CIB seven Run

This guide gives an introduction to CIB seven Run, a pre-packaged, lightweight distribution of CIB seven. CIB seven Run is easy to configure and does not require Java knowledge.

Prerequisites and audience

To use this guide, you should at least know what CIB seven is and what it does. Check out the Get Started guides if you have never used CIB seven before. The Installation guide is also worth looking at if you are completely new to CIB seven.

This guide will teach you about CIB seven Run and how to configure it. It can serve as a reference page for configuration and operation options. It will not give you a step-by-step guide on how to install CIB seven Run. Head over to the Installation guide for details on how to install and start CIB seven Run.

What is CIB seven Run?

CIB seven Run is a full distribution of CIB seven. It includes:

Starting with CIB seven Run

To start with CIB seven Run, download the distribution and unpacking it. You will find the following structure:

cibseven-run
├── configuration/
│   ├── keystore/
│   │   └── put your SSL key store here if you want to use HTTPS
│   ├── resources/
│   │   └── put your BPMN files, forms and scripts here
│   ├── sql/
│   │   └── necessary SQL scripts to prepare your database system
│   ├── userlib/
│   │   └── put your database driver and other required JARs here
│   ├── default.yml
│   └── production.yml
├── internal/
├── start.bat
└── start.sh
└── shutdown.sh
└── shutdown.bat

Execute one of the two start scripts (start.bat for Windows, start.sh for Linux/Mac). After a few seconds, you can access the CIB seven web apps via http://localhost:8080/camunda/app/, the REST API via http://localhost:8080/engine-rest/.

When executing one of the two start scripts without any arguments, CIB seven Run will start with a default configuration as a detached process. To shut down CIB seven Run in “detached” mode, use one of the two shutdown scripts (shutdown.bat for Windows, shutdown.sh for Linux/Mac).

By explicitly passing arguments to one of the two CIB seven Run start scripts, the default detached mode is disabled and you can configure CIB seven Run according to your needs. Furthermore, CIB seven Run will start as a foreground process unless the --detached argument is explicitly passed to the start.bat or start.sh script.

Start script arguments

The start scripts (start.bat for Windows, start.sh for Linux/Mac) accept the following arguments:

Argument Description Default state
--webapps Enables the CIB seven web apps enabled
--rest Enables the REST API enabled
--example Enables the example application. enabled
--production Applies the `production.yaml` configuration file. disabled
--detached Starts CIB seven Run as a detached process. This is the default behavior of the start scripts. To disable it, explicitly pass a valid argument to the script. enabled
--oauth2 Enables Spring Security OAuth2 integration. See dedicated Spring Security OAuth2 Integration documentation for details. false
--help Prints a message showing the available start script arguments. -

Starting CIB seven Run using Docker

CIB seven Run is also available as a Docker image. Please see the CIB seven Run section of the CIB seven Docker documentation here for more details.

Optional components

By default, CIB seven Run launches with the web apps, REST API and example modules. If you want to enable only a subset of them, execute the start script through a command-line interface with any of the --webapps, --rest or --example properties to enable the specific modules.

Example application

By default, CIB seven Run deploys and launches an example application on startup. When launched, this application creates deployments with multiple BPMN and DMN definitions as well as form resources and starts instances of the defined processes.

You can disable the deployment of the example application itself by enabling any combination of the other modules with the --webapps and --rest properties of the start script. That way, the example application will not be launched and its resources will not be present on the classpath of CIB seven Run.

You can also disable the launch of the example application by setting the application property camunda.bpm.run.example.enabled to false or removing it from the application properties. That way, the example application and its resources will be present on the classpath of CIB seven Run. However, the example application will not be started.

Disabling the example application with any of those mechanisms will NOT delete any deployments or process instances from CIB seven Run once they are created. You have to delete this data manually through the web apps, the REST API, or by cleaning the database configured in the application properties.

Choose between default and production configuration

CIB seven Run ships with two different configuration files which are both located in the configuration folder.

  • The default.yml configuration only contains necessary configuration like the H2 database, a demo user and CORS for REST calls from a client application.
  • The production.yml configuration is intended to provide the recommended properties according to the Security Instructions. When using CIB seven Run in a production environment, make sure to base your custom configuration on this one and carefully read through the security instructions.

By default, Run launches with the default.yml configuration. To enable the production.yml configuration, execute the start script with the --production property. Using --production disables the example application. It can be enabled by explicitly passing --example to the start script. However, we do not recommended to use the example application in production.

Connect to a Database

CIB seven Run is pre-configured to use a file-based H2 database for testing. The database schema and all required tables are automatically created when the engine starts up for the first time. If you want to use a custom standalone database, follow these steps:

  1. Make sure your database is among the supported database systems.
  2. Create a database schema for CIB seven yourself.
  3. Install the database schema to create all required tables and default indices using our database schema installation guide.
  4. Drop a JDBC driver jar for your database system in the configuration/userlib folder.
  5. Add the JDBC URL and login credentials to the configuration file like described below.
  6. Restart CIB seven Run

Deploy BPMN Models

In the unpacked distro, you will find a resources folder. All files (including BPMN, DMN, CMMN, form, and script files) will be deployed when you start CIB seven Run.

You can reference forms and scripts in the BPMN diagram with embedded:deployment:/my-form.html, camunda-forms:deployment:/myform.form, or deployment:/my-script.js. The deployment requires adding an extra / as a prefix to the filename.

Deployments via the REST API are still possible.

Configure CIB seven Run

Just like all the other distros, you can tailor CIB seven Run to your needs. To do this, you only have to edit one of the configuration files that you can find in the configuration folder.

Note:

CIB seven Run is based on the CIB seven Spring Boot Starter. All configuration properties from the camunda-spring-boot-starter are available to customize CIB seven Run.

Database

The distro comes with a file-based h2 database for testing. It is recommended to connect to a standalone database system for use in production.

Prefix Property name Description Default value
spring.datasource .url The jdbc URL for the database. -
.driver-class-name The class name of the JDBC driver for your database system. Remember to put the driver jar for your database system in configuration/userlib. -
.username The username for the database connection. -
.password The password for the database connection. -

Authentication

To add authentication to requests against the REST API, you can enable basic authentication.

Prefix Property name Description Default value
camunda.bpm.run.auth .enabled Switch to enable basic authentication for requests to the REST API. false
.authentication Authentication method, currently only basic is supported. basic

Cross-Origin Resource Sharing

If you want to allow cross-origin requests to the REST API, you need to enable CORS.

Prefix Property name Description Default value
camunda.bpm.run.cors .enabled Switch to enable CORS. false
.allowed-origins Origins that are allowed to make CORS requests. Multiple origins can be separated with commas. To support both HTTP authentication and CORS, allowed-origins must not be \*. To allow Camunda Modeler to deploy with authentication, including file:// in the allowed origins. \* (all origins, including file://)
.allowed-headers Headers that are allowed to be passed with CORS requests. Multiple headers can be separated with commas. Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers
.exposed-headers Headers that can be read by browsers from a CORS response. Simple response headers should not be included in this list. Multiple headers can be separated with commas. None
.allow-credentials A boolean flag that helps a browser determine it can make a CORS request using credentials. false
.preflight-maxage Determines how long a browser can cache the result of a pre-flight request in seconds. 1800

REST

CIB seven Run can be configured to disable the REST endpoint which exposes the WADL file via a property.

Prefix Property name Description Default value
camunda.bpm.run.rest .disable-wadl Disables the REST endpoint /application.wadl. Web Application Description Language (WADL) is an XML description of the deployed RESTful web application. false

Deployment

CIB seven Run also supports configuration options for customizing the deployment.

Prefix Property name Description Default value
camunda.bpm.run.deployment .deploy-changed-only
  • When set to true, only deployments with changed resources will be deployed to the engine database.
  • When set to false, all deployments will be deployed without filtering their resources.
The property can be useful for controlling the deployment behaviour of the engine in case of restarts, similar to the Spring Framework Integration
true

LDAP Identity Service

CIB seven can manage users and authorizations on its own, but if you want to use an existing LDAP authentication database you can enable the LDAP Identity Service Plugin which provides read-only access to the LDAP repository.

Find all available configuration properties in the LDAP Plugin Guide

Prefix Property name Description Default value
camunda.bpm.run.ldap .enabled Switch to enable the LDAP identity service plugin. false

LDAP Administrator Authorization

You can also use the Administrator Authorization plugin to ensure the appropriate LDAP user or group gains administrative access. Review all the available configuration options in the Administrator Authorization plugin section of our documentation.

In the table below, observe the CIB seven Run-specific properties for the Administrator Authorization plugin.

Prefix Property name Description Default value
camunda.bpm.run.admin-auth .enabled Switch to enable the Administrator Authorization plugin. false

Plugin registration

CIB seven Run supports two types of plugins.

  • Process engine plugins can be used to extend the process engine configuration to add more functionality.
  • Webapp plugins are used to extend one of the CIB seven webapps (i.e. Cockpit, Tasklist, Admin, Welcome).

Both types of plugins are supported in CIB seven Run but have to be registered differently.

Process engine plugin registration

CIB seven provides a process engine plugin mechanism to enable users to add and adjust process engine features by extending the process engine configuration. You can use plugins developed by CIB, Camunda, or by third-party developers.

Get more details on how process engine plugins work on the dedicated process engine plugins documentation section.

In the table below, observe the CIB seven Run-specific properties for registering process engine plugins.

Prefix Property name Description Default value
camunda.bpm.run .process-engine-plugins Define your process engine plugin configurations under this YAML property. Empty List
camunda.bpm.run.process-engine-plugins .plugin-class Part of a process-engine-plugins list item. Defines the process engine plugin class. none
.plugin-parameters Part of a process-engine-plugins list item. Defines the process engine plugin parameters as key:value pairs. Empty Map

Perform the following steps in CIB seven Run to register process engine plugins:

  1. Find and read the process engine plugin documentation.
  • Find the canonical name of the process engine plugin Java class that implements the ProcessEnginePlugin interface.
  • Find out if the process engine plugin provides any configuration parameters. You will be able to configure your plugin using those parameters. If the plugin does not provide any properties, skip this step.
  1. Download the process engine plugin .jar file and place it to the ${RUN_HOME}/configuration/userlib/ directory.
  2. In your CIB seven Run configuration file, add the process engine plugin class and any configuration parameters as list items under the process-engine-plugins YAML property.

Once complete, your YAML configuration file should look similar to the following:

  camunda.bpm.run.process-engine-plugins:
    - plugin-class: canonical.name.of.the.PluginClass

Example process engine plugin registration

Let’s say that you want to register a process engine plugin called TestPlugin. The following information is available:

  • The plugin is provided in a .jar archive called camunda-bpm-test-plugin.jar.
  • The name of the Java class that implements the ProcessEnginePlugin interface is TestPlugin. The canonical name of this class is org.camunda.bpm.run.test.plugins.TestPlugin.
  • The TestPlugin exposes the following two configuration parameters:
    • parameterOne - a String value
    • parameterTwo - a Boolean value

We’ll take the following steps:

  1. Place the camunda-bpm-test-first-plugin.jar archive in the ${RUN_HOME}/configuration/userlib/ directory.

  2. Add the following content to your CIB seven Run YAML configuration file.

camunda.bpm.run.process-engine-plugins:
  - plugin-class: org.camunda.bpm.run.test.plugins.TestPlugin
    plugin-parameters:
      parameterOne: valueOne
      parameterTwo: true

In the example above, we use the TestPlugin canonical name as a YAML key. The YAML value consists of a collection of key-value pairs that represent the configuration parameters for the TestPlugin and their values. Some process engine plugins don’t have configuration parameters. For these, you only need to define the plugin-class YAML property, like so:

camunda.bpm.run.process-engine-plugins:
  - plugin-class: org.camunda.bpm.run.test.plugins.TestPlugin
  - plugin-class: org.camunda.bpm.run.test.plugins.AnotherPlugin
  1. Start CIB seven Run. The TestPlugin will be read from the YAML configuration and registered with the process engine.

Webapp plugin registration

CIB seven provides a mechanism to extend the CIB seven Webapps with your own functionality. You can add plugins at various plugin points. For example, the processes dashboard in Cockpit.

A webapp plugin is a maven jar project that provides a server-side and a client-side extension to the webapp. You can find more information about how to structure your plugins here.

To register a webapp plugin, simply drop the jar file into the configuration/userlib folder. See the Starting with CIB seven Run section of this guide to find out how to navigate the directories of CIB seven Run.

Example application launch

CIB seven Run comes with a demo application that deploys resources and starts process instances. You can disable the start of that application so it does not create deployments and process instances. The resources of the application are however still accessible on the classpath of CIB seven Run. Consult the example application section for further details.

Prefix Property name Description Default value
camunda.bpm.run.example .enabled Switch to enable the example application. false

HTTPS

CIB seven Run supports HTTPS over SSL. To enable it, you will need a valid SSL certificate signed by a trusted provider and stored in a key store file (either .jks or .p12). For testing, we included a self-signed certificate. You should not use this in production. To enable it, add the following properties to your configuration file.

server:
  ssl:
    key-store: classpath:keystore.p12
    key-store-password: camunda
    key-store-type: pkcs12
    key-alias: camunda
    key-password: camunda
  port: 8443

After starting CIB seven Run, you can access the webapps via https://localhost:8443/camunda/app/ and the REST API via https://localhost:8443/engine-rest/.

Prefix Property name Description Default value
server.ssl .key-store Name of the key store file that holds the SSL certificate. This file must be placed in the configuration/keystore folder and has to be either a .jks or a .p12 file. -
.key-store-password Password to access the key store. -
.key-store-type Type of the key store. Can either be jks or p12 -
.key-alias Name that identifies the SSL certificate in the key store. -
.key-password Password to access the SSL certificate in the key store. -

Logging

CIB seven provides fine-grained and customizable logging. An overview of the available logging categories can be found in the Logging User Guide. To configure the logging behavior in CIB seven Run, customize your configuration file with the following properties.

For more information on logging configuration visit the Spring Boot Logging Guide.

Prefix Property name Description Default value
logging .level.root Set a logging level for all available logging categories. Value can be one of the following: OFF. ERROR. WARN. INFO. DEBUG. FATAL. TRACE -
.level.{logger-name} Set a logging level for a specific logging category. Find an overview over the available categories in the Logging User Guide. Value can be one of the following: OFF. ERROR. WARN. INFO. DEBUG. FATAL. TRACE -
.file.name Specify a log file location. (e.g. logs/cibseven-run-log.txt) -

On this Page: