Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Introduction

After successful performing the successfully performing JS7 - Initial Operation for  for the agent and Agent from the  JS7 - Dashboard you  users can see observe the Agent status is being up and running.

But while However, when adding an order to the existing or newly created workflow with the specific agent and the order is blocked (purple colour) without history entries and you can find below errors in the controller.log :a workflow for the Agent then the order enters the BLOCKED state (purple color) without entries being added to the JS7 - History. The below error can be found in the following log files:

  • controller.log (Controller)
  • agent.log (Agent).

For details see JS7 - Log Files and Locations.


Code Block
ERROR js7.controller.agent.AgentDriver - (my_agent) Agent rejected AttachSignedItem(Signed(JobResource(JobResource:Default,HashMap(js7YadeConfigDir -> env('JS7_YADE_CONFIG_DIR')

...

Code Block
ERROR js7.controller.agent.AgentDriver - (my_agent) Agent rejected AttachOrder

...

Analysis

The Agent is the component in JS7 that executes workflows , and that stores information about execution results and order state transitions in and JS7 - Order State Transitions in its journal and passes results to the Controller.

The Controller and Agent has have to have be equipped with a certificate to verify the signature of each deployment with a low-security level.This certificate is signatures of any deployments, for details see JS7 - Deployment. The check of a deployment's signature is performed by the Controller and by the Agent independently from the JOC Cockpit security level.

  • The above error messages indicate that no certificate is in place that can be used to verify the digital signature of a deployment.
  • The certificates for digital signing are included with the ./config/trusted-x509-certificates directory

...

  • that is available with both the Controller and with the Agent.
  • By default JS7 Controllers and Agents ship with a certificate from the sos*.pem file

...

  • that is available from
    • the Controller's ./var/config/trusted-x509-certificates directory,
    • the Agent's ./var_<port>/config/trusted-x509-certificates directory.
  • After extracting the Controller or Agent from its installation .tar.gz or .zip archive users might have specified a different location for the ./var (Controller) or ./var_<port> (Agent) directories. As a result the Controller and Agent start script will populate the newly created configuration directory with the sub-folders ./config, ./logs, ./state and ./work. However, the ./config/trusted-x509-certificates directory will remain empty and therefore no certificate is available to verify a deployment.

Solution

Users should copy the trusted certificate from the

Solution

You have to copy the trusted certificates from ./config/trusted-x509-certificates location of the original Controller or Agent .tar.gz or .zip archive to the var_<port> directory of your agent in

  • ./var/config/trusted-x509-certificates (Controller)
  • ./var_<port>/config/trusted-x509-certificates (Agent)

directories. Then restart the Controller or Agent respectively.