I am trying to provision a new device using fleetProvisioningByClaim following https://docs.aws.amazon.com/greengrass/v2/developerguide/fleet-provisioning.html, for this i have all my claim credentials on the device and my iotDataEndpoint/iotCredentialEndpoint/provisioningTemplate/rootCaPath are set and on running the final command sudo -E java -Droot="/greengrass/v2
i did received Successfully set up Nucleus as a system service and greengrass is running as well but couldn't find the device on iotCore, and as checked in my greengrass.log, attached logs for the same. Also my nucleus and main.log files are empty. Is there any other way to debug such issue?
config.yaml file
services:
aws.greengrass.Nucleus:
version: "2.5.6"
configuration:
awsRegion: "us-east-1"
aws.greengrass.FleetProvisioningByClaim:
configuration:
rootPath: /greengrass/v2
awsRegion: "us-east-1"
iotDataEndpoint: "$iotDataEndpoint" // replaced with endpoint as retrieved from aws iot describe-endpoint --endpoint-type iot:Data-ATS
iotCredentialEndpoint: "$iotCredentialEndpoint" // replaced with endpoint as retrieved from aws iot describe-endpoint --endpoint-type iot:CredentialProvider
iotRoleAlias: "GreengrassV2TokenExchangeRoleAlias"
provisioningTemplate: "$provisioningTemplate" // Value as copied from `Fleet provisioning templates` in IOT Core
claimCertificatePath: "/greengrass/v2/claim-certs/claim.pem.crt" // copied from certificatePem as mentioned in https://tiny.amazon.com/n4qhu1jm/docsawsamaziotlateapirAPI_
claimCertificatePrivateKeyPath: "/greengrass/v2/claim-certs/claim.private.pem.key" // copied from keyPair.privateKey as mentioned in https://tiny.amazon.com/n4qhu1jm/docsawsamaziotlateapirAPI_
rootCaPath: "/greengrass/v2/AmazonRootCA1.pem" // verified they are present
templateParameters:
ThingName: "$thingName" // replaced $thingName with my thing name
ThingGroupName: "$thingGroupName" // replaced $thingName with my group name
Java command:
sudo -E java -Droot="/greengrass/v2" -Dlog.store=FILE \
-jar /target/GreengrassInstaller/lib/Greengrass.jar \
--trusted-plugin /target/GreengrassInstaller/aws.greengrass.FleetProvisioningByClaim.jar \
--init-config /target/GreengrassInstaller/config.yaml \
--component-default-user ggc_user:ggc_group \
--setup-system-service true
greengrass.log:
2022-07-03T14:33:00.260Z [ERROR] (pool-2-thread-1) com.aws.greengrass.FleetProvisioningByClaimPlugin: Exception encountered while getting device identity information. {}
software.amazon.awssdk.crt.CrtRuntimeException: aws_tls_ctx_options_init_client_mtls_from_path failed (aws_last_error: AWS_ERROR_INVALID_ARGUMENT(34), An invalid argument was passed to a function.) AWS_ERROR_INVALID_ARGUMENT(34)
at software.amazon.awssdk.crt.io.TlsContextOptions.tlsContextOptionsNew(Native Method)
at software.amazon.awssdk.crt.io.TlsContextOptions.getNativeHandle(TlsContextOptions.java:108)
at software.amazon.awssdk.crt.io.TlsContext.<init>(TlsContext.java:24)
at software.amazon.awssdk.crt.io.ClientTlsContext.<init>(ClientTlsContext.java:26)
at software.amazon.awssdk.iot.AwsIotMqttConnectionBuilder.build(AwsIotMqttConnectionBuilder.java:619)
at com.aws.greengrass.MqttConnectionHelper.getMqttConnection(MqttConnectionHelper.java:66)
at com.aws.greengrass.FleetProvisioningByClaimPlugin.updateIdentityConfiguration(FleetProvisioningByClaimPlugin.java:142)
at com.aws.greengrass.lifecyclemanager.KernelLifecycle.lambda$executeProvisioningPlugin$1(KernelLifecycle.java:199)
at com.aws.greengrass.util.RetryUtils.runWithRetry(RetryUtils.java:50)
at com.aws.greengrass.lifecyclemanager.KernelLifecycle.lambda$executeProvisioningPlugin$2(KernelLifecycle.java:198)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)