Scheduler conf/texis.ini Section

This section of conf/texis.ini controls the Vortex script scheduler (see the Texis Web Script manual for more details on the Vortex scheduler). Vortex scheduling was added in version 3.01.985400000 Mar 23 2001. In version 6 and later, the schedule server can also accept <vxcp applylicense> requests to update the license; see the [License Update] section for settings in addition to these.

BindAddress
  The IP address to bind the Vortex script schedule/license server (in the Texis Monitor) to. This defaults to 127.0.0.1 so that only the local host can schedule scripts, or apply licenses via <vxcp applylicense> (though note that the password-protected Webinator GUI, which uses applylicense, is accessible remotely). If this address is not the loopback interface (no external network routing), a different one can be set to allow Vortex scripts to be scheduled. Note: this should not be set to an IP address accessible from outside the machine, for security.

Port
The TCP port to bind the Vortex script schedule server (in the Texis Monitor) to. Defaults to 10005. A different port can be set if this conflicts with existing servers. If SSL Engine is set to on, the default is 10006 instead, since the server will be listening for HTTPS not HTTP requests.

Run Level

Sets the run level for the schedule server. It is an integer bit-wise OR of the following flags:

  • 0x01: Run the schedule server. (Previous to version 7.00.1368582000 20130514, this also controlled whether to reply to schedule requests and run scheduled Vortex scripts too; that is now controlled via [Scheduler] Services.)

  • 0x02: Exit the monitor if the schedule server fails to start (e.g. cannot bind to server port). Normally startup errors are reported but the monitor process continues.

See also this setting in the [Monitor] section.

Services

A space-separated token list of services to provide via the schedule server. One or more of the following:

  • schedule: Vortex script schedule requests, and run scheduled scripts

  • status: Respond to status GET requests.

  • createlocks: Support creating locks for databases.

The default is schedule createlocks. Added in version 7.00.1372118000 20130624. Creating locks for databases is generally only needed under Windows 2008 and later OSes, where special privileges (generally only held by e.g. the SYSTEM user) may be needed to create or access the lock structure of a database, which uses a global file mapping. Texis clients (running as a low-privilege user) may ask the Texis Monitor (running as the SYSTEM user as a service) to create the locks on their behalf.

Note that the apply-license service is controlled by [License Update] User.

Verbose
When to issue certain trace/debug messages for the schedule server. Added in version 5.01.1257469000 20091105. It is a bit-wise OR integer value of the following flags:

  • 0x01: Script-start messages

  • 0x02: Script exit messages

  • 0x04: Script scheduling messages

  • 0x08: Script un-scheduling messages

  • 0x10: Createlocks requests

Bit flags 0x02, 0x04, 0x08 were added in version 6.00.1282172000 20100818. 0x10 was added in version 7.00.1372118000 20130624.

Job Mutex
Windows only: name of mutex for job arbitration. Defaults to NULL, i.e. use an internal server-only mutex. Generally changed only at request of tech support.

Job Mutex Timeout
Windows only: job mutex timeout value, in seconds. Defaults to 1.0. Can be INFINITE for no timeout (not recommended). Generally changed only at request of tech support. Added in version 5.01.1257457000 20091105.

New Job Event
Windows only: name of event for new job triggers. Defaults to NULL, i.e. use an internal server-only event. Generally changed only at request of tech support.

Texis

The path to the Vortex executable (and arguments) to run scheduled Vortex scripts. Defaults to texis.exe in the install directory under Windows, or bin/texis in the install directory under Unix.

SSL Engine

Whether to use secure sockets (SSL) for incoming <schedule>/ license-update-GUI connections. One of three values:

  • off: Listen for HTTP requests, do not use SSL. None of the following SSL settings are used.

  • optional: Listen for HTTP requests, but upgrade to SSL if client agrees via Upgrade header.

  • on: Listen for HTTPS requests (use SSL).

The default is optional if [License Update] User is set (here), off if unset. This provides HTTP back-compatibility for Vortex <schedule> requests and security for <vxcp applylicense> requests. If set to on, the default Port value becomes 10006 instead of 10005, to avoid protocol confusion (much like HTTP and HTTPS have different ports). Added in version 6. If there is a problem initializing the SSL layer, an error such as "SSL disabled for schedule/license server due to previous errors" may result in monitor.log, after other errors (e.g. failed to load certificate): the server will continue to run, but as if SSL Engine was off. See also the [License Update] Require Secure setting, here.

 

SSL Pass Phrase Dialog
How to prompt for passwords when needed for loading password-protected certificate keys for the <schedule>/license-update-GUI server. Can be:

  • off: Do not prompt; password-protected keys will not be loaded.

  • builtin: Use the built-in prompter: ask for password at Texis Monitor startup. This requires that the monitor be started interactively, i.e. from the command line.
The default is off, so that the monitor may always start unimpeded, even from the command line when password prompting might be possible. See the equivalent setting in the monitor web server section - [Httpd] SSL Pass Phrase Dialog (here) - for more details.

 

SSL Certificate File
The path to the SSL server certificate file (in PEM format) to use for the <schedule>/license-update-GUI server. The default is %INSTALLDIR%/conf/ssl/certs/licensemonitor.cert.

Note that the certificate file, if it exists, is usually a self-signed certificate created automatically by the Texis/Webinator installer, since the schedule server typically is bound to the local host only (see BindAddress here), and in any event only serves <schedule> / <vxcp applylicense> requests, not public Web requests. See the equivalent setting in the monitor web server section - [Httpd] SSL Certificate File (here) - for more details.

SSL Certificate Key File
The path to the SSL certificate private key file (in PEM format) that corresponds to the SSL Certificate File certificate. The scheduler SSL certificate key is usually created automatically by the Texis/Webinator installer. The default is unset (note that in versions prior to 6.00.1317693000 20111003, the default was %INSTALLDIR%/conf/ssl/keys/licensemonitor.key). See the equivalent setting in the monitor web server section - [Httpd] SSL Certificate Key File (here) - for more details.

SSL Certificate Chain File
Optional path to <schedule>/license-update-GUI server certificate's CA (certificate authority) chain file, PEM format. For the <schedule>/license-update-GUI server, a CA chain file is usually not needed, as the Texis/Webinator installer-created certificate is self-signed, and no web browsers contact the server. The default is unset. See the equivalent setting in the monitor web server section - [Httpd] SSL Certificate Chain File (here) - for more details.

SSL CA Certificate File
Optional file with trusted CA certificates (PEM format), used by <schedule>/license-update-GUI server for authentication of clients. This setting is usually left unset and SSL authentication of clients not performed, as the <schedule>/license-update-GUI server is usually accessible only locally, and higher-level protocols perform authentication. The default is unset. See the equivalent setting in the monitor web server section - [Httpd] SSL CA Certificate File (here) - for more details.

SSL CA DN Request File
Optional file with CA certificates (PEM format) whose names are sent to the client when the client certificate is requested by the <schedule>/license-update-GUI server, during authentication of clients (see SSL Verify Client). This setting is usually left unset and SSL authentication of clients not performed, as the <schedule>/license-update-GUI server is usually accessible only locally, and higher-level protocols perform authentication. The default is unset. See the equivalent setting in the monitor web server section - [Httpd] SSL CA DN Request File (here) - for more details.

SSL Verify Client
Whether the <schedule>/license-update-GUI server should authenticate SSL clients. This setting is usually left unset and SSL authentication of clients not performed, as the <schedule>/license-update-GUI server is usually accessible only locally, and higher-level protocols perform authentication. The default is off. See the equivalent setting in the monitor web server section - [Httpd] SSL Verify Client (here) - for more details.

SSL Protocol

Which SSL protocol(s) to use when SSL is active for the <schedule>/license-update-GUI server. One or more of the space-separated protocols SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3, or all for all protocols. An action may be optionally prefixed to any protocol: + to add the protocol to the enabled list, - to remove, or = to set (enable just this protocol - this is the default action). The default setting value is all -SSLv2 -SSLv3, i.e. enable all protocols except SSL/2.0 and SSL/3, which are known to be vulnerable. Setting added in version 6. (Prior to version 7.02.1413403000 20141015, the default was all -SSLv2. Prior to version 7.03, TLSv1.1 and TLSv1.2 were unsupported. Prior to version 7.07, TLSv1.3 was unsupported.) Note that support for some (e.g. vulnerable) protocols may end in some Texis versions, depending on the concurrent OpenSSL libs' support: e.g. SSLv2 is no longer supported in OpenSSL 1.1.0 and later (used in Texis version 7.06.1534958000 20180822 and later).

SSL Cipher Suite

Which SSL ciphers to use when SSL is active for the <schedule>/license-update-GUI server. The syntax is the same as for the Apache SSLCipherSuite directive, which uses the OpenSSL ciphers tool syntax for ciphers. Note that support for some (e.g. vulnerable) ciphers may end in some Texis versions, depending on the concurrent OpenSSL libs' support: e.g. 40- and 56-bit ciphers are no longer supported in OpenSSL 1.1.0 and later (used in Texis version 7.06.1534958000 20180822 and later). Also, the list of ciphers classified as LOW, EXPORT etc. may change. Setting added in Texis version 7.06.1534958000 20180822.

In version 7.07 and later, an optional cipher group may be given as the first space-separated token in the setting value, to set the cipher list for that protocol group. The group may be SSL (the default) for protocols TLSv1.2 and below, or TLSv1.3 for TLSv1.3 ciphers; the cipher lists for the two groups are independent.

Trace Requests
Enable debug tracing of <schedule>/license-update-GUI server requests to monitor.log. This is an integer combination of the following bit flags to determine what is logged (same format as <urlcp verbose>):
bit 0
- Responses read
bit 1
- Requests sent
bit 2
- Headers read
bit 3
- Headers sent

The default is 0, i.e. no logging. Generally only set at the request of tech support. Added in version 5.01.1184720000 20070717.

Trace Auth
Enable debug tracing of <schedule>/license-update-GUI server authorization in requests. This is an integer combination of bit flags in the same format as the Vortex <urlcp traceauth> setting. Generally only set at the request of tech support. Added in version 5.01.1184720000 20070717.

Max Conn Requests

Maximum number of requests to service on a Keep-Alive connection to the <schedule>/license-update-GUI server. The default is 2 to allow SSL Engine = optional security-upgrade connections to function. This value should be kept to a minimum to conserve resources in the monitor. -1 is unlimited. Added in version 6.

Max Conn Lifetime

Maximum lifetime of a Keep-Alive connection to the <schedule>/license-update-GUI server, in seconds. The default is 5. This value should be kept to a minimum to conserve resources in the monitor. -1 is unlimited. Added in version 6.

Max Conn Idle Time

Maximum idle (not-in-use) time of a Keep-Alive connection to the <schedule>/license-update-GUI server, in seconds. The default is 3. This value should be kept to a minimum to conserve resources in the monitor. -1 is unlimited. Added in version 6.


Copyright © Thunderstone Software     Last updated: Dec 10 2018
Copyright © 2019 Thunderstone Software LLC. All rights reserved.