- Newest
- Most votes
- Most comments
Hi. You've assigned an invalid value to OS_DIST_INFO
: https://docs.aws.amazon.com/greengrass/v2/developerguide/secure-tunneling-component.html#secure-tunneling-component-configuration
I'm not sure that explains everything.
UPDATE July 23: Adding to the answer since I've been getting downvotes. What I said above is correct (albeit only a partial answer), so the downvotes are a tad harsh.
The only error or warning of consequence in the logs is TcpForward::OnConnectionResult error_code=1047
. This is a socket connection refused. The secure tunneling component is a special build of AWS IoT Device Client, and this error message comes from here: https://github.com/awslabs/aws-iot-device-client/blob/cf738c82927f5a0020a58fda88a5de65b11a4574/source/tunneling/TcpForward.cpp#L107. Does your device meet all the requirements (specifically is the secure tunneling endpoint reachable and is port 443 open)? https://docs.aws.amazon.com/greengrass/v2/developerguide/secure-tunneling-component.html#secure-tunneling-component-requirements
For the permissions warnings, these come from here: https://github.com/awslabs/aws-iot-device-client/blob/cf738c82927f5a0020a58fda88a5de65b11a4574/source/util/FileUtils.cpp#L198. More information here: https://github.com/awslabs/aws-iot-device-client/blob/main/docs/PERMISSIONS.md. In your case, they are only warnings and will not prevent proper function. I get the same messages on my RPi, and secure tunneling works.
The secure tunneling component creates an AWS IoT Device Client configuration file in /tmp/device-client-settings.json<unique-id>
. If you inspect that file, you'll see:
"root-ca": "replace_with_root_ca_file_location"
That's what's causing the other warning. Again, it's of no concern in this instance because the root CA will instead be found from your Greengrass configuration.
Yeah I realized after I posted it, I modified it and still the same issue occurs ("OS_DIST_INFO": "raspberrypi", but it won't work as "auto" either). From what i've read error 1047 has something to do with permissions but I did as the documentation said.
Answer updated to be more complete.
I also checked the port, I allowed it via ufw (I even disabled it to test) and I can see the port being avaliable with this comand:
root@<user>:/greengrass/v2/logs# sudo lsof -i :443 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME aws-iot-d 1623 ggc_user 7u IPv4 31670 0t0 TCP <user>:59562->ec2-3-213-214-212.compute-1.amazonaws.com:https (ESTABLISHED)
About the other requirements, I believe we meet all the requierements, we use python 3.8 and the documentation asks for 3.5 or above, and glibc is 2.31
Relevant content
- asked 4 months ago
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 months ago
Hello Fernanda, the issue mentioned over here is an connection error. It has nothing to do with component not able to find
RootCA
or the file permissions issue. As mentioned in another comment by Greg_B bellow, make sure your port is accessible or not. I believe it is an device side error where component is not being able to establish a connection securely.