Problem

After successfully performing JS7 - Initial Operation for the Agent from the  JS7 - Dashboard, users can observe the Agent as being up and running.

...

ERROR js7.controller.agent.AgentDriver - (my_agent) Agent rejected AttachOrder

Analysis

The Agent is the component in JS7 which executes JS7 Agent executes workflows. It stores information about execution results and JS7 - Order State Transitions in its journal and passes results to the Controller.

The Controller and Agent have to be equipped with a certificate to verify the signatures of any deployments - for details see the JS7 - Deployment of Scheduling Objects article. The check of a deployment's signature is performed by the Controller and by the Agent independently from the JOC Cockpit security level.

• The above error messages indicate that no certificate is in place which could be used to verify the digital signature of a deployment.
• The certificates for digital signing are included with the ./config/trusted-x509-certificates directory which is available with both the Controller and with the Agent.
• By default JS7 Controllers and Agents ship with a certificate from the sos*.pem file that is available from:
  • the Controller's ./var/config/trusted-x509-certificates directory,
  • the Agent's ./var_<port>/config/trusted-x509-certificates directory.

• After extracting the Controller or Agent from its installation .tar.gz or .zip archive users might have specified a different location for the ./var (Controller) or ./var_<port> (Agent) directories. As a result the Controller and Agent start script will populate the newly created configuration directory with the sub-folders ./config, ./logs, ./state and ./work. However, the ./config/trusted-x509-certificates directory will remain empty and therefore no certificate will be available to verify a deployment.

Solution

Users should copy the trusted certificate from the ./config/trusted-x509-certificates location of the original Controller or Agent .tar.gz or .zip archive to the:

...