Skip to end of metadata
Go to start of metadata

Introduction

Installation, updates and upgrades are performed using the .tar.gz/.zip archives provided for the initial installation of newer releases.

  • The JS7 - Installation instructions apply.
  • The installation, update and upgrade processes can be automated for environments with a larger number of JOC Cockpit instances, Controllers and Agents.
    • Users can use their preferred tools such as Ansible®, Puppet®, Chef®.
    • Users can apply the Controller Installer Script that is described in this article either standalone or in combination with such tools.

Security

Secure rollout of JS7 components is critical. It is therefore recommended that the solution described here is adjusted to suit specific security needs.

  • Rollout of JS7 Controllers is considered critical as the software allows jobs to be executed on a larger number of servers.
    • Integrity of the sources for downloads of JS7 components deserves attention.
    • This includes intermediate devices on which JS7 software installers are stored in a user's environment.
    • It is an option to run the Controller Installer Script from sudo and to use the digest functionality that compares the script to a hash value stored with the sudoers file.
  • The solution provided for updating, upgrading and patching JS7 Controllers is based on shell scripting by design:
    • to provide readability and to rely on OS commands only,
    • to deny the use of any 3rd-party components and additional dependencies that require code to be executed on the machines running Controllers.
  • The Controller Installer Script can be integrated in a number of ways:
    • by running one's own SSH script on top of the Controller Installer Script,
    • by using tools such as Ansible®, Puppet® that make use of an SSH Client,
    • by using JS7 workflow automation as explained below.
      • It is recommended that a separate Standalone Controller and Agent are used for deployment purposes, for details see JS7 - Deployment.
      • Access to the Controller and Agent for rollout should be securely managed.

Controller Installer Script

The Controller Installer Script is provided for download and can be used to automate updates, upgrades and patches of JS7 Controllers.

  • The script is available for Linux, MacOS®, AIX® and Solaris® using bash, dash, ksh and zsh POSIX-compatible shells. For AIX® and  Solaris® automated installation is supported, automated configuration is not.
  • The script can be used to install, update or patch a Controller instance using the installation options. In addition it can be used to configure a Controller instance, for example in case of certificate renewal.
  • The script creates
  • The script terminates with exit code 0 to signal success, with exit code 1 for command line argument errors and with exit code 2 for non-recoverable errors.
  • The script is intended as a baseline example for customization by JS7 users and by SOS within the scope of professional services.
  • Refer also to information in the  JS7 - Controller Command Line Operation article.

Download

Find the Controller Installer Script for download from JS7 - Download.

Usage

Invoking the Controller Installer Script without arguments displays the usage clause:


Controller Installer Script: js7_install_controller.sh
Usage: js7_install_controller.sh [Options] [Switches]

  Installation Options:
    --home=<directory>                 | required: directory to which the Controller will be be installed
    --data=<directory>                 | optional: directory for Controller data files, default:  <home>/var
    --config=<directory>               | optional: directory from which the Controller reads configuration files, default: <data>/config
    --logs=<directory>                 | optional: directory to which the Controller writes log files, default: <data>/logs
    --user=<account>                   | optional: user account for Controller daemon, default: $USER
    --controller-id=<identifier>       | optional: Controller ID, default: controller
    --release=<release-number>         | optional: release number such as 2.2.3 for download if --tarball is not used
    --tarball=<tar-gz-archive>         | optional: the path to a .tar.gz archive that holds the Controller tarball,
                                       |           if not specified the Controller tarball will be downloaded from the SOS web site
    --patch=<issue-key>                | optional: identifies a patch for an existing Controller installation
    --license-key=<key-file>           | optional: specifies the path to a license key file to be installed
    --license-bin=<binary-file>        | optional: specifies the path to the js7-license.jar binary file for licensed code to be installed
                                       |           if not specified the file will be downloaded from the SOS web site
    --instance-script=<file>           | optional: path to the Instance Start Script that will be copied to the Controller, default <home>/bin/<instance-script>
    --backup-dir=<directory>           | optional: backup directory for existing Controller home directory
    --log-dir=<directory>              | optional: log directory for log output of this script
    --exec-start=<command>             | optional: specifies the command to start the Controller, e.g. 'StartService'
    --exec-stop=<command>              | optional: specifies the command to stop the Controller, e.g. 'StopService'
    --return-values=<file>             | optional: specifies a file that receives return values such as the path to a log file

  Configuration Options:
    --deploy-dir=<directory>           | optional: deployment directory from which configuration files are copied to the Controller
    --controller-conf=<file>           | optional: path to a configuration file that will be copied to <config>/controller.conf
    --private-conf=<file>              | optional: path to a configuration file that will be copied to <config>/private/private.conf
    --http-port=<port>                 | optional: specifies the http port the Controller will be operated for, default: 4444
                                                   port can be prefixed by network interface, e.g. localhost:4444
    --https-port=<port>                | optional: specifies the https port the Controller will be operated for
                                                   port can be prefixed by network interface, e.g. batch.example.com:4444
    --pid-file-dir=<directory>         | optional: directory to which the Controller writes its PID file, default: <data>/logs
    --pid-file-name=<file-name>        | optional: file name used by the Controller to write its PID file, default: controller.pid
    --controller-primary-cert=<file>   | optional: path to Primary/Standalone Controller certificate file
    --controller-secondary-cert=<file> | optional: path to Secondary Controller certificate file
    --joc-primary-cert=<file>          | optional: path to Primary/Standalone JOC Cockpit certificate file
    --joc-secondary-cert=<file>        | optional: path to Secondary JOC Cockpit certificate file
    --keystore=<file>                  | optional: path to a PKCS12 keystore file that will be copied to <config>/private/
    --keystore-password=<password>     | optional: password for access to keystore
    --keystore-alias=<alias-name>      | optional: alias name for keystore entry
    --truststore=<file>                | optional: path to a PKCS12 truststore file that will be copied to <config>/private/
    --truststore-password=<password>   | optional: password for truststore password
    --java-home=<directory>            | optional: Java Home directory for use with the Instance Start Script
    --java-options=<options>           | optional: Java Options for use with the Instance Start Script 
    --service-dir=<directory>          | optional: systemd service directory, default: /usr/lib/systemd/system
    --service-file=<file>              | optional: path to a systemd service file that will be copied to <home>/bin
    --service-name=<identifier>        | optional: name of the systemd service to be created, default js7_controller

   Switches:
    -h | --help                        | displays usage
    --show-logs                        | shows log output of the script
    --make-dirs                        | creates the specified directories if they do not exist
    --make-service                     | creates the systemd service for the Controller
    --move-libs                        | moves an existing Controller's lib directory instead of removing the directory
    --remove-journal                   | removes an existing Controller's state directory that holds the journal
    --restart                          | stops a running Controller and starts the Controller after installation
    --abort                            | aborts a running Controller if used with the --restart switch
    --kill                             | kills a running Controller if used with the --restart switch

Installation Options

  • --home
    • Specifies the directory in which the Controller should be installed.
  • --data
    • Specifies the directory in which the Controller data such as configuration files should be stored.
    • By default the <home>/var directory is used, see option --home.
  • --config
    • Specifies the directory from which the Controller reads configuration files.
    • By default the <data>/config directory is used, see option --data.
  • --logs
    • Specifies the directory to which the Controller stores log files.
    • By default the <data>/logs directory is used, see option --data.
  • --user
    • Specifies the user account for the Controller daemon.
    • By default the account of the user running the Controller Installer Script is used.
  • --controller-id
    • Specifies the Controller ID, a unique identifier of the Controller installation. If more than one Controller should be registered with JOC Cockpit then they have to use different Controller IDs.
    • If two Controller instances should work in a Cluster then they have to use the same Controller ID.
  • --release
    • Specifies a release number such as 2.3.1 for download from the SOS web site if the --tarball option is not used.
  • --tarball
    • Optionally specifies the path to a .tar.gz file that holds the Controller installation files. If this option is not used the installer tarball will be downloaded from the SOS web site for the release indicated with the --release option.
    • Download is performed with curl that considers http_proxy and https_proxy environment variables and settings from a .curlrc file.
  • --patch
    • A patch is identified by an issue key in the Change Management System, for example JS-1984.
    • Patches are downloaded from the SOS web site if the --tarball option is not used.
    • Patches are added to the Controller's <home>/lib/patches directory. Note that the patches sub-directory will be emptied when updating a Controller installation later on.
    • If a backup directory is specified then a Controller's existing installation directory will be added to a .tar.gz file in this directory.
  • --license-key
    • Optionally the path to a license key file is specified. Customers with a Commercial License receive the license key file from SOS in .pem or .crt format.
    • For details see JS7 - How to apply a JS7 License Key.
  • --license-bin
    • Optionally the path to the js7-license.jar binary file is specified that includes code that is available for use with a Commercial License only, see JS7 - How to apply a JS7 License Key.
    • Should this argument be omitted and a license key file be specified with the --license-key option then the binary file is downloaded from the SOS Web Site, see JS7 - Download.
  • --instance-script
    • Specifies the path to a script that acts as the Instance Start Script and that is copied to the bin directory. Typically the name controller_instance.sh. is used. Users are free to choose any name for the script. The script has to be executable for the Controller daemon, see --user. Permissions of the script are not changed by the Controller Installer Script.
    • The Controller Installer Script will perform replacements in the Instance Start Script template for known placeholders such as <JS7_CONTROLLER_USER>, for details see ./bin/controller_instance.sh-example.
  • --backup-dir
    • If a backup directory is specified then an Controller's existing installation directory will be added to a .tar.gz file in this directory.
    • File names are created according to the pattern: backup_js7_controller.<hostname>.<release>.<yyyy>-<MM>-<dd>T<hh>-<mm>-<ss>.tar.gz
    • For example: backup_js7_controller.centostest_primary.2.3.1.2022-03-19T20-50-45.tar.gz
  • --log-dir
    • If a log directory is specified then the installer script will log information about processing steps to a log file in this directory.
    • File names are created according to the pattern: install_js7_controller.<hostname>.<yyyy>-<MM>-<dd>T<hh>-<mm>-<ss>.log
    • For example: install_js7_controller.centostest_primary.2022-03-19T20-50-45.log
  • --exec-start
    • This option can be used should the Controller be started after installation. For example, when using systemd then the option --exec-start="StartService" will start the Controller service provided that the related systemd service has been created manually or by use of the --make-service switch. Alternatively users can specify individual commands, for example --exec-start="sudo systemctl start js7_controller".
    • For systemd service files see the JS7 - systemd Service Files for automated Startup and Shutdown with Unix Systems article.
    • This option is an alternative to the use of the --restart switch which starts the Controller from its Instance Start Script. If specified this option will overrule the --restart switch.
  • --exec-stop
    • This option can be used should the Controller be stopped before installation. For example, when using systemd then the option --exec-stop="StopService" will stop the Controller service provided that the related systemd service has been created manually or by use of the --make-service switch. Alternatively users can specify individual commands, for example --exec-stop="sudo systemctl stop js7_controller".
    • For systemd service files see the JS7 - systemd Service Files for automated Startup and Shutdown with Unix Systems article.
    • This option is an alternative to the use of the --restart switch which stops the Controller from its Instance Start Script. If specified this option will overrule the --restart switch.
  • --return-values
    • Optionally specifies the path to a file to which return values will be added in the format <name>=<key>. For example:
      • log_file=install_js7_controller.centostest_primary.2022-03-20T04-54-31.log
      • backup_file=backup_js7_controller.centostest_primary.2.3.1.2022-03-20T04-54-31.tar.gz
    • Any existing file will be overwritten. It is recommended that a unique file name such as /tmp/return.$$.$RANDOM.properties. is used.
    • A value from the file can be retrieved like this:
      • backup=$(cat /tmp/return.$$.$RANDOM.properties | grep "backup_file" | cut -d'=' -f2)

Configuration Options

  • --deploy-dir
    • Specifies the path to a deployment directory that holds configuration files and sub-directories that will be copied to the <config> folder. A deployment directory allows to manage central copies of configuration files such as controller.conf, private.conf, log4j2.xml etc.
    • Use of a deployment directory has lower precedence as files can be overwritten by individual options such as --agent.conf, --private-conf etc.
  • --controller-conf
    • Specifies the path to a configuration file for global JS7 - Controller Configuration Items. The file will be copied to the <config>/controller.conf file.
    • Any file name can be used as a value of this option, however, the target file name controller.conf will be used.
  • --private-conf
    • Specifies the path to a configuration file for private JS7 - Controller Configuration Items. The file will be copied to the <config>/private/private.conf file.
    • Any file name can be used as a value of this option, however, the target file name private.conf will be used.
  • --http-port
    • Specifies the HTTP port that the Controller is operated for. The default value is 4444. The HTTP port is used to specify the value of the JS7_CONTROLLER_HTTP_PORT environment variable in the Controller Instance Start Script.
    • The port can be prefixed by the network interface, for example localhost:4444.
    • When used with the --restart switch the HTTP port is used to identify whether the Controller is running.
  • --https-port
    • Specifies the HTTPS port that the Controller is operated for. The HTTPS port is specified in the Controller Instance Start Script typically available from ./bin/controller_instance.sh. with the environment variable JS7_CONTROLLER_HTTPS_PORT. Use of HTTPS requires a keystore and truststore to be present, see --keystore and --truststore options.
    • The port can be prefixed by the network interface, for example batch.example.com:4444.
  • --pid-file-dir
    • Specifies the directory to which the Controller stores its PID file. By default the <data>/logs directory is used.
    • When using SELinux then it is recommended to specify the /var/run directory, see JS7 - How to install for SELinux.
  • --pid-file-name
    • Specifies the name of the PID file. By default the file name controller.pid is used.
    • The PID file is created in the directory specified by the --pid-file-dir option.
  • --controller-primary-cert
    • Specifies the path to the SSL/TLS certificate of the Primary Controller Instance. The Controller Installer Script extracts the distinguished name from the given certificate and adds it to the Controller's private.conf file to allow HTTPS connections from the pairing Controller in a cluster using mutual authentication without the need for passwords.
  • --controller-secondary-cert
    • Corresponds to the --controller-primary-cert setting and is used for the Secondary Controller Instance.
  • --joc-primary-cert
    • Specifies the path to the SSL/TLS certificate of the Primary/Standalone JOC Cockpit Instance. The Controller Installer Script extracts the distinguished name from the given certificate and adds it to the Controller's private.conf file to allow HTTPS connections from the JOC Cockpit instance using mutual authentication without the need for passwords.
  • --joc-secondary-cert
    • Corresponds to the --joc-primary-cert setting and is used for the Secondary JOC Cockpit Instance.
  • --keystore
    • Specifies the path to a PKCS12 keystore file that holds the private key and certificate for HTTPS connections to the Controller.
    • Users are free to specify any file name, typically the name https-keystore.p12 is used. The keystore file will be copied to the <config>/private directory.
    • If a keystore file is made available then the Controller's <config>/private/private.conf file has to hold a reference to the keystore location and optionally the keystore password. It is therefore recommended to use the --private-conf option to deploy an individual private.conf file that holds settings related to a keystore.
    • For automating the creation of keystores see JS7 - How to add SSL TLS Certificates to Keystore and Truststore.
  • --keystore-password
    • Specifies the password for access to the keystore. Use of a keystore password is required.
  • --keystore-alias
    • If a keystore holds more than one private key, for example if separate pairs of private keys/certificates for server authentication and client authentication exist, then it is not determined which private key/certificate will be used. The alias name of a given private key/certificate is specified when the entry is added to the keystore. The alias name allows to indicate a specific private key/certificate to be used.
  • --truststore
    • Specifies the path to a PKCS12 truststore file that holds the certificate(s) for HTTPS connections to the Controller using mutual authentication .
    • Users are free to specify any file name, typically the name https-truststore.p12 is used. The truststore file will be copied to the <config>/private directory.
    • If a truststore file is made available then the Controller's <config>/private/private.conf file has to hold a reference to the truststore location and optionally the truststore password. It is therefore recommended to use the --private-conf option to deploy an individual private.conf file that holds settings related to a truststore.
    • For automating the creation of truststores see JS7 - How to add SSL TLS Certificates to Keystore and Truststore.
  • --truststore-password
    • Specifies the password for access to the truststore. Use of a password is recommended as it is not primarily intended to protect access to the truststore. The password is intended to allow verification that truststore entries have been added using the same password.
  • --java-home
    • Specifies the Java home directory that will be made available to the Controller from the JAVA_HOME environment variable specified with the Controller Instance Start Script typically available from ./bin/controller_instance.sh.
  • --java-options
    • Specifies the Java options that will be made available to the Controller from the JAVA_OPTIONS environment variable specified with the Controller Instance Start Script typically available from ./bin/controller_instance.sh.
    • Java options can be used for example to specify Java heap space settings for the Ccontroller.
    • If more than one Java option is used then the value has to be quoted, for example --java-options="-Xms256m -Xmx512m".
  • --service-dir
    • Specifies the systemd service directory to which the Controller's service file will be copied if the --make-service switch is used.
    • By default the a/usr/lib/systemd/system will be used. Users can specify an alternative location.
  • --service-file
    • Specifies the path to a systemd service file that acts as a template and that is copied to the Controller's <home>/bin directory.
    • Users are free to choose any file name as a template for the service file. The resulting service file name will be controller.service.
    • The Controller Installer Script will perform replacements in the service file to update paths and the port to be used, for details see ./bin/controller.service-example.
  • --service-name
    • Specifies the name of the systemd service that will be created if the --make-service switch is used.
    • By default the service name js7_controller will be used.

Switches

  • -h | --help
    • Displays usage.
  • --show-logs
    • Displays the log output created by the script if the --log-dir option is used.
  • --make-dirs
    • If directories are missing that are indicated with the --home, --backup-dir or --log-dir options then they will be created.
  • --make-service
    • Specifies that a systemd service should be created for the Controller. The service will be created from the --service-name option or its default value.
  • --move-libs
    • For an existing Controller installation the lib sub-directory includes .jar files that carry the release number in their file names. If replaced by a newer version the lib directory has to be moved or removed. This switch tries to move the directory to a previous version number as indicated from the .version file in the Controller's home directory. For example, to rename lib to lib.2.3.1.
    • Files in the lib/user_lib sub-directory are preserved.
  • --remove-journal
    • If a Controller has been installed for the wrong operating mode (standalone, clustered) then the Controller's journal in the JS7_CONTROLLER_DATA/state directory can be removed. This operation removes any orders submitted to a Controller and Agents. It requires the Agents to be re-registered to the Controller.
  • --restart
    • Stops a running Controller before installation and starts the Controller after installation using the Controller's Instance Start Script. This switch can be used with the --abort and --kill switches to control the way how the Controller is terminated. This switch is ignored if the --exec-start and --exec-stop options are used.
  • --abort
    • Aborts a running Controller if used with the --restart switch. Aborting an Controller includes to terminate the Controller in an orderly manner that allows to close files consistently.
  • --kill
    • Kills a running Controller if used with the --restart switch. This includes killing child processes of running tasks.

Exit Codes

    • 1: argument errors
    • 2: non-recoverable errors
    • 3: this exit code is returned when used with the --restart switch and if it cannot be identified whether a Controller instance is running
    • 4: this exit code is returned if no --tarball option is used and download of the tarball reports errors
    • 5: this exit code is returned when used with the --restart switch and if the Controller instance cannot be started
    • 6: this exit code is returned when used with the --restart switch and if the Controller instance cannot be stopped
    • 7: this exit code indicates that the Controller systemd service could not be started or stopped when using the --exec-start="StartService" or --exec-stop="StopService" options.

Replacements

The Controller Installer Script performs replacements of placeholders in installation files and configuration files by option values, for details see chapter Replacements.

Examples

The following examples illustrate typical use cases. Users should consider to specify current releases, see JS7 - Download.

Install or Update from Download

Example for use of Controller Installer Script
./js7_install_controller.sh \
    --home=/home/sos/controller \
    --release=2.3.1 \
    --make-dirs

# downloads the indicated Controller release and extracts the tarball to the specified Controller home directory
# the home directory is created if it does not exist

Install or Update from Download with Commercial License

Example for use of Controller Installer Script
./js7_install_controller.sh \
    --home=/home/sos/controller \
    --release=2.3.1 \
    --license-key=/home/sos/example.pem \
    --make-dirs

# downloads the indicated Controller release and extracts the tarball to the specified Controller home directory
# installs the license key file and downloads the binary file for licensed code to enable cluster operations

Install or Update from Tarball

Example for use of Controller Installer Script
./js7_install_controller.sh \
    --home=/home/sos/controller \
    --tarball=/mnt/releases/js7/js7_controller_unix.2.3.1.tar.gz

# extracts the indicated tarball to the specified Controller home directory

Install or Update from Tarball with Commercial License

Example for use of Controller Installer Script
./js7_install_controller.sh \
    --home=/home/sos/controller \
    --tarball=/mnt/releases/js7/js7_controller_unix.2.3.1.tar.gz \
    --license-key=/home/sos/example.pem \
    --license-bin=/mnt/releases/js7/js7-license.jar

# extracts the indicated tarball to the specified Controller home directory
# installs the license key file and binary file for licensed code to enable cluster operations

Install or Update and Stop/Start using systemd

Example for use of Controller Installer Script
./js7_install_controller.sh \
    --home=/home/sos/controller \
    --tarball=/mnt/releases/js7/js7_controller_unix.2.3.1.tar.gz \
    --exec-start="sudo systemctl start js7_controller" \
    --exec-stop="sudo systemctl stop js7_controller"

# extracts the indicated tarball to the specified Controller home directory
# the Controller is stopped and started by use of systemd commands

Install or Update and Restart

Example for use of Controller Installer Script
./js7_install_controller.sh \
    --home=/home/sos/controller \
    --tarball=/mnt/releases/js7/js7_controller_unix.2.3.1.tar.gz \
    --restart

# extracts the indicated tarball to the specified Controller home directory
# the Controller is stopped and started from its instance start script

Install or Update with Return Values

Example for use of Controller Installer Script
retval=/tmp/js7_install_controller.$$.tmp

./js7_install_controller.sh \
    --home=/home/sos/controller \
    --tarball=/mnt/releases/js7/js7_controller_unix.2.3.1.tar.gz \
    --backup-dir=/tmp/backups \
    --log-dir=/tmp/logs \
    --return-values=$retval

log_file=$(cat $retval | grep "log_file" | cut -d'=' -f2)
backup_file=$(cat $retval | grep "backup_file" | cut -d'=' -f2)

# extracts the indicated tarball to the specified Controller home directory, creates a log file and a backup file
# return values include the path to the log file and to the backup file

Install or Update with Fallback

Example for use of Controller Installer Script
retval=/tmp/js7_install_controller.$$.tmp

./js7_install_controller.sh \
    --home=/home/sos/controller \
    --tarball=/mnt/releases/js7/js7_controller_unix.2.3.1.tar.gz \
    --backup-dir=/tmp/backups \
    --log-dir=/tmp/logs \
    --return-values=$retval \
    --restart \
    --show-logs \
    --make-dirs \
 || ( backup=$(cat $retval | grep "backup_file" | cut -d'=' -f2 ) \
      && ( test -e "$backup" ) && \
      ./js7_install_controller.sh \
          --home=/home/sos/controlller \
          --tarball=$backup \
          --log-dir=/tmp/logs \
          --restart \
          --show-logs )

log_file=$(cat $retval | grep "log_file" | cut -d'=' -f2)
backup_file=$(cat $retval | grep "backup_file" | cut -d'=' -f2)

# extracts the indicated tarball to the specified Controller home directory, creates a backup file and a log file and restarts the Controller
# should installation fail then it is reverted from the backup file

Install or Update and Apply Certificates

Example for use of Controller Installer Script
./js7_install_controller.sh \
    --home=/home/sos/controller \
    --tarball=/mnt/releases/js7/js7_controller_unix.2.3.1.tar.gz \
    --http-port=localhost:4444 \
    --https-port=batch.example.com:4444 \
    --java-options="-Xms256m -Xmx512m" \
    --controller-conf=/home/sos/controller-deployment/controller.conf \
    --private-conf=/home/sos/controller-deployment/private.conf \
    --keystore=/home/sos/controller-deployment/https-keystore.p12 \
    --truststore=/home/sos/controller-deployment/https-truststore.p12 \
    --make-dirs

# extracts the indicated tarball to the specified Controller home directory
# runs the Controller for HTTP port 4444 on the localhost network interface and the same HTTPS port on the server network interface
# deploys global and private Controller configuration files that hold references to keystore and truststore
# deploys keystore and truststore files

Patch from Download

Example for use of Controller Installer Script
./js7_install_controller.sh \
    --home=/home/sos/controller \
    --release=2.3.1 \
    --patch=JS-1984

# downloads the indicated patch and extracts the tarball to the specified Controller home directory
# the patch is stored to the Controller's lib/patches sub-directory

Patch from Tarball

Example for use of Controller Installer Script
./js7_install_controller.sh \
    --home=/home/sos/controller \
    --tarball=/mnt/releases/js7/js7_controller_unix.2.3.1.JS-1984.tar.gz \
    --patch=JS-1984

# extracts the indicated patch tarball to the specified Controller home directory
# the patch is stored to the Controller's lib/patches sub-directory

Replacements

The Controller Installer Script performs replacements of placeholders in installation files and configuration files by option values.

Installation Files

  • <home>/bin/controller_instance.sh
    • Replacements are performed for the following placeholders used for environment variables by respective option values:

      PlaceholderOption Value
      JS7_CONTROLLER_HOME--home
      JS7_CONTROLLER_DATA--data
      JS7_CONTROLLER_ID--id
      JS7_CONTROLLER_USER--user
      JS7_CONTROLLER_HTTP_PORT--http-port
      JS7_CONTROLLER_HTTPS_PORT--https-port
      JS7_CONTROLLER_CONFIG_DIR--config
      JS7_CONTROLLER_LOGS--logs
      JS7_CONTROLLER_PID_FILE_DIR--pid-file-dir
      JS7_CONTROLLER_PID_FILE_NAME--pid-file-name
      JAVA_HOME--java-home
      JAVA_OPTIONS--java-options



  • <home>/bin/controller.service
    • Replacements are performed for the following settings by respective option values:

      PlaceholderOption Value
      <JS7_CONTROLLER_ID>--id
      <JS7_CONTROLLER_HTTP_PORT>--http-port
      PIDFile=--pid-file-dir
      --pid-file-name
      User=--user
      ExecStart=, ExecStop=, ExecReload=--home

Configuration Files

  • <config>/private/private.conf
    • Replacements are performed for the following placeholders by respective option values:

      PlaceholderOption Value
      {{controller-id}} --controller-id
      {{controller-primary-distinguished-name}}--controller-primary-cert
      {{controller-secondary-distinguished-name}}--controller-secondary-cert
      {{joc-primary-distinguished-name}}--joc-primary-cert
      {{joc-secondary-distinguished-name}}--joc-secondary-cert
      {{keystore-file}}--keystore
      {{keystore-password}}

      --keystore-password

      {{keystore-alias}}--keystore-alias
      {{truststore-file}}--truststore
      {{truststore-password}}--truststore-password



    • Find a template for a private.conf file using placeholders for HTTPS mutual authentication:

      private.conf template file with placeholders
      js7 {
          auth {
              users {
                  # History account (used for release events)
                  History {
                      distinguished-names=[
                          "{{joc-primary-distinguished-name}}",
                          "{{joc-secondary-distinguished-name}}"
                      ]
                      password="sha512:B793649879D61613FD3F711B68F7FF3DB19F2FE2D2C136E8523ABC87612219D5AECB4A09035AD88D544E227400A0A56F02BC990CF0D4CB348F8413DE00BCBF08"
                  }
      
                  # JOC account (needs UpdateItem permission for deployment)
                  JOC {
                      distinguished-names=[
                          "{{joc-primary-distinguished-name}}",
                          "{{joc-secondary-distinguished-name}}"
                      ]
                      password="sha512:3662FD6BF84C6B8385FC15F66A137AB75C755147A81CC7AE64092BFE8A18723A7C049D459AB35C059B78FD6028BB61DCFC55801AE3894D2B52401643F17A07FE"
                      permissions=[
                          UpdateItem
                      ]
                  }
      
                  # Controller ID for connections by primary/secondary Controller instance
                  {{controller-id}} {
                      distinguished-names=[
                          "{{controller-primary-distinguished-name}}",
                          "{{controller-secondary-distinguished-name}}"
                      ]
                  }
              }
          }
      
          configuration {
              # Locations of certificates and public keys used for signature verification
              trusted-signature-keys {
                  # PGP=${js7.config-directory}"/private/trusted-pgp-keys"
                  X509=${js7.config-directory}"/private/trusted-x509-keys"
              }
          }
      
          journal {
              # allow History account to release unused journals
              users-allowed-to-release-events=[
                  History
              ]
          }
      
          web {
              # Locations of keystore and truststore files for HTTPS connections
              https {
                  keystore {
                      # Default: ${js7.config-directory}"/private/https-keystore.p12"
                      file=${js7.config-directory}"/private/{{keystore-file}}"
                      key-password="{{keystore-password}}"
                      store-password="{{keystore-password}}"
                      # alias="{{keystore-alias}}"
                  }
      
                  truststores=[
                      {
                          # Default: ${js7.config-directory}"/private/https-truststore.p12"
                          file=${js7.config-directory}"/private/{{truststore-file}}"
                          store-password="{{truststore-password}}"
                      }
                  ]
              }
          }
      }

Automation

The Controller Installer Script can be executed from a job for automated update and upgrade of JS7 Controllers.

The steps for automation are similar to update and upgrade of JS7 Agents. Find instructions how to setup workflow automation in the JS7 - Automated Update of Agent article.

Further Resources




  • No labels