Scenarios
The scenarios described below give detailed information for each case. The detailed information is intended to be used together with the generic instructions above.
Scenario 1: Using a specific JRE when launching an application
In this scenario, assume you want all grid nodes belonging to a particular grid application to be running in JVMs from a specific JRE. The rest of the Grid and other applications should not be affected. Typical reasons for wanting to do this may be that the application only works using a specific patch level or a JRE from a specific vendor.
In this scenario, assume that:
-
The grid host is named HOST1
-
HOST1 has a JRE installed on the following path "C:\Program Files\Java\jre8".
-
The grid application APP1 is deployed on HOST1
To use a specific JRE when launching an application
-
Create a script file on the grid host (HOST1), for example, C:\GridNodeStartScript\StartNodeJRE8.cmd, containing the following single line:
"C:\Program Files\Java\jre8\bin\java.exe" %*As can be seen, the script line simply targets java.exe in the JRE that was wanted, and by the use of "%*" at the end of the line, it makes sure to propagate all arguments that were passed to the script.
-
Configure the application to use the script by editing the Java Executable grid property. Use the following values:
-
Override in the context of an application (APP1 in this case).
-
In the matrix, identify the host column belonging to the host (HOST1) and click on the value link in the first row (the application level row).
-
Enter the following path in the dialog box:
C:/GridNodeStartScript/StartNodeJRE8.cmd. Remember to use forward slashes in the path.
The application nodes should now be launched using the specified script on HOST1.
-
Scenario 2: Running grid nodes belonging to an application as a specific user
Grid nodes are started using the same OS user that the grid agent is running as. Normally, an application is not concerned about this user. It is a user that was specified when the Grid was created, and it should work appropriately. However, if a particular application has to be running as another user, problems can occur. The Grid is intended to run multiple applications in the same Grid, so a particular application can’t be allowed to change the user that the entire Grid is using since that would impact the other applications. In this case, you need to launch nodes belonging to just this particular application by using another user.
Doing this in a safe way can be tricky since it may require that user names and passwords are hard coded in script files. However, that is not something that can be recommended for security reasons. Because of these challenges, there are no recommendations for this case, but general observations can be noted.
On a UNIX platform, you have the sudo command and on Windows you have the run as command that can be used to start processes as another user. Neither of them accepts that passwords are passed to them from the command line. This is good since hard coding passwords in script files should be avoided.
Third-party tools that are similar to the Windows run as command and also accept a password on the command line exist. However, these are not recommended by Infor for the reasons mentioned above, even though they would technically solve the problem. Some of the third-party tools support encryption of the password information. Potentially those tools may provide a secure way of solving this problem, but Infor does not give any recommendations in this area.
Giving the user access to the configuration area
If a particular user is used to run all or some of the grid nodes, it is crucial that the user has sufficient security rights in the grid configuration area. The topic, Changing the Grid Service user, describes how to change the directory security. The information is for Windows but the situation is the same on all platforms. The user has to be given access to the grid configuration area.