JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 15

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 16

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagetext
titleExample for JOC Cockpit installation options: joc.properties
linenumberstrue
collapsetrue
################################################################################
### If JOC Cockpit is used in a cluster then type a title to identify which node
### is currently used. Further type an ordering (Primary <= 0, Backup > 0) for
### the display order in JOC's dashboard

title = PRIMARY JOC COCKPIT
ordering = 0


################################################################################
### Path to log4j configuration file. Path can be absolute or relative
### to this file.

log4j.configuration = log4j2.xml


################################################################################
### Path to hibernate configuration file of JOC's database.
### Path can be absolute or relative to this file.

hibernate_configuration_file = hibernate.cfg.xml


################################################################################
### The time (in seconds) to establish the connection with the
### remote host. Default = 2

jobscheduler_connection_timeout = 2


################################################################################
### The time (in seconds) waiting for data after the connection
### was established; maximum time of inactivity between two data packets.
### Default = 5

jobscheduler_socket_timeout = 5


################################################################################
### Should hostname verification be carried out for https certificate.
### Default false

https_with_hostname_verification = true


################################################################################
### Location, type and password of the Java truststore which contains the
### certificates of each JobScheduler Controller for HTTPS connections.
### The path is relative to JETTY_BASE/resources/joc.

# keystore_path = https-keystore.p12
# keystore_type = PKCS12
# keystore_password = jobscheduler
# key_password = jobscheduler

# truststore_path = https-truststore.p12
# truststore_type = PKCS12
# truststore_password = jobscheduler


################################################################################
### JOC Cockpit requires to configure a security level for the
### signing mechanism, options "high", "medium" and "low".
### high:
###      public PGP/X.509 keys are stored for verification only
###      all signing will be done externally outside of JOC Cockpit
### medium:
###      a private PGP/X.509 key will be stored for signing
###      signing will be done automatically with the provided key
### low:
###      no keys will be stored
###      signing will be done internally with default keys
###
### This flag controls the security level used. Default low

security_level = low


################################################################################
### Settings for a custom logo file on the login page
### The logo file has to be located in ./jetty_base/webapps/root/ext/images
### Possible units for height are according to
### https://www.w3schools.com/cssref/css_units.asp (default px)
### Possible values for the position are "top" or "bottom" (default=bottom).

custom_logo_name =
custom_logo_height =
custom_logo_position =


################################################################################
### Normally, the user permissions control if a view such as dashboard,
### workflows, etc. are shown or hidden. Here you can force to show (=true) or
### hide (=false) a view independent of the permissions. If the value is unequal
### true or false then the permissions win.

show_view_dashboard =
show_view_monitor =
show_view_dailyplan =
show_view_workflows =
show_view_filetransfers =
show_view_resources =
show_view_history =
show_view_auditlog =
show_view_configuration =

...

SettingSample ValueExplanation
https_with_hostname_verificationtrue

Specifies if hostname verification should be performed for HTTPS connections. It is strictly recommended to enable this setting.

keystore_pathhttps-keystore.p12

The keystore includes the private key and server certificate created for  outgoing connections to Controllers that request mutual authentication (Client Authentication). If separate certificates should be used for both purposes then consider to store the Client Authentication certificate in the client keystore, see below.

The path is specified relative to the JETTY_BASE/resources/joc directory.

keystore_type

PKCS12The keystore types PKCS12 and JKS are supported.
keystore_passwordjobschedulerThe keystore is protected by a password.
key_passwordjobschedulerThe private keys in the keystore are protected by a password. Note  that for PKCS12 keystores the same password applies to all keys.
truststore_pathhttps-truststore.p12

The truststore includes the public key or certificates for outgoing HTTPS connections (Server Authentication) to Controllers.

The path is specified relative to the JETTY_BASE/resources/joc directory.

truststore_typePKCS12The truststore types PKCS12 and JKS are supported.
truststore_passwordjobschedulerThe truststore is protected by a password.

Custom Logo Settings

SettingSample ValueExplanation
custom_logo_namecompany.pngThe logo file indicated by this name has to be located in ./jetty_base/webapps/root/ext/images
custom_logo_height120pxThe logo height in pixel. Possible units are specified according to: https://www.w3schools.com/cssref/css_units.asp (default px).
custom_logo_positionbottomPossible values for the position are top and bottom

...

SettingSample ValueExplanation
titlePRIMARY JOC COCKPIT
SECONDARY JOC COCKPIT		Title of the JOC Cockpit Cluster Status widget in the Dashboard view. The default value depends on the installer option for a Primary or Secondary JOC Cockpit instance.
ordering0
1		Order of appearance in with JOC Cockpit Cluster Status widget in Dashboard view. The . An ordering 0 indicates the leftmost occurrence. The default value depends on the installer option for a Primary or Secondary JOC Cockpit instance.

...

JOC Cockpit instance

...

.

Security Options

SettingSample ValueExplanation
security_levellow

JOC Cockpit is installed for a security level used for signing of deployable objects such as workflows, see JS7 - Deployment

  • high
    • certificates / public keys are stored for verification purposes
    • signing is performed externally, outside of JOC Cockpit
  • medium
    • an individual private key per account is stored for signing purposes
    • signing is performed automatically with the provided key
  • low
    • a single private keys is stored for signing purposes with any accounts
    • signing is performed automatically with keys of the default profile account being applied
  • Note: Changes to the above setting are ignored. Instead, the above setting is applied by the installer for informational purposes only.
  • To modify the security level of JOC Cockpit re-run the installer and select the respective installation option.
  • For details see JS7 - Security Architecture

Jetty Servlet Container

Installation Options

...

Code Block
languagebash
titleExample for Jetty installation options: start.ini
linenumberstrue
collapsetrue
# --------------------------------------- 
# Module: http
# Enables an HTTP connector on the server.
# --------------------------------------- 
--module=http

## Connector host/address to bind to
# jetty.http.host=0.0.0.0

## Connector host/address to bind to
jetty.http.port=4446

# ---------------------------------------
# Module: https
# Adds HTTPS protocol support to the TLS(SSL) Connector
# ---------------------------------------
# --module=https

# ---------------------------------------
# Module: ssl
# AddsEnables SSL Context settings to the a TLS(SSL) Connector on the server.
# ---------------------------------------
# --module=ssl

## Connector host/address to bind to
# jetty.ssl.host=0.0.0.0

## Connector port to listen on
# jetty.ssl.port=4443

## Keystore file path (relative to $jetty.base)
# jetty.sslContext.keyStorePath=resources/joc/https-keystore.p12

## Keystore type (PKCS12, JKS)
# jetty.sslContext.keyStoreType=PKCS12

## Keystore password
# jetty.sslContext.keyStorePassword=jobscheduler

## KeyManager password (same as keystore password for pkcs12 keystore type)
# jetty.sslContext.keyManagerPassword=jobscheduler

## Truststore file path (relative to $jetty.base)
# jetty.sslContext.trustStorePath=resources/joc/https-truststore.p12

## Truststore type (PKCS12, JKS)
# jetty.sslContext.trustStoreType=PKCS12

## Truststore password
# jetty.sslContext.trustStorePassword=jobscheduler

## Client certificate authentication is required
# jetty.sslContext.needClientAuth=false
## Client certificate authentication is desired
# jetty.sslContext.wantClientAuth=true
## The Endpoint Identification Algorithm
## Same as javax.net.ssl.SSLParameters#setEndpointIdentificationAlgorithm(String)
# jetty.sslContext.endpointIdentificationAlgorithm=

...

Options are enabled by use of the --module=https and --module=ssl settings.Consider explanations from the JS7 - Certificate based Authentication article.

SettingRequiredSample ValueExplanation
jetty.sslContext.needClientAuthyesfalseIf set to true then a Client Certificate is required. If this setting is false and the wantCientAuth setting is true then users have the option for user account/password based authentication or certificate based authentication.
jetty.sslContext.wantClientAuthyestrue

Specifies the port by which JOC Cockpit is accessible for HTTP connections, for example from a user browser.

jetty.sslContext.endpointIdentificationAlgorithmyes
An empty setting is required due to a bug in Jetty 9.4, see https://github.com/eclipse/jetty.project/issues/3466. With later releases of Jetty that fix this bug this setting is not required.