JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 7

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 8

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • This setting applies if a Controller Cluster is used. In this situation a Primary Controller requires the above setting to allow access from a Secondary Controller and vice versa.
  • This setting specifies the distinguished-names indicated with the partner Controllers' Client Authentication certificatescertificate. The distinguished name is given with the subject attribute of a Client Authentication certificate. The distinguished name is considered a replacement for a password.
    • A Primary Controller configuration specifies the distinguished name of the Secondary Controller's Client Authentication certificate.
    • A Secondary Controller configuration specifies the distinguished name of the Primary Controller's Client Authentication certificate.
    • Consider that the common name (CN) attribute of the distinguished name has to match the fully qualified domain name (FQDN) of the partner Controller's host.

JOC Cockpit Connections

Code Block
languageyml
linenumberstrue
js7 {
    auth {
        # User accounts for HTTPS connections
        users {
            # History account (used to release events)
            History {
                distinguished-names=[
                    "DNQ=SOS CA, CN=joc-2-0-primary, OU=IT, O=SOS, L=Berlin, ST=Berlin, C=DE",
                    "DNQ=SOS CA, CN=joc-2-0-secondary, OU=IT, O=SOS, L=Berlin, ST=Berlin, C=DE"
                ]
                password="sha512:B793649879D61613FD3F711B68F7FF3DB19F2FE2D2C136E8523ABC87612219D5AECB4A09035AD88D544E227400A0A56F02BC990CF0D4CB348F8413DE00BCBF08"
            }
            # JOC account (requires UpdateRepo permission for deployment)
            JOC {
                distinguished-names=[
                    "DNQ=SOS CA, CN=joc-2-0-primary, OU=IT, O=SOS, L=Berlin, ST=Berlin, C=DE",
                    "DNQ=SOS CA, CN=joc-2-0-secondary, OU=IT, O=SOS, L=Berlin, ST=Berlin, C=DE"
                ]
                password="sha512:3662FD6BF84C6B8385FC15F66A137AB75C755147A81CC7AE64092BFE8A18723A7C049D459AB35C059B78FD6028BB61DCFC55801AE3894D2B52401643F17A07FE"
                permissions=[
                    UpdateItem
                ]
            }
        }
    }
}

...

  • The configuration file is located with the sos-berlin.com/js7/agent/config_<port>/private folder.
  • Consider that the above configuration has to be deployed to any Agent instances.
  • Find below explanations about above configuration items relevant to Server Authentication with passwords.

...

Distinguished Names

Controller Connections

Code Block
languageyml
linenumberstrue
js7 {
    auth {
        # User accounts for https connections
        users {
            # Controller account for connections by primary/secondary Controller instance
            Controller {
                distinguished-names=[
                    "DNQ=SOS CA, CN=controller-2-0-primary, OU=IT, O=SOS, L=Berlin, ST=Berlin, C=DE",
                    "DNQ=SOS CA, CN=controller-2-0-secondary, OU=IT, O=SOS, L=Berlin, ST=Berlin, C=DE"
                ]
            }
        }
    }
}

...