Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Problem

...

After successful performing the successfully performing JS7 - Initial Operation for  for the agent and Agent from the  JS7 - Dashboard you can see , users observe the Agent status is as being up and running.

But while However, when adding an order to the existing or newly created workflow with the specific agent and the order is blocked (purple colour) without history entries and you can find below errors in the controller.log :a workflow for the Agent, the order enters the BLOCKED state (purple color) without entries being added to the JS7 - History. The error listed below can be found in the following log files:

  • controller.log (Controller)
  • agent.log (Agent).

For details see the JS7 - Log Files and Locations article.


Code Block
2021-11-23T14:44:52,853 
Code Block
ERROR js7.controller.agent.AgentDriver - (my_agent) Agent rejected AttachSignedItem(Signed(JobResource(JobResource:Default,HashMap(js7YadeConfigDir -> env('JS7_YADE_CONFIG_DIR')Workflow:Simon~711c515f-b1f7-4e77-858f-0348a076d8aa {job1: Named(job1,Map(),None); end/*implicit*..., SignedString({"TYPE":"Workflow","path":"Simon","versionId":"711c515f-b1f7-4e77-858f-0348a076d8aa",...(length 307), Signature(MEUCIQDzqm7jTgv.../eAUGf43rIAcmk=)))): MessageSignedByUnknown: The message is signed with an unknown key

followed byor

Code Block
ERROR js7.controller.agent.AgentDriver - (my_agent) Agent rejected AttachOrder

...

Analysis

The Agent is the component in JS7 that executes workflows, JS7 Agent executes workflows. It stores information about execution results and order state transitions in and JS7 - Order State Transitions in its journal and passes results to the Controller.

The Controller and Agent has have to have be equipped with a certificate to verify the signature of each deployment with a low-security level.This certificate is signatures of any deployments - for details see the JS7 - Deployment of Scheduling Objects article. The check of a deployment's signature is performed by the Controller and by the Agent independently from the JOC Cockpit security level.

  • The above error messages indicate that no certificate is in place which could be used to verify the digital signature of a deployment.
  • The certificates for digital signing are included with the ./config/trusted-x509-certificates directory

...

  • which is available with both the Controller and with the Agent.
  • By default JS7 Controllers and Agents ship with a certificate from the sos*.pem file

...

  • that is available from:
    • the Controller's ./var/config/trusted-x509-certificates directory,
    • the Agent's ./var_<port>/config/trusted-x509-certificates directory.
  • After extracting the Controller or Agent from its installation .tar.gz or .zip archive users might have specified a different location for the ./var (Controller) or ./var_<port> (Agent) directories. As a result the Controller and Agent start script will populate the newly created configuration directory with the sub-folders ./config, ./logs, ./state and ./work. However, the ./config/trusted-x509-certificates directory will remain empty and therefore no certificate will be available to verify a deployment.

Solution

Users should copy the trusted certificate from the

Solution

You have to copy the trusted certificates from ./config/trusted-x509-certificates location of the original Controller or Agent .tar.gz or .zip archive to the var_<port> directory of your agent in :

  • ./var/config/trusted-x509-certificates (Controller)
  • ./var_<port>/config/trusted-x509-certificates (Agent)

directories. Then restart the Controller or Agent as appropriate.