Page History
Table of Contents |
---|
...
Introduction
- The following configuration items are initially populated by the JOC Cockpit installer and can be modified by a user later on.
- JOC Cockpit makes use of a number of configuration files:the general configuration from the
joc.properties
- the cluster configuration from
cluster.properties
- Restart the Controller instance to apply changes to any configuration file .
General Configuration
File: joc.properties
...
- configuration file that is populated by installation options. This file can be found by default in the following locations:
- Linux:
/var/sos-berlin.com/js7/joc/resources/joc/joc.properties
- Windows:
C:\ProgramData\sos-berlin.com\js7\joc\resources\joc\joc.properties
- The location of this file is indicated below as
JETTY_BASE/resources/joc/joc.properties
.
- Linux:
- The Jetty Servlet Container that ships with JOC Cockpit makes use of the following configuration file:
- Linux:
/var/sos-berlin.com/js7/joc/start.ini
- Windows:
C:\ProgramData\sos-berlin.com\js7\joc\start.ini
- The location of this file is indicated below as
JETTY_BASE/start.ini
- Linux:
- Restart the JOC Cockpit instance to apply changes to the JOC Cockpit or Jetty configuration files.
- See the JS7 - Settings article for run-time settings that do not require a restart of the JOC Cockpit.
JOC Cockpit
Installation Options
The following example of a JETTY_BASE/resources/joc/joc.properties
file is created from the installer and can be modified by the user:
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
################################################################################
### If JOC Cockpit is used in a cluster then type a title to identify which node
### is currently used. Further type an ordering (Primary <= 0, Backup > 0) for
### the display order in JOC's dashboard
title = PRIMARY JOC COCKPIT
ordering = 0
################################################################################
### Path to log4j configuration file. Path can be absolute or relative
### to this file.
log4j.configuration = log4j2.xml
################################################################################
### Path to hibernate configuration file of JOC's database.
### Path can be absolute or relative to this file.
hibernate_configuration_file = hibernate.cfg.xml
################################################################################
### The time (in seconds) to establish the connection with the
### remote host. Default = 2
jobscheduler_connection_timeout = 2
################################################################################
### The time (in seconds) waiting for data after the connection
### has been established; maximum time of inactivity between two data packets.
### Default = 5
jobscheduler_socket_timeout = 5
################################################################################
### Should hostname verification be carried out for https certificates.
### Default false
https_with_hostname_verification = true
################################################################################
### Location, type and password of the Java truststore which contains the
### HTTPS connection certificates for each JobScheduler Controller.
### The path is relative to JETTY_BASE/resources/joc.
# keystore_path = https-keystore.p12
# keystore_type = PKCS12
# keystore_password = jobscheduler
# key_password = jobscheduler
# key_alias =
# truststore_path = https-truststore.p12
# truststore_type = PKCS12
# truststore_password = jobscheduler
################################################################################
### JOC Cockpit requires configuration of | ||||||||
Code Block | ||||||||
| ||||||||
################################################################################ ### If JOC Cockpit is used in a cluster then type a title to identify which node ### is currently used. Further type an ordering (Primary <= 0, Backup > 0) for ### the display order in JOC's dashboard title = PRIMARY JOC COCKPIT ordering = 0 ########### daily_plan_timezone = UTC daily_plan_period_begin = 00:00:00 ################################################################################ ### Path to log4j configuration file. Path can be absolute or relative ### to this file. log4j.configuration = log4j2.xml ################################################################################ ### Path to hibernate configuration file of JOC's database. ### Path can be absolute or relative to this file. hibernate_configuration_file = hibernate.cfg.xml ################################################################################ ### The time (in seconds) to establish the connection with the ### remote host. Default = 2 jobscheduler_connection_timeout = 2 ################################################################################ ### The time (in seconds) waiting for data after the connection ### was established; maximum time of inactivity between two data packets. ### Default = 5 jobscheduler_socket_timeout = 5 ################################################################################ ### Should hostname verification be carried out for https certificate. ### Default false https_with_hostname_verification = true ################################################################################ ### Location, type and password of the Java truststore which contains the ### certificates of eachnJobScheduler Controller for HTTPS connections. Path can be ### absolute or relative to this file. keystore_path = ../../etc/https-keystore.p12 keystore_type = PKCS12 keystore_password = jobscheduler key_password = jobscheduler truststore_path = ../../etc/https-truststore.p12 truststore_type = PKCS12 truststore_password = jobscheduler ################################################################################ ### Requests to all web services which modify JobScheduler objects such as ### "start order", "stop job" etc. can contain a comment to describe the reason. ### This flag controls if the comment is required or not. Default false force_comments_for_audit_log = false ################################################################################ ### JOC Cockpit comes with the possibility to configure a security level for the ### signing mechanism,: options "high", "medium" and "low". ### high: ### public PGP/X.509 keys are stored for verification only ### all signing will be done externally outside of JOC Cockpit ### medium: ### a private PGP/X.509 key will be stored for signing ### signing will be done automatically with the provided key ### low: ### no keys will be stored ### signing will be done internally with default keys ### ### This flag controls the used security level used. Default low security_level = mediumlow ################################################################################ ### Settings for a custom logo file on the login page ### The logo file has to be located in ./jetty_base/webapps/root/ext/images ### Possible units for widthheight are according to ### https://www.w3schools.com/cssref/css_units.asp (default px) ### Possible values for the position are "top" or "bottom" (default=bottom). custom_logo_name = custom_logo_height = custom_logo_position = ################################################################################ ### ANormally, defaultthe profileuser shouldpermissions becontrol availablewhether thata includesview anysuch profileas settingsdashboard, ### thatworkflows, etc. are appliedshown byor defaulthidden. toHere new users. default_profile_account = ################################################################################ ### The login dialog provides a 'Remember Me' checkbox. If enable_remember_me ### isyou can force to show (=true) or ### hide (=false) a view independently of the permissions. If the value is unequal ### true or false then thisthe checkbox is hidden and uncheckedpermissions win. enableshow_rememberview_medashboard = true ################################################################################ ### Pre-defined comments used for example in the 'reasons' describing actions in ### the audit log. comments = System maintenance; \ Repeat execution; \ Business requirement; \ Restart failed execution; \ Re-instantiate stopped object; \ Temporary stop; \ Change of JobScheduler object; \ Rerun with parameter changes; \ Change of external dependency; \ Application deployment and upgrade ################################################################################ ### Normally, the user permissions control if a view such as dashboard, ### workflows, etc are shown or hidden. Here you can force to show (=true) or ### hide (=false) a view independent of the permissions. If the value is unequal ### true or false then the permissions win. show_view_dashboard = show_view_dailyplan = show_view_workflows = show_view_filetransfers = show_view_resources = show_view_history = show_view_auditlog = show_view_jobstreams = show_view_configuration = |
Logger Settings
...
Specifies the file name of the log4j2 configuration file to be used. This file is expected with the configuration folder ./resources/joc
.
Database Connection Settings
...
Specifies the connection URL, account and authentication for the connection to the database.
Controller Connection Settings
...
Specifies the time (in seconds) to establish a connection to a Controller.
...
HTTPS Connection Settings
...
Specifies if hostname verification should be performed for HTTPS connections.
...
keystore_type
...
Login Settings
...
Dashboard Settings
...
title:
The title of the respective JOC Cockpit instance as visible from the Cluster Status widget of the JS7 Dashboard view.ordering
: The order of appearance of the respective JOC Cockpit instance with the Cluster Status widget of the JS7 Dashboard view. An ordering 0 indicates the leftmost occurrence.
Daily Plan Settings
...
Audit Log Settings
...
Operational Settings
...
show_view_dashboard
show_view_dailyplan
show_view_workflows
show_view_filetransfers
show_view_resources
show_view_history
show_view_auditlog
show_view_jobstreams
show_view_configuration
...
Installation Settings
...
JOC Cockpit is installed for a security level used for signing of deployment objects such as workflows:
high
- public PGP keys are stored for verification only
- all signing will be done externally outside of JOC Cockpit
medium
- a private PGP key will be stored for signing, signing will be done automatically with the provided key
low
no keys will be stored, signing will be done internally with default keys
- Changes to the above settings at run-time are ignored. Instead, the above settings are applied by the installer for information purposes.
Cluster Configuration
File: cluster.properties
Default Location: /var/sos-berlin.com/js7/joc/resources/joc/cluster.properties
...
language | text |
---|---|
title | Cluster configuration file example: cluster.properties |
linenumbers | true |
collapse | true |
...
show_view_monitor =
show_view_dailyplan =
show_view_workflows =
show_view_filetransfers =
show_view_resources =
show_view_history =
show_view_auditlog =
show_view_configuration =
|
Logger Settings
Setting | Sample Value | Explanation |
---|---|---|
log4j.configuration | log4j2.xml | Specifies the file name of the log4j2 configuration file to be used. This file is expected in the configuration folder |
- For details see JS7 - Log Rotation and JS7 - Log Levels and Debug Options
Database Connection Settings
Setting | Sample Value | Explanation |
---|---|---|
hibernate_configuration_file | hibernate.cfg.xml | Specifies the path to a hibernate configuration file that holds the connection URL, account and additional settings for the connection to the database. |
- For details see JS7 - Database
Controller Connection Settings
Setting | Sample Value | Explanation |
---|---|---|
jobscheduler_connection_timeout | 2 | Specifies the time (in seconds) to establish a connection to a Controller. |
jobscheduler_socket_timeout | 5 | The time (in seconds) waiting for data after the connection to a Controller is established. Technically the setting specifies the maximum duration for inactivity between two data packets. |
HTTPS Connection Settings
Setting | Sample Value | Explanation |
---|---|---|
https_with_hostname_verification | true | Specifies if hostname verification should be performed for HTTPS connections. It is strictly recommended that this setting is enabled. |
keystore_path | https-keystore.p12 | The keystore includes the private key and server certificate created for outgoing connections to Controllers that request mutual authentication (Client Authentication). If separate certificates should be used for both purposes then consider storing the Client Authentication certificate in the client keystore, see below. The path is specified relative to the |
| PKCS12 | The keystore types PKCS12 and JKS are supported. |
keystore_password | jobscheduler | The keystore is protected by a password. |
key_password | jobscheduler | The private keys in the keystore are protected by a password. Note that for PKCS12 keystores the same password applies to all keys. |
keystore_alias | my_key | Optionally the alias name of the private key can be specified. This is required should more than one private key be stored to the keystore. |
truststore_path | https-truststore.p12 | The truststore includes the public key or certificates for outgoing HTTPS connections (Server Authentication) to Controllers. The path is specified relative to the |
truststore_type | PKCS12 | The truststore types PKCS12 and JKS are supported. |
truststore_password | jobscheduler | The truststore is protected by a password. |
- For details see JS7 - JOC Cockpit HTTPS Connections
Custom Logo Settings
Display feature availability | ||
---|---|---|
|
Setting | Sample Value | Explanation |
---|---|---|
custom_logo_name | company.png | The logo indicated by its file name has to be available from the location:
The following types of logo files are supported:
|
custom_logo_height | 120px | The logo height in pixel. Possible units are specified according to: https://www.w3schools.com/cssref/css_units.asp (default px). There is no limit for height in pixels. However, if no height is specified then by default 140px is used. |
custom_logo_position | bottom | Possible values for the position are The default value is |
Dashboard Settings
Setting | Sample Value | Explanation |
---|---|---|
title | PRIMARY JOC COCKPIT SECONDARY JOC COCKPIT | Title of the JOC Cockpit Cluster Status widget in the Dashboard view. The default value depends on the installer option for a Primary or Secondary JOC Cockpit instance. |
ordering | 0 1 | Order of appearance with JOC Cockpit Cluster Status widget in Dashboard view. An ordering 0 indicates the leftmost occurrence. The default value depends on the installer option for a Primary or Secondary JOC Cockpit instance. |
Security Options
Setting | Sample Value | Explanation |
---|---|---|
security_level | low | JOC Cockpit is installed for a security level used for signing of deployable objects such as workflows, see JS7 - Deployment of Scheduling Objects:
|
- Note: Changes to the above setting are ignored. Instead, the above setting is applied by the installer for informational purposes only.
- To modify the security level of JOC Cockpit re-run the installer and select the respective installation option.
- For details see the JS7 - Security Architecture article.
Jetty Servlet Container
Installation Options
Technically any options for the Jetty Servlet Container can be used as available from the product. The section belowis focused on settings that are added by the JOC Cockpit installer or that preferably are modified by users after installation.
The following example of a JETTY_BASE/start.ini
configuration file is created from the installer and can be modified by the user:
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
# ---------------------------------------
# Module: http
# Enables an HTTP connector on the server.
# ---------------------------------------
--module=http
## Connector host/address to bind to
# jetty.http.host=0.0.0.0
## Connector host/address to bind to
jetty.http.port=4446
# ---------------------------------------
# Module: https
# Adds HTTPS protocol support to the TLS(SSL) Connector
# ---------------------------------------
# --module=https
# ---------------------------------------
# Module: ssl
# Enables a TLS(SSL) Connector on the server.
# ---------------------------------------
# --module=ssl
## Connector host/address to bind to
# jetty.ssl.host=0.0.0.0
## Connector port to listen on
# jetty.ssl.port=4443
## Keystore file path (relative to $jetty.base)
# jetty.sslContext.keyStorePath=resources/joc/https-keystore.p12
## Keystore type (PKCS12, JKS)
# jetty.sslContext.keyStoreType=PKCS12
## Keystore password
# jetty.sslContext.keyStorePassword=jobscheduler
## KeyManager password (same as keystore password for pkcs12 keystore type)
# jetty.sslContext.keyManagerPassword=jobscheduler
## Truststore file path (relative to $jetty.base)
# jetty.sslContext.trustStorePath=resources/joc/https-truststore.p12
## Truststore type (PKCS12, JKS)
# jetty.sslContext.trustStoreType=PKCS12
## Truststore password
# jetty.sslContext.trustStorePassword=jobscheduler
## Client certificate authentication is required
# jetty.sslContext.needClientAuth=false
## Client certificate authentication is desired
# jetty.sslContext.wantClientAuth=true
## The Endpoint Identification Algorithm
## Same as javax.net.ssl.SSLParameters#setEndpointIdentificationAlgorithm(String)
# jetty.sslContext.endpointIdentificationAlgorithm= |
HTTP Connection Settings
Options are enabled by use of the --module=http
setting.
Setting | Required | Sample Value | Explanation |
---|---|---|---|
jetty.http.host | no | myhost, 192.168.2.23 | Specifies the network interface for accessing the JOC Cockpit. A hostname or IP address can be specified. If this setting is omitted then the default value 0.0.0.0 is applied that makes JOC Cockpit accessible by any available network interfaces. |
jetty.http.port | yes | 4446 | Specifies the port by which JOC Cockpit is accessible for HTTP connections, for example from a user browser. |
HTTPS Connection Settings
Options are enabled by use of the --module=https
and --module=ssl
settings.
Such options are not added by the installer but can be enabled and modified by the user.
Setting | Required | Sample Value | Explanation |
---|---|---|---|
jetty.ssl.host | no | myhost | Specifies the network interface for accessing the JOC Cockpit. A hostname can be specified that has to match the Common Name for which the JOC Cockpit Server Certificate has been created. If this setting is omitted then the default value 0.0.0.0 is applied that makes JOC Cockpit accessible by any available network interfaces. |
jetty.ssl.port | yes | 4443 | Specifies the port by which JOC Cockpit is accessible for HTTPS connections, for example from a user browser. |
jetty.sslContext.keyStorePath | yes | resources/joc/https-keystore.p12 | The keystore includes the private key and server certificate created for incoming HTTPS connections to JOC Cockpit (Server Authentication), for example from user browsers. The path is specified relative to the |
jetty.sslContext.keyStoreType | no | PKCS12 | The keystore types PKCS12 and JKS are supported. If this setting is omitted then the default value of Java is used which is JKS for Java 1.8 and PKCS12 for Java 9 and later. |
jetty.sslContext.keyStorePassword | no | jobscheduler | The keystore is protected by a password. |
jetty.sslContext.keyManagerPassword | no | jobscheduler | The private keys in the keystore are protected by a password. Note that for PKCS12 keystores the same password applies to all keys. |
jetty.sslContext.trustStorePath | yes | resources/joc/https-truststore.p12 | The truststore includes the public key or certificates for outgoing HTTPS connections (Server Authentication) to LDAP Servers. In addition, the truststore holds the public key or client certificate for connecting to the JOC Cockpit when mutual authentication is in place, see JS7 - Certificate based Authentication. The path is specified relative to the |
jetty.sslContext.trustStoreType | no | PKCS12 | The truststore types PKCS12 and JKS are supported. If this setting is omitted then the default value of Java is used which is JKS for Java 1.8 and PKCS12 for Java 9 and later. |
jetty.sslContext.trustStorePassword | no | jobscheduler | The truststore is protected by a password. |
Certificate Based Authentication Settings
Options are enabled by use of the --module=https
and --module=ssl
settings.
Setting | Required | Sample Value | Explanation |
---|---|---|---|
jetty.sslContext.needClientAuth | yes | false | If set to true then a Client Certificate is required. If this setting is false and the wantCientAuth setting is true then users have the option for user account/password based authentication or certificate based authentication. |
jetty.sslContext.wantClientAuth | yes | true | Specifies the port at which the JOC Cockpit can be accessed by HTTP connections, for example from a user browser. |
jetty.sslContext.endpointIdentificationAlgorithm | yes | An empty setting is required due to a bug in Jetty 9.4, see https://github.com/eclipse/jetty.project/issues/3466. With later releases of Jetty that fix this bug this setting is not required. |
- Note explanations in the JS7 - Certificate based Authentication article.
- For details see the JS7 - JOC Cockpit HTTPS Connections article.
...