21.2.1 Setting the procedure for restricting connections to JP1/AJS3

The following describes the setting procedure for restricting connection to JP1/AJS3.

Organization of this subsection

(1) Setting the procedure
(2) Environment setting parameter
(3) The connection permission configuration file

(1) Setting the procedure

Copy the model file of the connection permission configuration file to the environment settings file storage folder.

For details about the model file and the environment settings file storage folder, see (3) The connection permission configuration file.
Change the name of the copied file to the specified name.

For details about the file names, see (3) The connection permission configuration file.
Use a text editor to edit the file.

In Windows, use a text editor such as Notepad for editing. In UNIX, use a text editor such as vi for editing.

Set the IP address of the hosts that you want to permit to connect in the connection permission configuration file.

For details about how to set the connection permission configuration file, see 21.2.2 How to set the connection permission configuration file.
Change the access permission of the connection permission configuration file.

The access permission of the model file is inherited as the permission of the storage folder. You need to change the access permission of the file so that general users will not be able to access or edit the file.
Stop the following service:

In Windows:

In Windows Control Panel, open the Services administrative tool, and stop the following service:

- JP1/AJS3 service

- JP1/AJS3 Queueless Agent service^#

In UNIX:

Execute the following commands to stop the JP1/AJS3 service, and then make sure that all processes are stopped:

# /opt/jp1ajs2/bin/jajs_spmd_stop

# /opt/jp1ajs2/bin/jajs_spmd_status

# /opt/jp1ajs2/bin/ajsqlstop^#

# /opt/jp1ajs2/bin/ajsqlstatus^#

#:

This operation needs to be executed only if queueless jobs are used.

On the logical host, detach the logical host from the queueless agent service by using an ajsqldetach command or another method, without stopping the Service.
Execute the following command to set the environment setting parameters described in (2) below:
```
jajs_config -k definition-key "parameter-name"=value
```
Restart the services that you stopped in step 5.

The new settings are applied.

If you detached the logical host from the queueless agent service in step 5, execute the ajsqlattach command to attach the logical host.

(2) Environment setting parameter

Table 21‒7: Environment setting parameter for setting whether restricting access to JP1/AJS3 is to be enabled or disabled
Definition key	Environment setting parameter	Explanation
`[{JP1_DEFAULT\|logical-host}\JP1AJS2COMMON]`^#	`"CONNECTIONRESTRICTION"=`	Setting for whether restricting connection is to be enabled or disabled

#:: The specification of the {JP1_DEFAULT|logical-host} part depends on whether the host is a physical host or a logical host. For a physical host, specify JP1_DEFAULT. For a logical host, specify the logical host name.

For details about the definition of this environment setting parameter, see 20.11.2(5) CONNECTIONRESTRICTION.

Note that messages related to restricting connections are not output to the log by default. To output these messages to the log, you need to set the following environment setting parameters.

Table 21‒8: Environment setting parameter for outputting messages related to restricting connections to JP1/AJS3 to the log
Definition key	Environment setting parameter	Explanation
`[{JP1_DEFAULT\|logical-host}\JP1AJSMANAGER]`^#	`"CONRESTRICTLOG"=`	Setting for whether connection restriction log data is to be output to the scheduler log
`[{JP1_DEFAULT\|logical-host}\JP1AJSMANAGER]`^#	`"CONRESTRICTSYSLOG"=`	In Windows: Setting for whether connection restriction log data is to be output to the Windows event log In UNIX: Setting for whether connection restriction log data is to be output to the syslog

#:: The specification of the {JP1_DEFAULT|logical-host} part depends on whether the host is a physical host or a logical host. For a physical host, specify JP1_DEFAULT. For a logical host, specify the logical host name.

For details about the definition of these environment setting parameters, see the following:

To Page Top

(3) The connection permission configuration file

The following describes folders and files related to the connection permission configuration file.

(a) The environment settings file storage folder

Store the connection permission configuration file in the following environment settings file storage folder:

In Windows:

For a physical host:

JP1/AJS3 - Manager

JP1/AJS3 - Manager-installation-folder\conf
JP1/AJS3 - Agent

JP1/AJS3 - Agent-installation-folder\conf

For a logical host:

shared-folder\jp1ajs2\conf

In UNIX:

For a physical host:: /etc/opt/jp1ajs2/conf/
For a logical host:: shared-directory/jp1ajs2/conf/

(b) Name of the connection permission configuration file

Specify the name of the connection permission configuration file as follows:

Manager connection permission configuration file: permitted_host_manager.conf
Agent connection permission configuration file: permitted_host_agent.conf

(c) The model file of the connection permission configuration file

The following table lists the model file of the connection permission configuration file.

Table 21‒9: The model file of the connection permission configuration file
Installed product	The model file of the manager connection permission configuration file	The model file of the agent connection permission configuration file
JP1/AJS3 - Manager	In Windows: `JP1/AJS3 - Manager-installation-folder\conf\permitted_host_manager.conf.model` In UNIX: `/etc/opt/jp1ajs2/conf/permitted_host_manager.conf.model`	In Windows: `JP1/AJS3 - Manager-installation-folder\conf\permitted_host_agent.conf.model` In UNIX: `/etc/opt/jp1ajs2/conf/permitted_host_agent.conf.model`
JP1/AJS3 - Agent	--	In Windows: `JP1/AJS3 - Agent-installation-folder\conf\permitted_host_agent.conf.model` In UNIX: `/etc/opt/jp1ajs2/conf/permitted_host_agent.conf.model`

Legend:: -- : Not applicable

To Page Top