Introduction

SOS provides JS7 - Patch Management in a situation of severe bugs or Vulnerabilities.

• Bugs, vulnerabilities and availability of patches are communicated with the SOS SOS Change Management System.
• This The article provides information about how to apply patches to the JOC Cockpit.
  

  Display feature availability
  StartingFromRelease 2.5.0

• The article explains how to manually apply patches. For automated patching see see JS7 - Automated Installation and Update.

The following information applies to patches of the JS7 - REST Web Service API (API Server). For patches of the JOC Cockpit GUI see JS7 - Patches for JOC Cockpit GUI.

• The same patch files are applied for Unix and Windows.
• Patch files are provided from a single .jar file Patches are offered from .jar Java archive files or from .tar.gz archives that hold a number of .jar filestarball archive files.
• The same patch files are applied to Unix and Windows.
• Patch file names follow the schemascheme:
  • Unix, Windows: js7_joc.<release>-PATCH.API-<sequence>.<issue-key>[.<security-level>].jarUnix, Windows: js7_joc.<release>-PATCH.API-<sequence>.<issue-key>[.<security-level>].[jar|tar.gz}
  • The following placeholders are used:
    • release: The JS7 release number, see Releases.
    • sequence:  Patches for a given release are assigned ascending numbers starting from 1. Patches with a higher number include any patches with lower numbers.
    • issue-key: The issue key in the SOS Change Management System, for example:
    JOC
    • JS-
    1550
    • 1984.
    • security-level: The security level applies if the patch is specific for JOC Cockpit running in one of the security levels low, medium, high. For details see JS7 - Security Architecture.
  • Example:
    Single .jar file for
    • Unix, Windows: js7_joc.2.2.3-PATCH.API-1.JS-1984.jar
    Tarball archive for Unix, Windows:
    • , js7_joc.2.2.3-PATCH.API-1.JS-1984.tar.gz
• Patch .tar.gz archive files do not include a directory hierarchy.

Download Patches

Find the following examples for a patch:

The patch examples will not impact a JOC Cockpit installation and are used for instructional purposes only. For details see JS-1984.

Effective download links for JOC Cockpit patches are indicated with the respective Change Management issue.

Before applying patches users might want to verify the integrity and authenticity of downloaded patch files, see JS7 - Verifying releases.

Anchor
on_premises on_premises

Patches for JOC Cockpit On Premises

The JOC Cockpit expects Java .jar libraries files for patches to be extracted to its data directory in following location:

• Unix
  • /var/sos-berlin.com/js7/joc/jetty_base/webapps/joc/WEB-INF/classes
• Windows
  • C:\ProgramData\sos-berlin.com\js7\joc\jetty_base\webapps\joc\WEB-INF\classes

The first part of the path including the jetty_base is specified during installation and can point to a different location. The remaining webapps/joc/WEB-INF/classes part of the path will remain is the same for all installations.

...

Applying Patches

Find Apply the following example for a patch:

...

steps to a JOC Cockpit instance. If a JOC Cockpit cluster is operated then the steps have to be performed for all JOC Cockpit instances.

The patch examples will not impact a JOC Cockpit installation and are used for instructional purposes only, for details see JS-1984.

Note: The JOC Cockpit has to be stopped before applying patches.

Applying Patch on Unix

Manual Patching

# invoke shell and switch to the user account that owns the JOC Cockpit's data directory

# navigate to the data directory for patches
cd /var/sos-berlin.com/js7/joc/webapps/joc/WEB-INF/classes

# verify the directory by checking if this file is available
ls api-schema-version.json

# download the .jar patch file
curl 

...

https://download.sos-berlin.com/patches/2.2.3-patch/js7_joc.2.2.3-PATCH.API-1.JS-1984.jar -O

# extract the .jar file (use "jar" or "unzip" command)
jar -xf js7_joc.2.2.3-PATCH.API-1.JS-1984.jar

# remove the .jar file
rm js7_joc.2.2.3-PATCH.

...

API-1.JS-1984.jar

...

...

...

# invoke shell and switch to the user account that owns the JOC Cockpit's data directory

# navigate to the data directory for patches
cd /var/sos-berlin.com/js7/joc/webapps/joc/WEB-INF/classes

# verify the directory by checking if this file is available
ls api-schema-version.json

# download the .tar.gz patch archive
curl 

...

https://download.sos-berlin.com/patches/2.2.3-patch/js7_joc.2.2.3-PATCH.API-1.JS-1984.tar.gz

...

Do not apply the patch from the above examples for any JOC Cockpit release different from 2.5.3, for details see JOC-1550.

Effective download links for JOC Cockpit patches are indicated with the respective Change Management issue.

Before applying patches users might want to verify the integrity and authenticity of downloaded files, see JS7 - Verifying releases.

The following example makes use of a patch available for

...

 -O

# extract the patch archive that includes .jar files
tar -xvpozf js7_joc.2.2.3-PATCH.API-1.JS-1984.tar.gz

# extract each .jar file (use "jar" or "unzip" command)
jar -xf js7_joc.2.2.3-PATCH.API-1.JS-1984.jar

# remove the .jar file and .tar.gz patch archive
rm js7_joc.2.2.3-PATCH.API-1.JS-1984.jar
rm js7_joc.2.2.3-PATCH.API-1.JS-1984.tar.gz

Automated Patching

...

# invoke shell and switch to the user account that owns the JOC Cockpit's data directory

# download the .jar patch file
curl 'https://download.sos-berlin.com/patches/2.2.3-patch/js7_joc

...

.2.2.3-PATCH.

...

API-1.JS-1984.

...

Do not apply the patch from the example for any JOC Cockpit release different from 2.5.3, for details see JOC-1550.

Effective download links for JOC Cockpit patches are indicated with the respective Change Management issue.

Before applying patches users might want to verify the integrity and authenticity of downloaded files, see JS7 - Verifying releases.

Apply Patch

Apply the following steps to a JOC Cockpit instance. If a JOC Cockpit cluster is operated then the steps are to be performed for all JOC Cockpit instances.

...

jar' -O
 
# apply patch
./js7_install_joc.sh \
    --patch-jar=js7_joc.2.2.3-PATCH.API-1.JS-1984.jar \
    --patch=JS-1984 \
    --patch-key=API-1 \
    --home=/opt/sos-berlin.com/js7/joc \
    --data=/var/sos-berlin.com/js7/joc

# invoke shell and switch to the user account that owns the JOC Cockpit's data directory

# download the .tar.gz patch archive
curl 'https://download.sos-berlin.com/patches/2.2.3-patch

...

/js7_joc.2.2.3-PATCH.API-1.JS-1984.tar.gz' -O
  
# apply the patch
./js7_install_joc.sh \
    --tarball=js7_joc.2.2.3

...

-PATCH.API-1.JS-1984.tar.gz \
    --patch=JS-1984 \
    --patch-key=API-1 \
    --home=/opt/sos-berlin.com/js7/joc \
    --data=/var/sos-berlin.com/js7/joc

Applying Patch on Windows

Manual Patching

...

Code Block
language bash title Example how to apply a patch from a .jar file to JOC Cockpit for UnixWindows linenumbers true
#@rem invoke shell and switch to the user account that owns the JOC Cockpit's data directory @rem navigate to the targetdata directory for patches cd /var/%ProgramData%\sos-berlin.com/\js7/joc/jetty_base/webapps/joc/\joc\webapps\joc\WEB-INF/\classes #@rem verify the directory by checking if this file is available lsdir api-schema-version.json #@rem download thefrom patchURL archive curl https://download.sos-berlin.com/patches/2.2.3-patch/js7_joc_linuxwindows.2.2.3-PATCH.API-1.JS-1984.jar @rem copy from download location (could be different from this example) copy -O #%USERPROFILE%\Downloads\js7_joc.2.2.3-PATCH.API-1.JS-1984.jar . @rem extract the patch.jar archivefile (use "jar" or "unzip" command) jar -xf js7_joc_linux.2.2.3-PATCH.API-1.JS-1984.jar # @rem remove the patch.jar archivefile rmdel js7_joc_linux.2.2.3-PATCH.API-1.JS-1984.jar

Code Block
language bash title Example how to apply a patch from a .tar.gz archive to JOC Cockpit for Windows linenumbers true collapse true
@rem invoke shell and switch to the user account that owns the JOC Cockpit's data directory @rem navigate to the targetdata directory for patches cd %ProgramData%\sos-berlin.com\js7\joc\jetty_base\webapps\joc\WEB-INF\classes @rem verify the directory by checking if this file is available dir api-schema-version.json @rem download from URL https://download.sos-berlin.com/patches/2.2.3-patch/js7_joc_windows.2.2.3-PATCH.API-1.JS-1984.jartar.gz @rem copy from download location (could be different from this example) copy %USERPROFILE%\Downloads\js7_joc_windows.2.2.3-PATCH.API-1.JS-1984.tar.jargz . @rem extract the .tar.gz patch archive that includes .jar files tar.exe -xzf js7_joc.2.2.3-PATCH.API-1.JS-1984.tar.gz @rem extract each .jar file (use "jar" or "unzip" command) jar -xf js7_joc_windows.2.2.3-PATCH.API-1.JS-1984.jar @rem remove the .jar files and .tar.gz patch archive del js7_joc.2.2.3-PATCH.API-1.JS-1984.jar del js7_joc_windows.2.2.3-PATCH.API-1.JS-1984.tar.gz

Automated Patching

# invoke PowerShell and switch to the user account that owns the JOC Cockpit's data directory

# download from URL
Invoke-WebRequest `
    -Uri 'https://download.sos-berlin.com/patches/2.2.3-patch/js7_joc.2.2.3-PATCH.API-1.JS-1984.jar' `
    -Outfile js7_joc.2.2.3-PATCH.API-1.JS-1984.jar

# apply the patch
./Install-JS7Joc.ps1 `
    -PatchJar js7_joc.2.2.3-PATCH.API-1.JS-1984.jar `
    -Patch JS-1984 `
    -PatchKey API-1 `
    -HomeDir $env:ProgramFiles\sos-berlin.com\js7\joc `
    -Data $env:ProgramData\sos-berlin.com\js7\joc

# invoke PowerShell and switch to the user account that owns the JOC Cockpit's data directory

# download from URL
Invoke-WebRequest `
    -Uri 'https://download.sos-berlin.com/patches/2.2.3-patch/js7_joc.2.2.3-PATCH.API-1.JS-1984.tar.gz' `
    -Outfile js7_joc.2.2.3-PATCH.API-1.JS-1984.tar.gz
 
# apply the patch
./Install-JS7Joc.ps1 `
    -Tarball js7_joc.2.2.3-PATCH.API-1.JS-1984.tar.gz `
    -Patch JS-1984 `
    -PatchKey API-1 `
    -HomeDir $env:ProgramFiles\sos-berlin.com\js7\joc `
    -Data $env:ProgramData\sos-berlin.com\js7\joc

Notes

The examples use This example uses the jar command that is available from a Java JDK. Should a Java JDK not be in place then the unzip command can be used.

The resulting directory hierarchy with starting from the com sub-directory being that is created from the extracted patch should look like this:

...

Note: The JOC Cockpit has to be restarted to apply patches.Hint: For automated rollout of patches see JS7 - Automated Installation and Update.

Note: As an alternative for Windows you can download the .jar patch file to the target directory and use Users are discouraged from using tools such as 7-Zip to extract the patch archive in case of manual patching. Instead, use the tools available from the OS as indicated by the examples. Do not create a sub-folder from the archive name but extract directly to the directory hierarchy as indicated above.

Hint: For automated rollout of patches see JS7 - Automated Installation and Update.

...

Removing Patches

Patches are automatically removed when a JOC Cockpit release is installedupdated or upgraded by JS7 - JOC Cockpit Installation On Premises or using the installation scripts as indicated with JS7 - Automated Installation and Update..

Patches can be manually removed by dropping the com sub sub-directory that holds the extracted patchpatches.

Note: The JOC Cockpit has to be restarted to apply removal of patchesstopped before patches are removed.

Anchor
docker_containers docker_containers

Patches for JOC Cockpit

...

Container

JOC Cockpit expects Java .jar libraries files for patches from the following location:

• /var/sos-berlin.com/js7/joc/jetty_base/resources/joc/patches
• The directory /var/sos-berlin.com/js7/joc/jetty_base/resources/joc typically is mounted to a config volume when running the container: for details see JS7 - JOC Cockpit Installation for Containers. The patches sub-directory should be created if it does not exist before storing the patch file to this location.

...

• .
• If a patch is provided from a .tar.gz archive file then users should extract the archive and store the .jar files included to the config/patches sub-directory.

Applying Patches

On start-up the JOC Cockpit container checks the above directory for existence of *.jar files. If a file is found then:

• the file will be extracted to /var/sos-berlin.com/js7/joc/jetty_base/webapps/joc/WEB-INF/classes
• for details see the Patches for JOC Cockpit On Premises section above.

Patches are applied on start-up of a container. Therefore patch Patch files remain in place in the the /var/sos-berlin.com/js7/joc/jetty_base/resources/joc/patches sub-directory (typically mounted to the config/patches volume directory) as long as the patch is to be appliedfor the lifetime of the JOC Cockpit release in use. Patches have to be removed if a newer release of JOC Cockpit is used.

Note: The JOC Cockpit container has to be restarted before to apply patches are applied.

...

Removing Patches

Patch files are removed by dropping the files in the patches sub-directory.

Patch files Patches are not automatically removed when updating or upgrading the JOC Cockpit image. If a newer JOC Cockpit release is used then this includes any fixes provided by previous patches. Users have to remove patch files when applying new releases.

Note: The JOC Cockpit container has to be restarted before patches are removedto make removal of patches effective.