CRON Configuration

From iDENprotect Knowledge Base
Jump to: navigation, search

If you have not made any configuration changes yet, please see How to make configuration changes

Introduction

When in use, the idenprotect Core Platform has a number of jobs that will run automatically in the background. These are scheduled in accordance with a CRON expression and you can modify the frequency in which these jobs run.


How CRON expressions work

The CRON expressions we use in the idenprotect Core Platform consist of six time-unit fields as follows... <second> <minute> <hour> <day-of-month> <month> <day-of-week>

There is also an optional year field which can be added at the end but we do not use this for our scheduled jobs.

Allowed Values

  • Second - 0-59
  • Minute - 0-59
  • Hour - 0-23
  • Day of month - 1-31
  • Month - 1-12 or JAN-DEC
  • 1-7 or SUN-SAT

Special Characters

There are a number of special characters which can be used in these expressions. We won't list them all here, just the ones that we use or you might be likely to use.

  • * (all) - When used in a given field, this means that the job should repeat every time-unit. For example, if in the <minute> field, this means every minute
  • ? (any) - This is only used for the <day-of-month> and <day-of-week> field and only when you are specifying one of the two fields. For example, if you wanted the job to run on the 1st of every month (regardless of what day of the week that falls on), then you would put a 1 in the <day-of-month> field and a ? in the <day-of-week> field. If you want it to run every day regardless of the day, you can use the * (all) in both fields
  • - (range) - You can use this to specify a range of values. For example, "10-12" in the <hour> field means to run on the 10th, 11th and 12th hour
  • , (values) - You can use this to specify multiple values. For example, "MON, WED, FRI" in the <day-of-week> field means to run on those specific days and not in-between

Examples

To help you understand the special characters and the format of the expressions, we have provided a few examples below.

  • 0 0 * * * * - This schedule would run every hour, every day.
  • 0 15 1 * * * - This schedule would run at exactly 1:15 AM, every day (this can also be expressed as 0 15 1 * * ? or 0 15 1 ? * *)
  • 0 0/5 13,18 * * * - This schedule would run every 5 minutes, between 13:00 and 13:55 (inclusive) and 18:00 and 18:55 (inclusive)
  • 0/30 * 9-17 * * * - This schedule would run every 30 seconds between 9 AM and 5 PM
  • 0 0 23 * * FRI - This schedule would run at 11 PM every Friday


idenprotect Core Platform CRON configuration

CRON settings are configured in:

  • CRON Configuration in the idenprotect Core Platform Admin Console Config Tab
  • Server file system in /etc/idenprotect/cron.properties

To configure the scheduled jobs, change the following parameters:

Parameters for CRON Configuration
Parameter in Config Tab Parameter in Properties File Configuration Change
Data Retention CRON Definition data.retention.cron The frequency to run the data retention job which will remove old reporting data. This is defaulted to 0 0 1 * * *
Email Sender CRON Definition email.gateway.sender.cron The frequency for the SMTP server to attempt to send out any pending emails. This is defaulted to 0/30 * * * * *
User Sync CRON Definition ldap.user.cron If you have the idenprotect Core Platform connected to Active Directory. This is the frequency for Active Directory to synchronise the Users. This is defaulted to 0 30 * * * ?
Admin Sync CRON Definition ldap.admin.cron If you have the idenprotect Core Platform connected to Active Directory. This is the frequency for Active Directory to synchronise the Admin Users. This is defaulted to 0 0 * * * ?
Load Balance CRON Definition ldap.loadBalance.cron If you have the idenprotect Core Platform connected to Active Directory and have Load Balance enabled. This is the frequency to check the status of each of your LDAP servers. This is defaulted to 0 0 * * * *


Other scheduled jobs and time-related properties

There are a few other jobs which are scheduled and run in the background. These are general cleanup jobs and are not editable via the Config tab of the admin console as these do not normally require changing. However, if you do want to change these, you can add/amend those settings in:

  • Server file system in /etc/idenprotect/cron.properties

Note that these jobs do not use CRON expressions. Instead, these use milliseconds, the countdown to start each job starts when the idenprotect Core Platform starts and they will continue to run at that frequency thereafter.

Parameters for other scheduled jobs
Parameter in Properties File Configuration Change
enrollment.session.removal.interval The frequency to remove expired enrollment sessions from the internal cache. This is defaulted to 3600000 (every 60 minutes)
qr.cache.removal.interval The frequency to remove expired QR images from the internal cache. This is defaulted to 3600000 (every 60 minutes)
idp.authentication.request.timeout The frequency to remove expired authentication sessions from the internal cache. This is defaulted to 300000 (every 5 minutes)