Product Knowledge Base

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »

Scope

  • The connection to JobScheduler Universal Agent can be secured by HTTPS.
  • This article describes the steps required to set up secure HTTPS communication without the need of using a reverse proxy (for this use case see JobScheduler Universal Agent - connecting via HTTPS through a proxy).
  • The article explains the authentication between Master and Agent.

Prerequisites

The only prerequisite is to have the Java keytools installed with your Java JRE.

Set up a secure connection to the Agent 

Step 1: Create the Java Keystore

  • Create the Java Keystore using the Keytools from your Java JRE.
    • If not otherwise configured then JobScheduler Agent and Master by default use the password jobscheduler for the Keystore.
    • if you choose an individual password for the Keystore then adjust the following properties in the <agent_data>/config/private/private.conf configuration file:
      • Explanations
        • jobscheduler.agent.webserver.https.keystore.file is used for the path to the Keystore
        • jobscheduler.agent.webserver.https.keystore.password is used for the Keystore password
        • jobscheduler.agent.webserver.https.keystore.key-password is used for the password of your private HTTPS certificate

      • Example

        Sample private.conf file
        jobscheduler.agent.webserver.https.keystore {
  file = "C:/ProgramData/sos-berlin.com/jobscheduler/agent110/config/private/private-https.jks"
  # Backslashes are written twice (as in JSON notation):
  # file = "\\\\other-computer\\share\\my-keystore.jks"
  password = "jobscheduler"
  key-password = "jobscheduler"
}
    • Find a sample script to generate the Keystore with keygen.sh
  • Store the private key for the Agent under <agent_data>/config/private
    • Filename: private-https.jks
  • Store the trusted certificate for the Master under <master_data>/config
    • Filename: agent-https.jks

Step 2: Set up authentication between Master and Agent

  • Set Master password in a file on the Master under <master_data>/config/private
    • Filename: private.conf

    • The file look like this:

      jobscheduler.master.credentials.password = "myjobscheduler4444"
  • Specify the Master password in a file on the Agent under <agent_data>/config/private
    • Filename: private.conf

    • Specify the Master that will try to communicate with the Agent through the JobScheduler ID. For example, for a Master with ID "scheduler_4444" this file would look as follows:

      jobscheduler.agent.auth.users {
  scheduler_4444 = "plain:myjobscheduler4444"
}

Step 3: Start the HTTPS Agent 

  • Start the Agent with the corresponding parameters: 
    • Example (using port 44445 for HTTPS): <agent_data>/bin/jobscheduler_agent -https-port=44445
  • The HTTP port will still be always used, even though the Agent is started for communicating over HTTPS. If no HTTP port is indicated when starting the Agent, the default port will be used. 
  • HTTPS has to be indicated when starting agent through the parameter -https-port
  • Agent gets a data directory for configuration and working files if indicated. In that case, has to be indicated when starting agent through the parameter -data-directory

Step 4: Create a Process Class for remote execution using HTTPS 

  • Create a Process Class for a job chain or a job
  • Set the Agent where the remote execution using HTTPS has to be carried out
  • Example:
 <?xml version="1.0" encoding="ISO-8859-1"?>
 
 <process_class max_processes="30" remote_scheduler="https://my_agent:44445"/>

 

Change Management References

Key Summary T Created Updated Due Assignee Reporter P Status Resolution
Refresh

  • No labels