Scheduler conf/texis.ini Section

This section of conf/texis.ini controls the Vortex script scheduler (see the Texis Web Script manual for more details on the Vortex scheduler). Vortex scheduling was added in version 3.01.985400000 Mar 23 2001. In version 6 and later, the schedule server can also accept <vxcp applylicense> requests to update the license; see the [License Update] section for settings in addition to these.

Listen
Default: 127.0.0.1:10005 and [::1]:10005 (port 10006 if [Scheduler] SSL Engine is on)
Format: [IP:]port
Local port and optional IP address to listen to for Vortex script scheduling and other Texis Monitor requests. The address, if given, is separated from the port with a colon; an IPv6 address (but not the port-separator colon) must be in square brackets. If only a port is given, the default addresses are 127.0.0.1 and (if version 8+ and OS supports IPv6) ::1, so that only the local host can schedule scripts, or apply licenses via <vxcp applylicense> (though note that the password-protected Webinator GUI, which uses applylicense, is accessible remotely). The default port, if no Listen setting(s) are given, is 10005, unless [Scheduler] SSL Engine is on, in which case the default port is 10006 to avoid erroneous requests to the wrong-protocol port.

Note: this setting should not be set to an IP address accessible from outside the machine, for security. May be given multiple times to listen on multiple ports and/or addresses. Added in version 8.

Bind Address
Default: 127.0.0.1 in version 7 and earlier; unset in version 8 and later

Note: This setting is deprecated and will be removed in a future release; use Listen instead, which overrides Bind Address and Port.

The IP address to bind the Vortex script schedule/license server (in the Texis Monitor) to. There is no default; the Listen default applies instead.

Port
Default: 10005 in version 7 and earlier (10006 if [Scheduler] SSL Engine is set on); unset in version 8 and later

Note: This setting is deprecated and will be removed in a future release; use Listen instead, which overrides Bind Address and Port.

The TCP port to bind the Vortex script schedule server (in the Texis Monitor) to. There is no default; the Listen default applies instead.

Run Level
Default: 1
Sets the run level for the schedule server. It is an integer bit-wise OR of the following flags:

  • 0x01: Run the schedule server. (Previous to version 7.00.1368582000 20130514, this also controlled whether to reply to schedule requests and run scheduled Vortex scripts too; that is now controlled via [Scheduler] Services.)

  • 0x02: Exit the monitor if the schedule server fails to start (e.g. cannot bind to server port). Normally startup errors are reported but the monitor process continues.

See also the same-name setting in the [Monitor] section.

Services
Default: schedule createlocks licenseinfo
A space-separated token list of services to provide via the schedule server. One or more of the following:

  • schedule: Vortex script schedule requests, and run scheduled scripts

  • status: Respond to status GET requests.

  • createlocks: Support creating locks for databases.

Added in version 7.00.1372118000 20130624. Creating locks for databases is generally only needed under Windows 2008 and later OSes, where special privileges (generally only held by e.g. the SYSTEM user) may be needed to create or access the lock structure of a database, which uses a global file mapping. Texis clients (running as a low-privilege user) may ask the Texis Monitor (running as the SYSTEM user as a service) to create the locks on their behalf.

Note that the apply-license service is controlled by [License Update] User.

Init Delay
Default: 60
The minimum one-time delay, in seconds, from schedule server monitor process start until the first job is run. This can help avoid potential unchecked race conditions on system boot that jobs might have with other services. Added in version 8.01.1702672929 20231215; in previous versions it was effectively 0. Note that the actual delay might be up to 60 seconds longer than this setting, due to jobs being started on the (wall-clock) minute.

Job Delay
Default: 10
The minimum delay, in seconds, between successive job starts. This can help alleviate "thundering herd" issues when many jobs scheduled at the same time would otherwise start up simultaneously and load the system. Added in version 8.01.1706136865 20240124; in previous versions it was effectively 0.

Verbose
Default: 0
When to issue certain trace/debug messages for the schedule server. Added in version 5.01.1257469000 20091105. It is a bit-wise OR integer value of the following flags:

  • 0x01: Script start messages

  • 0x02: Script exit messages

  • 0x04: Script scheduling messages

  • 0x08: Script un-scheduling messages

  • 0x10: Createlocks requests

  • 0x20: Server requests/responses (schedule/createlocks/update-license/etc.)

  • 0x40: Periodic SYSSCHEDULE checks to run jobs

  • 0x80: List SYSSCHEDULE entries at each check

Bit flags 0x02, 0x04, 0x08 were added in version 6.00.1282172000 20100818. 0x10 was added in version 7.00.1372118000 20130624. 0x40 was added in version 8.01.1694805736 20230915. See also [Scheduler] Trace Requests (here).

Job Mutex
Default: NULL
Windows only: name of mutex for job arbitration. Defaults to NULL, i.e. use an internal server-only mutex. Generally changed only at request of tech support.

Job Mutex Timeout
Default: 10.0 in version 8.01.1710182729 20240311 and later, 1.0 in prior versions
Windows only: job mutex timeout value, in seconds. Can be INFINITE for no timeout (not recommended). Generally changed only at request of tech support. Added in version 5.01.1257457000 20091105.

New Job Event
Default: NULL
Windows only: name of event for new job triggers. Defaults to NULL, i.e. use an internal server-only event. Generally changed only at request of tech support.

Texis
Default: %BINDIR%/texis (plus ....exe under Windows)
The path to the Vortex executable (and arguments) to run scheduled Vortex scripts.

SSL Engine
Default: optional if [License Update] User set, else off
Whether to use secure sockets (SSL) for incoming <schedule>/ license-update-GUI connections. One of three values:

  • off: Listen for HTTP requests, do not use SSL. None of the following SSL settings are used.

  • optional: Listen for HTTP requests, but upgrade to SSL if client agrees via Upgrade header.

  • on: Listen for HTTPS requests (use SSL).

The default is optional if [License Update] User is set (here), off if unset. This provides HTTP back-compatibility for Vortex <schedule> requests and security for <vxcp applylicense> requests. If set to on, the default Listen port (Port is deprecated in version 8 and later) becomes 10006 instead of 10005, to avoid protocol confusion (much like HTTP and HTTPS have different ports). Added in version 6. If there is a problem initializing the SSL layer, an error such as "SSL disabled for schedule/license server due to previous errors" may result in monitor.log, after other errors (e.g. failed to load certificate): the server will continue to run, but as if SSL Engine was off. See also the [License Update] Require Secure setting, here.

SSL Pass Phrase Dialog
Default: off
How to prompt for passwords when needed for loading password-protected certificate keys for the <schedule>/license-update-GUI server. Can be:

  • off: Do not prompt; password-protected keys will not be loaded.

  • builtin: Use the built-in prompter: ask for password at Texis Monitor startup. This requires that the monitor be started interactively, i.e. from the command line.
The default is off, so that the monitor may always start unimpeded, even from the command line when password prompting might be possible. See the equivalent setting in the monitor web server section - [Httpd] SSL Pass Phrase Dialog (here) - for more details.

SSL Certificate File
Default: %INSTALLDIR%/conf/ssl/certs/licensemonitor.cert
The path to the SSL server certificate file (in PEM format) to use for the <schedule>/license-update-GUI server.

Note that the certificate file, if it exists, is usually a self-signed certificate created automatically by the Texis/Webinator installer, since the schedule server typically is bound to the local host only (see Listen here), and in any event only serves <schedule> / <vxcp applylicense> requests, not public Web requests. See the equivalent setting in the monitor web server section - [Httpd] SSL Certificate File (here) - for more details.

SSL Certificate Key File
Default: unset (%INSTALLDIR%/conf/ssl/keys/licensemonitor.key in versions before 6.00.1317693000 20111003)
The path to the SSL certificate private key file (in PEM format) that corresponds to the SSL Certificate File certificate. The scheduler SSL certificate key is usually created automatically by the Texis/Webinator installer. See the equivalent setting in the monitor web server section - [Httpd] SSL Certificate Key File (here) - for more details.

SSL Certificate Chain File
Default: unset
Optional path to <schedule>/license-update-GUI server certificate's CA (certificate authority) chain file, PEM format. For the <schedule>/license-update-GUI server, a CA chain file is usually not needed, as the Texis/Webinator installer-created certificate is self-signed, and no web browsers contact the server. See the equivalent setting in the monitor web server section - [Httpd] SSL Certificate Chain File (here) - for more details.

SSL CA Certificate File
Default: unset
Optional file with trusted CA certificates (PEM format), used by <schedule>/license-update-GUI server for authentication of clients. This setting is usually left unset and SSL authentication of clients not performed, as the <schedule>/license-update-GUI server is usually accessible only locally, and higher-level protocols perform authentication. See the equivalent setting in the monitor web server section - [Httpd] SSL CA Certificate File (here) - for more details.

SSL CA DN Request File
Default: unset
Optional file with CA certificates (PEM format) whose names are sent to the client when the client certificate is requested by the <schedule>/license-update-GUI server, during authentication of clients (see SSL Verify Client). This setting is usually left unset and SSL authentication of clients not performed, as the <schedule>/license-update-GUI server is usually accessible only locally, and higher-level protocols perform authentication. See the equivalent setting in the monitor web server section - [Httpd] SSL CA DN Request File (here) - for more details.

SSL Verify Client
Default: off
Whether the <schedule>/license-update-GUI server should authenticate SSL clients. This setting is usually left unset and SSL authentication of clients not performed, as the <schedule>/license-update-GUI server is usually accessible only locally, and higher-level protocols perform authentication. See the equivalent setting in the monitor web server section - [Httpd] SSL Verify Client (here) - for more details.

SSL Verify Depth
Default: 1
The max client certificate chain depth to verify, if client verification is performed (see SSL Verify Client).

SSL Protocol
Default: all -SSLv2 -SSLv3 (in versions before 7.02.1413403000 20141015: all -SSLv2)
Which SSL protocol(s) to use when SSL is active for the <schedule>/license-update-GUI server. One or more of the space-separated protocols SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3, or all for all protocols. An action may be optionally prefixed to any protocol: + to add the protocol to the enabled list, - to remove, or = to set (enable just this protocol - this is the default action). Setting added in version 6. Prior to version 7.03, TLSv1.1 and TLSv1.2 were unsupported. Prior to version 7.07, TLSv1.3 was unsupported.) Note that support for some (e.g. vulnerable) protocols may end in some Texis versions, depending on the concurrent OpenSSL libs' support: e.g. SSLv2 is no longer supported in OpenSSL 1.1.0 and later (used in Texis version 7.06.1534958000 20180822 and later).

SSL Cipher Suite
Default: unset
Which SSL ciphers to use when SSL is active for the <schedule>/license-update-GUI server. The syntax is the same as for the Apache SSLCipherSuite directive, which uses the OpenSSL ciphers tool syntax for ciphers. Note that support for some (e.g. vulnerable) ciphers may end in some Texis versions, depending on the concurrent OpenSSL libs' support: e.g. 40- and 56-bit ciphers are no longer supported in OpenSSL 1.1.0 and later (used in Texis version 7.06.1534958000 20180822 and later). Also, the list of ciphers classified as LOW, EXPORT etc. may change. Setting added in Texis version 7.06.1534958000 20180822. May be given multiply to set ciphers for multiple protocols.

In version 7.07 and later, an optional cipher group may be given as the first space-separated token in the setting value, to set the cipher list for that protocol group. The group may be SSL (the default) for protocols TLSv1.2 and below, or TLSv1.3 for TLSv1.3 ciphers; the cipher lists for the two groups are independent.

Trace Requests
Default: 0
Enable debug tracing of <schedule>/license-update-GUI server requests to monitor.log. This is an integer combination of bit flags to determine what is logged; see the <urlcp verbose> documentation for details, as this is the same format.

This setting is generally only set at the request of tech support. Some flags currently unsupported or only partially supported (e.g. some document flags). Added in version 5.01.1184720000 20070717. Previous to version 7.07.1545428000 20181221 only the request/response lines/headers flags existed, and were 4x (2 bit positions) smaller.

Flags supported:

  • 0x0004: Response lines

  • 0x0008: Request lines

  • 0x0010: Response headers

  • 0x0020: Request headers

  • 0x0040: Do response binary-MIME flags also, if text-like MIME

  • 0x0200: (Small) response raw document, if text-like MIME

  • 0x2000: (Medium) response raw document, if text-like MIME

Flags 0x2240 added in version 8.01.1694805736 20230915. See also [Scheduler] Verbose (here).

Trace Auth
Default: 0
Enable debug tracing of <schedule>/license-update-GUI server authorization in requests. This is an integer combination of bit flags in the same format as the Vortex <urlcp traceauth> setting. Generally only set at the request of tech support. Added in version 5.01.1184720000 20070717.

Max Conn Requests
Default: 2
Maximum number of requests to service on a Keep-Alive connection to the <schedule>/license-update-GUI server. The default is 2 to allow SSL Engine = optional security-upgrade connections to function. This value should be kept to a minimum to conserve resources in the monitor. -1 is unlimited. Added in version 6.

Max Conn Lifetime
Default: 5
Maximum lifetime of a Keep-Alive connection to the <schedule>/license-update-GUI server, in seconds. This value should be kept to a minimum to conserve resources in the monitor. -1 is unlimited. Added in version 6.

Max Conn Idle Time
Default: 3
Maximum idle (not-in-use) time of a Keep-Alive connection to the <schedule>/license-update-GUI server, in seconds. This value should be kept to a minimum to conserve resources in the monitor. -1 is unlimited. Added in version 6.

Copyright © Thunderstone Software     Last updated: Apr 15 2024

 

Copyright © 2024 Thunderstone Software LLC. All rights reserved.