You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Introduction

The JOC Cockpit Operation Script offered for Unix Shell can be applied to perform frequently used status operations on JOC Cockpit.

IAM Deployment Script

CommandCategoryDocumentation
get-account / set-accountAccounts
rename-account / remove-account
get-account-permission
set-account-password / reset-account-password
enable-account / disable-account
get-role / set-roleRoles



rename-role / remove-role


get-permission / set-permission

Permissions



rename-permission / remove-permission


get-folder / set-folder

Folders



rename-folder / remove-folder


get-identity-service / set-identity-service

Identity Services



rename-identity-service / remove-identity-service



The script is offered for download and can be applied for frequently used operations:

  • The script is available for Linux and MacOS® using bash shell.
  • The script terminates with exit code 0 to signal successful execution, with exit code 1 for command line argument errors and with exit code 4 for non-recoverable errors. Exit code 3 signals that no matching objects have been found.
  • The script is intended as a baseline example for customization by JS7 users and by SOS within the scope of professional services. Examples make use of JS7 Release 2.7.2, bash 4.2, curl 7.29.0 and jq 1.6.0.

Prerequisites

The Script requires the curl utility and the jq utility to be available from the operating system. 

jq ships with the MIT license, see https://opensource.org/licenses/MIT.

Download

Download: JS7 - Download (Section: Unix Shell ClI)

Usage

Invoking the script without arguments displays the usage clause:


Usage
Usage: deploy-iam.sh [Command] [Options] [Switches]

  Commands:
    get-account             --service [--account] [--enabled] [--disabled]
    set-account             --service  --account [--role] [--account-password] [--disabled] [--force-password-change]
    rename-account          --service  --account
    remove-account          --service  --account
    get-account-permission  --service  --account
    set-account-password    --service  --account --account-password
    reset-account-password  --service  --account
    enable-account          --service  --account
    disable-account         --service  --account

    get-role                --service [--role]
    set-role                --service  --role
    rename-role             --service  --role --new-role
    remove-role             --service  --role

    get-permission          --service  --role [--controller-id]
    set-permission          --service  --role --permission [--excluded] [--controller-id]
    rename-permission       --service  --role --permission  --new-permission [--excluded] [--controller-id]
    remove-permission       --service  --role --permission [--controller-id]

    get-folder              --service  --role [--folder] [--controller-id]
    set-folder              --service  --role  --folder [--recursive] [--controller-id]
    rename-folder           --service  --role  --folder  --new-folder [--recursive] [--controller-id]
    remove-folder           --service  --role  --folder [--controller-id]

    get-identity-service   [--service]
    set-identity-service    --service --service-type [--service-ordering] [--required] [--disabled]
                           [--authentication-scheme] [--single-factor-certificate] [--single-factor-password]
    rename-identity-service --service --new-service
    remove-identity-service --service

  Options:
    --url=<url>                        | required: JOC Cockpit URL
    --user=<account>                   | required: JOC Cockpit user account
    --password=<password>              | optional: JOC Cockpit password
    --ca-cert=<path>                   | optional: path to CA Certificate used for JOC Cockpit login
    --client-cert=<path>               | optional: path to Client Certificate used for login
    --client-key=<path>                | optional: path to Client Key used for login
    --timeout=<seconds>                | optional: timeout for request, default: 60
    --controller-id=<id>               | optional: Controller ID
    --account=<identifier]>            | optional: account name
    --account-password=<password>      | optional: password for account
    --service=<identifier]>            | required: identity service name
    --service-type=<identifier>        | optional: identity service type, JOC, LDAP, LDAP-JOC, OIDC, OIDC-JOC
    --service-ordering=<number>        | optional: identity service ordering by ascending number
    --new-service=<identifier>         | optional: new identity service name
    --authentication-scheme=<factor>   | optional: identity service authentication scheme: SINGLE-FACTOR, TWO-FACTOR
    --role=<identifier>                | optional: role identifier
    --new-role=<identifier>            | optional: new role identifier
    --permission=<identifier>          | optional: permission identifier
    --new-permission=<identifier>      | optional: new permission identifier
    --folder=<folder>                  | optional: folder name assigned a role
    --new-folder=<folder>              | optional: new folder name assigned a role
    --audit-message=<string>           | optional: audit log message
    --audit-time-spent=<number>        | optional: audit log time spent in minutes
    --audit-link=<url>                 | optional: audit log link
    --log-dir=<directory>              | optional: path to directory holding the script's log files

  Switches:
    -h | --help                        | displays usage
    -v | --verbose                     | displays verbose output, repeat to increase verbosity
    -p | --password                    | asks for password
    -a | --account-password            | asks for account password
    -f | --force-password-change       | enforces password change on next login
    -e | --enabled                     | filters for enabled accounts
    -d | --disabled                    | filters for disabled accounts or disables identity services
    -x | --excluded                    | sets excluded permissions
    -q | --required                    | enforces use of identity service
    -r | --recursive                   | applies folder operation to sub-folders
    --single-factor-certificate        | certificate allowed as single factor
    --single-factor-password           | password allowed as single factor
    --show-logs                        | shows log output if --log-dir is used
    --make-dirs                        | creates directories if they do not exist

see https://kb.sos-berlin.com/x/lwTWCQ

Commands

  • status
    • Returns status information about JOC Cockpit, Controller instances and database indicated by a textual status and severity, for details see JS7 - Dashboard:

      JOC Cockpit StatusPropertyValue
      JOC Cockpit Cluster Statuscurrenttrue | false



      Controller StatusTextSeverity
      Controller Cluster Statuscoupled0

      unknown3
      Controller Cluster Node Statusactive0

      inactive1

      unknown3
       Controller Component Statusoperational0

      limited1

      inoperable2

      unknown3
      Controller Connection Statusestablished0

      unstable1

      unreachable2

      unknown3



      Database StatusTextSeverity
      Database Component Statusoperational0

      unknown3
      Database Connection Statusestablished0

      unstable1

      unreachable2

      unknown3
  • version
    • Returns version information of JOC Cockpit, Controller and Agents.
      • When used without options, the JOC Cockpit version will be returned.
      • When usiedf with the --controller-id option, the version of the indicated Controller will be returned.
      • When used with the --agent-id option, the version of the indicated Agent will be returned. If a Cluster Agent is specified, then version information for included Director Agents and Subagents will be returned in JSON format.
    • When used with the --list switch, then information about included Controllers and/or Agents will be returned in JSON format.
  • switch-over
    • Shifts the active role to the Standby JOC Cockpit instance.
  • restart-service
    • Allows to restart JOC Cockpit background services. One of the following services can be specified using the --service-type option:
      • cluster, history, dailyplan, cleanup, monitor
    • JOC Cockpit background services will run based on events (cluster, history, monitor) or based on schedules configurable with JS7 - Settings (dailyplan, cleanup). To force a background service to start immediately the run-service command can be used.
  • run-service
    • Starts JOC Cockpit background services. One of the following services can be specified using the --service-type option:
      • dailyplan, cleanup
    • JOC Cockpit background services will run based on schedules configurable with JS7 - Settings (dailyplan, cleanup). The run-service command will force immediate execution of the service.
  • check-license
    • Checks which JS7 - License is available with JOC Cockpit and if it is valid for a predetermined period.
      • The Open Source License is valid for any period of time and will not expire.
      • The Commercial License can be perpetual or can be valid for a limited subscription period.
    • The --validity-days option specifies the number of days before expiration of the Commercial License. Default: 60 days.
    • Exit codes of the license check include: 
      • Exit code 0 signals a valid license for the period specified.
      • Exit code 2 signals an expired license or an inapplicable license check if the Open Source License is used.
      • Exit code 3 signals a valid license that is about to expire within the number of days specified.
  • get-settings
    • Returns JS7 - Settings in JSON format.
    • Users can modify settings using the jq utility and can update settings using the store-settings command.
  • store-settings
    • Updates JS7 - Settings in JOC Cockpit. 
    • Users can read settings using the get-settings command and can modify settings using the jq utility before updating settings.
  • encrypt
    • Allows to encrypt a value using the --in option. If used to encrypt a file then --infile and --outfile options must be specified.
    • The --cert option specifies the path to a file holding the Certificate used for encryption.
    • Encryption is performed by Java libraries that are looked up in the ./lib sub-directory of the  JS7 Unix Shell CLI. For details see JS7 - Encryption and Decryption.
  • decrypt
    • Allows to decrypt a value using the --in option. If used to decrypt a file then --infile and --outfile options must be specified.
    • The --key option specifies the path to the Private Key used for decryption. If the Private Key is protected by a password, then the --key-password option or switch must be specified.
    • Decryption is performed by Java libraries that are looked up in the ./lib sub-directory of the JS7 Unix Shell CLI.

Options

  • --url
  • --user
    • Specifies the user account for login to JOC Cockpit. If JS7 - Identity Services are available for Client authentication certificates that are specified with the --client-cert and --client-key options then their common name (CN) attribute has to match the user account.
    • If a user account is specified then a password can be specified using the --password option or interactive keyboard input can be prompted using the -p switch.
  • --password
    • Specifies the password used for the account specified with the --user option for login to JOC Cockpit.
    • Password input from the command line is considered insecure.
      • Consider use of the -p switch offering a secure option for interactive keyboard input.
      • Consider use of the encrypt command to encrypt a password: ./operate-joc.sh encrypt --in=root --cert=encrypt.crt.
        • The encryption result will include the prefix enc: followed by the encrypted symmetric key, initialization vector and encrypted secret separated by space.
        • If an encrypted password is specified, then it will be decrypted using the Private Key file: ./operate-joc.sh <command> --password="enc:BF8J8KP7TPlxy..." --key=encrypt.key.
  • --ca-cert
    • Specifies the path to a file in PEM format that holds the Root CA Certificate and optionally Intermediate CA Certificates to verify HTTPS connections to JOC Cockpit.
  • --client-cert
    • Specifies the path to a file in PEM format that holds the Client Certificate if HTTPS mutual authentication is used..
  • --client-key
    • Specifies the path to a file in PEM format that holds the Client Private Key if HTTPS mutual authentication is used..
  • --timeout
    • Specifies the maximum duration for requests to the JS7 REST Web Service. Default: 60 seconds.
  • --controller-id
    • Specifies the identification of the Controller.
  • --agent-id
    • The Agent ID specifies a unique identifier for a Standalone Agent or Agent Cluster that cannot be changed later on.
    • Agents are identified from their Agent ID.
  • --service-type
    • When used with the restart-service command, specifies the service that should be restarted.
    • One of the following services can be specified: cluster, history, dailyplan, cleanup, monitor
  • --validity-days
    • When used with the checck-license command, specifies the number of days before expiration of a JS7 license.
      • Exit code 2 signals an expired license or an inapplicable license check if the Open Source License is used.
      • Exit code 3 signals a valid license that is about to expire within the number of days specified.
  • --settings
    • When used with the store-settings command, specifies settings from their JSON format.
  • --key
    • When used with the decrypt command, specifies the path to a file that holds the Private Key in PEM format used for decryption.
  • --cert
    • When used with the encrypt command, specifies the path to a file that holds the CA-signed or self-signed X.509 Certificate. Alternatively, the path to a file holding the Public Key can be specified. The Certificate/Public Key is expected in PEM format.
    • For encryption the Certificate/Public Key must match the Private Key used for later decryption specified with the --key option.
  • --key-password
    • When used with the decrypt command, specifies the password for access to the key file using the --key option.
    • Password input from the command line is considered insecure.
      • Consider use of the -k switch or more elaborate mechanisms, for example by temporarily populating the system keystore form a security key such as a YubiKey® or similar.
      • Consider use of encrypted passwords as explained with the --password option.
  • --in
    • When used with the encrypt and decrypt commands, specifies the input value that should be encrypted or decrypted.,
    • One of the options --in or --infile can be specified.
  • --infile
    • When used with the encrypt and decrypt commands, specifies the path to the input file that should be encrypted/decrypted.
    • One of the options --in or --infile can be specified. This option requires use of the --outfile option.
  • --outfile
    • When used with the encrypt command, specifies the path to the output file that will be created holding the encrypted content of the input file.
    • When used with the decrypt command, specifies the path to the output file that will be created holding the decrypted content of the input file.
    • The option is required if the --infile option is specified
  • --java-home
    • When used with the encrypt and decrypt commands or with encrypted passwords, specifies the Java home directory. By default the JAVA_HOME environment variable is used to determine the location of Java.
    • The Java home directory is the top-level directory of a Java installation. The directory includes the bin sub-directory and java executable.
  • --java-lib
    • When used with the encrypt and decrypt commands or with encrypted passwords, a number of Java libraries are required to perform encryption/decryption.
    • The Java libraries are expected in the lib sub-directory of the JS7 Unix Shell CLI. Default: ./lib.
  • --audit-message
    • Specifies a message that is made available to the Audit Log.
    • Specification of Audit Log messages can be enforced on a per user basis and for a JS7 environment.
  • --audit-time-spent
    • Specifies the time spent to perform an operation which is added to the Audit Log.
    • The option can be specified if the --audit-message option is used.
  • --audit-link
    • Specifies a link (URL) which is added to the Audit Log.
    • The option can be specified if the --audit-message option is used.
  • --log-dir
    • If a log directory is specified then the script will log information about processing steps to a log file in this directory.
    • File names are created according to the pattern: operate-joc.<yyyy>-<MM>-<dd>T<hh>-<mm>-<ss>.log
    • For example: operate-joc.2022-03-19T20-50-45.log

Switches

  • -h | --help
    • Displays usage.
  • -v | --verbose
    • Displays verbose log output that includes requests and responses with the JS7 REST Web Service.
    • When used twice as with -v -v then curl verbose output will be displayed.
  • -p | --password
    • Asks the user for interactive keyboard input of the password used for the account specified with the --user option..
    • The switch is used for secure interactive input as an alternative to use of the option --password=<password>.
  • -k | --key-password
    • Asks the user for interactive keyboard input of the password used for access to a keystore or key file specified with the --keystore or --key options.
    • The switch is used for secure interactive input as an alternative to use of the --key-password=<password> option.
  • -l | --list
    • Lists version information in JSON format when used with the version command.
  • --show-logs
    • Displays the log output created by the script if the --log-dir option is used.
  • --make-dirs
    • If directories are missing that are indicated with the --log-dir option then they will be created.

Exit Codes

  • 0: operation successful
  • 1: argument errors
  • 3: no objects found
  • 4: JS7 REST Web Service is not reachable or reports errors

Examples

The following examples illustrate typical use cases.

Getting Status Information

Examples for Getting Status Information
# common options for connection to JS7 REST API
request_options=(--url=http://localhost:4446 --user=root --password=root --controller-id=controller)

# get status information for Standalone JOC Cockpit
response=$(./operate-joc.sh status "${request_options[@]}")
# returns response
{"clusterState":{"_text":"ClusterUnknown","severity":2},"controllers":[{"componentState":{"_text":"operational","severity":0},"connectionState":{"_text":"established","severity":0},"controllerId":"controller","host":"localhost","id":20,"isCoupled":false,"javaVersion":"21+35-2513","os":{"architecture":"amd64","distribution":"3.10.0-1160.92.1.el7.x86_64","name":"Linux"},"role":"STANDALONE","securityLevel":"HIGH","startedAt":"2024-09-03T09:52:38.918Z","surveyDate":"2024-09-23T10:10:01.496Z","title":"Standalone Controller","url":"http://localhost:4444","version":"2.7.2"}],"database":{"componentState":{"_text":"operational","severity":0},"connectionState":{"_text":"established","severity":0},"dbms":"H2","version":"1.4.200 (2019-10-14)"},"deliveryDate":"2024-09-23T10:10:01.499Z","jocs":[{"componentState":{"_text":"operational","severity":0},"connectionState":{"_text":"established","severity":0},"controllerConnectionStates":[{"role":"STANDALONE","state":{"_text":"established","severity":0}}],"current":true,"host":"localhost","id":1,"instanceId":"joc#0","isApiServer":false,"lastHeartbeat":"2024-09-23T10:09:43.682Z","memberId":"localhost:1ce420678f21a574e6adeb2f218f5bd40ed1b1bf9005414bcf060fba2e4c5a67","os":{"architecture":"amd64","distribution":"3.10.0-1160.92.1.el7.x86_64","name":"Linux"},"securityLevel":"HIGH","startedAt":"2024-09-19T20:55:34.522Z","title":"My JOC Cockpit","url":"http://localhost:4446","version":"2.7.2"}]}
# get severity from status information
echo "$response" | jq -r '.jocs[0].componentState.severity // empty'
echo "$response" | jq -r '.jocs[0].connectionState.severity // empty'
echo "$response" | jq -r '.jocs[0].controllerConnectionStates[0].state.severity // empty'
echo "$response" | jq -r '.jocs[0].version // empty'
echo "$response" | jq -r '.database.componentState.severity // empty'
echo "$response" | jq -r '.database.connectionState.severity // empty'

# get status information for JOC Cockpit Cluster
response=$(./operate-joc.sh status "${request_options[@]}")
# returns response
{"clusterState":{"_text":"ClusterCoupled","severity":0},"controllers":[{"clusterNodeState":{"_text":"inactive","severity":1},"clusterUrl":"http://localhost:4444","componentState":{"_text":"operational","severity":0},"connectionState":{"_text":"established","severity":0},"controllerId":"controller_cluster","host":"localhost","id":2,"isCoupled":true,"javaVersion":"17.0.12+7-alpine-r0","os":{"architecture":"amd64","distribution":"3.10.0-1160.92.1.el7.x86_64","name":"Linux"},"role":"PRIMARY","securityLevel":"MEDIUM","startedAt":"2024-09-18T20:29:33.271Z","surveyDate":"2024-09-23T10:07:16.768Z","title":"PRIMARY CONTROLLER","url":"http://localhost:4444","version":"2.7.2"},{"clusterNodeState":{"_text":"active","severity":0},"clusterUrl":"http://localhost:4444","componentState":{"_text":"operational","severity":0},"connectionState":{"_text":"established","severity":0},"controllerId":"controller_cluster","host":"localhost","id":3,"isCoupled":true,"javaVersion":"17.0.12+7-alpine-r0","os":{"architecture":"amd64","distribution":"3.10.0-1160.92.1.el7.x86_64","name":"Linux"},"role":"BACKUP","securityLevel":"MEDIUM","startedAt":"2024-09-18T20:29:33.972Z","surveyDate":"2024-09-23T10:07:16.737Z","title":"SECONDARY CONTROLLER","url":"http://localhost:44444","version":"2.7.2"}],"database":{"componentState":{"_text":"operational","severity":0},"connectionState":{"_text":"established","severity":0},"dbms":"MySQL","version":"5.7.33"},"deliveryDate":"2024-09-23T10:07:16.773Z","jocs":[{"clusterNodeState":{"_text":"active","severity":0},"componentState":{"_text":"operational","severity":0},"connectionState":{"_text":"established","severity":0},"controllerConnectionStates":[{"role":"PRIMARY","state":{"_text":"established","severity":0}},{"role":"BACKUP","state":{"_text":"established","severity":0}}],"current":true,"host":"localhost","id":3,"instanceId":"joc#0","isApiServer":false,"lastHeartbeat":"2024-09-23T10:07:13Z","memberId":"localhost:97c88ccc3975703ebd0b7277d394ec8768f88b31775e8df038572d2547c240a0","os":{"architecture":"amd64","distribution":"3.10.0-957.1.3.el7.x86_64","name":"Linux"},"securityLevel":"MEDIUM","startedAt":"2024-09-20T15:50:41Z","title":"PRIMARY JOC COCKPIT","url":"http://localhost:4446","version":"2.7.2"},{"clusterNodeState":{"_text":"inactive","severity":1},"componentState":{"_text":"operational","severity":0},"connectionState":{"_text":"established","severity":0},"controllerConnectionStates":[{"role":"PRIMARY","state":{"_text":"established","severity":0}},{"role":"BACKUP","state":{"_text":"established","severity":0}}],"current":false,"host":"localhost","id":1,"instanceId":"joc#1","isApiServer":false,"lastHeartbeat":"2024-09-23T10:07:12Z","memberId":"localhost:97c88ccc3975703ebd0b7277d394ec8768f88b31775e8df038572d2547c240a0","os":{"architecture":"amd64","distribution":"3.10.0-957.1.3.el7.x86_64","name":"Linux"},"securityLevel":"MEDIUM","startedAt":"2024-09-20T15:50:40Z","title":"SECONDARY JOC COCKPIT","url":"http://localhost:4446","version":"2.7.2"}]}
# get severity from status information
echo "$response" | jq -r '.clusterState.severity // empty'
echo "$response" | jq -r '.controllers[0].componentState.severity // empty'
echo "$response" | jq -r '.controllers[0].connectionState.severity // empty'
echo "$response" | jq -r '.controllers[1].componentState.severity // empty'
echo "$response" | jq -r '.controllers[1].connectionState.severity // empty'
echo "$response" | jq -r '.jocs[0].componentState.severity // empty'
echo "$response" | jq -r '.jocs[0].connectionState.severity // empty'
echo "$response" | jq -r '.jocs[0].version // empty'
echo "$response" | jq -r '.database.componentState.severity // empty'
echo "$response" | jq -r '.database.connectionState.severity // empty'

Getting Version Information

Example for Getting Version Information
# common options for connection to JS7 REST API
request_options=(--url=http://localhost:4446 --user=root --password=root)

# get JOC Cockpit version
./operate-joc.sh version "${request_options[@]}"
# returns
2.7.2

# get Controller version
./operate-joc.sh version "${request_options[@]}" --controller-id=controller
# returns
2.7.2

# get Standalone Agent version
./operate-joc.sh version "${request_options[@]}" --agent-id=StandaloneAgent
# returns
2.7.2

# get Agent Cluster version
./operate-joc.sh version "${request_options[@]}" --agent-id=AgentCluster
# returns
2.7.2

# get version of specific Controller and of all Agents in Agent Cluster
response=$(./operate-joc.sh version "${request_options[@]}" --controller-id=controller --agent-id=AgentCluster --list)
# returns response
{
  "agentVersions":[
    {"agentId":"AgentCluster","compatibility":"COMPATIBLE","uri":"https://diragent-2-0-primary:4443","version":"2.7.2"},
    {"agentId":"AgentCluster","compatibility":"COMPATIBLE","subagentId":"director_primary_001","uri":"https://diragent-2-0-primary:4443","version":"2.7.2"},
    {"agentId":"AgentCluster","compatibility":"COMPATIBLE","subagentId":"director_secondary_001","uri":"https://diragent-2-0-secondary:4443","version":"2.7.2"},
    {"agentId":"AgentCluster","compatibility":"COMPATIBLE","subagentId":"subagent_primary_001","uri":"https://subagent-2-0-primary:4443","version":"2.7.2"},
    {"agentId":"AgentCluster","compatibility":"COMPATIBLE","subagentId":"subagent_secondary_001","uri":"https://subagent-2-0-secondary:4443","version":"2.7.2"},
    {"agentId":"AgentCluster","compatibility":"COMPATIBLE","subagentId":"subagent_third_001","uri":"https://subagent-2-0-third:4443","version":"2.7.2"}
  ],
  "controllerVersions":[
    {"compatibility":"COMPATIBLE","controllerId":"controller","uri":"https://controller-2-0-standalone:4443","version":"2.7.2"}
  ],
  "jocVersion":"2.7.2"
}
# get version of specifc Agent
echo "$response" | jq -r '.agentVersions[] | select(.subagentId == "director_primary_001") | .version // empty'

Switching-over for JOC Cockpit Cluster

Example for Switching-over for JOC Cockpit Cluster
# common options for connection to JS7 REST API
request_options=(--url=http://localhost:4446 --user=root --password=root)

# switch-over active role
./operate-joc.sh switch-over "${request_options[@]}" --controller-id=controller

Restarting and Running Services

Example for Restarting and Running Services
# common options for connection to JS7 REST API
request_options=(--url=http://localhost:4446 --user=root --password=root)

# restart service: cluster, history, dailyplan, cleanup, monitor
./operate-joc.sh restart-service "${request_options[@]}" --service-type=history

# run service: dailyplan, cleanup
./operate-joc.sh run-service "${request_options[@]}" --service-type=cleanup

Checking License

Example for Checking JOC Cockpit License
# common options for connection to JS7 REST API
request_options=(--url=http://localhost:4446 --user=root --password=root)

# check license
./operate-joc.sh check-license "${request_options[@]}"
# returns response
.... License type: COMMERCIAL_VALID
.... License valid: true
.... License valid from: 2021-05-05T12:22:41Z
.... License valid until: 2026-05-04T12:22:41Z

Getting and Storing Settings

Example for Getting and Storing Settings
# common options for connection to JS7 REST API
request_options=(--url=http://localhost:4446 --user=root --password=root)

# get settings
settings=$(./operate-joc.sh get-settings "${request_options[@]}")

# update settings
settings=$(echo "${settings}" | jq '.dailyplan.days_ahead_submit.value = "4"')
settings=$(echo "${settings}" | jq '.dailyplan.days_ahead_plan.value = "6"')

# store settings
./operate-joc.sh store-settings "${request_options[@]}" --settings="${settings}"

Encrypting and Decrypting

Example for Encrypting and Decrypting
# create Private Key
openssl ecparam -name secp384r1 -genkey -noout -out encrypt.key

# create Certificate Signing Request
openssl req -new -sha512 -nodes -key encrypt.key -out encrypt.csr -subj "/C=DE/ST=Berlin/L=Berlin/O=SOS/OU=IT/CN=Encrypt"

# create Certificate
openssl x509 -req -sha512 -days 1825 -signkey encrypt.key -in encrypt.csr -out encrypt.crt -extfile <(printf "keyUsage=critical,keyEncipherment,keyAgreement\n")


# encrypt a secret such as a password using the Certificate, the encryption result will be returned and will look like: enc:BEXbHYa...
./operate-joc.sh encrypt --in="root" --cert=encrypt.crt

# options for connection to the JS7 REST API can specify the encryption result as password and the Private Key for decryption
request_options=(--url=http://localhost:4446 --user=root --password="enc:BEXbHYa..." --key=encrypt.key --controller-id=controller)

# for example, when getting version information, the Private Key is used to decrypt the password for access to the REST API on-the-fly
./operate-joc.sh version "${request_options[@]}"

# decrypt an encrypted secret using the Private Key
./operate-joc.sh decrypt --in="enc:BEXbHYa..." --key=encrypt.key

Resources



  • No labels