JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 3

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version Current

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Users export workflows from the JOC Cockpit inventory to a .tar.gz/.zip export archive, see JS7 - Inventory Export and Import.
  • Users can transfer the .tar.gz/.zip export archive to a secure computer that provides access to the user's private key for signing.
  • The Workflow Signing Script can be used like this:
    • Users extract the .tar.gz/.zip export archive to an arbitrary directory on a secure computer.
    • The Workflow Signing Script is executed to traverse the directory hierarchy of the extracted export archive. The script will create a signature for each workflow file (*.workflow.json) that is written to a file with the same name as the workflow and the extension .sig to the workflow's location in the directory hierarchy.
    • With signing being completed users add the updated directory hierarchy to a .tar.gz/.zip import archive file.
    • Users upload an import the import archive file to JOC Cockpit. During import the signatures will be verified with the Root CA Certificate that is stored in the user's profile.
    • Users can deploy verified workflows to the related Controller and Agents.

Prerequisites

The Workflow Signing Script requires OpenSSL to be installed. Technically the openssl command line utility is used.

Download

Find the Workflow Signing Script for download from JS7 - Download.

...

For usage of the Workflow Signing Script see JS7 - PowerShell Examples - Sign-JS7Workflows.ps1

Environment Variables

The following environment variables can be used to provide default values for arguments of the Workflow Signing Script:

  • JS7_SIGN_KEYSTORE
    • The environment variable can be used to populate the -Keystore argument from a default value.
  • JS7_SIGN_KEY
    • The environment variable can be used to populate the -Key argument from a default value.
  • JS7_SIGN_CERT
    • The environment variable can be used to populate the -Cert argument from a default value.

Exit Codes

  • 0: success
  • 1: argument errors
  • 2: non-recoverable errors

...

Code Block
languagepowershell
titleExample for use of Workflow Signing Script
$env:JS7_SIGN_KEY=/home/sos/signing.key
$env:JS7_SIGN_CERT=/home/sos/signing.crt

./Sign-JS7Workflow.ps1 `
    -Dir ./some/folder `
    -Recurse `
    -Hash sha256

# makes use of environment variables to populate the -Key and -Cert arguments
# signs all *.workflow.json files in the indicated directory and sub-directories recursively
# makes use of the indicated key file that holds the private key and certificate file for code signing
# applies the indicated hash algorithm to signatures

Example for Unix

Extracting an Export Archive, Signing all Workflows recursively using a Key File and Certificate File, Creating an Import Archive

Code Block
languagebash
titleExample for use of Workflow Signing Script
# navigate to the directory where to extract the export archive file
Set-Location /home/sos/signing

# extract export archive file
tar -xzf /tmp/export_workflows.tar.gz
# alternatively extract .zip archive file
# Expand-Archive -Path /tmp/export_workflows.zip -DestinationPath .

# sign workflow files recursively
./Sign-JS7Workflow.ps1 -Key /home/sos/signing.key -Cert /home/sos/signing.crt -Dir . -Recurse

# compress workflow files and signature files to an import archive file for upload to JOC Cockpit
tar -czf /tmp/import_workflows.tar.gz .*

Example for Windows

Extracting an Export Archive, Signing all Workflows recursively using a Key File and Certificate File, Creating an Import Archive

...