Project

General

Profile

Wiki » Documentation » Installation Configuration and Administration Guide » Directory Configuration Reference »

Batch Process

To start a legacy batch client in FWD, is required to configure a FWD process account and its associated certificate. Depending on how this batch process will be launched, there is optionally some additional configuration required. For more details on the facility, please see Batch Processes.

Defining a Process Account

It is mandatory to create an account for each separate batch process. There is a one to one mapping between a specific program (e.g. converted .p or some hand written Java code) and a given batch process. Multiple instances of the same batch process can be launched using the same FWD account.

The Process Configuration describes in detail how to configure a process account in the directory. Here are the specifics to configure a batch process.

All process accounts are configured under the /security/accounts/processes node. The generic structure for this node is:

<node class="container" name="security">
   <node class="container" name="accounts">
      <node class="container" name="processes">
         <node class="process" name="batch_process_account">
            <node-attribute name="enabled" value="TRUE"/>
            <node-attribute name="alias" value="batch_process_account_alias"/>
            <node-attribute name="description" value="This is a process for a batch program" />
            <node-attribute name="server" value="FALSE"/>
            <node-attribute name="master" value="FALSE"/>
         </node>
      </node>
   </node>
</node>

Here, replace:

  • batch_process_account with the unique FWD process account name for this batch process.
  • batch_process_account_alias with the unique name for the certificate alias (do not reuse the certificate from another process).

For both, use lowercase names and do not insert any whitespace.

Configuring Certificates

Once this process account is added, its certificate needs to be configured. It is mandatory to that every batch process account needs its own unique certificate. There is a one to one mapping between a unique certificate and a given batch process.

This can be done in two ways:

  1. If the root CA and other certificates were already generated using Cryptography Setup Helper, then run this tool again. If you want to launch the batch processes via the @ClientDriver, make sure to export the private key and certificates in external stores, not just the directory. For (re)generating the SSL certificate for a batch process account, the following command can be used:
    java -classpath path/to/p2j.jar com.goldencode.p2j.security.SSLCertGenUtil -dir directory.xml --reuse-passwords yes --server-id standard --reuse-ca yes --build-alias-certs [target-certificate-alias] --private-key-password [root-CA-private-key-password]

    where:
    • [target-certificate-alias] needs to be replaced with the certificate alias for the batch process
    • [root-CA-private-key-password] needs to be replaced with the root CA private-key password, as it was encrypted in the directory (the self-signed root CA private-key is kept encrypted in the directory, but its password is not saved). Warning: if executing this command from a shell, some characters may require to be escaped for this command to work properly (in Unix, characters like $, & need to be escaped with \).
  2. If the certificates were generated by other means, they need to be imported into the directory. This can be done via the Administration Console.

Setup for Server-Side Launching

There are 3 ways to start a batch process. Two of the launching mechanisms are implemented by the FWD Application Server:

  • Automatic launching via the Scheduler (which is a replacement for "cron")
  • Manual or scripted invocation of the ServerDriver Java class using the -b<batch_process_account_name> argument.

In both cases, the batch process is spawned by the FWD server and this requires some configuration which is described in Spawner_Setup_and_Configuration. If the batch process will be launched via the ClientDriver (the 3rd mechanism for launching), then this server-side configuration is not necessary.

For a batch process, this spawner configuration needs to be setup under the /server/<server-id>/runtime/<batch_process_account>/clientConfig. <server-id> is the identifier for the FWD server - usually standard and <batch_process_account> must be replaced with the process account name defined previously.

An example of this configuration is:

        <node class="container" name="clientConfig">
          <node class="string" name="cfgOverrides">
            <node-attribute name="value" value="client:mode:batch=true client:driver:background=true client:cmd-line-option:startup-procedure=batch_program_name.p"/>
          </node>
          <node class="string" name="systemUser">
            <node-attribute name="value" value="[os-user]"/>
          </node>
          <node class="string" name="systemPassword">
            <node-attribute name="value" value="[os-password]"/>
          </node>
          <node class="boolean" name="secure">
            <node-attribute name="value" value="TRUE"/>
          </node>
          <node class="string" name="spawner">
            <node-attribute name="value" value="/home/bogus/spawner/spawn"/>
          </node>
          <node class="string" name="outputToFile">
            <node-attribute name="value" value="client_batch_test_%pid%_%userid%_%timestamp%.log"/>
          </node>
          <node class="string" name="workingDir">
            <node-attribute name="value" value="/home/bogus/run/client/"/>
          </node>
          <node class="string" name="configFile">
            <node-attribute name="value" value="client.xml"/>
          </node>
        </node>

Where:

  • client:cmd-line-option:startup-procedure specifies the converted program to executed by this batch program - change batch_program_name.p to the relevant program.
  • [os-user] and [os-password] must be set to the OS user under which this batch process will execute. The systemPassword is mandatory only if the batch client is ran on Windows OS, and this represents the system password used to authenticate the specified user. This can be encrypted using the spawner tool, as specified in the Installing the Spawn Tool section.
  • workingDir must be set to the directory where the batch process will run
  • spawner must be the proper path for the spawner, used to launch the FWD batch process.
  • configFile contains other settings for the batch program. For example, if the certificate/private-key are in external stores, this will be specified in client.xml (otherwise, the certificate/private-key will be read from the directory). Note that client.xml must be a path that is relative to workingDir or it must be an absolute path.

© 2004-2022 Golden Code Development Corporation. ALL RIGHTS RESERVED.