Introduction
Installation, updates and upgrades are performed using the .tar.gz/.zip archives provided for the initial installation of newer releases.
- The JS7 - Installation instructions apply.
- The installation, update and upgrade processes can be automated for environments with a larger number of JOC Cockpit instances, Controllers and Agents.
- Users can apply the Controller Installation Script that is described in this article.
- Users can automate packaging and deployment of Agents, see JS7 - Deployment.
- Users can apply the Controller Installation Script with their preferred tools such as Ansible®, Puppet®, Chef®.
Security
Secure rollout of JS7 products is critical. It is therefore recommended that the solution described here is adjusted to suit specific security needs.
- Rollout of JS7 Controllers is considered critical as the software allows jobs to be executed on a larger number of servers.
- Integrity of the sources for downloads of JS7 products deserves attention.
- This includes intermediate devices on which JS7 software installers are stored in a user's environment.
- It is an option to run the Controller Installation Script from
sudo
and to use the digest functionality that compares the script to a hash value stored with thesudoers
file.
- The solution provided for updating, upgrading and patching JS7 Controllers is based on shell scripting by design:
- to provide readability and to rely on OS commands only,
- to deny the use of any 3rd-party components and additional dependencies that require code to be executed on the machines running Controllers.
- The Controller Installation Script can be integrated in a number of ways:
- by running one's own SSH script on top of the Controller Installation Script,
- by using tools such as Ansible®, Puppet® that make use of an SSH Client,
- by using JS7 workflow automation as explained below.
- It is recommended that a separate Standalone Controller and Agent are used for deployment purposes, for details see JS7 - Deployment.
- Access to the Controller and Agent for rollout should be securely managed.
Controller Installation Script
The Controller Installation Script is provided for download and can be used to automate updates, upgrades and patches of JS7 Controllers.
- The script is available for Linux, MacOS®, AIX®, Solaris® using bash, dash, ksh and zsh POSIX-compatible shells. For AIX®, Solaris® automated installation is supported, automated configuration is not.
- The script can be used to install, update or patch a Controller instance using the installation options. In addition it can be used to configure a Controller instance, for example in case of certificate renewal.
- The script creates
- the
controller_instance.sh
Instance Start Script in the Controller'sbin
directory if no such file exists, - the
controller.service
systemd Service File in the Controller instance'sbin
directory, see JS7 - systemd Service Files for automated Startup and Shutdown with Unix Systems.
- the
- The script terminates with exit code 0 to signal success, with exit code 1 for command line argument errors and with exit code 2 for non-recoverable errors.
- The script is intended as a baseline example for customization by JS7 users and by SOS within the scope of professional services.
- Refer also to information in the JS7 - Controller Command Line Operation article.
Download
Find the Controller Installation Script for download from JS7 - Download.
Usage
Invoking the Controller Installation Script without arguments displays the usage clause:
Usage: js7_install_controller.sh [Options] [Switches] Installation Options: --home=<directory> | required: directory to which the Controller will be be installed --data=<directory> | optional: directory for Controller data files, default: <home>/var --config=<directory> | optional: directory from which the Controller reads configuration files, default: <data>/config --logs=<directory> | optional: directory to which the Controller writes log files, default: <data>/logs --user=<account> | optional: user account for Controller daemon, default: $USER --home-owner=<account[:group]> | optional: account and optionally group owning the home directory, requires root or sudo permissions --data-owner=<account[:group]> | optional: account and optionally group owning the data directory, requires root or sudo permissions --controller-id=<identifier> | optional: Controller ID, default: controller --release=<release-number> | optional: release number such as 2.2.3 for download if --tarball is not used --tarball=<tar-gz-archive> | optional: the path to a .tar.gz archive that holds the Controller installation or patch tarball | if not specified the Controller tarball will be downloaded from the SOS web site --patch=<issue-key> | optional: identifies a patch from a Change Management issue key --patch-jar=<jar-file> | optional: the path to a .jar file that holds the patch --license-key=<key-file> | optional: specifies the path to a license key file to be installed --license-bin=<binary-file> | optional: specifies the path to the js7-license.jar binary file for licensed code to be installed | if not specified the file will be downloaded from the SOS web site --http-port=<port> | optional: specifies the http port the Controller will be operated for, default: 4444 port can be prefixed by network interface, e.g. localhost:4444 --https-port=<port> | optional: specifies the https port the Controller will be operated for port can be prefixed by network interface, e.g. batch.example.com:4444 --pid-file-dir=<directory> | optional: directory to which the Controller writes its PID file, default: <data>/logs --pid-file-name=<file-name> | optional: file name used by the Controller to write its PID file, default: controller.pid --instance-script=<file> | optional: path to the Instance Start Script that will be copied to the Controller, default <home>/bin/<instance-script> --backup-dir=<directory> | optional: backup directory for existing Controller home directory --log-dir=<directory> | optional: log directory for log output of this script --exec-start=<command> | optional: specifies the command to start the Controller, e.g. 'StartService' --exec-stop=<command> | optional: specifies the command to stop the Controller, e.g. 'StopService' --return-values=<file> | optional: specifies a file that receives return values such as the path to a log file Configuration Options: --deploy-dir=<directory> | optional: deployment directory from which configuration files are copied to the Controller --controller-conf=<file> | optional: path to a configuration file that will be copied to <config>/controller.conf --private-conf=<file> | optional: path to a configuration file that will be copied to <config>/private/private.conf --controller-primary-cert=<file> | optional: path to Primary Controller certificate file --controller-secondary-cert=<file> | optional: path to Secondary Controller certificate file --controller-primary-subject=<id> | optional: subject of Primary Controller certificate --controller-secondary-subject=<id> | optional: subject of Secondary Controller certificate --joc-primary-cert=<file> | optional: path to Primary/Standalone JOC Cockpit certificate file --joc-secondary-cert=<file> | optional: path to Secondary JOC Cockpit certificate file --joc-primary-subject=<id> | optional: subject of Primary/Standalone JOC Cockpit certificate --joc-secondary-subject=<id> | optional: subject of Secondary JOC Cockpit certificate --keystore=<file> | optional: path to a PKCS12 keystore file that will be copied to <config>/private/ --keystore-password=<password> | optional: password for access to keystore --keystore-alias=<alias> | optional: alias name for keystore entry --client-keystore=<file> | optional: path to a PKCS12 client keystore file that will be copied to <config>/private/ --client-keystore-password=<pass> | optional: password for access to the client keystore --client-keystore-alias=<alias> | optional: alias name for client keystore entry --truststore=<file> | optional: path to a PKCS12 truststore file that will be copied to <config>/private/ --truststore-password=<password> | optional: password for access to truststore --java-home=<directory> | optional: Java Home directory for use with the Instance Start Script --java-options=<options> | optional: Java Options for use with the Instance Start Script --service-dir=<directory> | optional: systemd service directory, default: /usr/lib/systemd/system --service-file=<file> | optional: path to a systemd service file that will be copied to <home>/bin/ --service-name=<identifier> | optional: name of the systemd service to be created, default js7_controller_<controller-id> Switches: -h | --help | displays usage --force-sudo | forces use of sudo for operations on directories --active | makes Controller instance the default active node in a Controller Cluster --standby | makes Controller instance the default standby node in a Controller Cluster --no-install | skips Controller installation, performs configuration updates only --uninstall | uninstalls Controller --service-selinux | use SELinux version of systemd service file --show-logs | shows log output of the script --make-dirs | creates the specified directories if they do not exist --make-service | creates the systemd service for the Controller --move-libs | moves an existing Controller's lib directory instead of removing the directory --remove-journal | removes an existing Controller's state directory that holds the journal --restart | stops a running Controller and starts the Controller after installation --fail-over | performs fail-over in Controller Cluster if used with the --restart switch --cancel | cancels a running Controller if used with the --restart switch
Installation Options
--home
- Specifies the directory in which the Controller should be installed.
--data
- Specifies the directory in which the Controller data such as configuration files should be stored.
- If this option is omitted then the
<home>/var
directory will be used, see option--home
.
--config
- Specifies the directory from which the Controller reads configuration files.
- By default the
<data>/config
directory is used, see option--data
.
--logs
- Specifies the directory to which the Controller stores log files.
- By default the
<data>/logs
directory is used, see option--data
.
--user
- Specifies the user account for the Controller daemon.
- By default the account of the user running the Controller Installation Script is used.
- Should the the home or data directory be owned by an account that is different from the one running the Controller Installation Script then consider use of the
--home-owner
and--data-owner
options.
--home-owner
- Optionally specifies the user account and group that should own the home directory. By default the home directory is created and owned by the current user account.
- Syntactically a user account and optionally a group can be specified, for example
--home-owner=sos
or--home-owner=sos:sos
. If the group is not specified then a group with the name of the user account is assumed. - Use of this option requires
sudo
permissions for the user account that runs the Controller Installation Script.
--data-owner
- Optionally specifies the user account and group that should own the data directory. By default the data directory is created and owned by the current user account.
- Syntactically a user account and optionally a group can be specified, for example
--data-owner=sos
or--data-owner=sos:sos
. If the group is not specified then a group with the name of the user account is assumed. - Use of this option requires
sudo
permissions for the user account that runs the Controller Installation Script.
--controller-id
- Specifies the Controller ID, a unique identifier of the Controller installation. If more than one Controller should be registered with JOC Cockpit then they have to use different Controller IDs.
- If two Controller instances should work in a Cluster then they have to use the same Controller ID.
--release
- Specifies a release number such as 2.3.1 for download from the SOS web site if the
--tarball
option is not used.
- Specifies a release number such as 2.3.1 for download from the SOS web site if the
--tarball
- Optionally specifies the path to a .tar.gz file that holds the Controller installation or patch files. If this option is not used the installation or patch tarball will be downloaded from the SOS web site for the release indicated with the
--release
option. - Download is performed with
curl
that considershttp_proxy
andhttps_proxy
environment variables and settings from a.curlrc
file.
- Optionally specifies the path to a .tar.gz file that holds the Controller installation or patch files. If this option is not used the installation or patch tarball will be downloaded from the SOS web site for the release indicated with the
--patch
- A patch is identified by an issue key in the Change Management System, for example JS-1984.
- Patches are downloaded from the SOS web site if the
--tarball
option is not used. - Patches are added to the Controller's
<home>/lib/patches
directory. Note that thepatches
sub-directory will be emptied when updating a Controller installation later on. - If a backup directory is specified then a Controller's existing installation directory will be added to a .tar.gz backup file in this directory.
--patch-jar
- Optionally specifies the path to a .jar file that holds the patch if a patch is provided in this format.
--license-key
- Optionally the path to a license key file is specified. Customers with a Commercial License receive the license key file from SOS in .pem or .crt format.
- For details see JS7 - How to apply a JS7 License Key.
--license-bin
- Optionally the path to the
js7-license.jar
binary file is specified that includes code that is available for use with a Commercial License only, see JS7 - How to apply a JS7 License Key. - Should this option be omitted and a license key file be specified with the
--license-key
option then the binary file is downloaded from the SOS Web Site, see JS7 - Download.
- Optionally the path to the
--http-port
- Specifies the HTTP port that the Controller is operated for. The default value is
4444
. The HTTP port is used to specify the value of theJS7_CONTROLLER_HTTP_PORT
environment variable in the Controller Instance Start Script. - The port can be prefixed by the network interface, for example
localhost:4444
. - When used with the
--restart
switch the HTTP port is used to identify if the Controller instance is running.
- Specifies the HTTP port that the Controller is operated for. The default value is
--https-port
- Specifies the HTTPS port that the Controller is operated for. The HTTPS port is specified in the Controller Instance Start Script typically available from
./bin/controller_instance.sh
. with the environment variableJS7_CONTROLLER_HTTPS_PORT
. Use of HTTPS requires a keystore and truststore to be present, see--keystore
and--truststore
options. - The port can be prefixed by the network interface, for example
batch.example.com:4444
.
- Specifies the HTTPS port that the Controller is operated for. The HTTPS port is specified in the Controller Instance Start Script typically available from
--pid-file-dir
- Specifies the directory to which the Controller stores its PID file. By default the
<data>/logs
directory is used. - When using SELinux then it is recommended to specify and to create the
/var/run/js7
directory, see JS7 - How to install for SELinux.
- Specifies the directory to which the Controller stores its PID file. By default the
--pid-file-name
- Specifies the name of the PID file. By default the file name
controller.pid
is used. - The PID file is created in the directory specified by the
--pid-file-dir
option.
- Specifies the name of the PID file. By default the file name
--instance-script
- Specifies the path to a script that acts as the Instance Start Script and that is copied to the
bin
directory. Typically the namecontroller_instance.sh
. is used. Users are free to choose any name for the script. The script has to be executable for the Controller daemon, see--user
. Permissions of the script are not changed by the Controller Installation Script. - The Controller Installation Script will perform replacements in the Instance Start Script template for known placeholders such as
<JS7_CONTROLLER_USER>
, for details see./bin/controller_instance.sh-example
.
- Specifies the path to a script that acts as the Instance Start Script and that is copied to the
--backup-dir
- If a backup directory is specified then an Controller's existing installation directory will be added to a .tar.gz file in this directory.
- File names are created according to the pattern:
backup_js7_controller.<hostname>.<release>.<yyyy>-<MM>-<dd>T<hh>-<mm>-<ss>.tar.gz
- For example:
backup_js7_controller.centostest_primary.2.3.1.2022-03-19T20-50-45.tar.gz
- For example:
- A backup is intended to restore files in the Controller's installation directory, not in its data directory, see
--data
. The purpose of a backup is to restore files that are replaced by the Controller Installation Script, its purpose is not to restore a Controller installation that otherwise is corrupted or removed. No backup will be taken if one of the--uninstall
options is used.
--log-dir
- If a log directory is specified then the Controller Installation Script will write information about processing steps to a log file in this directory.
- File names are created according to the pattern:
install_js7_controller.<hostname>.<yyyy>-<MM>-<dd>T<hh>-<mm>-<ss>.log
- For example:
install_js7_controller.centostest_primary.2022-03-19T20-50-45.log
--exec-start
- This option can be used should the Controller be started after installation. For example, when using systemd then the option
--exec-start=
"StartService"
will start the Controller service provided that the related systemd service has been created manually or by use of the--make-service
switch. Alternatively users can specify individual commands, for example--exec-start="sudo systemctl start js7_controller"
. - For systemd service files see the JS7 - systemd Service Files for automated Startup and Shutdown with Unix Systems article.
- This option is an alternative to the use of the -
-restart
switch which starts the Controller from its Instance Start Script. If specified this option will overrule the --restart
switch.
- This option can be used should the Controller be started after installation. For example, when using systemd then the option
--exec-stop
- This option can be used should the Controller be stopped before installation. For example, when using systemd then the option
--exec-stop="StopService"
will stop the Controller service provided that the related systemd service has been created manually or by use of the--make-service
switch. Alternatively users can specify individual commands, for example--exec-stop="sudo systemctl stop js7_controller"
. - For systemd service files see the JS7 - systemd Service Files for automated Startup and Shutdown with Unix Systems article.
- This option is an alternative to the use of the -
-restart
switch which stops the Controller from its Instance Start Script. If specified this option will overrule the--restart
switch.
- This option can be used should the Controller be stopped before installation. For example, when using systemd then the option
--return-values
- Optionally specifies the path to a file to which return values will be added in the format
<name>=<key>
. For example:log_file=install_js7_controller.centostest_primary.2022-03-20T04-54-31.log
backup_file=backup_js7_controller.centostest_primary.2.3.1.2022-03-20T04-54-31.tar.gz
- Any existing file will be overwritten. It is recommended that a unique file name such as
/tmp/return.$$.$RANDOM.properties
. is used. - A value from the file can be retrieved like this:
backup=$(cat /tmp/return.$$.$RANDOM.properties | grep "backup_file" | cut -d'=' -f2)
- Optionally specifies the path to a file to which return values will be added in the format
Configuration Options
--deploy-dir
- Specifies the path to a deployment directory that holds configuration files and sub-directories that will be copied to the
<config>
directory. A deployment directory allows to manage central copies of configuration files such ascontroller.conf
,private.conf
,log4j2.xml
etc. - Use of a deployment directory has lower precedence as files can be overwritten by individual options such as
--controller-conf
,--private-conf
etc.
- Specifies the path to a deployment directory that holds configuration files and sub-directories that will be copied to the
--controller-conf
- Specifies the path to a configuration file for global JS7 - Controller Configuration Items. The file will be copied to the
<config>/controller.conf
file. - Any file name can be used as a value of this option, however, the target file name
controller.conf
will be used.
- Specifies the path to a configuration file for global JS7 - Controller Configuration Items. The file will be copied to the
--private-conf
- Specifies the path to a configuration file for private JS7 - Controller Configuration Items. The file will be copied to the
<config>/private/private.conf
file. - Any file name can be used as a value of this option, however, the target file name
private.conf
will be used. - Users have a choice how to provide the required configuration:
- Download the private.conf-template-controller template, the Controller Installation Script performs replacements of placeholders in the template file from option values, for details see chapter Replacements.
- Users can manually adjust configuration items in their version of the
private.conf
file that they specify for the Controller Installation Script, see JS7 - Controller Configuration Items.
- Specifies the path to a configuration file for private JS7 - Controller Configuration Items. The file will be copied to the
--controller-primary-cert
- Specifies the path to the SSL/TLS certificate of the Primary Controller Instance. The Controller Installation Script extracts the distinguished name from the given certificate and adds it to the Controller's
private.conf
file to allow HTTPS connections from the pairing Controller in a cluster using mutual authentication without the need for passwords. - This option is used alternatively to
--controller-primary-subject
.
- Specifies the path to the SSL/TLS certificate of the Primary Controller Instance. The Controller Installation Script extracts the distinguished name from the given certificate and adds it to the Controller's
--controller-secondary-cert
- Corresponds to the
--controller-primary-cert
setting and is used for the Secondary Controller Instance. - This option is used alternatively to
--controller-secondary-subject
.
- Corresponds to the
--controller-primary-subject
- Specifies the subject (distinguished name) of the SSL/TLS certificate of the Primary Controller Instance. The Controller Installation Script adds the distinguished name to the Controller's
private.conf
file to allow HTTPS connections from the pairing Controller in a cluster using mutual authentication without the need for passwords. - A certificate's subject can be extracted for example using the command:
openssl x509 -in controller.crt -noout -nameopt RFC2253 -subject
- This option is used alternatively to
--controller-primary-cert
.
- Specifies the subject (distinguished name) of the SSL/TLS certificate of the Primary Controller Instance. The Controller Installation Script adds the distinguished name to the Controller's
--controller-secondary-subject
- Corresponds to the
--controller-primary-subject
setting and is used for the Secondary Controller Instance. - This option is used alternatively to
--controller-secondary-cert
.
- Corresponds to the
--joc-primary-cert
- Specifies the subject (distinguished name) of the SSL/TLS certificate of the Primary/Standalone JOC Cockpit Instance. The Controller Installation Script adds the distinguished name to the Controller's
private.conf
file to allow HTTPS connections from the JOC Cockpit instance using mutual authentication without the need for passwords. - A certificate's subject can be extracted for example using the command:
openssl x509 -in joc.crt -noout -nameopt RFC2253 -subject
- This option is used alternatively to
--joc-primary-subject
.
- Specifies the subject (distinguished name) of the SSL/TLS certificate of the Primary/Standalone JOC Cockpit Instance. The Controller Installation Script adds the distinguished name to the Controller's
--joc-secondary-cert
- Corresponds to the
--joc-primary-cert
setting and is used for the Secondary JOC Cockpit Instance. - This option is used alternatively to
--joc-secondary-subject
.
- Corresponds to the
--joc-primary-subject
- Specifies the path to the SSL/TLS certificate of the Primary/Standalone JOC Cockpit Instance. The Controller Installation Script extracts the distinguished name from the given certificate and adds it to the Controller's
private.conf
file to allow HTTPS connections from the JOC Cockpit instance using mutual authentication without the need for passwords. - This option is used alternatively to
--joc-primary-cert
.
- Specifies the path to the SSL/TLS certificate of the Primary/Standalone JOC Cockpit Instance. The Controller Installation Script extracts the distinguished name from the given certificate and adds it to the Controller's
--joc-secondary-subject
- Corresponds to the
--joc-primary-subject
setting and is used for the Secondary JOC Cockpit Instance. - This option is used alternatively to
--joc-secondary-cert
.
- Corresponds to the
--keystore
- Specifies the path to a PKCS12 keystore file that holds the private key and certificate for HTTPS connections to the Controller.
- Users are free to specify any file name, typically the name
https-keystore.p12
is used. The keystore file will be copied to the<config>/private
directory. - If a keystore file is made available then the Controller's
<config>/private/private.conf
file has to hold a reference to the keystore location and optionally the keystore password. It is therefore recommended to use the--private-conf
option to deploy an individualprivate.conf
file that holds settings related to a keystore. - For automating the creation of keystores see JS7 - How to add SSL TLS Certificates to Keystore and Truststore.
--keystore-password
- Specifies the password for access to the keystore. Use of a keystore password is required.
- Consider use of quotes when specifying the password.
--keystore-alias
- If a keystore holds more than one private key, for example if separate pairs of private keys/certificates for server authentication and client authentication exist, then it is not determined which private key/certificate will be used. The alias name of a given private key/certificate is specified when the entry is added to the keystore. The alias name allows to indicate a specific private key/certificate to be used.
--client-keystore
- Use of this setting is optional. It can be used if separate certificates for Server Authentication and Client Authentication are used.
- The Client Authentication private key and certificate can be added to a client keystore. The location and configuration of a client keystore correspond to the
--keystore
option.
--client-keystore-password
- Specifies the password for access to the client keystore. Use of a client keystore password is required if a client keystore is used.
- Consider explanations for the
--keystore-password
option.
--client-keystore-alias
- If a client keystore holds more than one private key, for example if a number of private keys/certificates for client authentication exist, then it is not determined which private key/certificate will be used.
- Consider explanations for the
--keystore-alias
option.
--truststore
- Specifies the path to a PKCS12 truststore file that holds the certificate(s) for HTTPS connections to the Controller using mutual authentication .
- Users are free to specify any file name, typically the name
https-truststore.p12
is used. The truststore file will be copied to the<config>/private
directory. - If a truststore file is made available then the Controller's
<config>/private/private.conf
file has to hold a reference to the truststore location and optionally the truststore password. It is therefore recommended to use the--private-conf
option to deploy an individualprivate.conf
file that holds settings related to a truststore. - For automating the creation of truststores see JS7 - How to add SSL TLS Certificates to Keystore and Truststore.
--truststore-password
- Specifies the password for access to the truststore. Use of a password is recommended as it is not primarily intended to protect access to the truststore. The password is intended to allow verification that truststore entries have been added using the same password.
- Consider use of quotes when specifying the password.
--java-home
- Specifies the Java home directory that will be made available to the Controller from the
JAVA_HOME
environment variable specified with the Controller Instance Start Script typically available from./bin/controller_instance.sh
.
- Specifies the Java home directory that will be made available to the Controller from the
--java-options
- Specifies the Java options that will be made available to the Controller from the
JAVA_OPTIONS
environment variable specified with the Controller Instance Start Script typically available from./bin/controller_instance.sh
. - Java options can be used for example to specify Java heap space settings for the Ccontroller.
- If more than one Java option is used then the value has to be quoted, for example
--java-options="-Xms256m -Xmx512m"
.
- Specifies the Java options that will be made available to the Controller from the
--service-dir
- Specifies the systemd service directory to which the Controller's service file will be copied if the
--make-service
switch is used. - By default the
/usr/lib/systemd/system
directory will be used. Users can specify an alternative location.
- Specifies the systemd service directory to which the Controller's service file will be copied if the
--service-file
- Specifies the path to a systemd service file that is copied to the Controller's
<home>/bin
directory. - Users are free to choose any file name as a template for the service file. The resulting service file name will be
controller.service
. - The Controller Installation Script will not perform replacements in the service file to update paths etc., for details see
./bin/controller.service-example.
- Specifies the path to a systemd service file that is copied to the Controller's
--service-name
- Specifies the name of the systemd service that will be created if the
--make-service
switch is used. - By default the service name
js7_controller
will be used.
- Specifies the name of the systemd service that will be created if the
Switches
-h | --help
- Displays usage.
--force-sudo
- Specifies that
sudo
is used when performing operations on directories. This switch is required if the home or data directory is not owned by the user account running the Controller Installation Script.
- Specifies that
--active
- Specifies that the Controller instance should act as the active node in a Controller Cluster during initial operation.
--standby
- Specifies that the Controller instance should act as the standby node in a Controller Cluster during initial operation.
--no-install
- Specifies if the Installation Script should be used to update configuration items without changes to the binary files of the installation.
In fact no installation is performed but configuration changes as for example specified with the--keystore
option will be applied.
- Specifies if the Installation Script should be used to update configuration items without changes to the binary files of the installation.
--uninstall
- Uninstalls the Controller including the steps to stop & remove a running Controller service and to remove the
<home>
and<data>
directories.
- Uninstalls the Controller including the steps to stop & remove a running Controller service and to remove the
--service-selinux
- Updates the systemd service file for compliance with SELinux, see JS7 - How to install for SELinux.
--show-logs
- Displays the log output created by the script if the
--log-dir
option is used.
- Displays the log output created by the script if the
--make-dirs
- If directories are missing that are indicated with the
--home
,--backup-dir
or--log-dir
options then they will be created.
- If directories are missing that are indicated with the
--make-service
- Specifies that a systemd service should be created for the Controller. The service will be created from the
--service-name
option or its default value.
- Specifies that a systemd service should be created for the Controller. The service will be created from the
--move-libs
- For an existing Controller installation the
lib
sub-directory includes .jar files that carry the release number in their file names. If replaced by a newer version thelib
directory has to be moved or removed. This switch tries to move the directory to a previous version number as indicated from the.version
file in the Controller's home directory. For example, to renamelib
tolib.2.3.1
. - Files in the
lib/user_lib
sub-directory are preserved.
- For an existing Controller installation the
--remove-journal
- If a Controller has been installed for the wrong operating mode (standalone, clustered) then the Controller's journal in the
JS7_CONTROLLER_DATA/state
directory can be removed. This operation removes any orders submitted to a Controller and Agents. It requires the Agents to be re-registered to the Controller.
- If a Controller has been installed for the wrong operating mode (standalone, clustered) then the Controller's journal in the
--restart
- Stops a running Controller before installation and starts the Controller after installation using the Controller's Instance Start Script. This switch can be used with the
--fail-over
and--cancel
switches to control fail-over. This switch is ignored if the--exec-start
and--exec-stop
options are used.
- Stops a running Controller before installation and starts the Controller after installation using the Controller's Instance Start Script. This switch can be used with the
--fail-over, --abort
- Performs fail-over in a Controller Cluster if used with the
--restart
switch. - Starting from release 2.7.2, the
--fail-over
switch is available, the--abort
switch is an alias used by previous releases.
- Performs fail-over in a Controller Cluster if used with the
--cancel, --kill
- Forcibly terminates a running Controller if used with the
--restart
switch. In a Controller Cluster fail-over will be performed. - Starting from release 2.7.2, the
--cancel
switch is available, the--kill
switch is an alias used by previous releases.
- Forcibly terminates a running Controller if used with the
Exit Codes
1
: argument errors2
: non-recoverable errors3
: this exit code is returned when used with the--restart
switch and if it cannot be identified whether a Controller instance is running4
: this exit code is returned if no--tarball
option is used and download of the tarball reports errors5
: this exit code is returned when used with the--restart
switch and if the Controller instance cannot be started6
: this exit code is returned when used with the--restart
switch and if the Controller instance cannot be stopped7
: this exit code indicates that the Controller systemd service could not be started or stopped when using the--exec-start="StartService"
or--exec-stop="StopService"
options.
Replacements
The Controller Installation Script performs replacements of placeholders in installation files and configuration files by option values, for details see chapter Replacements.
Examples
The following examples illustrate typical use cases. Users should consider to specify current releases, see JS7 - Download.
Install or Update from Download
./js7_install_controller.sh \ --release=2.5.2 \ --home=/home/sos/controller \ --controller-id=controller \ --http-port=4444 \ --make-dirs # downloads the Controller release tarball from the SOS Web Site # creates the home directory if it does not exist # specifies the Controller ID that is a unique identifier: # in a Controller Cluster all Controller instances use the same Controller ID # for Standalone Controller instances each instance requires a unique Controller ID # extracts the tarball to the Controller's home directory # operates the Controller for HTTP port 4444
Install or Update from Tarball
curl 'https://download.sos-berlin.com/JobScheduler.2.5/js7_controller_unix.2.5.2.tar.gz' \ -o /tmp/js7_controller_unix.2.5.2.tar.gz ./js7_install_controller.sh \ --tarball=/tmp/js7_controller_unix.2.5.2.tar.gz \ --home=/home/sos/controller \ --controller-id=controller \ --http-port=4444 \ --make-dirs # downloads the release tarball from the SOS Web Site using curl # creates the home directory if it does not exist # specifies the Controller ID that is a unique identifier: # in a Controller Cluster all Controller instances use the same Controller ID # for Standalone Controller instances each instance requires a unique Controller ID # extracts the tarball to the Controller's home directory # operates the Controller for HTTP port 4444
Install or Update for Secondary Controller Instance in a Cluster
curl 'https://download.sos-berlin.com/JobScheduler.2.5/js7_controller_unix.2.5.2.tar.gz' \ -o /tmp/js7_controller_unix.2.5.2.tar.gz ./js7_install_controller.sh \ --tarball=/tmp/js7_controller_unix.2.5.2.tar.gz \ --home=/opt/sos-berlin.com/js7/controller \ --controller-id=controller \ --http-port=4444 \ --standby \ --make-dirs # downloads the Controller release tarball from the SOS Web Site using curl # specifies the Controller ID that is used by all instances in the Controller Cluster # puts the Controller instance to initial standby mode for use in a cluster, the following applies for cluster setup: # the Primary Controller instance is not configured for standby mode # the Secondary Controller instance is configured for standby mode # creates the home directory if it does not exist # extracts the tarball to the Controller's home directory # populates the data directory from initial configuration files # operates the Controller for HTTP port 4444
Install or Update for separate Home and Data Directories
curl 'https://download.sos-berlin.com/JobScheduler.2.5/js7_controller_unix.2.5.2.tar.gz' \ -o /tmp/js7_controller_unix.2.5.2.tar.gz ./js7_install_controller.sh \ --tarball=/tmp/js7_controller_unix.2.5.2.tar.gz \ --home=/opt/sos-berlin.com/js7/controller \ --data=/var/sos-berlin.com/js7/controller \ --controller-id=controller \ --http-port=4444 \ --make-dirs # downloads the Controller release tarball from the SOS Web Site using curl # suggests use of separate home and data directories for configuration data, log data etc. # creates the home and data directories if they do not exist # extracts the tarball to the Controller's home directory # populates the data directory from initial configuration files # operates the Controller for HTTP port 4444
Install or Update owning Home and Data Directories to separate Accounts
curl 'https://download.sos-berlin.com/JobScheduler.2.5/js7_controller_unix.2.5.2.tar.gz' \ -o /tmp/js7_controller_unix.2.5.2.tar.gz ./js7_install_controller.sh \ --tarball=/tmp/js7_controller_unix.2.5.2.tar.gz \ --home=/opt/sos-berlin.com/js7/controller \ --data=/var/sos-berlin.com/js7/controller \ --user=sos2 \ --home-owner=sos1:sos1 \ --data-owner=sos2:sos2 \ --controller-id=controller \ --http-port=4444 \ --make-dirs # downloads the Controller release tarball from the SOS Web Site using curl # suggests use of separate home and data directories for configuration data, log data etc. # creates the home and data directories if they do not exist # extracts the tarball to the Controller's home directory # populates the data directory from initial configuration files # owns the home and data directories to separate user accounts and groups # specifies the 'sos2' run-time account with write access to the data directory # requires to be executed by the root account or by an account with sudo permissions # operates the Controller for HTTP port 4444
Install or Update from Download with Commercial License
./js7_install_controller.sh \ --release=2.5.2 \ --home=/home/sos/controller \ --controller-id=controller \ --http-port=4444 \ --license-key=/home/sos/controller-deployment/example.pem \ --make-dirs # downloads the Controller release tarball from the SOS Web Site # downloads the binary file for licensed code to enable cluster operations # creates the home directory if it does not exist # extracts the tarball to the Controller's home directory # installs the license key file and binary file for licensed code # operates the Controller for HTTP port 4444
Install or Update from Tarball with Commercial License
curl 'https://download.sos-berlin.com/JobScheduler.2.5/js7_controller_unix.2.5.2.tar.gz' \ -o /tmp/js7_controller_unix.2.5.2.tar.gz curl 'https://download.sos-berlin.com/JobScheduler.2.5/js7-license.jar' \ -o /tmp/js7-license.jar ./js7_install_controller.sh \ --tarball=/tmp/js7_controller_unix.2.5.2.tar.gz \ --home=/home/sos/controller \ --controller-id=controller \ --http-port=4444 \ --license-key=/home/sos/controller-deployment/example.pem \ --license-bin=/tmp/js7-license.jar \ --make-dirs # downloads the release tarball from the SOS Web Site using curl # downloads the binary file for licensed code to enable cluster operations # creates the home directory if it does not exist # extracts the tarball to the Controller's home directory # installs the license key file and binary file for licensed code # operates the Controller for HTTP port 4444
Install or Update and Stop/Start using systemd
curl 'https://download.sos-berlin.com/JobScheduler.2.5/js7_controller_unix.2.5.2.tar.gz' \ -o /tmp/js7_controller_unix.2.5.2.tar.gz ./js7_install_controller.sh \ --tarball=/tmp/js7_controller_unix.2.5.2.tar.gz \ --home=/home/sos/controller \ --controller-id=controller \ --http-port=4444 \ --exec-start=StartService \ --exec-stop=StopService \ --make-service \ --make-dirs # downloads the release tarball from the SOS Web Site using curl # extracts the tarball to the Controller's home directory # creates the Controller's systemd service # stops and starts the Controller's systemd service # operates the Controller for HTTP port 4444
Install or Update and Stop/Start using individual Commands
curl 'https://download.sos-berlin.com/JobScheduler.2.5/js7_controller_unix.2.5.2.tar.gz' \ -o /tmp/js7_controller_unix.2.5.2.tar.gz ./js7_install_controller.sh \ --tarball=/tmp/js7_controller_unix.2.5.2.tar.gz \ --home=/home/sos/controller \ --controller-id=jobscheduler \ --http-port=4444 \ --exec-start="sudo systemctl start js7_controller_jobscheduler" \ --exec-stop="sudo systemctl stop js7_controller_jobscheduler" \ --make-dirs # downloads the release tarball from the SOS Web Site using curl # extracts the tarball to the Controller's home directory # stops and starts the Controller instance by use of individual commands # operates the Controller for HTTP port 4444
Install or Update and Stop/Start using Instance Start Script
curl 'https://download.sos-berlin.com/JobScheduler.2.5/js7_controller_unix.2.5.2.tar.gz' \ -o /tmp/js7_controller_unix.2.5.2.tar.gz ./js7_install_controller.sh \ --tarball=/tmp/js7_controller_unix.2.5.2.tar.gz \ --home=/home/sos/controller \ --controller-id=controller \ --http-port=4444 \ --restart \ --make-dirs # downloads the release tarball from the SOS Web Site using curl # extracts the tarball to the Controller's home directory # stops and starts the Controller from its instance start script <home>/bin/controller_instance.sh # operates the Controller for HTTP port 4444
Install or Update using Java Home and Java Options
curl 'https://download.sos-berlin.com/JobScheduler.2.5/js7_controller_unix.2.5.2.tar.gz' \ -o /tmp/js7_controller_unix.2.5.2.tar.gz ./js7_install_controller.sh \ --tarball=/tmp/js7_controller_unix.2.5.2.tar.gz \ --home=/home/sos/controller \ --controller-id=controller \ --http-port=4444 \ --java-home=/opt/java/jdk-17.0.2 \ --java-options="-Xmx512m -Xms256m" \ --restart \ --make-dirs # downloads the release tarball from the SOS Web Site using curl # extracts the tarball to the Controller's home directory # specifies the Java version and Java options to be used # stops and starts the Controller from its instance start script <home>/bin/controller_instance.sh # operates the Controller for HTTP port 4444
Install or Update with Return Values
curl 'https://download.sos-berlin.com/JobScheduler.2.5/js7_controller_unix.2.5.2.tar.gz' \ -o /tmp/js7_controller_unix.2.5.2.tar.gz retval=/tmp/js7_install_controller.$$.tmp ./js7_install_controller.sh \ --tarball=/tmp/js7_controller_unix.2.5.2.tar.gz \ --home=/home/sos/controller \ --controller-id=controller \ --http-port=4444 \ --backup-dir=/tmp/backups \ --log-dir=/tmp/logs \ --return-values=$retval \ --exec-start=StartService \ --exec-stop=StopService \ --make-service \ --make-dirs log_file=$(cat $retval | grep "log_file" | cut -d'=' -f2) backup_file=$(cat $retval | grep "backup_file" | cut -d'=' -f2) # downloads the release tarball from the SOS Web Site using curl # creates a backup archive and log file # extracts the tarball to the Controller's home directory # provides return values from a temporary file which includes the path to the log file and to the backup archive # stops and starts the Controller from its systemd service # operates the Controller for HTTP port 4444
Install or Update with Fallback
curl 'https://download.sos-berlin.com/JobScheduler.2.5/js7_controller_unix.2.5.2.tar.gz' \ -o /tmp/js7_controller_unix.2.5.2.tar.gz retval=/tmp/js7_install_controller.$$.tmp ./js7_install_controller.sh \ --tarball=/tmp/js7_controller_unix.2.5.2.tar.gz \ --home=/home/sos/controller \ --controller-id=controller \ --http-port=4444 \ --backup-dir=/tmp/backups \ --log-dir=/tmp/logs \ --return-values=$retval \ --restart \ --show-logs \ --make-dirs || ( backup=$(cat $retval | grep "backup_file" | cut -d'=' -f2 ) \ && ( test -e "$backup" ) && \ ./js7_install_controller.sh \ --tarball=$backup \ --home=/home/sos/controller \ --controller-id=controller \ --http-port=4444 \ --log-dir=/tmp/logs \ --restart \ --show-logs ) log_file=$(cat $retval | grep "log_file" | cut -d'=' -f2) backup_file=$(cat $retval | grep "backup_file" | cut -d'=' -f2) # downloads the release tarball from the SOS Web Site using curl # creates a backup archive and log file # extracts the tarball to the Controller's home directory # reverts the installation from the backup archive in case of failure # stops and starts the Controller from its instance start script <home>/bin/controller_instance.sh # operates the Controller for HTTP port 4444
Install or Update and Apply Certificates for HTTPS Connections
curl 'https://download.sos-berlin.com/JobScheduler.2.5/js7_controller_unix.2.5.2.tar.gz' \ -o /tmp/js7_controller_unix.2.5.2.tar.gz ./js7_install_controller.sh \ --tarball=/tmp/js7_controller_unix.2.5.2.tar.gz \ --home=/home/sos/controller \ --controller-id=controller \ --http-port=localhost:4444 \ --https-port=batch.example.com:4444 \ --private-conf=/home/sos/controller-deployment/private.conf-template-controller \ --controller-secondary-cert=/home/sos/controller-deployment/centostest-secondary.crt \ --joc-primary-cert=/home/sos/controller-deployment/centostest-primary.crt \ --joc-secondary-cert=/home/sos/controller-deployment/centostest-secondary.crt \ --keystore=/home/sos/controller-deployment/https-keystore.p12 \ --keystore-password="jobscheduler" \ --truststore=/home/sos/controller-deployment/https-truststore.p12 \ --truststore-password="jobscheduler" \ --exec-start=StartService \ --exec-stop=StopService \ --make-service \ --make-dirs # downloads the release tarball from the SOS Web Site using curl # extracts the tarball to the Controller's home directory # specifies HTTP port 4444 on the localhost network interface and the same HTTPS port on the server network interface # specifies the path to the Secondary Controller's server certificate used by the Primary Controller instance if a Controller Cluster is used # a Primary Controller instance requires the server certificate of the Secondary Controller instance # a Secondary Controller instance requires the server certificate of the Primary Controller instance # for a Standalone Controller both --controller-primary-cert and --controller-secondary-cert options are omitted # specifies the paths to the Primary and Secondary JOC Cockpit's server certificates if a JOC Cockpit Cluster is used # for a Standalone JOC Cockpit the --joc-secondary-cert option is omitted # deploys the Controller private configuration file which holds references to keystore and truststore # deploys keystore and truststore files # stops and starts the Controller's systemd service
Note:
- For details about certificates and HTTPS connections see JS7 - Controller HTTPS Connections.
- The
private.conf
configuration file holds references to the JOC Cockpit's certificate in order to verify the connection from JOC Cockpit using HTTPS mutual authentication. - Users have a choice how to provide the required configuration:
- Download the private.conf-template-controller template, the Controller Installation Script performs replacements of placeholders in the template file from option values, for details see chapter Replacements.
- Users can manually adjust configuration items in their version of the
private.conf
file that they specify for the Controller Installation Script, see JS7 - Controller Configuration Items.
Renew Certificates for HTTPS Connections
./js7_install_controller.sh \ --home=/home/sos/controller \ --controller-id=controller \ --http-port=localhost:4444 \ --https-port=batch.example.com:4444 \ --private-conf=/home/sos/controller-deployment/private.conf-template-controller \ --controller-secondary-cert=/home/sos/controller-deployment/centostest-secondary.crt \ --joc-primary-cert=/home/sos/controller-deployment/centostest-primary.crt \ --joc-secondary-cert=/home/sos/controller-deployment/centostest-secondary.crt \ --keystore=/home/sos/controller-deployment/https-keystore.p12 \ --keystore-password="jobscheduler" \ --truststore=/home/sos/controller-deployment/https-truststore.p12 \ --truststore-password="jobscheduler" \ --exec-start=StartService \ --exec-stop=StopService \ --no-install # performs no installation but certificate renewal only # addresses an existing Controller instance operated for HTTP port 4444 on the localhost network interface and the same HTTPS port on the server network interface # specifies the path to the Secondary Controller's server certificate used by the Primary Controller instance if a Controller Cluster is used # a Primary Controller instance requires the server certificate of the Secondary Controller instance # a Secondary Controller instance requires the server certificate of the Primary Controller instance # for a Standalone Controller both --controller-primary-cert and --controller-secondary-cert options are omitted # specifies the paths to the Primary and Secondary JOC Cockpit's server certificates if a JOC Cockpit Cluster is used # for a Standalone JOC Cockpit the --joc-secondary-cert option is omitted # deploys a Controller private configuration file that holds references to keystore and truststore # deploys keystore and truststore files # stops and starts the Controller's systemd service
Start Controller
./js7_install_controller.sh \ --home=/home/sos/controller \ --controller-id=controller \ --exec-start=StartService \ --exec-stop=StopService \ --no-install # stops the Controller's systemd service if the Controller is running # starts the Controller's systemd service
Stop Controller
./js7_install_controller.sh \ --home=/home/sos/controller \ --controller-id=controller \ --exec-stop=StopService \ --no-install # stops the Controller's systemd service if the Controller is running
Patch from Download
./js7_install_controller.sh \ --release=2.2.3 \ --patch=JS-1984 \ --home=/home/sos/controller \ --controller-id=controller \ --exec-start=StartService \ --exec-stop=StopService # downloads the patch tarball from the SOS Web Site # extracts the patch tarball to the Controller's home directory # stores the patch files to the Controller's <home>/lib/patches sub-directory # stops and starts the Controller's systemd service
Patch from Tarball
curl 'https://download.sos-berlin.com/patches/2.2.3-patch/js7_controller.2.2.3-PATCH.JS-1984.tar.gz' \ -o /tmp/js7_controller.2.2.3-PATCH.JS-1984.tar.gz ./js7_install_controller.sh \ --tarball=/tmp/js7_controller.2.2.3-PATCH.JS-1984.tar.gz \ --patch=JS-1984 \ --home=/home/sos/controller \ --controller-id=controller \ --exec-start=StartService \ --exec-stop=StopService # downloads the patch tarball from the SOS Web Site using curl # extracts the patch tarball to the Controller's home directory # stores the patch files to the Controller's <home>/lib/patches sub-directory # stops and starts the Controller's systemd service
Patch from .jar File
curl 'https://download.sos-berlin.com/patches/2.2.3-patch/js7_controller.2.2.3-PATCH.JS-1984.jar' \ -o /tmp/js7_controller.2.2.3-PATCH.JS-1984.jar ./js7_install_controller.sh \ --patch-jar=/tmp/js7_controller.2.2.3-PATCH.JS-1984.jar \ --patch=JS-1984 \ --home=/home/sos/controller \ --controller-id=controller \ --exec-start=StartService \ --exec-stop=StopService # downloads the patch .jar file from the SOS Web Site using curl # stores the patch .jar file to the Controller's <home>/lib/patches sub-directory # stops and starts the Controller's systemd service
Uninstall
./js7_install_controller.sh \ --home=/home/sos/controller \ --controller-id=controller \ --exec-stop=StopService \ --uninstall # stops the Controller's systemd service # uninstalls the Controller and removes the home and data directories
Replacements
The Controller Installation Script performs replacements of placeholders in installation files and configuration files by option values.
Installation Files
<home>/bin/controller_instance.sh
Replacements are performed for the following placeholders used for environment variables by respective option values:
Placeholder Option Value JS7_CONTROLLER_HOME
--home
JS7_CONTROLLER_DATA
--data
JS7_CONTROLLER_ID
--controller-id
JS7_CONTROLLER_USER
--user
JS7_CONTROLLER_HTTP_PORT
--http-port
JS7_CONTROLLER_HTTPS_PORT
--https-port
JS7_CONTROLLER_CONFIG_DIR
--config
JS7_CONTROLLER_LOGS
--logs
JS7_CONTROLLER_PID_FILE_DIR
--pid-file-dir
JS7_CONTROLLER_PID_FILE_NAME
--pid-file-name
JAVA_HOME
--java-home
JAVA_OPTIONS
--java-options
<home>/bin/controller.service
Replacements are performed for the following settings by respective option values:
Placeholder Option Value <JS7_CONTROLLER_ID>
--controller-id
<JS7_CONTROLLER_HTTP_PORT>
--http-port
PIDFile=
--pid-file-dir
--pid-file-nameUser=
--user
ExecStart=, ExecStop=, ExecReload=
--home
Configuration Files
<config>/private/private.conf
Replacements are performed for the following placeholders by respective option values:
Placeholder Option Value {{controller-id}}
--controller-id
{{controller-primary-distinguished-name}}
--controller-primary-cert
{{controller-secondary-distinguished-name}}
--controller-secondary-cert
{{joc-primary-distinguished-name}}
--joc-primary-cert
{{joc-secondary-distinguished-name}}
--joc-secondary-cert
{{keystore-file}}
--keystore
{{keystore-password}}
--keystore-password
{{keystore-alias}}
--keystore-alias
{{client-keystore-file}}
--client-keystore
{{client-keystore-password}}
--client-keystore-password
{{client-keystore-alias}}
--client-keystore-alias
{{truststore-file}}
--truststore
{{truststore-password}}
--truststore-password
Find a template for a
private.conf
file using placeholders for HTTPS mutual authentication:
Download: private.conf-template-controller
Automation
The Controller Installation Script can be executed from a job for automated update and upgrade of JS7 Controllers.
The steps for automation are similar to update and upgrade of JS7 Agents. Find instructions how to set up workflow automation from the JS7 - Automated Installation and Update article.
Further Resources
- JS7 - Automated Installation and Update
- JS7 - How to create X.509 SSL TLS Certificates
- JS7 - How to add SSL TLS Certificates to Keystore and Truststore