Product Knowledge Base

Space shortcuts

Page tree

Versions Compared

Old Version 20

changes.mady.by.user Oliver Haufe

Saved on

compared with

New Version Current

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents
outlinh1. true
outlinh1. true
1printablefalse
2stylh1. none
3indent20px

Currently JobScheduler shipped currently comes with a proprietary built-in web server. Using the JobScheduler plugin feature However, it is possible to configure JobScheduler for working to work with Jetty by using the JobScheduler plugin feature. This document describes what you have to do , to run JobScheduler with an underlaying underlying Jetty web server.

Installation

Now we have a "full" installer and an update installer with jetty. It is only a test version.
The update installer expects an existing installation.

...

  • Since release 1.3.12.2163 the JobScheduler installer contains a plugin for Jetty. Note that this plugin is still under development and is provided "as is".
  • The installer generates some symlinks to simulate virtual directories for JOC (JobScheduler Operations Center). The symlink generation is not supported for Windows

...

...

...

...

...

    • files as described below.
    • The installer does not configure the ./config/scheduler.xml file. If you want to use Jetty then you have to configure .

...

    • /config/

...

    • scheduler.xml as described below.
    • The installer contains a keystore file for testing https. This keystore is not trusted and

...

    • does not provide the correct hostname, but can still be used for testing.

Please make created your own keystore file jetty.jks.

After the installation you can open JOC with jetty Jetty via:

No Format
http://localhost:

...

40444
No Format
https://localhost:

...

48444

 

You can change modify these ports in the ./config/jetty.xml.<span ih1. "classpath">

If you operate multiple JobScheduler installations for the same host then you have to modify the ports of Jetty accordingly to prevent ports from being used twice.

Configure factory.ini (Put the necessary libraries in the classpath)

To run JobScheduler with Jetty instead the built-in web-server you have to use the Jetty plugin. It is a part of the library com.sos.scheduler.engine.plugins.jetty-xxx.jar. Beside the com.sos.scheduler.engine.plugins.jetty-xxx.jar it is necessary to put the dependend add any dependent libraries for the jetty Jetty plugin into to the classpath of the JobScheduler. The installer put adds them into to the ./lib/jetty_ext folder and add it to the classpath in the ./config/factory.ini file. Unix

 

Code Block
titleExample for Unix

 ...
 [java]
 class_path = $\{SCHEDULER_HOME\}/lib/*.jar:$\{SCHEDULER_HOME\}/lib/hibernate/*.jar:<span style="color:red">$\${SCHEDULER_HOME\}/lib/jetty_ext/*.jar</span>jar
 ...
Code Block
titleExample for Windows
Code Block

 ...
 [java]
 class_path = $\{SCHEDULER_HOME\}/lib/*.jar;$\{SCHEDULER_HOME\}/lib/hibernate/*.jar;<span style="color:red">$\${SCHEDULER_HOME\}/lib/jetty_ext/*.jar</span>jar
 ...

</span>

...

Configure scheduler.xml
To use the jetty Jetty plugin you have to configure it in this with the file scheduler.xml:
 Code Block
languagexml
collapsetrue

 <spooler>
  <config ...>
    ...
    <security ignore_unknown_hosts="yes">
      <allowed_host host="localhost" level="all"/>
      <allowed_host host="192.11.0" level="all"/>
    </security>
    
    <plugins>
      ...
      <plugin java_class="com.sos.scheduler.engine.plugins.jetty.JettyPlugin">
        <plugin.config />
      </plugin>
      ...
    </plugins>
    ...
  </config>
 </spooler>

Please note that it is necessary required to specify an empty plugin.config element. </span>
<span ih1. "jetty"> 
Configure jetty.xml
To run operate JobScheduler with jetty Jetty it is also necessary required to create two configuration files for the Jetty web server (./config/jetty.xml and ./config/web.xml). The minimal declaration minimum configuration defines a connector for the port to communicate for http communication with JobScheduler via http:
 Code Block
languagexml
collapsetrue

 <Configure class="org.eclipse.jetty.server.Server">
   <Call name="addConnector">
     <Arg>
       <New class="org.eclipse.jetty.server.nio.SelectChannelConnector">
         <Set name="port">44440<>40444</Set>
       </New>
     </Arg>
   </Call>
 </Configure>

It is important to know that this port (here 4444040444) is a substitute for the port attribute in the config element of scheduler.xml.
At the moment Currently both ports are required.
SSL Communication Channel
 
A second connector for the Jetty web server can be used With a second connector it is possible to define a communication channel via https HTTPS (sslSSL):
 Code Block
languagexml
collapsetrue

 <Call name="addConnector">
  <Arg>
    <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
      <Arg>
        <New class="org.eclipse.jetty.util.ssl.SslContextFactory">
          <Set name="keyStore"><SystemProperty name="jetty.home" default="." />/ssl/jetty.jks</Set>
          <Set name="keyStorePassword">jobscheduler</Set>
          <Set name="keyManagerPassword">jobscheduler</Set>
          <Set name="trustStore"><SystemProperty name="jetty.home" default="." />/ssl/jetty.jks</Set>
          <Set name="trustStorePassword">jobscheduler</Set>
        </New>
      </Arg>
      <Set name="port">8443<>48444</Set>
      <Set name="maxIdleTime">30000</Set>
    </New>
  </Arg>
 </Call>

The SSL connection expects the jetty keystore file jetty.jks in the subfolder ssl (under the JobScheduler data folder) $SCHEDULER_DATA/ssl. With the above configuration above you can connect to JobScheduler via https at port 844348444. </span><span id"
keystore
...
keystore
To generate a keystore file use keytool:
 Code Block
languagebash

 keytool -genkey -alias jetty -keyalg RSA -keysize 1024 -dname "CN=[hostname], OU=JobScheduler, O=SOS GmbH, L=Berlin C=DE" -keystore my_jetty.jks -storepass jobscheduler -keypass jobscheduler -validity 1826

whereas where hostname should be the JobScheduler host.
 Use also your  Use own values for Oh1. _OU, _O and _h1. _.
 </span>
<span id"web">
O and L.
Configure web.xml
To run JobScheduler with jetty Jetty it is also necessary required to create two configuration files for the Jetty web server (jetty.xml and web.xml). It has to place in the root of your live folder (not in the config folder).The files have to bestored in the $SCHEDULER_DATA/config folder.
You have to You must configure the JOC servlet with the JobScheduler installation path. Note that you must have to use the file protocol.
For Example:
  •  No Format
    file:///c:/Program Files (x86)/sos-berlin.com/jobscheduler/[scheduler_id] on Windows
  •  No Format
    file:///c:/Program Files (x86)/sos-berlin.com/jobscheduler/[scheduler_id] on Linux
 Code Block
languagexml
collapsetrue

 <?xml version="1.0" encoding="UTF-8"?>
 <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
          xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" 
          xmlns="http://java.sun.com/xml/ns/j2ee" 
          version="2.4">
    <display-name>JobScheduler test configuration (web.xml)</display-name>
    <servlet>
        <servlet-name>Default</servlet-name>
        <servlet-class>org.eclipse.jetty.servlet.DefaultServlet</servlet-class>
        <init-param>
            <param-name>dirAllowed</param-name>
            <param-value>false</param-value>
        </init-param>
    </servlet>
    <servlet-mapping>
        <servlet-name>Default</servlet-name>
        
        <url-pattern>/</url-pattern>
    </servlet-mapping>
    <servlet>
        <servlet-name>JOC</servlet-name>
        <servlet-class>org.eclipse.jetty.servlet.DefaultServlet</servlet-class>
        <init-param>
            <param-name>resourceBase</param-name>
            <param-value>file:///c:/Program Files (x86)/sos-berlin.com/jobscheduler/scheduler</param-value>
        </init-param>
    </servlet>
    <servlet-mapping>
        <servlet-name>JOC</servlet-name>
        <url-pattern>/operations_gui/*</url-pattern>
    </servlet-mapping>
 </web-app>
Send commands via HTTP (POST|GET)
If you use Jetty and you want to send a command (e.g. <show_state/>) to the JobScheduler then you have to use the URL:
 Code Block
languagebash
http://localhost:40444/jobscheduler/engine-cpp/

or respectively.
 Code Block
languagebash
https://localhost:48444/jobscheduler/engine-cpp/

Example for HTTP GET
 Code Block
languagebash
http://localhost:40444/jobscheduler/engine-cpp/&lt;show_state/&gt;

Note
  • The commands that can be sent via HTTP GET have been restricted from JobScheduler version 1.7 onwards.
  • See Release Information for further information.
Jetty configuration examples. User authentication
Simple user authentication
It is possible to configure simple user authentication in the plugin configuration of the scheduler.xml, e.g.
 Code Block
languagexml
collapsetrue
 <plugins>
   <plugin java_class="com.sos.scheduler.engine.plugins.jetty.JettyPlugin">
     <plugin.config>
       <loginService>
         <logins>
           <login name="testName" password="testPassword" roles="SecurityLevel.all"/>
         </logins>
       </loginService>
     </plugin.config>
   </plugin>
 </plugins>

SecurityLevel.info and SecurityLevel.all are predefined roles for JobScheduler.
SecurityLevel.info allows exclusively permissions to watch jobs but not to start jobs, while SecurityLevel.all provides the permission to start jobs.
Add a security constraint to the file web.xml like this:
 Code Block
languagexml
collapsetrue
    <security-constraint>
        <web-resource-collection>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>SecurityLevel.info</role-name>
            <role-name>SecurityLevel.all</role-name>
        </auth-constraint>
    </security-constraint>
User authentication with a properties file
Beside the Simple user authentication provided by the Jetty plugin you can use a more complex authentification method described by the Jetty configuration. The example below shows the use of the HashLoginService, a mechanism whose authentication and authorization information is stored in a properties file.
First make sure, that your plugin declaration in scheduler.xml does not contain any authentification information:
 Code Block
languagexml
collapsetrue
   <plugins>
     <plugin java_class="com.sos.scheduler.engine.plugins.jetty.JettyPlugin">
       <plugin.config />
     </plugin>
     ...
   </plugins>

In the second step you should define the HashLoginService in your Jetty configuration (jetty.xml) as a user realm. That means that you have to configure at least the location of the properties file containing the user information (userid, password, roles) and assign them a name (here myRealm).
 Code Block
languagejava
collapsetrue
    <Call name="addBean">
        <Arg>
            <New class="org.eclipse.jetty.security.HashLoginService">
                <Set name="name">myRealm</Set>
                <Set name="config"><SystemProperty name="jetty.home" default="." />/config/realm.properties</Set>
                <Set name="refreshInterval">0</Set>
            </New>
        </Arg>
    </Call>

The properties file config/realm.properties contains one or more user definitions, e.g.
 Code Block
languagetext
collapsetrue
   infouser: test, SecurityLevel.info
   alluser: test, SecurityLevel.all

Please note: In realm.properties you can specify the password like
 Code Block
languagetext
collapsetrue
  alluser: MD5:098f6bcd4621d373cade4e832627b4f6, SecurityLevel.all

Hint
You can execute the password utility mentioned there. You will find the jetty-utilxxxx.jar in $SCHEDULER_HOME/lib/jetty_ext.
Finally you have to configure a security constraint and assign your user realm myRealm to a login configuration. To do this you have to update your web.xml:
 Code Block
languagexml
collapsetrue
    <security-constraint>
        <web-resource-collection>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>SecurityLevel.info</role-name>
            <role-name>SecurityLevel.all</role-name>
        </auth-constraint>
    </security-constraint>

 Code Block
languagexml
collapsetrue
    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>myRealm</realm-name>
    </login-config>

SecurityLevel.info and SecurityLevel.all are predefined roles for JobScheduler.
SecurityLevel.info grants exclusively permissions to watch jobs but not to start jobs, while SecurityLevel.all grants permissions to start jobs.
IP authorization
To restrict the access for specific hosts you have to define an IPAccessHandler in your jetty.xml:
 Code Block
languagexml
collapsetrue
    <Get id="oldhandler" name="handler" />
    <Set name="handler">
        <New class="org.eclipse.jetty.server.handler.IPAccessHandler">
            <Set name="handler"><Ref id="oldhandler"/></Set>
            <Set name="white">     
                <Array type="java.lang.String">
                    <Item>127.0.0.1</Item>    
                </Array>
            </Set>
        </New>
    </Set>

Note
It is important to store the given handlers in the local variable oldhandler to set them as the handler for the IPAccessHandler (see Jetty handler concept for more details). 
 You can define a whitelist (as in the above example) or a blacklist. The IPAccessHandler does not allow to use alias names to point to specific IPs.
 /span>