CIB seven Run
This guide gives an introduction to CIB seven Run, a pre-packaged, lightweight distribution of CIB seven. CIB seven Run is easy to configure and does not require Java knowledge.
Prerequisites and audience
To use this guide, you should at least know what CIB seven is and what it does. Check out the Get Started guides if you have never used CIB seven before. The Installation guide is also worth looking at if you are completely new to CIB seven.
This guide will teach you about CIB seven Run and how to configure it. It can serve as a reference page for configuration and operation options. It will not give you a step-by-step guide on how to install CIB seven Run. Head over to the Installation guide for details on how to install and start CIB seven Run.
What is CIB seven Run?
CIB seven Run is a full distribution of CIB seven. It includes:
- CIB seven web applications
- Cockpit
- Tasklist
- Admin
- REST API
- An example application
Starting with CIB seven Run
To start with CIB seven Run, download the distribution and unpacking it. You will find the following structure:
cibseven-run
├── configuration/
│ ├── keystore/
│ │ └── put your SSL key store here if you want to use HTTPS
│ ├── resources/
│ │ └── put your BPMN files, forms and scripts here
│ ├── sql/
│ │ └── necessary SQL scripts to prepare your database system
│ ├── userlib/
│ │ └── put your database driver and other required JARs here
│ ├── default.yml
│ └── production.yml
├── internal/
├── start.bat
└── start.sh
└── shutdown.sh
└── shutdown.bat
Execute one of the two start scripts (start.bat
for Windows, start.sh
for Linux/Mac). After a few seconds, you can
access the CIB seven web apps via http://localhost:8080/camunda/app/, the REST API via
http://localhost:8080/engine-rest/.
When executing one of the two start scripts without any arguments, CIB seven Run will start with a default configuration
as a detached process. To shut down CIB seven Run in “detached” mode, use one of the two shutdown scripts (shutdown.bat
for Windows, shutdown.sh
for Linux/Mac).
By explicitly passing arguments to one of the two CIB seven Run start scripts, the default detached mode is disabled and
you can configure CIB seven Run according to your needs. Furthermore, CIB seven Run will start as a foreground process
unless the --detached
argument is explicitly passed to the start.bat
or start.sh
script.
Start script arguments
The start scripts (start.bat
for Windows, start.sh
for Linux/Mac) accept the following arguments:
Argument | Description | Default state |
---|---|---|
--webapps |
Enables the CIB seven web apps | enabled |
--rest |
Enables the REST API | enabled |
--example |
Enables the example application. | enabled |
--production |
Applies the `production.yaml` configuration file. | disabled |
--detached |
Starts CIB seven Run as a detached process. This is the default behavior of the start scripts. To disable it, explicitly pass a valid argument to the script. | enabled |
--oauth2 |
Enables Spring Security OAuth2 integration. See dedicated Spring Security OAuth2 Integration documentation for details. | false |
--help |
Prints a message showing the available start script arguments. | - |
Starting CIB seven Run using Docker
CIB seven Run is also available as a Docker image. Please see the CIB seven Run section of the CIB seven Docker documentation here for more details.
Optional components
By default, CIB seven Run launches with the web apps, REST API and example modules. If you want to enable only a subset of them, execute the start script through a command-line interface with any of the --webapps
, --rest
or --example
properties to enable the specific modules.
Example application
By default, CIB seven Run deploys and launches an example application on startup. When launched, this application creates deployments with multiple BPMN and DMN definitions as well as form resources and starts instances of the defined processes.
You can disable the deployment of the example application itself by enabling any combination of the other modules with the --webapps
and --rest
properties of the start script.
That way, the example application will not be launched and its resources will not be present on the classpath of CIB seven Run.
You can also disable the launch of the example application by setting the application property camunda.bpm.run.example.enabled
to false
or removing it from the application properties.
That way, the example application and its resources will be present on the classpath of CIB seven Run.
However, the example application will not be started.
Disabling the example application with any of those mechanisms will NOT delete any deployments or process instances from CIB seven Run once they are created. You have to delete this data manually through the web apps, the REST API, or by cleaning the database configured in the application properties.
Choose between default and production configuration
CIB seven Run ships with two different configuration files which are both located in the configuration
folder.
- The
default.yml
configuration only contains necessary configuration like the H2 database, a demo user and CORS for REST calls from a client application. - The
production.yml
configuration is intended to provide the recommended properties according to the Security Instructions. When using CIB seven Run in a production environment, make sure to base your custom configuration on this one and carefully read through the security instructions.
By default, Run launches with the default.yml
configuration. To enable the production.yml
configuration, execute the start script with the --production
property.
Using --production
disables the example application. It can be enabled by explicitly passing --example
to the start script.
However, we do not recommended to use the example application in production.
Connect to a Database
CIB seven Run is pre-configured to use a file-based H2 database for testing. The database schema and all required tables are automatically created when the engine starts up for the first time. If you want to use a custom standalone database, follow these steps:
- Make sure your database is among the supported database systems.
- Create a database schema for CIB seven yourself.
- Install the database schema to create all required tables and default indices using our database schema installation guide.
- Drop a JDBC driver jar for your database system in the
configuration/userlib
folder. - Add the JDBC URL and login credentials to the configuration file like described below.
- Restart CIB seven Run
Deploy BPMN Models
In the unpacked distro, you will find a resources
folder. All files (including BPMN, DMN, CMMN, form, and script files) will be deployed when you start CIB seven Run.
You can reference forms and scripts in the BPMN diagram with embedded:deployment:/my-form.html
, cibseven-forms:deployment:/myform.form
, or deployment:/my-script.js
. The deployment requires adding an extra /
as a prefix to the filename.
Deployments via the REST API are still possible.
Configure CIB seven Run
Just like all the other distros, you can tailor CIB seven Run to your needs. To do this, you only have to edit one of the configuration files that you can find in the configuration folder.
Note:
CIB seven Run is based on the CIB seven Spring Boot Starter. All configuration properties from the camunda-spring-boot-starter are available to customize CIB seven Run.
Database
The distro comes with a file-based h2 database for testing. It is recommended to connect to a standalone database system for use in production.
Prefix | Property name | Description | Default value |
---|---|---|---|
spring.datasource |
.url |
The jdbc URL for the database. | - |
.driver-class-name |
The class name of the JDBC driver for your database system. Remember to put the driver jar for your database system in configuration/userlib . |
- | |
.username |
The username for the database connection. | - | |
.password |
The password for the database connection. | - |
Authentication
To add authentication to requests against the REST API, you can enable basic authentication.
Prefix | Property name | Description | Default value |
---|---|---|---|
camunda.bpm.run.auth |
.enabled |
Switch to enable basic authentication for requests to the REST API. | false |
.authentication |
Authentication method, currently only basic is supported. | basic |
Cross-Origin Resource Sharing
If you want to allow cross-origin requests to the REST API, you need to enable CORS.
Prefix | Property name | Description | Default value |
---|---|---|---|
camunda.bpm.run.cors |
.enabled |
Switch to enable CORS. | false |
.allowed-origins |
Origins that are allowed to make CORS requests. Multiple origins can be separated with commas. To support both HTTP authentication and CORS, allowed-origins must not be \* . To allow Camunda Modeler to deploy with authentication, including file:// in the allowed origins. |
\* (all origins, including file:// ) |
|
.allowed-headers |
Headers that are allowed to be passed with CORS requests. Multiple headers can be separated with commas. | Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers |
|
.exposed-headers |
Headers that can be read by browsers from a CORS response. Simple response headers should not be included in this list. Multiple headers can be separated with commas. | None | |
.allow-credentials |
A boolean flag that helps a browser determine it can make a CORS request using credentials. | false |
|
.preflight-maxage |
Determines how long a browser can cache the result of a pre-flight request in seconds. | 1800 |
REST
CIB seven Run can be configured to disable the REST endpoint which exposes the WADL file via a property.
Prefix | Property name | Description | Default value |
---|---|---|---|
camunda.bpm.run.rest |
.disable-wadl |
Disables the REST endpoint /application.wadl . Web Application Description Language (WADL) is an XML description of the deployed RESTful web application. |
false |
Deployment
CIB seven Run also supports configuration options for customizing the deployment.
Prefix | Property name | Description | Default value |
---|---|---|---|
camunda.bpm.run.deployment |
.deploy-changed-only |
|
true |
LDAP Identity Service
CIB seven can manage users and authorizations on its own, but if you want to use an existing LDAP authentication database you can enable the LDAP Identity Service Plugin which provides read-only access to the LDAP repository.
Find all available configuration properties in the LDAP Plugin Guide
Prefix | Property name | Description | Default value |
---|---|---|---|
camunda.bpm.run.ldap |
.enabled |
Switch to enable the LDAP identity service plugin. | false |
LDAP Administrator Authorization
You can also use the Administrator Authorization plugin to ensure the appropriate LDAP user or group gains administrative access. Review all the available configuration options in the Administrator Authorization plugin section of our documentation.
In the table below, observe the CIB seven Run-specific properties for the Administrator Authorization plugin.
Prefix | Property name | Description | Default value |
---|---|---|---|
camunda.bpm.run.admin-auth |
.enabled |
Switch to enable the Administrator Authorization plugin. | false |
Plugin registration
CIB seven Run supports two types of plugins.
- Process engine plugins can be used to extend the process engine configuration to add more functionality.
- Webapp plugins are used to extend one of the CIB seven webapps (i.e. Cockpit, Tasklist, Admin, Welcome).
Both types of plugins are supported in CIB seven Run but have to be registered differently.
Process engine plugin registration
CIB seven provides a process engine plugin mechanism to enable users to add and adjust process engine features by extending the process engine configuration. You can use plugins developed by CIB, Camunda, or by third-party developers.
Get more details on how process engine plugins work on the dedicated process engine plugins documentation section.
In the table below, observe the CIB seven Run-specific properties for registering process engine plugins.
Prefix | Property name | Description | Default value |
---|---|---|---|
camunda.bpm.run |
.process-engine-plugins |
Define your process engine plugin configurations under this YAML property. | Empty List |
camunda.bpm.run.process-engine-plugins |
.plugin-class |
Part of a process-engine-plugins list item. Defines the process engine plugin class. |
none |
.plugin-parameters |
Part of a process-engine-plugins list item. Defines the process engine plugin parameters
as key:value pairs.
|
Empty Map |
Perform the following steps in CIB seven Run to register process engine plugins:
- Find and read the process engine plugin documentation.
- Find the canonical name of the process engine plugin Java class that implements the
ProcessEnginePlugin
interface. - Find out if the process engine plugin provides any configuration parameters. You will be able to configure your plugin using those parameters. If the plugin does not provide any properties, skip this step.
- Download the process engine plugin
.jar
file and place it to the${RUN_HOME}/configuration/userlib/
directory. - In your CIB seven Run configuration file, add the process engine plugin class and any configuration parameters as
list items under the
process-engine-plugins
YAML property.
Once complete, your YAML configuration file should look similar to the following:
camunda.bpm.run.process-engine-plugins:
- plugin-class: canonical.name.of.the.PluginClass
Example process engine plugin registration
Let’s say that you want to register a process engine plugin called TestPlugin
. The following information is
available:
- The plugin is provided in a
.jar
archive calledcamunda-bpm-test-plugin.jar
. - The name of the Java class that implements the
ProcessEnginePlugin
interface isTestPlugin
. The canonical name of this class isorg.cibseven.bpm.run.test.plugins.TestPlugin
. - The
TestPlugin
exposes the following two configuration parameters:parameterOne
- aString
valueparameterTwo
- aBoolean
value
We’ll take the following steps:
-
Place the
camunda-bpm-test-first-plugin.jar
archive in the${RUN_HOME}/configuration/userlib/
directory. -
Add the following content to your CIB seven Run YAML configuration file.
camunda.bpm.run.process-engine-plugins:
- plugin-class: org.cibseven.bpm.run.test.plugins.TestPlugin
plugin-parameters:
parameterOne: valueOne
parameterTwo: true
In the example above, we use the TestPlugin
canonical name as a YAML key. The YAML value consists of a
collection of key-value pairs that represent the configuration parameters for the TestPlugin
and their values.
Some process engine plugins don’t have configuration parameters. For these, you only need to define the plugin-class
YAML property, like so:
camunda.bpm.run.process-engine-plugins:
- plugin-class: org.cibseven.bpm.run.test.plugins.TestPlugin
- plugin-class: org.cibseven.bpm.run.test.plugins.AnotherPlugin
- Start CIB seven Run. The
TestPlugin
will be read from the YAML configuration and registered with the process engine.
Webapp plugin registration
CIB seven provides a mechanism to extend the CIB seven Webapps with your own functionality. You can add plugins at various plugin points. For example, the processes dashboard in Cockpit.
A webapp plugin is a maven jar project that provides a server-side and a client-side extension to the webapp. You can find more information about how to structure your plugins here.
To register a webapp plugin, simply drop the jar file into the configuration/userlib
folder. See the Starting with CIB seven Run section of this guide to find out how to navigate the directories of CIB seven Run.
Example application launch
CIB seven Run comes with a demo application that deploys resources and starts process instances. You can disable the start of that application so it does not create deployments and process instances. The resources of the application are however still accessible on the classpath of CIB seven Run. Consult the example application section for further details.
Prefix | Property name | Description | Default value |
---|---|---|---|
camunda.bpm.run.example |
.enabled |
Switch to enable the example application. | false |
HTTPS
CIB seven Run supports HTTPS over SSL. To enable it, you will need a valid SSL certificate signed by a trusted provider and stored in a key store file (either .jks or .p12). For testing, we included a self-signed certificate. You should not use this in production. To enable it, add the following properties to your configuration file.
server:
ssl:
key-store: classpath:keystore.p12
key-store-password: camunda
key-store-type: pkcs12
key-alias: camunda
key-password: camunda
port: 8443
After starting CIB seven Run, you can access the webapps via https://localhost:8443/camunda/app/ and the REST API via https://localhost:8443/engine-rest/.
Prefix | Property name | Description | Default value |
---|---|---|---|
server.ssl |
.key-store |
Name of the key store file that holds the SSL certificate. This file must be placed in the configuration/keystore folder and has to be either a .jks or a .p12 file. |
- |
.key-store-password |
Password to access the key store. | - |
|
.key-store-type |
Type of the key store. Can either be jks or p12 |
- |
|
.key-alias |
Name that identifies the SSL certificate in the key store. | - |
|
.key-password |
Password to access the SSL certificate in the key store. | - |
Logging
CIB seven provides fine-grained and customizable logging. An overview of the available logging categories can be found in the Logging User Guide. To configure the logging behavior in CIB seven Run, customize your configuration file with the following properties.
For more information on logging configuration visit the Spring Boot Logging Guide.
Prefix | Property name | Description | Default value |
---|---|---|---|
logging |
.level.root |
Set a logging level for all available logging categories. Value can be one of the following: OFF . ERROR . WARN . INFO . DEBUG . FATAL . TRACE |
- |
.level.{logger-name} |
Set a logging level for a specific logging category. Find an overview over the available categories in the Logging User Guide.
Value can be one of the following: OFF . ERROR . WARN . INFO . DEBUG . FATAL . TRACE |
- |
|
.file.name |
Specify a log file location. (e.g. logs/cibseven-run-log.txt ) |
- |