Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagetext
titleJOC Cockpit Installation Script: js7_install_joc.sh
Usage: js7_install_joc.sh [Options] [Switches]

  Installation Options:
    --setup-dir=<directory>            | optional: directory to which the JOC Cockpit installer will be extracted
    --response-dir=<directory>         | optional: setup response directory holds joc_install.xml and JDBC Drivers
    --release=<release-number>         | optional: release number such as 2.2.3 for download if --tarball is not used
    --tarball=<tar-gz-archive>         | optional: the path to a .tar.gz archive that holds the JOC Cockpit tarball,
                                       |           if not specified the JOC Cockpit tarball will be downloaded from the SOS web site
    --home=<directory>                 | optional: home directory of JOC Cockpit
    --data=<directory>                 | optional: data directory of JOC Cockpit
    --cluster-id=<identifier>          | optional: Cluster ID of the JOC Cockpit instance, default: joc
    --instance-id=<number>             | optional: unique number of a JOC Cockpit instance in a cluster, range 0 to 99, default: 0
    --user=<account>                   | optional: user account for JOC Cockpit daemon, default: current user
    --home-owner=<account[:group]>     | optional: account and optionally group owning the home directory, requires root or sudo permissions
    --data-owner=<account[:group]>     | optional: account and optionally group owning the data directory, requires root or sudo permissions
    --patch=<issue-key>                | optional: identifies a patch for an existing JOC Cockpit installation
    --jar=<jar-file>                   | optional: the path to a .jar file that holds the patch
    --license-key=<key-file>           | optional: specifies the path to a license key file that will be installed
    --license-bin=<binary-file>        | optional: specifies the path to the js7-license.jar binary file for licensed code to be installed
                                       |           if not specified the file will be downloaded from the SOS web site
    --backup-dir=<directory>           | optional: backup directory for existing JOC Cockpit home directory
    --log-dir=<directory>              | optional: log directory for log output of this script
    --exec-start=<command>             | optional: specifies the command to start JOC Cockpit, e.g. 'StartService'
    --exec-stop=<command>              | optional: specifies the command to stop the JOC Cockpit, e.g. 'StopService'
    --return-values=<file>             | optional: specifies a file that receives return values such as the path to a log file

  Configuration Options:
    --deploy-dir=<directory>[,<dir>]   | optional: deployment directories from which configuration files will be copied to <data>/resources/joc
    --properties=<file>                | optional: specifies the joc.properties file that will be copied to <data>/resources/joc/
    --title=<title>                    | optional: title of the JOC Cockpit instance in the GUI, default: joc_install.xml setting
    --security-level=low|medium|high   | optional: security level of JOC Cockpit instance, default: joc_install.xml setting
    --dbms-config=<hibernate-file>     | optional: DBMS Hibernate configuration file, default: joc_install.xml setting
    --dbms-driver=<jdbc-driver-file>   | optional: DBMS JDBC Driver file, default: joc_install.xml setting
    --dbms-init=byInstaller|byJoc|off  | optional: DBMS create objects by installer, on start-up or none, default: joc_install.xml setting
    --http-port=<port>                 | optional: specifies the http port the JOC Cockpit will be operated for, default: 4446
                                                   port can be prefixed by network interface, e.g. localhost:4446
    --https-port=<port>                | optional: specifies the https port the JOC Cockpit will be operated for, default:
                                                   port can be prefixed by network interface, e.g. joc.example.com:4446
    --ini=<ini-file[,ini-file]>        | optional: one or more Jetty config files http.ini, https.ini, ssl.ini etc. will be copied to <data>/start.d/
    --keystore=<path>                  | optional: path to a PKCS12 keystore file that will be copied to <data>/resources/joc/
    --keystore-password=<password>     | optional: password for access to keystore
    --keystore-alias=<alias-name><alias>           | optional: alias name for keystore entry
    --client-keystore=<file>           | optional: path to a PKCS12 client keystore file that will be copied to <data>/resources/joc/
    --client-keystore-password=<pass>  | optional: password for access to the client keystore
    --client-keystore-alias=<alias>    | optional: alias name for client keystore entry
    --truststore=<path>                | optional: path to a PKCS12 truststore file that will be copied to <data>/resources/joc/
    --truststore-password=<password>   | optional: password for access to truststore

    --java-home=<directory>            | optional: Java Home directory for use with the Instance Start Script
    --java-options=<options>           | optional: Java Options for use with the Instance Start Script
    --service-dir=<directory>          | optional: systemd service directory, default: /usr/lib/systemd/system
    --service-file=<file>              | optional: path to a systemd service file that will be copied to <home>/jetty/bin/
    --service-name=<name>              | optional: name of the systemd service to be created, default js7_joc

  Switches:
    -h | --help                        | displays usage
    -u | --as-user                     | installs configuration directories as current user, other directories as root using sudo
    -E | --preserve-env                | preserves environment variables when switching to root using sudo -E
    --force-sudo                       | forceforces use of sudo for operations on directories
    --no-config                        | skips JOC Cockpit configuration changes
    --no-install                       | skips JOC Cockpit installation, performs configuration changes only
    --uninstall                        | uninstalls JOC Cockpit
    --no-jetty                         | skips Jetty servlet container installation
    --show-logs                        | shows log output of the script
    --make-dirs                        | creates the specified directories if they do not exist
    --make-service                     | creates the systemd service for JOC Cockpit
    --restart                          | stops a running JOC Cockpit and starts JOC Cockpit after installation
    --kill                             | kills a running JOC Cockpit if used with the --restart switch

...

  • --deploy-dir
    • Specifies the path to a deployment directory that holds configuration files and sub-directories that will be copied to the <config> folder. A deployment directory allows to manage central copies of configuration files such as hibernate.cfg.xml, log4j2.xml etc.
    • Use of a deployment directory has lower precedence as files can be overwritten by individual options such as --properties etc.
  • --properties
    • Specifies the path to a joc.properties file that will be copied to the <data>/resources/joc directory. While any file name can be used for the source file the target file name will be joc.properties.
  • --ini
    • Specifies one or more *.ini files that include settings for the Jetty Servlet Container, for example http.inihttps.ini, ssl.ini. The files will be copied to the JOC Cockpit <data>/start.d directory. For use with HTTPS connections the following settings in the ssl.ini file have to be adjusted:
      • jetty.sslContext.keyStorePath
      • jetty.sslContext.keyStorePassword
      • jetty.sslContext.keyManagerPassword
      • jetty.sslContext.trustStorePath
      • jetty.sslContext.trustStorePassword
    • The option takes a number of files as arguments that are separated by comma, for example: --ini="/js7-deployment/ssl.ini,/js7-deployement/https.ini".
  • --title
    • The title of the JOC Cockpit instance is displayed with its dashboard. It serves to distinguish JOC Cockpit instances operated as a cluster.
    • This option has precedence over the respective setting specified in the joc_install.xml response file with the <entry key="jocTitle" value="..."/> element.
  • --security-level
    • The JOC Cockpit is operated in one of the security levels low, medium, high, see JS7 - Security Architecture. By default the low security level is used.
    • This option has precedence over the respective setting specified in the joc_install.xml response file with the <entry key="securityLevel" value="..."/> element.
  • --dbms-config
    • Optionally specifies the path to a Hibernate configuration file that includes settings to access the JS7 - Database.
    • This option has precedence over the respective setting specified in the joc_install.xml response file with the <entry key="hibernateConfFile" value="..."/> element.
  • --dbms-driver
    • Optionally specifies the path to a JDBC Driver .jar file that is used for access to the DBMS. See JS7 - Database to identify JDBC Drivers that ship with JS7.
    • This option has precedence over the respective setting specified in the joc_install.xml response file with the <entry key="connector" value="..."/> element.
  • --dbms-init
    • Optionally specifies the point in time when database objects will be created:
      • byInstaller: Database objects will be created during installation of JOC Cockpit.
      • byJoc: Database objects will be created on start-up of JOC Cockpit, for example when used for Containers.
      • off: Database objects will not be created. This assumes that users create database objects on their own before running JOC Cockpit. The JOC Cockpit installation tarball includes the db sub-directory that holds *.sql files for the respective DBMS that can be used to populate the JS7 - Database independently from installing JOC Cockpit.
  • --http-port
    • Specifies the HTTP port that the JOC Cockpit is operated for. This option takes precedence over the port setting in the joc_install.xml response file.
    • Users are discouraged to enable both HTTP and HTTPS protocols as it undermines security to operate JOC Cockpit for both protocols.
    • The port can be prefixed by the network interface, for example joc.example.com:4446.
    • When used with the --restart switch, the HTTP port is used to determine if JOC Cockpit is running.
  • --https-port
    • Specifies the HTTPS port that the JOC Cockpit is operated for. This option takes precedence over the port setting in the joc_install.xml response file.
    • Users are discouraged to enable both HTTP and HTTPS protocols as it undermines security to operate JOC Cockpit for both protocols.
    • The port can be prefixed by the network interface, for example joc.example.com:4448.
    • Use of HTTPS connections requires additional settings, see --ini , --keystore and --truststore options.
    • When used with the --restart switch, the HTTPS port is used to determine if JOC Cockpit is running.
  • --keystore
    • Specifies the path to a PKCS12 keystore file that holds the private key and certificate for HTTPS connections to JOC Cockpit.
    • Users are free to specify any file name, typically the name https-keystore.p12 is used. The keystore file will be copied to the <data>/resources/joc directory.
    • If a keystore file is made available then the JOC Cockpit's <data>/start.d/ssl.ini file has to hold a reference to the keystore location and optionally the keystore password. It is therefore recommended to use the --ini option to Users can deploy an individual ssl.ini file using the --ini option. The following settings are automatically updated in the ssl.ini file:
      • jetty.ssl.host: optionally specifies the network interface that is available from the --httphttps-port option provided that the port is prefixed with the network interface, for example joc.example.com:4446.
      • jetty.ssl.port: specifies the HTTPS port that is automatically updated from the --httphttps-port option.
      • jetty.sslContext.keyStorePath: specifies the path to the keystore relative to the <data>/resources/joc directory.
      Further settings in the ssl.ini file such as the keystore password have to be deployed from a copy of the file using the --ini option
    • The path to the keystore file and related settings as specified with the --keystore-password and --keystore-alias options are similarly added to the joc.properties file in the <data>/resources/joc directory. If the --client-keystore, --client-keystore-password, --client-keystore-alias options are used then they will be applied by precedence to the joc.properties file, however, they will not be applied to the ssl.ini configuration file.
    • Assigning a keystore for HTTPS connections disables HTTP access and enables HTTPS access only to JOC Cockpit. The same port is alternatively used for HTTP and HTTPS connectionsrequires to use the --https-port option and suggests not to use the --http-port option in order to disable HTTP access and to enable HTTPS access only to JOC Cockpit.
    • For automating the creation of keystores see JS7 - How to add SSL TLS Certificates to Keystore and Truststore.
  • --keystore-password
    • Specifies the password for access to the keystore. Use of a keystore password is required.
    • Consider use of quotes when specifying the password.
  • --keystore-alias
    • If a keystore holds more than one private key, for example if separate pairs of private keys/certificates for server authentication and client authentication exist, then it is not determined which private key/certificate will be used. The alias name of a given private key/certificate is specified when the entry is added to the keystore. The alias name allows to indicate a specific private key/certificate to be used.
  • --client-keystore
    • Use of this setting is optional. It can be used if separate certificates for Server Authentication and Client Authentication are used.
    • The Client Authentication private key and certificate can be added to a client keystore. The location and configuration of a client keystore correspond to the keystore argument.
  • --client-keystore-password
    • Specifies the password for access to the client keystore. Use of a client keystore password is required.
    • Consider explanations for the --keystore-password argument.
  • --client-keystore-alias
    • If a keystore holds more than one private key, for example if separate pairs of private keys/certificates for client authentication exist, then it is not determined which private key/certificate will be used.
    • Consider explanations for the --keystore-alias argument.
  • --truststore
    • Specifies the path to a PKCS12 truststore file that holds the certificate(s) for HTTPS connections from JOC Cockpit to a Controller instance, LDAP server etc.
    • Users are free to specify any file name, typically the name https-truststore.p12 is used. The truststore file will be copied to the <home>/jetty_base/resources/joc directory.
    • If a truststore file is made available then the JOC Cockpit's <data>/start.d/ssl.ini file has to hold a reference to the truststore location and optionally the truststore password. It is therefore recommended to use the --ini option to deploy an individual ssl.ini file. The following settings are automatically updated in the ssl.ini file:
      • jetty.sslContext.trustStorePath: specifies the path to the truststore relative to the <data>/resources/joc directory.
    • Further settings in the ssl.ini file such as the truststore password have to be deployed from a copy of the file using the --ini option.
    • For automating the creation of truststores see JS7 - How to add SSL TLS Certificates to Keystore and Truststore.
  • --truststore-password
    • Specifies the password for access to the truststore. Use of a password is recommended as it is not primarily intended to protect access to the truststore. The password is intended to allow verification that truststore entries have been added using the same password.
    • Consider use of quotes when specifying the password.
  • --java-home
    • Specifies the Java home directory that will be made available to JOC Cockpit from the JAVA_HOME environment variable.
  • --java-options
    • Specifies the Java options that will be made available to JOC Cockpit from the JAVA_OPTIONS environment variable.
    • Java options can be used for example to specify Java heap space settings for JOC Cockpit, see JS7 - FAQ - Which Java Options are recommended.
    • If more than one Java option is used then the value has to be quoted, for example --java-options="-Xms256m -Xmx512m".
  • --service-dir
    • Specifies the systemd service directory to which the JOC Cockpit's service file will be copied if the --make-service switch is used.
    • By default the /usr/lib/systemd/system directory will be used. Users can specify an alternative location.
  • --service-file
    • Specifies the path to a systemd service file that acts as a template and that is copied to the JOC Cockpit's <home>/jetty/bin directory.
    • Users are free to choose any file name as a template for the service file. The resulting service file name will be joc.service.
    • The JOC Cockpit Installation Script will perform replacements in the service file to update paths to be used.
  • --service-name
    • Specifies the name of the systemd service that will be created if the --make-service switch is used.
    • By default the service name js7_joc will be used.

...