Page History
Table of Contents |
---|
Problem
...
After successful performing the successfully performing JS7 - Initial Operation for for the agent and Agent from the JS7 - Dashboard you can see , users observe the Agent status is as being up and running.
But while However, when adding an order to the existing or newly created workflow with the specific agent and the order is blocked (purple colour) without history entries and you can find below errors in the controller.log :a workflow for the Agent, the order enters the BLOCKED state (purple color) without entries being added to the JS7 - History. The error listed below can be found in the following log files:
controller.log
(Controller)agent.log
(Agent).
For details see the JS7 - Log Files and Locations article.
Code Block |
---|
2021-11-23T14:44:52,853 |
Code Block |
ERROR js7.controller.agent.AgentDriver - (my_agent) Agent rejected AttachSignedItem(Signed(JobResource(JobResource:Default,HashMap(js7YadeConfigDir -> env('JS7_YADE_CONFIG_DIR')Workflow:Simon~711c515f-b1f7-4e77-858f-0348a076d8aa {job1: Named(job1,Map(),None); end/*implicit*..., SignedString({"TYPE":"Workflow","path":"Simon","versionId":"711c515f-b1f7-4e77-858f-0348a076d8aa",...(length 307), Signature(MEUCIQDzqm7jTgv.../eAUGf43rIAcmk=)))): MessageSignedByUnknown: The message is signed with an unknown key |
followed byor
Code Block |
---|
ERROR js7.controller.agent.AgentDriver - (my_agent) Agent rejected AttachOrder |
...
Analysis
The Agent is the component in JS7 that executes workflows, JS7 Agent executes workflows. It stores information about execution results and order state transitions in and JS7 - Order State Transitions in its journal and passes results to the Controller.
The Controller and Agent has have to have be equipped with a certificate to verify the signature of each deployment with a low-security level.This certificate is signatures of any deployments - for details see the JS7 - Deployment of Scheduling Objects article. The check of a deployment's signature is performed by the Controller and by the Agent independently from the JOC Cockpit security level.
- The above error messages indicate that no certificate is in place which could be used to verify the digital signature of a deployment.
- The certificates for digital signing are included with the .
/config/trusted-x509-certificates
directory
...
- which is available with both the Controller and with the Agent.
- By default JS7 Controllers and Agents ship with a certificate from the
sos*.pem
file
...
- that is available from:
- the Controller's .
/var/config/trusted-x509-certificates
directory, - the Agent's
./var_<port>/config/trusted-x509-certificates
directory.
- the Controller's .
After extracting the Controller or Agent from its installation .tar.gz or .zip archive users might have specified a different location for the
./var
(Controller) or./var_<port>
(Agent) directories. As a result the Controller and Agent start script will populate the newly created configuration directory with the sub-folders./config
, ./logs
,./state
and./work
. However, the./config/trusted-x509-certificates
directory will remain empty and therefore no certificate will be available to verify a deployment.
Solution
Users should copy the trusted certificate from the
Solution
You have to copy the trusted certificates from ./config/trusted-x509-certificates
location of the original Controller or Agent .tar.gz or .zip archive to the var_<port> directory of your agent in :
./var/config/trusted-x509-certificates
(Controller)./
var_<port>/config/trusted-x509-certificates
(Agent)
directories. Then restart the Controller or Agent as appropriate.