You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@taverna.apache.org by Paul Brack <pa...@manchester.ac.uk> on 2017/03/29 18:10:15 UTC

Running Taverna workflows via the REST API

Hi guys,

I've come across an issue running a Taverna workflow on Taverna Server. Using the REST API, I can create a run, add input ports and start workflows OK, but if I need a workflow with a tool that needs SSH credentials to be run elsewhere, I don't seem able to create the credentials correctly. A very simple test workflow is attached

A message with this body (credentials omitted) is sent using a POST to /rest/runs/{ID}/security/credentials/

<t2sr:credential xmlns:t2sr="http://ns.taverna.org.uk/2010/xml/server/rest/" xmlns:t2s="http://ns.taverna.org.uk/2010/xml/server/"><t2s:userpass><t2s:serviceURI>ssh:/dpsf.itservices.manchester.ac.uk:22/tmp/</t2s:serviceURI><t2s:username>{1}</t2s:username><t2s:password>{2}</t2s:password></t2s:userpass></t2sr:credential>

This returns a 201, but visiting /rest/runs/{ID}/security/credentials/ in a web browser doesn't yield any credentials. When the run is started, it finishes with the message on the workflow's single output port:  Processor 'Tool' - Port 'STDOUT': No invocation mechanism found

In addition, the Tomcat server has this in the log:

20170329T154427.066 INFO  Worker SecurityContextDelegate - issuing self-referential credential for https://developer.biomarkers.manchester.ac.uk/taverna/rest/runs/efd8a72d-5dd2-4253-a79a-987f03473cf8/#tavernaserver
20170329T154427.068 WARN  Worker SecurityContextDelegate - failed to construct local credential: interaction service will fail

I've sort of hit a brick wall in terms of what I can do to debug this now - can you help?

Thanks,
Paul

Re: Running Taverna workflows via the REST API

Posted by Alan Williams <al...@googlemail.com>.

On 29-Mar-17 19:10, Paul Brack wrote:
> Hi guys,
>
>
>
> Ive come across an issue running a Taverna workflow on Taverna Server.
> Using the REST API, I can create a run, add input ports and start
> workflows OK, but if I need a workflow with a tool that needs SSH
> credentials to be run elsewhere, I dont seem able to create the
> credentials correctly. A very simple test workflow is attached

Yes. We have seen this very recently.

If you look in the log for the run, you should see something like:

No ConfirmTrustedCertificateSPI instances could could confirm or deny 
trusting of CN=...

The Taverna Server does not trust the site.

One way to check if this is the problem is to POST

<t2s:trustedIdentity 
xmlns:t2sr="http://ns.taverna.org.uk/2010/xml/server/rest/" 
xmlns:t2s="http://ns.taverna.org.uk/2010/xml/server/">
<t2s:certificateBytes>
BYTES HERE
</t2s:certificateBytes>
</t2s:trustedIdentity>

to  /runs/{id}/security/trusts

Where "BYTES HERE" is the byte-encoding of the site's certificate.

Previously I've got the certificate by visiting a site in Chrome :)

The longer term fix is to update the default truststore for the Java 
installation on the Taverna Server

I hope that helps.

> Thanks,
>
> Paul

Alan