Page History
Table of Contents |
---|
Problem
After successfully performing JS7 - Initial Operation for the Agent from the JS7 - Dashboard, users observe the Agent as being up and running.
However, when adding an order to a workflow for the Agent, the order enters the BLOCKED state (purple color) without entries being added to the JS7 - History. The error listed below can be found in the following log files:
controller.log
(Controller)agent.log
(Agent).
For details see the JS7 - Log Files and Locations article.
Code Block |
---|
2021-11-23T14:44:52,853 ERROR |
Introduction
When you add an order on the specific agent and the order is blocked (purple calor) without histroy entries and you face these errors in the Controller log :
...
js7.controller.agent.AgentDriver - (my_agent) Agent rejected AttachSignedItem(Signed( |
...
Workflow:Simon~711c515f-b1f7-4e77-858f-0348a076d8aa {job1: Named(job1,Map(),None); end/*implicit*..., SignedString({"TYPE":"Workflow","path":"Simon","versionId":"711c515f-b1f7-4e77-858f-0348a076d8aa",...(length 307), Signature(MEUCIQDzqm7jTgv.../eAUGf43rIAcmk=)))): MessageSignedByUnknown: The message is signed with an unknown key |
followed by
Code Block |
---|
ERROR |
...
or
...
js7.controller.agent.AgentDriver - (my_agent) Agent rejected AttachOrder |
...
Analysis
The Agent is the component in JS7 that executes workflows, JS7 Agent executes workflows. It stores information about execution results and order state transitions in and JS7 - Order State Transitions in its journal and passes results to the Controller.
The Controller and Agent has have to have be equipped with a certificate to verify the signature of each deployment with a low-security level.This certificate is signatures of any deployments - for details see the JS7 - Deployment of Scheduling Objects article. The check of a deployment's signature is performed by the Controller and by the Agent independently from the JOC Cockpit security level.
- The above error messages indicate that no certificate is in place which could be used to verify the digital signature of a deployment.
- The certificates for digital signing are included with the .
/config/trusted-x509-certificates
directory
...
- which is available with both the Controller and with the Agent.
- By default JS7 Controllers and Agents ship with a certificate from the
sos*.pem
file
...
- that is available from:
- the Controller's .
/var/config/trusted-x509-certificates
directory, - the Agent's
./var_<port>/config/trusted-x509-certificates
directory.
- the Controller's .
After extracting the Controller or Agent from its installation .tar.gz or .zip archive users might have specified a different location for the
./var
(Controller) or./var_<port>
(Agent) directories. As a result the Controller and Agent start script will populate the newly created configuration directory with the sub-folders./config
, ./logs
,./state
and./work
. However, the./config/trusted-x509-certificates
directory will remain empty and therefore no certificate will be available to verify a deployment.
Solution
Users should copy the trusted certificate from the
Solution
You have to copy the trusted certificates from ./config/trusted-x509-certificates
location of the original Controller or Agent .tar.gz or .zip archive to the var directory of your agent in :
./var/config/trusted-x509-certificates
(Controller)./
var_<port>/config/trusted-x509-certificates
(Agent)
directories. Then restart the Controller or Agent as appropriate.