AMT JCL Config
It is possible to make configuration changes to Job Control Language (JCL) scripts without rebuilding AMT-JCL by overriding their settings with a JSON configuration file (jcl-config.json).
Python scripts load the settings from the configuration file upon start. Set the location of the JSON configuration file using the JCL_CONFIG_FILE environment variable.
Setting the Environment Variable
Set the file path pointing to the location of the JCL configuration file using the JCL_CONFIG_FILE environment variable. Follow the instructions below for Windows or Linux.
Windows
- Open the Settings of Windows and navigate to System.
- Click on Advanced system settings A new dialog appears.
- Click on the Environment Variables button.
- Under System variables, click on the New button.
- Fill out the Variable name and Variable value as follows:
- Set the Variable name to JCL_CONFIG_FILE.
- Set the Variable value to point to the location of the JCL configuration file.
- Click the OK button.
Linux
- Open a terminal.
- Open the environment file in a text editor:
sudo <text editor> /etc/environment. - Text editor: specify a text editor, such as nano, vim, gedit, and kate.
- Enter the super user password to authenticate.
- Add the following line at the end of the file:
JCL_CONFIG_FILE="<value>". - The value should point to the location of the JCL logging file.
- Save the file.
- Open a new terminal and run
echo $JCL_CONFIG_FILEto verify the variable has been set successfully.
AMT JCL OIDC Configuration
In order to use AMT JCL through gRPC (google Remote Procedure Call), OIDC for AMT JCL must be configured. The gRPC Interface requires OIDC authentication to secure client access to AMT applications. See the configuration examples below.
Azure Entra Example: Below is the configuration for Microsoft Azure Active Directory (Entra ID) authentication.
"oidc_url": "<URL OIDC provider>", "oidc_client_id": "<Client ID>", "oidc_client_secret": "<Client Secret>", "oidc_scope": "api://id/.default"
Keycloak Example: Below is the configuration for Keycloak authentication with SSL certificate verification:
Set the environment variable "SSL_CERT_FILE" to the cert file used by keycloak. For example:
C:\AMT\Java\certs\server1.pem. Python uses the cert file to verify the certificate of Keycloak.
"oidc_url": "<localhost:port/realms/AMTRealm/protocol/openid-connect/token>", "oidc_client_id": "<Client ID>", "oidc_client_secret": "<Client Secret>", "oidc_scope": "openid offline_access"
Available Configuration Settings
| Paths in JSON files |
|---|
| File paths in JSON files use forward slashes as opposed to backslashes in Windows. |
The following settings are available in the jcl_config.json file:
| Setting | Values | Description |
|---|---|---|
| app_name | String | Set the application name. |
| application_kind | String | Set the application kind. |
| job_summary | Boolean | Default: true. |
| amt_job_name | String | Default: GLOBAL_JOB. |
| job_logging_path | String | The location where log files are stored. |
| proc_libs_folder | String | Path to the directory of the JCL library. |
| file_encoding | String | Default: ASCII. Set to ASCII or UTF8. |
| block_size | Integer | Default: 32000. |
| max_wait_time | Integer | Default: 1. |
| max_gdg_generation | Integer | Default: 255. |
| file_extension | String | Default: ".DAT". Set the file extension. |
| print_extension | String | Default: ".PRN". Set the print file extension. |
| abend_on_missing_file | Boolean | Default: false. |
| virtual_data_path | String | Used as part of the temporary file directory path for the JCL library modules. |
| keep_all_files | Boolean | Default: false. |
| default_printer | String | Set the name of the printer. Use the "DEFAULT" value to use the printer that is designated as default. |
| cert | String | Path to the cert file. Python uses the cert file to verify the certificate of Keycloak. |
| app_host | String | Set to the name of the host server. |
| app_grpc_port | String | Set the gRPC port of the host server. |
| job_finished_polling_interval | Float | Default: 0.5. Set the time in seconds to poll for finished jobs. |
| merge_finished_polling_interval | Float | Default: 0.5. |
| use_date | String | This setting is for testing purposes only and allows for running scripts with a 'today' date, which is specified in this field. |
| FTP Settings | Various | See the FTP Settings configuration section below. |
| SMTP Settings | Various | See the SMTP Settings configuration section below. |
| OIDC Settings | Strings | See the OIDC Settings configuration section below. |
| OpenTelemetry Settings | Various | See the OpenTelemetry Settings configuration section below. |
| intrdr_folder | String | Enter the path to the AMT Internal Reader folder. This option is used for Dynamic JCL functionality in AMT, which is a bespoke customer solution. |
| Vault Settings | JSON object | See the Vault Settings configuration section below. |
| dropzone | String | Set the path to the dropzone folder where inbound and outbound files are stored and exchanged. |
FTP Settings
| Setting | Values | Description |
|---|---|---|
| ftp_override_mode | Boolean | Default: false. If set to true, other defined FTP config settings will be used instead of FTP settings in the command (sysin) file. |
| ftp_override_host | String | Host URI to the FTP endpoints. Can also contain a port number. |
| ftp_override_user | String | The username to access FTP server. |
| ftp_override_password | String | The password of the user. |
| ftp_override_destination | String | Sets the default remote destination directory (optional). |
| ftp_ignore_cd | Boolean | Default: false. If set to true, FTP CD commands will be ignored. |
| ftp_disabled | Boolean | Default: false. If set to true, this disables FTP. |
| ftp_default_port | Integer | Default: 21. The port to use when port is not defined in 'ftp_override_host'. |
SMTP Settings
| Setting | Values | Description |
|---|---|---|
| smtp_host | String | The hostname or IP address of the SMTP server. Example:
"smtp_host": "smtp_hostmail.company.com" |
| smtp_port | Integer | Default: 25. The port number used to connect to the SMTP server to specify the communication channel for sending emails. Common values include 25 (the default SMTP port), 587 (for TLS), and 465 (for SSL). |
| smtp_user | String | The username used to authenticate with the SMTP server. Example:
"smtp_user": "user@company.com" |
| smtp_password | String | The password for the SMTP user account. Example:
$smtp:SMTP_PASSWORD |
| smtp_email | String | The email address that appears in the "From" field of the sent emails. Example:
"smtp_email": "noreply@company.com" |
| smtp_subject_suffix | String | A suffix to add to the subject line of sent emails.
"smtp_subject_suffix": " [Company Internal]" |
| smtp_default_bcc | String Array | A list of email addresses that are added to the BCC list after parsing. Example:
"smtp_default_bcc": ["john@doe.com", "jane@doe.com"] |
| smtp_override_recipients | String Array | Used for testing and development purposes. A list of email addresses that override the
TO list of recipients after parsing. The original TO recipients as
well as any CC and BCC recipients are ignored. Example:
"smtp_override_recipients": ["john@doe.com", "jane@doe.com"] |
| server_list | String Array | Maps destination names to SMTP server details, including type and credentials. If a matching SMTP server is found, commands are validated and executed to send emails. |
OIDC Settings
| Service Account Access |
|---|
| The OIDC client for JCL must be set up as a service account to obtain access tokens. |
| Setting | Values | Description |
|---|---|---|
| oidc_url | String | Enter the URL of the OIDC provider. |
| oidc_client_id | String | Enter the Client ID. |
| oidc_client_secret | String | Enter the client secret. Example:
$auth:_CLIENT_SECRET |
| oidc_scope | String | Set a scope to specify the level of access for the client. |
OpenTelemetry Settings
OpenTelemetry (OTEL) is a set of tools and standards that helps to collect and analyze performance data in AMT applications. OpenTelemetry tracks metrics, traces, and logs detailed event records. This information allows for a better understanding of applications, troubleshoot issues, and enhance user experiences.
Enabling support for OpenTelemetry: Usage of OpenTelemetry is optional and it is disabled by default. To enable OpenTelemetry, configure the following settings:
| Setting | Values | Description |
|---|---|---|
| otel_collector_host | String | Enter a host to enable the OTEL collector for OpenTelemetry logging. |
| otel_collector_port | Integer | Enter a port to enable the OTEL collector for OpenTelemetry logging. |
Vault Settings
A key vault is a secure storage solution for managing sensitive information, such as API keys, passwords, and certificates. It provides a centralized location for storing and accessing these secrets, ensuring that they are protected and only accessible to authorized users and applications. The JCL configuration offers the possibility to configure the HashiCorp vault.
The vaults setting is an array that can contain multiple vault configurations. Each vault configuration is represented as a JSON object with the following fields:
| Field | Values | Description |
|---|---|---|
| id | String | A unique identifier for the vault configuration. This ID is used to reference the vault when retrieving secrets. |
| type | String | The type of vault being used. Currently, only "HashiCorp" is supported. |
| url | String | The URL of the vault server. It's possible to use an Environment Variable
(VAULT_ADDR='127.0.0.1:8200') or the url property from the jcl_config file.
|
| token | String | The environment variable containing the token value. This authentication token is used to access the vault. |
| secret_path | String | The path where the secrets are stored. This path is used to locate and retrieve the secrets when needed. |
| engine_version | Integer | The version of the key vault secrets engine to use. The default is 2. This setting is optional. |
| mount_point | String | The mount point of the key vault secrets engine. The default is 'secret'. This setting is optional. |
The secret extraction from the vault is supported for all settings except file_encoding. When using
these settings with the vault configuration, the secret name should be specified for each property with the
following structure: $vault_id:secret_name. Otherwise, use a plaintext value.
Example file
jcl_config.json
| Unavailable Settings |
|---|
The following settings are present in the jcl_config.json file but are not used in AMT Java.
|
{
"development" : false,
"customer_library": "",
"app_name": "TEST-APP",
"application_kind": "",
"job_summary": true,
"amt_job_name": "GLOBAL_JOB",
"job_logging_path": "C:/AmtJava/Logging",
"include_folder": "",
"proc_libs_folder": "C:/AmtJava/amt-go/parent-scripting/jcl/python/amt-jcl/amt_jcl/procs",
"file_encoding": "ASCII",
"block_size": 32000,
"max_wait_time": 1,
"max_gdg_generation": 255,
"file_extension": ".DAT",
"print_extension": ".PRN",
"abend_on_missing_file": false,
"virtual_data_path": "",
"keep_all_files": false,
"int_rdr_folder": "",
"int_rdr_queue": "",
"default_printer": "DEFAULT",
"cert": "C:/Sources/amt-go-java/parent-scripting/jcl/python/amt-jcl/amt_jcl/amt/platform/communication/grpc/certs/ca.pem",
"app_host": "localhost",
"app_grpc_port": "8080",
"job_finished_polling_interval": 0.5,
"merge_finished_polling_interval": 0.5,
"use_date": "",
"ftp_override_mode": false,
"ftp_override_host": "",
"ftp_override_user": "",
"ftp_override_password": "",
"ftp_override_destination": "",
"ftp_ignore_cd": false,
"ftp_disabled": false,
"ftp_default_port": 21,
"smtp_host": "",
"smtp_port": 25,
"smtp_user": "",
"smtp_password": "$smtp:SMTP_PASSWORD",
"smtp_email": "",
"smtp_subject_suffix": "",
"smtp_default_bcc": [],
"smtp_override_recipients": [],
"server_list": [],
"oidc_url": "",
"oidc_client_id": "",
"oidc_client_secret": "$auth:CLIENT_SECRET",
"oidc_scope": "",
"otel_collector_host": "",
"otel_collector_port": -1,
"intrdr_folder": "C:/Amt/Scripts/IntRdr",
"vaults": [
{
"id": "smtp",
"type": "HashiCorp",
"url": "http://127.0.0.1:8200",
"token": "HASHICORP_VAULT_TOKEN_API_KEY1",
"secret_path": "smtp"
},
{
"id": "auth",
"type": "HashiCorp",
"url": "http://127.0.0.1:8202",
"token": "HASHICORP_VAULT_TOKEN_API_KEY2",
"secret_path": "keycloak"
}
],
"dropzone": ""
}