JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 4

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 5

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Disabling software packages can be an immediate means for mitigation of vulnerabilities in 3rd-party components used by JS7.
  • The JS7 products ship with a JS7 - Software Bill of Materials that can be used to identify vulnerable components and package dependencies.
  • For environments with a larger number of JS7 products installed the management of software packages can be automated in a number of ways:
    • Users can apply the Software Package Management Script that is described in this article.
    • Users can apply the Software Package Management Script with their preferred tools such as Ansible®, Puppet®, Chef®.

...

  • The script is available for Linux, MacOS®, AIX® and Solaris® using bash, dash, ksh and zsh POSIX-compatible shells.
  • The script can be used to
    • disable software packages, i.e. to remove related files, such as *.jar files from the JS7 product.
    • enable software packages, i.e. to restore related files from a backup directory.
    • identify package dependencies if software packages are disabled.
  • The script terminates with exit code 0 to signal success, with exit code 1 for command line argument errors and with other exit codes for non-recoverable errors.
  • The script is intended as a baseline example for customization by JS7 users and by SOS within the scope of professional services.
  • Users might consider that installation, update and upgrade of JS7 products reverts disabled software packages.

Download

Find the Software Package Management Script for download from JS7 - Download.

...

Code Block
languagetext
titleSoftware Package Management Script: js7_features.sh
Usage: js7_features.sh [Options] [Switches]

  Options:
    --home=<directory>                 | required: directory to which the product is installed
    --features=<path>                  | optional: path to features.json file, default: <home>/features.json
    --sbom=<path>                      | optional: path to sbom.json file, default: <home>/sbom.json
    --enable=<package[,package]>       | optional: enables one or more packages
    --disable=<package[,package]>      | optional: disables one or more packages
    --backup-dir=<directory>           | optional: backup directory for disabled packages
    --log-dir=<directory>              | optional: log directory for log output of this script

  Switches:
    -h | --help                        | displays usage
    --list                             | returns the historylist of disabled/enabled packages
    --show-logs                        | shows log output of the script
    --make-dirs                        | creates the backup and logs directories if they do not exist
    --force                            | forces disabling packages without later enabling from a backup directory
    --confirm                          | confirm enabling or disabling of packages


Options

  • --home
    • Specifies the directory in which the JS7 product is installed.
  • --features
    • Specifies the path to a file in .json format that stores information about enabled and disabled software packages.
    • By default the <home>/features.json file is used.
  • --sbom
    • Specifies the path to a file that holds the JS7 - Software Bill of Materials.
    • For Controller and Agents the <home>/sbom.json file is used. For JOC Cockpit the JETTY_BASE/webapps/joc/sbom.json file is used.
  • --enable
    • Specifies software packages that should be enabled. When disabling software packages then the information is stored in the features.json file and is used to enable a software package later on.
    • As a prerequisite when disabling software packages a backup directory has to be specified, see --backup-dir option, that is used as the source to enable software packages.
    • If a software package is not available from a backup then to enable the software package the JS7 product has to be re-installed or updated.
  • --disable
    • Specifies software packages that should be disable. Technically the files related to a software package such as *.jar files are removed from the JS7 product.
    • To allow later enabling a backup directory is specified with the --backup-dir option. Users who do not want to use a backup directory can apply the --force switch.
  • --backup-dir
    • If a backup directory is specified when disabling software packages then the related files such as *.jar files are moved to this directory.
    • The backup directory holds a lib sub-folder that holds related sub-folders of the JS7 products lib directory such as lib/sos, lib/3rd-party etc.
  • --log-dir
    • If a log directory is specified then the Software Package Management Script will write information about processing steps to a log file in this directory.
    • File names are created according to the pattern: js7_features.<hostname>.<yyyy>-<MM>-<dd>T<hh>-<mm>-<ss>.log
    • For example: js7_features.centostest_primary.2022-03-19T20-50-45.log

...

  • -h | --help
    • Displays usage.
  • --list
    • Specifies the list of software packages that have been disabled or enabled. This information is used from the features.json file, see --features option.
  • --show-logs
    • Displays the log output created by the script if the --log-dir option is used.
  • --make-dirs
    • If directories are missing that are indicated with the  --backup-dir or --log-dir options then they will be created.
  • --force
    • Specifies that a software package is disabled, i.e. its files are removed from the JS7 product, without using a backup directory.
  • --confirm
    • Specifies that the operation to enable or disable a software package is confirmed. If this switch is omitted then a dry-run is performed that displays which software packages are affected by enabling or disabling.

Exit Codes

  • 1: argument errors
  • 2: non-recoverable errors

Examples

The following examples illustrate typical use cases.

Disable Software Packages

Code Block
languagebash
titleExample for use of Software Package Management Script
./js7_feature.sh \
    --home=/home/sos/agent \
    --backup-dir=/home/sos/backups \
    --disable=simple-xml,snakeyaml \
    --make-dirs \
    --confirm

# removes the simple-xml and snakeyaml software package from an Agent installation 
# copies files of disabled packages to the backup directory
# creates the backup directory if it does not exist
# confirms removal of disabled packages

Enable Software Packages

Code Block
languagebash
titleExample for use of Software Package Management Script
./js7_feature.sh \
    --home=/home/sos/agent \
    --backup-dir=/home/sos/backups \
    --enable=simple-xml,snakeyaml

# restores the simple-xml and snakeyaml software package in an Agent installation 
# copies files of disabled packages from the backup directory

List Software Packages

Code Block
languagebash
titleExample for use of Software Package Management Script
./js7_feature.sh \
    --home=/home/sos/agent \
    --list \
    --make-dirs

# removes the simple-xml and snakeyaml software package from an Agent installation 
# copies files of disabled packages to the backup directory
# creates the backup directory if it does not exist


Output of the above example is available if packages previously have been disabled and can look like this:

Code Block
languageyml
titleExample for output of Software Package Management Script
{
  "name": "simple-xml",
  "enabled": false
}
{
  "name": "snakeyaml",
  "enabled": false
}