Introduction
SOS provides JS7 - Patch Management in a situation of severe bugs or Vulnerabilities.
- Bugs, vulnerabilities and availability of patches are communicated with the SOS Change Management System.
- The article provides information about how to apply patches to the JOC Cockpit.
FEATURE AVAILABILITY STARTING FROM RELEASE 2.5.0 - The article explains how to manually apply patches. For automated patching see JS7 - Automated Installation and Update.
The following information applies to patches of the JS7 - REST Web Service API (API Server). For patches of the JOC Cockpit GUI see JS7 - Patches for JOC Cockpit GUI.
- Patches are offered from .tar.gz tarball archive files or from .jar Java archive files.
- The same patch files are applied to Unix and Windows.
- Patch file names follow the scheme:
- Unix, Windows:
js7_joc.<release>-PATCH.API-<sequence>.<issue-key>[.<security-level>].[tar.gz|jar}
- The following placeholders are used:
release
: The JS7 release number, see Releases.sequence
: Patches for a given release are assigned ascending numbers starting from 1. Patches with a higher number include any patches with lower numbers.issue-key
: The issue key in the SOS Change Management System, for example: JS-1984.security-level
: The security level applies if the patch is specific for JOC Cockpit running in one of the security levels low, medium, high. For details see JS7 - Security Architecture.
- Example:
- Unix, Windows:
js7_joc.2.2.3-PATCH.API-1.JS-1984.tar.gz
,js7_joc.2.2.3-PATCH.API-1.JS-1984.joc
- Unix, Windows:
- Unix, Windows:
- Patch .tar.gz archive files do not include a directory hierarchy.
Patches for JOC Cockpit On Premises
The JOC Cockpit expects Java .jar libraries for patches to be extracted to its data directory in following location:
- Unix
/var/sos-berlin.com/js7/joc/webapps/joc/WEB-INF/classes
- Windows
C:\ProgramData\sos-berlin.com\js7\joc\webapps\joc\WEB-INF\classes
The first part of the path including the jetty_base
is specified during installation and can point to a different location. The remaining webapps/joc/WEB-INF/classes
part of the path will remain the same for all installations.
Download Patch
Find the following examples for a patch:
Product | Type | File Extension | Example Download URL | Hash | Sig | TSR |
---|---|---|---|---|---|---|
JS7 JOC Cockpit | tarball archive | .tar.gz | https://download.sos-berlin.com/patches/2.2.3-patch/js7_joc.2.2.3-PATCH.API-1.JS-1984.tar.gz | sha256 | sig | tsr |
Java archive | .jar | https://download.sos-berlin.com/patches/2.2.3-patch/js7_joc.2.2.3-PATCH.API-1.JS-1984.jar | sha256 | sig | tsr |
This patch does not impact a JOC Cockpit installation and is used for instructional purposes only. For details see JS-1984.
Effective download links for JOC Cockpit patches are indicated with the respective Change Management issue.
Before applying patches users might want to verify the integrity and authenticity of downloaded files, see JS7 - Verifying releases.
Apply Patch
Apply the following steps to a JOC Cockpit instance. If a JOC Cockpit cluster is operated then the steps are to be performed for all JOC Cockpit instances.
The example patch does not impact a JOC Cockpit installation and is used for instructional purposes only - for details see JS-1984.
Apply Patch on Unix
# navigate to the target directory for patches cd /var/sos-berlin.com/js7/joc/webapps/joc/WEB-INF/classes # verify the directory by checking if this file is available ls api-schema-version.json # download the patch archive curl https://download.sos-berlin.com/patches/2.2.3-patch/js7_joc.2.2.3-PATCH.API-1.JS-1984.tar.gz -O # extract the patch archive that includes .jar files tar -xvzf js7_joc.2.2.3-PATCH.API-1.JS-1984.tar.gz # extract the jar file (use "jar" or "unzip" command) jar -xf js7_joc.2.2.3-PATCH.API-1.JS-1984.jar # remove the jar file and patch archive rm js7_joc.2.2.3-PATCH.API-1.JS-1984.jar rm js7_joc.2.2.3-PATCH.API-1.JS-1984.tar.gz
# navigate to the target directory for patches cd /var/sos-berlin.com/js7/joc/webapps/joc/WEB-INF/classes # verify the directory by checking if this file is available ls api-schema-version.json # download the patch file curl https://download.sos-berlin.com/patches/2.2.3-patch/js7_joc.2.2.3-PATCH.API-1.JS-1984.jar -O # extract the jar file (use "jar" or "unzip" command) jar -xf js7_joc.2.2.3-PATCH.API-1.JS-1984.jar # remove the jar file rm js7_joc.2.2.3-PATCH.API-1.JS-1984.jar
Apply Patch on Windows
@rem navigate to the target directory for patches cd %ProgramData%\sos-berlin.com\js7\joc\webapps\joc\WEB-INF\classes @rem verify the directory by checking if this file is available dir api-schema-version.json @rem download from URL https://download.sos-berlin.com/patches/2.2.3-patch/js7_joc_windows.2.2.3-PATCH.API-1.JS-1984.tar.gz @rem copy from download location (could be different from this example) copy %USERPROFILE%\Downloads\js7_joc.2.2.3-PATCH.API-1.JS-1984.tar.gz . @rem extract the patch archive that includes .jar files tar.exe -xf js7_joc.2.2.3-PATCH.API-1.JS-1984.tar.gz @rem extract the .jar files (use "jar" or "unzip" command) jar -xf js7_joc.2.2.3-PATCH.API-1.JS-1984.jar @rem remove the .jar file and patch archive del js7_joc.2.2.3-PATCH.API-1.JS-1984.jar del js7_joc.2.2.3-PATCH.API-1.JS-1984.tar.gz
@rem navigate to the target directory for patches cd %ProgramData%\sos-berlin.com\js7\joc\webapps\joc\WEB-INF\classes @rem verify the directory by checking if this file is available dir api-schema-version.json @rem download from URL https://download.sos-berlin.com/patches/2.2.3-patch/js7_joc_windows.2.2.3-PATCH.API-1.JS-1984.jar @rem copy from download location (could be different from this example) copy %USERPROFILE%\Downloads\js7_joc.2.2.3-PATCH.API-1.JS-1984.jar . @rem extract the .jar file (use "jar" or "unzip" command) jar -xf js7_joc.2.2.3-PATCH.API-1.JS-1984.jar @rem remove the .jar file del js7_joc.2.2.3-PATCH.API-1.JS-1984.jar
Notes
The examples use the jar
command that is available from a Java JDK. Should a Java JDK not be in place then the unzip
command can be used.
The resulting directory hierarchy starting from the com
sub-directory being created from the extracted patch should look like this:
webapps/joc/WEB-INF/classes
com
sos
...
Note: The JOC Cockpit has to be restarted to apply patches.
Hint: For automated rollout of patches see JS7 - Automated Installation and Update.
Note: As an alternative for Windows you can download the .jar patch file to the target directory and use tools such as 7-Zip to extract the archive. Do not create a sub-folder from the archive name but extract directly to the directory hierarchy as indicated above.
Remove Patch
Patches are automatically removed when a JOC Cockpit release is installed.
Patches can be manually removed by dropping the com
sub-directory that holds the extracted patch.
Note: The JOC Cockpit has to be restarted to apply removal of patches.
Patches for JOC Cockpit Containers
JOC Cockpit expects Java .jar libraries for patches from the following location:
/var/sos-berlin.com/js7/joc/resources/joc/patches
- The directory
/var/sos-berlin.com/js7/joc/resources/joc
typically is mounted to aconfig
volume when running the container: for details see JS7 - JOC Cockpit Installation for Containers. Thepatches
sub-directory should be created if it does not exist before storing the patch file to this location.
Apply Patch
On start-up the JOC Cockpit container checks the above directory for existence of *.jar files. If a file is found then:
- the file will be extracted to
/var/sos-berlin.com/js7/joc/webapps/joc/WEB-INF/classes
- for details see the Patches for JOC Cockpit On Premises section above.
Patches are applied on start-up of a container. Therefore patch files remain in place in the /var/sos-berlin.com/js7/joc/resources/joc
/
patches
sub-directory (typically mounted to the config/patches
volume directory) as long as the patch is to be applied.
Note: The JOC Cockpit container has to be restarted before patches are applied.
Remove Patch
Patch files are removed by dropping the files in the patches
sub-directory.
Patch files are automatically removed when updating or upgrading JOC Cockpit.
Note: The JOC Cockpit container has to be restarted before patches are removed.