Page History
Table of Contents |
---|
Introduction
- The following configuration items are initially populated by the JOC Cockpit installer and can be modified by a user later on.
- JOC Cockpit makes use of the
joc.properties
configuration file that is populated by installation options. This file can be found by default in the following locations:- Linux:
/var/sos-berlin.com/js7/joc/resources/joc/joc.properties
- Windows:
C:\ProgramData\sos-berlin.com\js7\joc\resources\joc\joc.properties
- The location of this file is indicated below as
JETTY_BASE/resources/joc/joc.properties
.
- Linux:
- The Jetty Servlet Container that ships with JOC Cockpit makes use of the following configuration file:
- Linux:
/var/sos-berlin.com/js7/joc/resources/joc/joc.propertiesstart.ini
- Windows:
C:\ProgramData\sos-berlin.com\js7\joc\start.ini
- The location of this file is indicated below as
JETTY_BASE/start.ini
- Linux:
- Restart the JOC Cockpit instance to apply changes to its configuration file.
Installation Options
- the JOC Cockpit or Jetty configuration files.
- See the JS7 - Settings article for run-time settings that do not require a restart of the JOC Cockpit.
JOC Cockpit
Installation Options
The following example of a JETTY_BASE/resources/joc/joc.properties
file is created from the installer and can be modified by the user:
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
################################################################################ ### If JOC Cockpit is used in a cluster then type a title to identify which node ### is currently used. Further type an ordering (Primary <= 0, Backup > 0) for ### the display order in JOC's dashboard title = PRIMARY JOC COCKPIT ordering = 0 ################################################################################ ### Path to log4j configuration file. Path can be absolute or relative ### to this file. log4j.configuration = log4j2.xml ################################################################################ ### Path to hibernate configuration file of JOC's database. ### Path can be absolute or relative to this file. hibernate_configuration_file = hibernate.cfg.xml ################################################################################ ### The time (in seconds) to establish the connection with the ### remote host. Default = 2 jobscheduler_connection_timeout = 2 ################################################################################ ### The time (in seconds) waiting for data after the connection ### has wasbeen established; maximum time of inactivity between two data packets. ### Default = 5 jobscheduler_socket_timeout = 5 ################################################################################ ### Should hostname verification be carried out for https certificatecertificates. ### Default false https_with_hostname_verification = true ################################################################################ ### Location, type and password of the Java truststore which contains the ### HTTPS connection certificates offor each JobScheduler Controller for HTTPS connections. Path can be ### The absolutepath oris relative to this fileJETTY_BASE/resources/joc. # keystore_path = ../../etc/https-keystore.p12 # keystore_type = PKCS12 # keystore_password = jobscheduler # key_password = jobscheduler # key_alias = # truststore_path = ../../etc/https-truststore.p12 # truststore_type = PKCS12 # truststore_password = jobscheduler ################################################################################ ### JOC Cockpit requires toconfiguration configureof a security level for the ### signing mechanism,: options "high", "medium" and "low". ### high: ### public PGP/X.509 keys are stored for verification only ### all signing will be done externally outside of JOC Cockpit ### medium: ### a private PGP/X.509 key will be stored for signing ### signing will be done automatically with the provided key ### low: ### no keys will be stored ### signing will be done internally with default keys ### ### This flag controls the security level used. Default low security_level = low ################################################################################ ### Settings for a custom logo file on the login page ### The logo file has to be located in ./jetty_base/webapps/root/ext/images ### Possible units for height are according to ### https://www.w3schools.com/cssref/css_units.asp (default px) ### Possible values for the position are "top" or "bottom" (default=bottom). custom_logo_name = custom_logo_height = custom_logo_position = ################################################################################ ### Normally, the user permissions control ifwhether a view such as dashboard, ### workflows, etc. are shown or hidden. Here you can force to show (=true) or ### hide (=false) a view independentindependently of the permissions. If the value is unequal ### true or false then the permissions win. show_view_dashboard = show_view_monitor = show_view_dailyplan = show_view_workflows = show_view_filetransfers = show_view_resources = show_view_history = show_view_auditlog = show_view_configuration = |
Logger Settings
Setting | Default Sample Value | Explanation |
---|---|---|
log4j.configuration | log4j2.xml | Specifies the file name of the log4j2 configuration file to be used. This file is expected with in the configuration folder |
...
Database Connection Settings
Setting | Default Sample Value | Explanation |
---|---|---|
hibernate_configuration_file | hibernate.cfg.xml | Specifies the path to a hibernate configuration file that holds the connection URL, account and authentication additional settings for the connection to the database. |
...
Controller Connection Settings
Setting | Default Sample Value | Explanation |
---|---|---|
jobscheduler_connection_timeout | 2 | Specifies the time (in seconds) to establish a connection to a Controller. |
jobscheduler_socket_timeout | 5 | The time (in seconds) waiting for data after the connection to a Controller is established. Technically the setting specifies the maximum duration for inactivity between two data packets. |
HTTPS Connection Settings
Setting | Default Sample Value | Explanation |
---|---|---|
https_with_hostname_verification | false true | Specifies if hostname verification should be performed for HTTPS connections. It is strictly recommended that this setting is enabled. |
keystore_path | ../../etc/https-keystore.p12 | The keystore includes the private key and certificate for incoming HTTPS connections (Server Authentication) and forserver certificate created for outgoing connections to Controllers that request mutual authentication (Client Authentication). If separate certificates should be used for both purposes then consider storing the Client Authentication certificate in the client keystore, see below. The path is specified relative to the |
| PKCS12 | The keystore types PKCS12 and JKS are supported. |
keystore_password | jobscheduler | The keystore is protected by a password. |
key_password | jobscheduler | The private keys in the keystore are protected by a password. Note that for PKCS12 keystores the same password applies to all keys. |
keystore_alias | my_key | Optionally the alias name of the private key can be specified. This is required should more than one private key be stored to the keystore. |
truststore_path | ../../etc/https-truststore.p12 | The truststore includes the public key and/or certificates for outgoing HTTPS connections (Server Authentication) to Controllers. The path is specified relative to the |
truststore_type | PKCS12 | The truststore types PKCS12 and JKS are supported. |
truststore_password | jobscheduler | The truststore is protected by a password. |
- For details see JS7 - JOC Cockpit HTTPS Connections
Custom Logo Settings
Display feature availability | ||
---|---|---|
|
Setting | Default Sample Value | Explanation |
---|---|---|
custom_logo_name | company.png | The logo fileindicated by thisits file name has to be located inavailable from the location:
The following types of logo files are supported:
|
custom_logo_height | 120px | The logo height in pixel. Possible units are specified according to: https://www.w3schools.com/cssref/css_units.asp (default px). There is no limit for height in pixels. However, if no height is specified then by default 140px is used. |
custom_logo_position | bottom | Possible values for the position are The default value is |
Dashboard Settings
Setting | Default Sample Value | Explanation |
---|---|---|
title | PRIMARY JOC COCKPIT SECONDARY JOC COCKPIT | Title of the JOC Cockpit Cluster Status widget in the Dashboard view. The default value depends on the installer option for a Primary or Secondary JOC Cockpit instance. |
ordering | 0 1 | Order of appearance in with JOC Cockpit Cluster Status widget in Dashboard view. The An ordering 0 indicates the leftmost occurrence. The default value depends on the installer option for a Primary or Secondary JOC Cockpit instance. |
title:
The title of a JOC Cockpit instance as visible from the Cluster Status widget of the JS7 Dashboard view.ordering
: The order of appearance of a JOC Cockpit instance with the Cluster Status widget of the JS7 Dashboard view. An ordering 0 indicates the leftmost occurrence.
...
Security Options
Setting | Default Sample Value | Explanation |
---|---|---|
security_level | low | JOC Cockpit is installed for a security level used for signing of deployment deployable objects such as workflows, see JS7 - Deployment of Scheduling Objects:
|
- Note: Changes to the above setting are ignored. Instead, the above setting is applied by the installer for informational purposes only.
- To modify the security level of JOC Cockpit re-run the installer and select the respective installation option.
- For details see the JS7 - Security Architecture article.
Jetty Servlet Container
Installation Options
Technically any options for the Jetty Servlet Container can be used as available from the product. The section belowis focused on settings that are added by the JOC Cockpit installer or that preferably are modified by users after installation.
The following example of a JETTY_BASE/start.ini
configuration file is created from the installer and can be modified by the user:
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
# ---------------------------------------
# Module: http
# Enables an HTTP connector on the server.
# ---------------------------------------
--module=http
## Connector host/address to bind to
# jetty.http.host=0.0.0.0
## Connector host/address to bind to
jetty.http.port=4446
# ---------------------------------------
# Module: https
# Adds HTTPS protocol support to the TLS(SSL) Connector
# ---------------------------------------
# --module=https
# ---------------------------------------
# Module: ssl
# Enables a TLS(SSL) Connector on the server.
# ---------------------------------------
# --module=ssl
## Connector host/address to bind to
# jetty.ssl.host=0.0.0.0
## Connector port to listen on
# jetty.ssl.port=4443
## Keystore file path (relative to $jetty.base)
# jetty.sslContext.keyStorePath=resources/joc/https-keystore.p12
## Keystore type (PKCS12, JKS)
# jetty.sslContext.keyStoreType=PKCS12
## Keystore password
# jetty.sslContext.keyStorePassword=jobscheduler
## KeyManager password (same as keystore password for pkcs12 keystore type)
# jetty.sslContext.keyManagerPassword=jobscheduler
## Truststore file path (relative to $jetty.base)
# jetty.sslContext.trustStorePath=resources/joc/https-truststore.p12
## Truststore type (PKCS12, JKS)
# jetty.sslContext.trustStoreType=PKCS12
## Truststore password
# jetty.sslContext.trustStorePassword=jobscheduler
## Client certificate authentication is required
# jetty.sslContext.needClientAuth=false
## Client certificate authentication is desired
# jetty.sslContext.wantClientAuth=true
## The Endpoint Identification Algorithm
## Same as javax.net.ssl.SSLParameters#setEndpointIdentificationAlgorithm(String)
# jetty.sslContext.endpointIdentificationAlgorithm= |
HTTP Connection Settings
Options are enabled by use of the --module=http
setting.
Setting | Required | Sample Value | Explanation |
---|---|---|---|
jetty.http.host | no | myhost, 192.168.2.23 | Specifies the network interface for accessing the JOC Cockpit. A hostname or IP address can be specified. If this setting is omitted then the default value 0.0.0.0 is applied that makes JOC Cockpit accessible by any available network interfaces. |
jetty.http.port | yes | 4446 | Specifies the port by which JOC Cockpit is accessible for HTTP connections, for example from a user browser. |
HTTPS Connection Settings
Options are enabled by use of the --module=https
and --module=ssl
settings.
Such options are not added by the installer but can be enabled and modified by the user.
Setting | Required | Sample Value | Explanation |
---|---|---|---|
jetty.ssl.host | no | myhost | Specifies the network interface for accessing the JOC Cockpit. A hostname can be specified that has to match the Common Name for which the JOC Cockpit Server Certificate has been created. If this setting is omitted then the default value 0.0.0.0 is applied that makes JOC Cockpit accessible by any available network interfaces. |
jetty.ssl.port | yes | 4443 | Specifies the port by which JOC Cockpit is accessible for HTTPS connections, for example from a user browser. |
jetty.sslContext.keyStorePath | yes | resources/joc/https-keystore.p12 | The keystore includes the private key and server certificate created for incoming HTTPS connections to JOC Cockpit (Server Authentication), for example from user browsers. The path is specified relative to the |
jetty.sslContext.keyStoreType | no | PKCS12 | The keystore types PKCS12 and JKS are supported. If this setting is omitted then the default value of Java is used which is JKS for Java 1.8 and PKCS12 for Java 9 and later. |
jetty.sslContext.keyStorePassword | no | jobscheduler | The keystore is protected by a password. |
jetty.sslContext.keyManagerPassword | no | jobscheduler | The private keys in the keystore are protected by a password. Note that for PKCS12 keystores the same password applies to all keys. |
jetty.sslContext.trustStorePath | yes | resources/joc/https-truststore.p12 | The truststore includes the public key or certificates for outgoing HTTPS connections (Server Authentication) to LDAP Servers. In addition, the truststore holds the public key or client certificate for connecting to the JOC Cockpit when mutual authentication is in place, see JS7 - Certificate based Authentication. The path is specified relative to the |
jetty.sslContext.trustStoreType | no | PKCS12 | The truststore types PKCS12 and JKS are supported. If this setting is omitted then the default value of Java is used which is JKS for Java 1.8 and PKCS12 for Java 9 and later. |
jetty.sslContext.trustStorePassword | no | jobscheduler | The truststore is protected by a password. |
Certificate Based Authentication Settings
Options are enabled by use of the --module=https
and --module=ssl
settings.
Setting | Required | Sample Value | Explanation |
---|---|---|---|
jetty.sslContext.needClientAuth | yes | false | If set to true then a Client Certificate is required. If this setting is false and the wantCientAuth setting is true then users have the option for user account/password based authentication or certificate based authentication. |
jetty.sslContext.wantClientAuth | yes | true | Specifies the port at which the JOC Cockpit can be accessed by HTTP connections, for example from a user browser. |
jetty.sslContext.endpointIdentificationAlgorithm | yes | An empty setting is required due to a bug in Jetty 9.4, see https://github.com/eclipse/jetty.project/issues/3466. With later releases of Jetty that fix this bug this setting is not required. |
- Note explanations in the JS7 - Certificate based Authentication article.
- For details see the JS7 - JOC Cockpit HTTPS Connections article.