Introduction

Installation, updates and upgrades are performed using the .tar.gz/.zip installation archives provided for the initial installation of newer releases.

JS7 - Installation instructions apply.
For environments with a larger number of JOC Cockpit instances the update, upgrade and patch processes can be automated in a number of ways:
- Users can apply the JOC Cockpit Installation Script that is described in this article.
- Users can automate packaging and deployment of JOC Cockpit, see JS7 - Deployment.
- Users can apply the JOC Cockpit Installation Script with their preferred tools such as Ansible®, Puppet®, Chef®.

Security

Secure rollout of JS7 components is critical. It is therefore recommended that the solution described here is adjusted to suit specific security needs.

Rollout of JS7 JOC Cockpit is considered critical as the software allows jobs to be executed on a larger number of servers.
- Attention should be paid to the integrity of the sources for JS7 component downloads.
- This includes intermediate devices on which JS7 software installers are stored in a user's environment.
- One option is to run the JOC Cockpit Installation Script from sudo and to use the digest functionality that compares the script to a hash value stored with the sudoers file.
The solution for updating, upgrading and patching the JS7 JOC Cockpit is based on shell scripting by design
- to provide readability and to rely only on OS commands,
- to prohibit the use of any 3rd-party components and additional dependencies that require code to be executed on the machines that run the JOC Cockpit.
The JOC Cockpit Installation Script can be integrated in a number of ways:
- by running one's own SSH script on top of the JOC Cockpit Installation Script,
- by use of tools such as Ansible®, Puppet® that make use of an SSH Client,
- by use of JS7 workflow automation as explained below.
  - It is recommended that a separate Standalone Controller and Agent are used for deployment purposes, for details see JS7 - Deployment.
  - Access to the Controller and Agent for rollout should be securely managed.

JOC Cockpit Installation Script

The JOC Cockpit Installation Script is provided for download and can be used to automate updates, upgrades and patches of JS7 JOC Cockpits.

The script is available for Linux, MacOS®, AIX® and Solaris® using bash, dash, ksh, and zsh POSIX-compatible shells. For AIX® and Solaris® automated installation is supported, automated configuration is not.
The script can be used to install, update or patch a JOC Cockpit instance using the installation options. In addition it can be used to configure a JOC Cockpit instance, for example in case of certificate renewal.
The script terminates with exit code 0 to signal success, with exit code 1 for command line argument errors and with exit code 2 for non-recoverable errors.
The script is intended as a baseline example for customization by JS7 users and by SOS within the scope of professional services.
Consider information from JS7 - JOC Cockpit Command Line Operation.

Download

Find the JOC Cockpit Installation Script for download from JS7 - Download.

Usage

Invoking the JOC Cockpit Installation Script without arguments displays the usage clause:

JOC Cockpit Installation Script: js7_install_joc.sh

Usage: js7_install_joc.sh [Options] [Switches]

  Installation Options:
    --setup-dir=<directory>            | optional: directory to which the JOC Cockpit installer will be extracted
    --response-dir=<directory>         | optional: setup response directory holds joc_install.xml and JDBC Drivers
    --release=<release-number>         | optional: release number such as 2.2.3 for download if --tarball is not used
    --tarball=<tar-gz-archive>         | optional: the path to a .tar.gz archive that holds the JOC Cockpit tarball,
                                       |           if not specified the JOC Cockpit tarball will be downloaded from the SOS web site
    --home=<directory>                 | optional: home directory of JOC Cockpit, required if --patch or --backup-dir is used
    --data=<directory>                 | optional: data directory of JOC Cockpit
    --cluster-id=<identifier>          | optional: Cluster ID of the JOC Cockpit instance, default: joc
    --instance-id=<number>             | optional: unique number of a JOC Cockpit instance in a cluster, range 0 to 99, default: 0
    --user=<account>                   | optional: user account for JOC Cockpit daemon, default: joc_install.xml setting
    --patch=<issue-key>                | optional: identifies a patch for an existing JOC Cockpit installation
    --license-key=<key-file>           | optional: specifies the path to a license key file that will be installed
    --license-bin=<binary-file>        | optional: specifies the path to the js7-license.jar binary file for licensed code to be installed
                                       |           if not specified the file will be downloaded from the SOS web site
    --backup-dir=<directory>           | optional: backup directory for existing JOC Cockpit home directory
    --log-dir=<directory>              | optional: log directory for log output of this script
    --exec-start=<command>             | optional: specifies the command to start JOC Cockpit, e.g. 'StartService'
    --exec-stop=<command>              | optional: specifies the command to stop the JOC Cockpit, e.g. 'StopService'
    --return-values=<file>             | optional: specifies a file that receives return values such as the path to a log file

  Configuration Options:
    --deploy-dir=<directory>[,<dir>]   | optional: deployment directories from which configuration files will be copied to JOC Cockpit
    --properties=<file>                | optional: specifies the joc.properties file that will be copied to <home>/jetty_base/resources/joc/
    --title=<title>                    | optional: title of the JOC Cockpit instance in the GUI, default: joc_install.xml setting
    --security-level=low|medium|high   | optional: security level of JOC Cockpit instance, default: joc_install.xml setting
    --dbms-config=<hibernate-file>     | optional: DBMS Hibernate configuration file, default: joc_install.xml setting
    --dbms-driver=<jdbc-driver-file>   | optional: DBMS JDBC Driver file, default: joc_install.xml setting
    --dbms-init=byInstaller|byJoc|off  | optional: DBMS create objects by installer, on start-up or none, default: joc_install.xml setting
    --http-port=<port>                 | optional: specifies the http port the JOC Cockpit will be operated for, default: 4446
                                                   port can be prefixed by network interface, e.g. localhost:4446
    --https-port=<port>                | optional: specifies the https port the JOC Cockpit will be operated for, default:
                                                   port can be prefixed by network interface, e.g. joc.example.com:4446
    --ini=<ini-file[,ini-file]>        | optional: one or more Jetty config files http.ini, https.ini, ssl.ini etc. will be copied to <home>/jetty_base/start.d/
    --keystore=<path>                  | optional: path to a PKCS12 keystore file that will be copied to <data>/resources/joc/
    --keystore-password=<password>     | optional: password for access to keystore
    --keystore-alias=<alias-name>      | optional: alias name for keystore entry
    --truststore=<path>                | optional: path to a PKCS12 truststore file that will be copied to <data>/resourdes/joc/
    --truststore-password=<password>   | optional: password for truststore password

    --java-home=<directory>            | optional: Java Home directory for use with the Instance Start Script
    --java-options=<options>           | optional: Java Options for use with the Instance Start Script
    --service-dir=<directory>          | optional: systemd service directory, default: /usr/lib/systemd/system
    --service-file=<file>              | optional: path to a systemd service file that will be copied to <home>/jetty/bin
    --service-name=<name>              | optional: name of the systemd service to be created, default js7_joc

  Switches:
    -h | --help                        | displays usage
    -u | --as-user                     | installs configuration directories as current user, other directories as root using sudo
    -E | --preserve-env                | preserves environment variables when switching to root using sudo -E
    --no-install                       | skips JOC Cockpit installation, performs configuration updates only
    --uninstall                        | uninstalls JOC Cockpit
    --no-jetty                         | skips Jetty servlet container installation
    --show-logs                        | shows log output of the script
    --make-dirs                        | creates the specified directories if they do not exist
    --make-service                     | creates the systemd service for JOC Cockpit
    --restart                          | stops a running JOC Cockpit and starts JOC Cockpit after installation
    --kill                             | kills a running JOC Cockpit if used with the --restart switch

Installation Options

- --setup-dir
  - Specifies the directory in which the installer for the JOC Cockpit should be extracted. This is not the JOC Cockpit installation directory but the directory that holds installer files.
- --response-dir
  - Specifies the directory that holds a copy of the JOC Cockpit installer joc_install.xml response file and optionally related files. This file is available after extraction of the installer tarball and specifies options for installation of the JOC Cockpit. Files in the response directory are copied to the working directory specified with the --setup-dir option. and are applied when invoking the installer by ./setup.sh -u joc_install.xml, see JS7 - JOC Cockpit - Headless Installation on Linux and Windows.
  - Users should keep their copy of the response file and specify the directory with this command line option. Response files can be re-used within the same minor release of the JOC Cockpit, for example when updating from release 2.2.1 to 2.2.4. When updating, for example, from release 2.2.x to 2.3.x it is recommended to check from the installer tarball if a newer version of the file is available.
  - Users should note that the response file can hold references to a license file and to a JDBC Driver .jar file. The JOC Cockpit setup is executed from the working directory specified with the --setup-dir option. Paths in the joc_install.xml response file can be used relative to the working directory, for example using sos.pem for a license file without specifying a directory if the license file is available in the response directory as it will be copied to the working directory.
- --release
  - Specifies a release number such as 2.3.1 for download from the SOS web site if the --tarball option is not used.
- --tarball
  - Optionally specifies the path to a .tar.gz file that holds the JOC Cockpit installation files. If this option is not used the installer tarball will be downloaded from the SOS web site for the release indicated with the --release option.
  - Download is performed with curl which takes account of http_proxy and https_proxy environment variables and the relevant settings from a .curlrc file.
- --home
  - Specifies the directory in which the JOC Cockpit should be installed.
  - This option overwrites the JOC Cockpit installation directory specified in the joc_install.xml response file with the <installpath> element.
- --data
  - Specifies the directory in which the JOC Cockpit installs configuration files. The configuration directory is accessible from the jetty_base symlink in the JOC Cockpit home directory.
  - This option overwrites the JOC Cockpit configuration directory specified in the joc_install.xml response file with the <entry key="jettyBaseDir" value="..."/> element.
- --user
  - The JOC Cockpit joc_install.xml response file holds the runningUser setting that optionally specifies the user account of the JOC Cockpit daemon service. This setting allows to take precedence over the response file setting.
  - The user account specified will be used for the JOC Cockpit installation.
- --patch
  - A patch is identified by the release number to which it is applied which is specified with the --release option and by
    - the JOC Cockpit security level: low, medium, high,
    - a sequential number such as patch-1, patch-2.
    - A patch is specified as --patch=low.patch-1, --patch=low.patch-2, --patch=medium.patch-1 etc.
  - For JOC Cockpit patches are consolidated, i.e. patch-2 includes any patches of patch-1.
  - Patches are downloaded from the SOS web site if the --tarball option is not used.
  - Patches are added to the JOC Cockpit's JETTY_BASE/webapps/joc/WEB-INF/classes directory. When updating JOC Cockpit later on then the classes sub-directory will be emptied.
  - If a backup directory is specified then a JOC Cockpit's existing installation directory will be added to a .tar.gz file in this directory.
- --license-key
  - Optionally the path to a license key file is specified. Customers with a Commercial License receive the license key file from SOS in .pem or .crt format.
  - For details see JS7 - How to apply a JS7 License Key.
  - This option is an alternative to specifying the license key file with the joc_install.xml response file, see --response-dir option.
- --license-bin
  - Optionally the path to the js7-license.jar binary file is specified that includes code that is available for use with a Commercial License only, see JS7 - How to apply a JS7 License Key.
  - Should this argument be omitted and a license key file be specified with the --license-key option then the binary file is downloaded from the SOS Web Site, see JS7 - Download.
  - This option is an alternative to specifying the license key file with the joc_install.xml response file, see --respons-dir option. If the response files specifies a license key then the binary file for licensed code is automatically installed.
- --backup-dir
  - If a backup directory is specified then an existing JOC Cockpit's installation directory will be added to a .tar.gz file in this directory.
  - File names are created according to the pattern: backup_js7_joc.<hostname>.<release>.<yyyy>-<MM>-<dd>T<hh>-<mm>-<ss>.tar.gz
  - For example: backup_js7_joc.centostest_primary.2.3.1.2022-03-19T20-50-45.tar.gz
- --log-dir
  - If a log directory is specified then the JOC Cockpit Installation Script logs information about processing steps to a log file in this directory.
  - File names are created like this: install_js7_joc.<hostname>.<yyyy>-<MM>-<dd>T<hh>-<mm>-<ss>.log
  - For example: install_js7_joc.centostest_primary.2022-03-19T20-50-45.log
- --exec-start
  - This option can be used should JOC Cockpit be started after installation. For example, when using systemd then the option --exec-start="StartService" will start the JOC Cockpit service provided that the related systemd service has been created manually or by use of the --make-service switch. Alternatively users can specify individual commands, for example --exec-start="sudo systemctl start js7_joc".
  - For systemd service files see the JS7 - systemd Service Files for automated Startup and Shutdown with Unix Systems article.
  - This option is an alternative for use of the -restart switch that starts the JOC Cockpit from its Start Script. If specified this option overrules the --restart switch.
- --exec-stop
  - This option can be used should JOC Cockpit be stopped before installation. For example, when using systemd then the option --exec-stop="StopService" will stop the JOC Cockpit service provided that the related systemd service has been created manually or by use of the --make-service switch. Alternatively users can specify individual commands, for example --exec-stop="sudo systemctl stop js7_joc".
  - For systemd service files see the JS7 - systemd Service Files for automated Startup and Shutdown with Unix Systems article.
  - This option is an alternative to use of the -restart switch that stops the JOC Cockpit from its Start Script. If specified this option overrules the --restart switch.
- --return-values
  - Optionally specifies the path to a file which return values will be added to in the format <name>=<key>. For example:
    - log_file=install_js7_joc.centostest_primary.2022-03-20T04-54-31.log
    - backup_file=backup_js7_joc.centostest_primary.2.3.1.2022-03-20T04-54-31.tar.gz
  - An existing file will be overwritten. It is recommended that a unique file name such as /tmp/return.$$.$RANDOM.properties is used.
  - A value from the file can be retrieved like this:
    - backup=$(cat /tmp/return.$$.$RANDOM.properties | grep "backup_file" | cut -d'=' -f2)

Configuration Options

--deploy-dir
- Specifies the path to a deployment directory that holds configuration files and sub-directories that will be copied to the <config> folder. A deployment directory allows to manage central copies of configuration files such as hibernate.cfg.xml, log4j2.xml etc.
- Use of a deployment directory has lower precedence as files can be overwritten by individual options such as --properties etc.
--properties
- Specifies the path to a joc.properties file that will be copied to the JETTY_BASE/resources/joc directory. While any file name can be used for the source file the target file name will be joc.properties.
--ini
- Specifies one or more *.ini files that include settings for the Jetty Servlet Container, for example http.ini, https.ini, ssl.ini. The files will be copied to the JOC Cockpit JETTY_BASE/start.d directory. For use with HTTPS connections the following settings in the ssl.ini file have to be adjusted:
  - jetty.sslContext.keyStorePath
  - jetty.sslContext.keyStorePassword
  - jetty.sslContext.keyManagerPassword
  - jetty.sslContext.trustStorePath
  - jetty.sslContext.trustStorePassword
- The option takes a number of files as arguments that are separated by comma, for example: --ini="/js7-deployment/ssl.ini,/js7-deployement/https.ini".
--title
- The title of the JOC Cockpit instance is displayed with its dashboard. It serves to distinguish JOC Cockpit instances operated as a cluster.
- This option has precedence over the respective setting specified in the joc_install.xml response file with the <entry key="jocTitle" value="..."/> element.
--security-level
- The JOC Cockpit is operated in one of the security levels low, medium, high, see JS7 - Security Architecture. By default the low security level is used.
- This option has precedence over the respective setting specified in the joc_install.xml response file with the <entry key="securityLevel" value="..."/> element.
--dbms-config
- Optionally specifies the path to a Hibernate configuration file that includes settings to access the JS7 - Database.
- This option has precedence over the respective setting specified in the joc_install.xml response file with the <entry key="hibernateConfFile" value="..."/> element.
--dbms-driver
- Optionally specifies the path to a JDBC Driver .jar file that is used for access to the DBMS. See JS7 - Database to identify JDBC Drivers that ship with JS7.
- This option has precedence over the respective setting specified in the joc_install.xml response file with the <entry key="connector" value="..."/> element.
--dbms-init
- Optionally specifies the point in time when database objects will be created:
  - byInstaller: Database objects will be created during installation of JOC Cockpit.
  - byJoc: Database objects will be created on start-up of JOC Cockpit, for example when used for Containers.
  - off: Database objects will not be created. This assumes that users create database objects on their own before running JOC Cockpit. The JOC Cockpit installation tarball includes the db sub-directory that holds *.sql files for the respective DBMS that can be used to populate the JS7 - Database independently from installing JOC Cockpit.
--http-port
- Specifies the HTTP port that the JOC Cockpit is operated for. This argument takes precedence over the port setting in the joc_install.xml response file.
- Users are discouraged to enable both HTTP and HTTPS protocols as it undermines security to operate JOC Cockpit for both protocols.
- The port can be prefixed by the network interface, for example joc.example.com:4446.
- When used with the --restart switch, the HTTP port is used to determine if JOC Cockpit is running.
--https-port
- Specifies the HTTPS port that the JOC Cockpit is operated for. This argument takes precedence over the port setting in the joc_install.xml response file.
- Users are discouraged to enable both HTTP and HTTPS protocols as it undermines security to operate JOC Cockpit for both protocols.
- The port can be prefixed by the network interface, for example joc.example.com:4448.
- Use of HTTPS connections requires additional settings, see --ini , --keystore and --truststore options.
- When used with the --restart switch, the HTTPS port is used to determine if JOC Cockpit is running.
--keystore
- Specifies the path to a PKCS12 keystore file that holds the private key and certificate for HTTPS connections to JOC Cockpit.
- Users are free to specify any file name, typically the name https-keystore.p12 is used. The keystore file will be copied to the <home>/jetty_base/resources/joc directory.
- If a keystore file is made available then the JOC Cockpit's <home>/jetty_base/start.d/ssl.ini file has to hold a reference to the keystore location and optionally the keystore password. It is therefore recommended to use the --ini option to deploy an individual ssl.ini file. The following settings are automatically updated in the ssl.ini file:
  - jetty.ssl.host: optionally specifies the network interface that is available from the --http-port option provided that the port is prefixed with the network interface, for example joc.example.com:4446.
  - jetty.ssl.port: specifies the HTTPS port that is automatically updated from the --http-port option.
  - jetty.sslContext.keyStorePath: specifies the path to the keystore relative to the <home>/jetty_base/resources/joc directory.
- Further settings in the ssl.ini file such as the keystore password have to be deployed from a copy of the file using the --ini option.
- Assigning a keystore for HTTPS connections disables HTTP access and enables HTTPS access only to JOC Cockpit. The same port is alternatively used for HTTP and HTTPS connections.
- For automating the creation of keystores see JS7 - How to add SSL TLS Certificates to Keystore and Truststore.
--keystore-password
- Specifies the password for access to the keystore. Use of a keystore password is required.
--keystore-alias
- If a keystore holds more than one private key, for example if separate pairs of private keys/certificates for server authentication and client authentication exist, then it is not determined which private key/certificate will be used. The alias name of a given private key/certificate is specified when the entry is added to the keystore. The alias name allows to indicate a specific private key/certificate to be used.
--truststore
- Specifies the path to a PKCS12 truststore file that holds the certificate(s) for HTTPS connections from JOC Cockpit to a Controller instance, LDAP server etc.
- Users are free to specify any file name, typically the name https-truststore.p12 is used. The truststore file will be copied to the <home>/jetty_base/resources/joc directory.
- If a truststore file is made available then the JOC Cockpit's <home>/jetty_base/start.d/ssl.ini file has to hold a reference to the truststore location and optionally the truststore password. It is therefore recommended to use the --ini option to deploy an individual ssl.ini file. The following settings are automatically updated in the ssl.ini file:
  - jetty.sslContext.trustStorePath: specifies the path to the truststore relative to the <home>/jetty_base/resources/joc directory.
- Further settings in the ssl.ini file such as the truststore password have to be deployed from a copy of the file using the --ini option.
- For automating the creation of truststores see JS7 - How to add SSL TLS Certificates to Keystore and Truststore.
--truststore-password
- Specifies the password for access to the truststore. Use of a password is recommended as it is not primarily intended to protect access to the truststore. The password is intended to allow verification that truststore entries have been added using the same password.
--java-home
- Specifies the Java home directory that will be made available to JOC Cockpit from the JAVA_HOME environment variable.
--java-options
- Specifies the Java options that will be made available to JOC Cockpit from the JAVA_OPTIONS environment variable.
- Java options can be used for example to specify Java heap space settings for JOC Cockpit.
- If more than one Java option is used then the value has to be quoted, for example --java-options="-Xms256m -Xmx512m".
--service-dir
- Specifies the systemd service directory to which the JOC Cockpit's service file will be copied if the --make-service switch is used.
- By default the a/usr/lib/systemd/system will be used. Users can specify an alternative location.
--service-file
- Specifies the path to a systemd service file that acts as a template and that is copied to the JOC Cockpit's <home>/jetty/bin directory.
- Users are free to choose any file name as a template for the service file. The resulting service file name will be joc.service.
- The JOC Cockpit Installation Script will perform replacements in the service file to update paths to be used.
--service-name
- Specifies the name of the systemd service that will be created if the --make-service switch is used.
- By default the service name js7_joc will be used.

Switches

-h | --help
- Displays usage.
--no-install
- Specifies if the Installation Script should be used to update configuration items without changes to the binary files of the installation.
  In fact no installation is performed but configuration changes as for example specified with the --keystore argument will be applied.
--uninstall
- Uninstalls the JOC Cockpit including the steps to stop & remove a running JOC Cockpit service and to remove the <home> and <data> directories.
-u | --as-user
- Installs the JOC Cockpit configuration directory for the current user account, the installation directory is created by the root account using sudo. This switch corresponds to use of ./setup.sh -u joc_install.xml, see the JS7 - JOC Cockpit - Headless Installation on Linux and Windows for more information.
-E | --preserve-env
- When installing for the current user account using the -u switch then environment variables are preserved when switching to the root account using sudo -E. This switch corresponds to use of ./setup.sh -u -E joc_install.xml.
--no-jetty
- Skips installing the Jetty Servlet Container. This option can be used if users wish to operate JOC Cockpit form a different Servlet Container such as Tomcat.
--show-logs
- Displays the log output created by the script if the --log-dir option is used.
--make-dirs
- If directories are missing that are indicated with the --home, --backup-dir or --log-dir options then they will be created.
--make-service
- Specifies that a systemd service should be created for JOC Cockpit. The service will be created from the --service-name option or its default value.
--restart
- Stops a running JOC Cockpit before installation and starts the JOC Cockpit after installation using the JOC Cockpit's Start Script. This switch can be used with the --kill switch to control the way how JOC Cockpit is terminated. This switch is ignored if the --exec-start and --exec-stop options are used.
--kill
- Kills a running JOC Cockpit if used with the --restart switch.

Exit Codes

- 1: argument errors
- 2: non-recoverable errors
- 3: this exit code is returned when used with the --restart switch and if it cannot be identified if a JOC Cockpit instance is running
- 4: this exit code is returned if no --tarball option is used and download of the tarball reports errors
- 5: this exit code is returned when used with the --restart switch and if the JOC Cockpit instance cannot be started
- 6: this exit code is returned when used with the --restart switch and if the JOC Cockpit instance cannot be stopped
- 7: this exit code indicates that the JOC Cockpit systemd service could not be started or stopped when using the --exec-start="StartService" or --exec-stop="StopService" options.
- 8: this exit code indicates that the JOC Cockpit installation has failed
- 9: this exit code indicates failure of the JOC Cockpit installation from logs

Replacements

The JOC Cockpit Installation Script performs replacements of settings in configuration files by option values, for details see chapter Replacements.

Examples

The following examples represent typical use cases. Users should consider to specify current releases, see JS7 - Download.