21.2.1 Setting the procedure for restricting connections to JP1/AJS3
The following describes the setting procedure for restricting connection to JP1/AJS3.
- Organization of this subsection
(1) Setting the procedure
-
Copy the model file of the connection permission configuration file to the environment settings file storage folder.
For details about the model file and the environment settings file storage folder, see (3) The connection permission configuration file.
-
Change the name of the copied file to the specified name.
For details about the file names, see (3) The connection permission configuration file.
-
Use a text editor to edit the file.
In Windows, use a text editor such as Notepad for editing. In UNIX, use a text editor such as vi for editing.
Set the IP address of the hosts that you want to permit to connect in the connection permission configuration file.
For details about how to set the connection permission configuration file, see 21.2.2 How to set the connection permission configuration file.
-
Change the access permission of the connection permission configuration file.
The access permission of the model file is inherited as the permission of the storage folder. You need to change the access permission of the file so that general users will not be able to access or edit the file.
-
Stop the following service:
- In Windows:
-
In Windows Control Panel, open the Services administrative tool, and stop the following service:
- JP1/AJS3 service
- JP1/AJS3 Queueless Agent service#1
- JP1/AJS3 System Control Manager service#2
- JP1/AJS3 System Control Agent service#2
- In UNIX:
-
Execute the following commands to stop the JP1/AJS3 service, and then make sure that all processes are stopped:
# /opt/jp1ajs2/bin/jajs_spmd_stop
# /opt/jp1ajs2/bin/jajs_spmd_status
# /opt/jp1ajs2/bin/ajsqlstop#1
# /opt/jp1ajs2/bin/ajsqlstatus#1
# /opt/jp1ajs2/bin/ajssysctlstop#2
# /opt/jp1ajs2/bin/ajssysctlstatus#2
- #1:
-
This operation needs to be executed only if queueless jobs are used.
On the logical host, detach the logical host from the queueless agent service by using an ajsqldetach command or another method, without stopping the Service.
- #2:
-
You only need to execute these commands when using the Web GUI (Management Portal).
-
Execute the following command to set the environment setting parameters described in (2) below:
jajs_config -k definition-key "parameter-name"=value
-
Restart the services that you stopped in step 5.
The new settings are applied.
If you detached the logical host from the queueless agent service in step 5, execute the ajsqlattach command to attach the logical host.
(2) Environment setting parameter
Definition key |
Environment setting parameter |
Explanation |
---|---|---|
[{JP1_DEFAULT|logical-host}\JP1AJS2COMMON]# |
"CONNECTIONRESTRICTION"= |
Setting for whether restricting connection is to be enabled or disabled |
- #:
-
The specification of the {JP1_DEFAULT|logical-host} part depends on whether the host is a physical host or a logical host. For a physical host, specify JP1_DEFAULT. For a logical host, specify the logical host name.
For details about the definition of this environment setting parameter, see 20.11.2(5) CONNECTIONRESTRICTION.
Note that messages related to restricting connections are not output to the log by default. To output these messages to the log, you need to set the following environment setting parameters.
Definition key |
Environment setting parameter |
Explanation |
---|---|---|
[{JP1_DEFAULT|logical-host}\JP1AJSMANAGER]# |
"CONRESTRICTLOG"= |
Setting for whether connection restriction log data is to be output to the scheduler log |
"CONRESTRICTSYSLOG"= |
|
|
[JP1_DEFAULT\JP1AJS2\CONTROL\MANAGER] |
"CONRESTRICTSYSLOG"= |
|
- #:
-
The specification of the {JP1_DEFAULT|logical-host} part depends on whether the host is a physical host or a logical host. For a physical host, specify JP1_DEFAULT. For a logical host, specify the logical host name.
For details about the definition of these environment setting parameters, see the following:
(3) The connection permission configuration file
The following describes folders and files related to the connection permission configuration file.
(a) The environment settings file storage folder
Store the connection permission configuration file in the following environment settings file storage folder:
- In Windows:
-
- For a physical host:
-
-
JP1/AJS3 - Manager
JP1/AJS3 - Manager-installation-folder\conf
-
JP1/AJS3 - Agent
JP1/AJS3 - Agent-installation-folder\conf
-
- For a logical host:
-
shared-folder\jp1ajs2\conf
- In UNIX:
-
- For a physical host:
-
/etc/opt/jp1ajs2/conf/
- For a logical host:
-
shared-directory/jp1ajs2/conf/
(b) Name of the connection permission configuration file
Specify the name of the connection permission configuration file as follows:
- Manager connection permission configuration file
-
permitted_host_manager.conf
- Agent connection permission configuration file
-
permitted_host_agent.conf
(c) The model file of the connection permission configuration file
The following table lists the model file of the connection permission configuration file.
Installed product |
The model file of the manager connection permission configuration file |
The model file of the agent connection permission configuration file |
---|---|---|
JP1/AJS3 - Manager |
|
|
JP1/AJS3 - Agent |
-- |
|