JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 3

changes.mady.by.user Aditi Dubey

Saved on

compared with

New Version Current

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Problem

After successfully performing JS7 - Initial Operation for the Agent from the  JS7 - Dashboard, users observe the Agent as being up and running.

However, when adding an order to a workflow for the Agent, the order enters the BLOCKED state (purple color) without entries being added to the JS7 - History. The error listed below can be found in the following log files:

  • controller.log (Controller)
  • agent.log (Agent).

For details see the JS7 - Log Files and Locations article.


Code Block
2021-11-23T14:44:52,853

Introduction

When you add order on the specific agent and the order is blocked (purple colour) without history entries and you face these errors in the Controller log :

Code Block
ERROR js7.controller.agent.AgentDriver - (my_agent) Agent rejected AttachSignedItem(Signed(JobResource(JobResource:Default,HashMap(js7YadeConfigDir -> env('JS7_YADE_CONFIG_DIR')Workflow:Simon~711c515f-b1f7-4e77-858f-0348a076d8aa {job1: Named(job1,Map(),None); end/*implicit*..., SignedString({"TYPE":"Workflow","path":"Simon","versionId":"711c515f-b1f7-4e77-858f-0348a076d8aa",...(length 307), Signature(MEUCIQDzqm7jTgv.../eAUGf43rIAcmk=)))): MessageSignedByUnknown: The message is signed with an unknown key

followed byor

Code Block
ERROR js7.controller.agent.AgentDriver - (my_agent) Agent rejected AttachOrder

...

Analysis

The Agent is the component in JS7 that executes workflows, JS7 Agent executes workflows. It stores information about execution results and order state transitions in and JS7 - Order State Transitions in its journal and passes results to the Controller.

The Controller and Agent has have to have be equipped with a certificate to verify the signature of each deployment with a low-security level.This certificate is signatures of any deployments - for details see the JS7 - Deployment of Scheduling Objects article. The check of a deployment's signature is performed by the Controller and by the Agent independently from the JOC Cockpit security level.

  • The above error messages indicate that no certificate is in place which could be used to verify the digital signature of a deployment.
  • The certificates for digital signing are included with the ./config/trusted-x509-certificates directory

...

  • which is available with both the Controller and with the Agent.
  • By default JS7 Controllers and Agents ship with a certificate from the sos*.pem file

...

  • that is available from:
    • the Controller's ./var/config/trusted-x509-certificates directory,
    • the Agent's ./var_<port>/config/trusted-x509-certificates directory.

  • After extracting the Controller or Agent from its installation .tar.gz or .zip archive users might have specified a different location for the ./var (Controller) or ./var_<port> (Agent) directories. As a result the Controller and Agent start script will populate the newly created configuration directory with the sub-folders ./config, ./logs, ./state and ./work. However, the ./config/trusted-x509-certificates directory will remain empty and therefore no certificate will be available to verify a deployment.

Solution

Users should copy the trusted certificate from the

Solution

You have to copy the trusted certificates from ./config/trusted-x509-certificates location of the original Controller or Agent .tar.gz or .zip archive to the var directory of your agent in :

  • ./var/config/trusted-x509-certificates (Controller)
  • ./var_<port>/config/trusted-x509-certificates (Agent)

directories. Then restart the Controller or Agent as appropriate.