JS7 JobScheduler

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Introduction

For JS7 - Automated Deployment use of a Deployment Area is recommended.

The JS7 - Deployment Area is used for the following purposes:

  • to hold the script environment for JS7 - Automated Installation and Update and for JS7 - Deployment Packaging,
  • to hold the configuration files and optionally certificates for deployment of JS7 components,
  • to hold the JS7 installations per JS7 release and component such as JOC Cockpit, Controller, Agent,
  • to hold the archive of Deployment Packages per JS7 releases and target host,

Creating the Root Certificate Authority

Connections between the JS7 JOC Cockpit, Controller and Agents can be secured by TLS/SSL certificates used for HTTPS connections.

Users who do not wish to use HTTPS connections or who are provided certificates from their organization can skip this step.

Creating the Root CA Certificate

A Root CA Certificate is created and is later on used to create self-signed certificates

The script is included with the ca directory and is executed without arguments.

Running the create_root_ca.sh Script
./ca/create_root_ca.sh


Explanation:

  • When the script is executed it prompts for a number of options. Find more details about use of the script with the JS7 - How to create self-signed Certificates article.
  • The following files will be created:
    • ./ca/private/root-ca.key: This file holds the Root CA private key.
    • ./ca/certs/root-ca.crt:  This file holds the Root CA Certificate.

Creating Certificates

Users who do not wish to use HTTPS connections or who are provided certificates from their organization can skip this step.

Create and add certificates to configuration 
#!/bin/sh

set -e

SCRIPT_HOME=$(cd "$(dirname "$0")" >/dev/null && pwd)

DEP_CA=${DEP_CA:-$(dirname "${SCRIPT_HOME}")/ca}
DEP_BIN=${DEP_BIN:-$(dirname "${SCRIPT_HOME}")/bin}
DEP_CONFIG=${DEP_CONFIG:-$(dirname "${SCRIPT_HOME}")/config}

create_self_signed_certs()
{
  server=$1
  config=$2

  ${DEP_CA}/create_certificate.sh --dns=${server},${server}.sos --days=365

  if [ ! -d "${config}" ]
  then
      mkdir -p "${config}"
  fi

  cp ${DEP_CA}/certs/${server}.crt ${config}/

  ${DEP_BIN}/js7_create_certificate_store.sh \
    --keystore=${config}/https-keystore.p12 \
    --truststore=${config}/https-truststore.p12 \
    --key=${DEP_CA}/private/${server}.key \
    --cert=${DEP_CA}/certs/${server}.crt \
    --alias=${server} \
    --password=jobscheduler \
    --ca-root=${DEP_CA}/certs/root-ca.crt \
    --chain \
    --make-dirs
}


# Function               Host                 Location
create_self_signed_certs centostest-primary   ${DEP_CONFIG}/agents/instances/agent_001/config/private
create_self_signed_certs centostest-secondary ${DEP_CONFIG}/agents/instances/agent_002/config/private

create_self_signed_certs centostest-primary   ${DEP_CONFIG}/controllers/instances/standalone/config/private
create_self_signed_certs centostest-primary   ${DEP_CONFIG}/controllers/instances/cluster.primary/config/private
create_self_signed_certs centostest-secondary ${DEP_CONFIG}/controllers/instances/cluster.secondary/config/private

create_self_signed_certs centostest-primary   ${DEP_CONFIG}/joc/instances/standalone/resources
create_self_signed_certs centostest-primary   ${DEP_CONFIG}/joc/instances/cluster.primary/resources
create_self_signed_certs centostest-secondary ${DEP_CONFIG}/joc/instances/cluster.secondary/resources

Resources




  • No labels