Skip to end of metadata
Go to start of metadata

Introduction

  • The following configuration items are initially populated by the JOC Cockpit installer and can be modified by a user later on. 
  • JOC Cockpit makes use of the joc.properties configuration file that is populated by installation options. This file can be found by default in the following locations:
    • Linux: /var/sos-berlin.com/js7/joc/resources/joc/joc.properties
    • Windows: C:\ProgramData\sos-berlin.com\js7\joc\resources\joc\joc.properties
    • The location of this file is indicated below as JETTY_BASE/resources/joc/joc.properties.
  • The Jetty Servlet Container that ships with JOC Cockpit makes use of the following configuration file:
    • Linux: /var/sos-berlin.com/js7/joc/start.ini
    • Windows: C:\ProgramData\sos-berlin.com\js7\joc\start.ini
    • The location of this file is indicated below as JETTY_BASE/start.ini
  • Restart the JOC Cockpit instance to apply changes to the JOC Cockpit or Jetty configuration files.
  • See the JS7 - Settings article for run-time settings that do not require a restart of the JOC Cockpit.

JOC Cockpit

Installation Options

The following example of a JETTY_BASE/resources/joc/joc.properties file is created from the installer and can be modified by the user:


Example for JOC Cockpit installation options: joc.properties
################################################################################
### If JOC Cockpit is used in a cluster then type a title to identify which node
### is currently used. Further type an ordering (Primary <= 0, Backup > 0) for
### the display order in JOC's dashboard

title = PRIMARY JOC COCKPIT
ordering = 0


################################################################################
### Path to log4j configuration file. Path can be absolute or relative
### to this file.

log4j.configuration = log4j2.xml


################################################################################
### Path to hibernate configuration file of JOC's database.
### Path can be absolute or relative to this file.

hibernate_configuration_file = hibernate.cfg.xml


################################################################################
### The time (in seconds) to establish the connection with the
### remote host. Default = 2

jobscheduler_connection_timeout = 2


################################################################################
### The time (in seconds) waiting for data after the connection
### has been established; maximum time of inactivity between two data packets.
### Default = 5

jobscheduler_socket_timeout = 5


################################################################################
### Should hostname verification be carried out for https certificates.
### Default false

https_with_hostname_verification = true


################################################################################
### Location, type and password of the Java truststore which contains the
### HTTPS connection certificates for each JobScheduler Controller.
### The path is relative to JETTY_BASE/resources/joc.

# keystore_path = https-keystore.p12
# keystore_type = PKCS12
# keystore_password = jobscheduler
# key_password = jobscheduler

# truststore_path = https-truststore.p12
# truststore_type = PKCS12
# truststore_password = jobscheduler


################################################################################
### JOC Cockpit requires configuration of a security level for the
### signing mechanism: options "high", "medium" and "low".
### high:
###      public PGP/X.509 keys are stored for verification only
###      all signing will be done externally outside of JOC Cockpit
### medium:
###      a private PGP/X.509 key will be stored for signing
###      signing will be done automatically with the provided key
### low:
###      no keys will be stored
###      signing will be done internally with default keys
###
### This flag controls the security level used. Default low

security_level = low


################################################################################
### Settings for a custom logo file on the login page
### The logo file has to be located in ./jetty_base/webapps/root/ext/images
### Possible units for height are according to
### https://www.w3schools.com/cssref/css_units.asp (default px)
### Possible values for the position are "top" or "bottom" (default=bottom).

custom_logo_name =
custom_logo_height =
custom_logo_position =


################################################################################
### Normally, the user permissions control whether a view such as dashboard,
### workflows, etc. are shown or hidden. Here you can force to show (=true) or
### hide (=false) a view independently of the permissions. If the value is unequal
### true or false then the permissions win.

show_view_dashboard =
show_view_monitor =
show_view_dailyplan =
show_view_workflows =
show_view_filetransfers =
show_view_resources =
show_view_history =
show_view_auditlog =
show_view_configuration =

Logger Settings

SettingSample ValueExplanation
log4j.configurationlog4j2.xml

Specifies the file name of the log4j2 configuration file to be used. This file is expected in the configuration folder ./resources/joc

Database Connection Settings

SettingSample ValueExplanation
hibernate_configuration_filehibernate.cfg.xml

Specifies the path to a hibernate configuration file that holds the connection URL, account and additional settings for the connection to the database.

Controller Connection Settings

SettingSample ValueExplanation
jobscheduler_connection_timeout2

Specifies the time (in seconds) to establish a connection to a Controller.

jobscheduler_socket_timeout5The time (in seconds) waiting for data after the connection to a Controller is established. Technically the setting specifies the maximum duration for inactivity between two data packets.

HTTPS Connection Settings

SettingSample ValueExplanation
https_with_hostname_verificationtrue

Specifies if hostname verification should be performed for HTTPS connections. It is strictly recommended that this setting is enabled.

keystore_pathhttps-keystore.p12

The keystore includes the private key and server certificate created for  outgoing connections to Controllers that request mutual authentication (Client Authentication). If separate certificates should be used for both purposes then consider storing the Client Authentication certificate in the client keystore, see below.

The path is specified relative to the JETTY_BASE/resources/joc directory.

keystore_type

PKCS12The keystore types PKCS12 and JKS are supported.
keystore_passwordjobschedulerThe keystore is protected by a password.
key_passwordjobschedulerThe private keys in the keystore are protected by a password. Note  that for PKCS12 keystores the same password applies to all keys.
truststore_pathhttps-truststore.p12

The truststore includes the public key or certificates for outgoing HTTPS connections (Server Authentication) to Controllers.

The path is specified relative to the JETTY_BASE/resources/joc directory.

truststore_typePKCS12The truststore types PKCS12 and JKS are supported.
truststore_passwordjobschedulerThe truststore is protected by a password.

Custom Logo Settings

SettingSample ValueExplanation
custom_logo_namecompany.pngThe logo file indicated by this name has to be located in ./jetty_base/webapps/root/ext/images
custom_logo_height120pxThe logo height in pixel. Possible units are specified according to: https://www.w3schools.com/cssref/css_units.asp (default px).
custom_logo_positionbottomPossible values for the position are top and bottom

Dashboard Settings

SettingSample ValueExplanation
titlePRIMARY JOC COCKPIT
SECONDARY JOC COCKPIT
Title of the JOC Cockpit Cluster Status widget in the Dashboard view. The default value depends on the installer option for a Primary or Secondary JOC Cockpit instance.
ordering0
1
Order of appearance with JOC Cockpit Cluster Status widget in Dashboard view. An ordering 0 indicates the leftmost occurrence. The default value depends on the installer option for a Primary or Secondary JOC Cockpit instance.

Security Options

SettingSample ValueExplanation
security_levellow

JOC Cockpit is installed for a security level used for signing of deployable objects such as workflows, see JS7 - Deployment of Scheduling Objects

  • high
    • certificates / public keys are stored for verification purposes
    • signing is performed externally, outside of JOC Cockpit
  • medium
    • an individual private key per account is stored for signing purposes
    • signing is performed automatically with the provided key
  • low
    • a single private keys is stored for signing purposes with any accounts
    • signing is performed automatically with keys of the default profile account being applied
  • Note: Changes to the above setting are ignored. Instead, the above setting is applied by the installer for informational purposes only.
  • To modify the security level of JOC Cockpit re-run the installer and select the respective installation option.
  • For details see the JS7 - Security Architecture article.

Jetty Servlet Container

Installation Options

Technically any options for the Jetty Servlet Container can be used as available from the product. The section belowis focused on settings that are added by the JOC Cockpit installer or that preferably are modified by users after installation.

The following example of a JETTY_BASE/start.ini configuration file is created from the installer and can be modified by the user:

Example for Jetty installation options: start.ini
# --------------------------------------- 
# Module: http
# Enables an HTTP connector on the server.
# --------------------------------------- 
--module=http

## Connector host/address to bind to
# jetty.http.host=0.0.0.0

## Connector host/address to bind to
jetty.http.port=4446

# ---------------------------------------
# Module: https
# Adds HTTPS protocol support to the TLS(SSL) Connector
# ---------------------------------------
# --module=https

# ---------------------------------------
# Module: ssl
# Enables a TLS(SSL) Connector on the server.
# ---------------------------------------
# --module=ssl

## Connector host/address to bind to
# jetty.ssl.host=0.0.0.0

## Connector port to listen on
# jetty.ssl.port=4443

## Keystore file path (relative to $jetty.base)
# jetty.sslContext.keyStorePath=resources/joc/https-keystore.p12

## Keystore type (PKCS12, JKS)
# jetty.sslContext.keyStoreType=PKCS12

## Keystore password
# jetty.sslContext.keyStorePassword=jobscheduler

## KeyManager password (same as keystore password for pkcs12 keystore type)
# jetty.sslContext.keyManagerPassword=jobscheduler

## Truststore file path (relative to $jetty.base)
# jetty.sslContext.trustStorePath=resources/joc/https-truststore.p12

## Truststore type (PKCS12, JKS)
# jetty.sslContext.trustStoreType=PKCS12

## Truststore password
# jetty.sslContext.trustStorePassword=jobscheduler

## Client certificate authentication is required
# jetty.sslContext.needClientAuth=false
## Client certificate authentication is desired
# jetty.sslContext.wantClientAuth=true
## The Endpoint Identification Algorithm
## Same as javax.net.ssl.SSLParameters#setEndpointIdentificationAlgorithm(String)
# jetty.sslContext.endpointIdentificationAlgorithm=

HTTP Connection Settings

Options are enabled by use of the --module=http setting.

SettingRequiredSample ValueExplanation
jetty.http.hostnomyhost, 192.168.2.23Specifies the network interface for accessing the JOC Cockpit. A hostname or IP address can be specified. If this setting is omitted then the default value 0.0.0.0 is applied that makes JOC Cockpit accessible by any available network interfaces.
jetty.http.portyes4446

Specifies the port by which JOC Cockpit is accessible for HTTP connections, for example from a user browser.

HTTPS Connection Settings

Options are enabled by use of the --module=https and --module=ssl settings.

Such options are not added by the installer but can be enabled and modified by the user.

SettingRequiredSample ValueExplanation
jetty.ssl.hostnomyhostSpecifies the network interface for accessing the JOC Cockpit. A hostname can be specified that has to match the Common Name for which the JOC Cockpit Server Certificate has been created. If this setting is omitted then the default value 0.0.0.0 is applied that makes JOC Cockpit accessible by any available network interfaces.
jetty.ssl.portyes4443Specifies the port by which JOC Cockpit is accessible for HTTPS connections, for example from a user browser.
jetty.sslContext.keyStorePathyesresources/joc/https-keystore.p12

The keystore includes the private key and server certificate created for incoming HTTPS connections to JOC Cockpit (Server Authentication), for example from user browsers.

The path is specified relative to the JETTY_BASE directory.

jetty.sslContext.keyStoreTypenoPKCS12The keystore types PKCS12 and JKS are supported. If this setting is omitted then the default value of Java is used which is JKS for Java 1.8 and PKCS12 for Java 9 and later.
jetty.sslContext.keyStorePasswordnojobschedulerThe keystore is protected by a password.
jetty.sslContext.keyManagerPasswordnojobschedulerThe private keys in the keystore are protected by a password. Note that for PKCS12 keystores the same password applies to all keys.
jetty.sslContext.trustStorePathyesresources/joc/https-truststore.p12

The truststore includes the public key or certificates for outgoing HTTPS connections (Server Authentication) to LDAP Servers. In addition, the truststore holds the public key or client certificate for connecting to the JOC Cockpit when mutual authentication is in place, see JS7 - Certificate based Authentication.

The path is specified relative to the JETTY_BASE directory.

jetty.sslContext.trustStoreTypenoPKCS12The truststore types PKCS12 and JKS are supported. If this setting is omitted then the default value of Java is used which is JKS for Java 1.8 and PKCS12 for Java 9 and later.
jetty.sslContext.trustStorePasswordnojobschedulerThe truststore is protected by a password.

Certificate Based Authentication Settings

Options are enabled by use of the --module=https and --module=ssl settings.

SettingRequiredSample ValueExplanation
jetty.sslContext.needClientAuthyesfalseIf set to true then a Client Certificate is required. If this setting is false and the wantCientAuth setting is true then users have the option for user account/password based authentication or certificate based authentication.
jetty.sslContext.wantClientAuthyestrue

Specifies the port at which the JOC Cockpit can be accessed by HTTP connections, for example from a user browser.

jetty.sslContext.endpointIdentificationAlgorithmyes
An empty setting is required due to a bug in Jetty 9.4, see https://github.com/eclipse/jetty.project/issues/3466. With later releases of Jetty that fix this bug this setting is not required.