path to an Instance Start Script that acts as a template and that is copied to the
--backup-dir
- If a backup directory is specified then an Agent's existing installation directory will be added to a .tar.gz file in this directory.
- File names are created according to the pattern:
backup_js7_agent.<hostname>.<release>.<yyyy>-<MM>-<dd>T<hh>-<mm>-<ss>.tar.gz
- For example:
backup_js7_agent.centostest_primary.2.3.1.2022-03-19T20-50-45.tar.gz
--log-dir
- If a log directory is specified then the installer script Agent Installation Script will log information about processing steps in a log file in this directory.
- File names are created according to the pattern:
install_js7_agent.<hostname>.<yyyy>-<MM>-<dd>T<hh>-<mm>-<ss>.log
- For example:
install_js7_agent.centostest_primary.2022-03-19T20-50-45.log
--exec-start
- This option can be used should the Agent be started after installation. For example, when using systemd then the option
--exec-start=
"StartService"
will start the Agent service provided that the related systemd service has been created manually or by use of the--make-service
switch. Alternatively users can specify individual commands, for example--exec-start="sudo systemctl start js7_agent_4445"
. - For systemd service files see the JS7 - systemd Service Files for automated Startup and Shutdown with Unix Systems article.
- This option is an alternative to the use of the
--restart
switch which will start the Agent from its Instance Start Script. If specified this option overrules the--restart
switch.
- This option can be used should the Agent be started after installation. For example, when using systemd then the option
--exec-stop
- This option can be used should the Agent be stopped before installation. For example, when using systemd then the option
--exec-stop="StopService"
will stop the Agent service provided that the related systemd service has been created manually or by use of the--make-service
switch. Alternatively users can specify individual commands, for example--exec-stop="sudo systemctl stop js7_agent_4445"
. - For systemd service files see the JS7 - systemd Service Files for automated Startup and Shutdown with Unix Systems article.
- This option is an alternative to the use of the -
-restart
switch which stops the Agent from its Instance Start Script. If specified this option overrules the--restart
switch.
- This option can be used should the Agent be stopped before installation. For example, when using systemd then the option
--return-values
- Optionally specifies the path to a file to which return values will be added in the format
<name>=<key>
. For example:log_file=install_js7_agent.centostest_primary.2022-03-20T04-54-31.log
backup_file=backup_js7_agent.centostest_primary.2.3.1.2022-03-20T04-54-31.tar.gz
- An existing file will be overwritten. It is recommended to use a unique file name such as
/tmp/return.$$.$RANDOM.properties
. - A value from the file can be retrieved like this:
backup=$(cat /tmp/return.$$.$RANDOM.properties | grep "backup_file" | cut -d'=' -f2)
- Optionally specifies the path to a file to which return values will be added in the format
...
--deploy-dir
- Specifies the path to a deployment directory that holds configuration files and sub-directories that will be copied to the
<config>
folder. A deployment directory allows to manage central copies of configuration files such asagent.conf
,private.conf
,log4j2.xml
etc. - Use of a deployment directory has lower precedence as files can be overwritten by individual options such as
--agent-conf
,--private-conf
etc.
- Specifies the path to a deployment directory that holds configuration files and sub-directories that will be copied to the
--agent-conf
- Specifies the path to a configuration file for global JS7 - Agent Configuration Items. The file will be copied to the
<config>/agent.conf
file. - Any path to a file can be used as a value of this option, however, the target file name
agent.conf
will be used.
- Specifies the path to a configuration file for global JS7 - Agent Configuration Items. The file will be copied to the
--private-conf
- Specifies the path to a configuration file for private JS7 - Agent Configuration Items. The file will be copied to the
<config>/private/private.conf
file. - Any path to a file can be used as a value of this option, however, the target file name
private.conf
will be used.
- Specifies the path to a configuration file for private JS7 - Agent Configuration Items. The file will be copied to the
--controller-id
- Specifies the Controller ID, a unique identifier of the Controller installation. Agents will be dedicated to the Controller with the given Controller ID.
- The Controller ID is used in the Agent's
private.conf
file to specify which Controller can access a given Agent.
--controller-primary-cert
- Specifies the path to the SSL/TLS certificate of the Primary Controller Instance. The Agent Installer Installation Script extracts the distinguished name from the given certificate and adds it to the Agent's
private.conf
file to allow HTTPS connections from the given Controller using mutual authentication without the need for passwords.
- Specifies the path to the SSL/TLS certificate of the Primary Controller Instance. The Agent Installer Installation Script extracts the distinguished name from the given certificate and adds it to the Agent's
--controller-secondary-cert
- Corresponds to the
--controller-primary-cert
option and is used for the Secondary Controller Instance.
- Corresponds to the
--http-port
- Specifies the HTTP port that the Agent is operated for. The default value is
4445
. The Agent by default makes use of a configuration directory./var_<http-port>
that will be excluded from a backup taken with the--backup-dir
option. In addition the HTTP port is used to identify the Agent Instance Start Script typically available from the./bin/agent_<http-port>.sh
script and to specify the value of theJS7_AGENT_HTTP_PORT
environment variable in the script. - The port can be prefixed by the network interface, for example
localhost:4445
. - When used with the
--restart
switch the HTTP port is used to identify if the Agent is running.
- Specifies the HTTP port that the Agent is operated for. The default value is
--https-port
- Specifies the HTTPS port that the Agent is operated for. The HTTPS port is specified in the Agent Instance Start Script typically available from the
./bin/agent_<http-port>.sh
script with the environment variableJS7_AGENT_HTTPS_PORT
. Use of HTTPS requires a keystore and truststore to be present, see--keystore
and--truststore
options. - The port can be prefixed by the network interface, for example
batch.example.com:4445
.
- Specifies the HTTPS port that the Agent is operated for. The HTTPS port is specified in the Agent Instance Start Script typically available from the
--pid-file-dir
- Specifies the directory to which the Agent stores its PID file. By default the
<data>/logs
directory is used. - When using SELinux then it is recommended to specify the
/var/run
directory, see JS7 - How to install for SELinux.
- Specifies the directory to which the Agent stores its PID file. By default the
--pid-file-name
- Specifies the name of the PID file. By default the file name
agent.pid
is used. - The PID file is created in the directory specified by the
--pid-file-dir
option.
- Specifies the name of the PID file. By default the file name
--keystore
- Specifies the path to a PKCS12 keystore file that holds the private key and certificate for HTTPS connections to the Agent.
- Users are free to specify any file name, typically the name
https-keystore.p12
is used. The keystore file will be copied to the<config>/private
directory. - If a keystore file is made available then the Agent's
<config>/private/private.conf
file has to hold a reference to the keystore location and optionally the keystore password. It is therefore recommended to use the--private-conf
option to deploy an individualprivate.conf
file that holds settings related to a keystore. - For automating the creation of keystores see JS7 - How to add SSL TLS Certificates to Keystore and Truststore.
--keystore-password
- Specifies the password for access to the keystore. Use of a keystore password is required.
--keystore-alias
- If a keystore holds more than one private key, for example if separate pairs of private keys/certificates for server authentication and client authentication exist, then it is not determined which private key/certificate will be used. The alias name of a given private key/certificate is specified when the entry is added to the keystore. The alias name allows to indicate a specific private key/certificate to be used.
--truststore
- Specifies the path to a PKCS12 truststore file that holds the certificate(s) for HTTPS connections to the Agent using mutual authentication .
- Users are free to specify any file name, typically the name
https-truststore.p12
is used. The truststore file will be copied to the<config>/private
directory. - If a truststore file is made available then the Agent's
<config>/private/private.conf
file has to hold a reference to the truststore location and optionally the truststore password. It is therefore recommended to use the--private-conf
option to deploy an individualprivate.conf
file that holds settings related to a truststore. - For automating the creation of truststores see JS7 - How to add SSL TLS Certificates to Keystore and Truststore.
--truststore-password
- Specifies the password for access to the truststore. Use of a password is recommended as it is not primarily intended to protect access to the truststore. The password is intended to allow verification that truststore entries have been added using the same password.
--java-home
- Specifies the Java home directory that will be made available to the Agent from the
JAVA_HOME
environment variable specified with the Agent Instance Start Script typically available from the./bin/agent_<http-port>.sh
script.
- Specifies the Java home directory that will be made available to the Agent from the
--java-options
- Specifies the Java options that will be made available to the Agent from the
JAVA_OPTIONS
environment variable specified with the Agent Instance Start Script typically available from the./bin/agent_<http-port>.sh
script. - Java options can be used for example to specify Java heap space settings for the Agent.
- If more than one Java option is used then the value has to be quoted, for example
--java-options="-Xms256m -Xmx512m"
.
- Specifies the Java options that will be made available to the Agent from the
--service-dir
- Specifies the systemd service directory to which the Agent's service file will be copied if the
--make-service
switch is used. - By default the
a/usr/lib/systemd/system
will be used. Users can specify an alternative location.
- Specifies the systemd service directory to which the Agent's service file will be copied if the
--service-file
- Specifies the path to a systemd service file that acts as a template and that will be copied to the Agent's
<home>/bin
directory. Users are free to choose any file name as a template for the service file. The resulting service file name will beagent_<http-port>.service
. - The Agent Installer Installation Script will perform replacements in the service file to update paths and the port to be used, for details see
./bin/agent.service-example
.
- Specifies the path to a systemd service file that acts as a template and that will be copied to the Agent's
--service-name
- Specifies the name of the systemd service that will be created if the
--make-service
switch is used. - By default the service name
js7_agent_<http-port>
will be used.
- Specifies the name of the systemd service that will be created if the
...
1
: argument errors2
: non-recoverable errors3
: this exit code is returned when used with the--restart
switch and if it cannot be identified whether an Agent is running4
: this exit code is returned if no--tarball
option is used and download of the tarball reports errors5
: this exit code is returned when used with the--restart
switch and if the Agent cannot be started6
: this exit code is returned when used with the--restart
switch and if the Agent cannot be stopped7
: this exit code indicates that the Agent systemd service could not be started or stopped when using the--exec-start="StartService"
or--exec-stop="StopService"
options.
Replacements
The Agent Installer Installation Script performs replacements of placeholders in installation files and configuration files by option values, for details see chapter Replacements.
...
Anchor | ||||
---|---|---|---|---|
|
The Agent Installer Installation Script performs replacements of placeholders in installation files and configuration files by option values.
...
Automation from a Job
The Agent Installer Installation Script can be executed from a job for automated update and upgrade of JS7 Agents.
...
- The job basically makes use of the following arguments:
- Connection
- host: specifies the host name or IP address of the remote host.
- port: specifies the SSH port on the remote host, defaults to 22.
- Authentication
- user: specifies the user account used to login with the remote host.
- auth_method: is one of
password
orpublickey
. - auth_file: specifies the path to identify the file that holds the private key for use with the
publickey
authentication method. A relative path is specified, see the descriptions below.
- Command Execution
- command_script_file: specifies the path to the Agent Installer Installation Script that should be executed on the remote host.
- The indicated path
./config/js7_install_agent.sh
starts from the Agents working directory that holds theconfig
sub-directory. The working directory by defaults uses the namevar_<port>
, for examplevar_4445
, for the HTTP port for which the Agent is operated. This directory can be specified during JS7 - Agent Installation On Premises and JS7 - Agent Installation for Docker Containers. - The SSHJob transfers the Agent Installer Installation Script to the remote host.
- The indicated path
- command_script_param: specifies the arguments used when invoking the Agent Installer Installation Script.
- A typical parameterization can look like this:
--home=/home/sos/agent --tarball=/mnt/releases/js7/js7_agent_unix.2.3.1.tar.gz --log-dir=/tmp/logs --show-logs --make-dirs
- A typical parameterization can look like this:
- command_script_file: specifies the path to the Agent Installer Installation Script that should be executed on the remote host.
- Connection
- More information about parameterization of the job can be found in the JS7 - JITL SSHJob article.
...
- The following job arguments use variables instead of constant values:
- host: specifies the host name or IP address of the remote host. The argument is assigned the
$host
variable from the Variable Set. - port: specifies the SSH port on the remote host, defaults to 22. The argument is assigned the
$port
variable from the Variable Set.
- host: specifies the host name or IP address of the remote host. The argument is assigned the
- The assumptions in this example include:
- the same user account and private key can be used for connections to any hosts on which Agents are to be updated or upgraded,
- the same parameterization can be used - for example, the same location of the Agent's home directory - for the Agent Installer Installation Script on any host.
- Users to whom these assumptions do not apply should consider adding relevant variables for the auth_file and command_script_param arguments to their Variable Set.
...