can not start greengrassd (AWS IOT greengrass) on raspberrypi - amazon-web-services

I have register AWS IoT Greengrass group.
I also download Greengrass certificate from console and AmazonRoot-CA1
here is list my certificate files(store in /greengrass/certs/):
-rw-r--r-- 1 pi pi 1220 Jan 15 10:07 82ab16xxxx.cert.pem
-rw-r--r-- 1 pi pi 1679 Jan 15 10:07 82ab16xxxx.private.key
-rw-r--r-- 1 pi pi 451 Jan 15 10:07 82ab16xxxx.public.key
-rw-r--r-- 1 pi pi 1188 Jan 15 10:07 root.ca.pem
When I start greengrassd by command:
sudo ./greengrassd start
I have error:
Setting up greengrass daemon
Validating hardlink/softlink protection
Waiting for up to 40s for Daemon to start
Error occured while generating TLS config: ErrUnknownURIScheme: no handlers matched for path: .../greengrass/certs/root.ca.pem
The Greengrass daemon process with [pid = 18029] died
I have try to re-install OS but still error.
I also install mosquitto-clients and mosquitto on raspberrypi
Thanks.

I'm guessing your issue is that you haven't activated your root CA from the console.
try this instead:
sudo wget -O root.ca.pem https://www.amazontrust.com/repository/AmazonRootCA1.pem
try doing this directly in your certs directory then restarting your deamon.

Related

Incompatible version of OpenSSL on Fedora Linux

Am struggling to use ssl with QWebSocket. Get the following error messages:
QML debugging is enabled. Only use this in a safe environment.
qt.tlsbackend.ossl: Incompatible version of OpenSSL (built with OpenSSL 1.x, runtime version is >= 3.x)
qt.network.ssl: The backend "cert-only" does not support QSslKey
qt.network.ssl: Active TLS backend does not support key creation
qt.network.ssl: The backend "cert-only" does not support QSslKey
qt.network.ssl: Active TLS backend does not support key creation
qt.network.ssl: The backend "cert-only" does not support QSslKey
qt.network.ssl: Active TLS backend does not support key creation
qt.network.ssl: The backend "cert-only" does not support QSslKey
qt.network.ssl: Active TLS backend does not support key creation
WSInterface::onError(): Got the web-socket connection error: QAbstractSocket::UnsupportedSocketOperationError
Using Qt 6.4.2 installed from the Qt Installer as binaries (not built from source) on Fedora 37 on Intel with gcc 12.2
QSslSocket::supportsSsl() return false.
/usr/lib64 is holding:
-rwxr-xr-x. 1 root root 430944 Nov 18 08:51 libssl3.so
lrwxrwxrwx. 1 root root 15 Nov 2 00:41 libssl.so -> libssl.so.3.0.5
lrwxrwxrwx. 1 root root 15 Nov 2 00:41 libssl.so.3 -> libssl.so.3.0.5
-rwxr-xr-x. 1 root root 677480 Nov 2 00:41 libssl.so.3.0.5
I can't see any ssl (or even references to libssl using ldd in the Qt directories)
If I add /usr/lib64 to the front of LD_LIBRARY_PATH the application sig faults on:
this->WebSocket = new QWebSocket();
Since the Qt Maintenance Tool provides the source code for OpenSSL 1.1.1q, I downloaded that and built it using the following commands. Build and install was smooth:
sudo dnf group install 'Development Tools' -y
sudo dnf install perl-core zlib-devel -y
cd ~/Qt/Tools/OpenSSL/src
./config --prefix=/usr/lib64 --openssldir=/usr/lib64 shared zlib
make -j8
make test
sudo make install
make install added the following files to /usr/lib64
lrwxrwxrwx. 1 root root 29 Jul 22 02:33 libevent_openssl-2.1.so.7 -> libevent_openssl-2.1.so.7.0.1
-rwxr-xr-x. 1 root root 36840 Jul 22 02:33 libevent_openssl-2.1.so.7.0.1
lrwxrwxrwx. 1 root root 28 Oct 24 18:02 libxmlsec1-openssl.so -> libxmlsec1-openssl.so.1.2.34
lrwxrwxrwx. 1 root root 28 Oct 24 18:02 libxmlsec1-openssl.so.1 -> libxmlsec1-openssl.so.1.2.34
-rwxr-xr-x. 1 root root 304712 Oct 24 18:02 libxmlsec1-openssl.so.1.2.34
-rw-r--r--. 1 root root 10909 Jan 10 18:43 openssl.cnf
-rw-r--r--. 1 root root 10909 Jan 10 18:43 openssl.cnf.dist
ossl-modules:
total 1736
drwxr-xr-x. 2 root root 38 Jan 8 18:32 .
dr-xr-xr-x. 173 root root 118784 Jan 10 18:43 ..
-rwxr-xr-x. 1 root root 1488504 Nov 2 00:41 fips.so
-rwxr-xr-x. 1 root root 120392 Nov 2 00:41 legacy.so
This did not seem to change the result - same error messages when running the application; same sig fault when adding /usr/lib64 in front of LD_LIBRARY_PATH
There seems to no mention on how to proceed in the help. Qt Forum / Bugs and Stackoverflow seem to have lots of articles. Besides the LD_LIBRARY_PATH and building from source the other suggestion seems to be install openssl 1.1.1 from the package manager.
sudo dnf install openssl-1.1.1q-1.fc35.x86_64.rpm
Can't find the .rpm. If I download it from:
https://download-ib01.fedoraproject.org/pub/fedora/linux/releases/35/Everything/x86_64/os/Packages/o/openssl-1.1.1l-2.fc35.x86_64.rpm
then Fedora refuses to install it.
Any guidance would be appreciated.

AWS CodeBuild not pausing on breakpoint

Using steps provided here, I kicked off a CodeBuild with the following advanced options checked:
Enable session connection
Allow AWS CodeBuild to modify this service role so it can be used with this build project
The buildspec included a codebuild-breakpoint:
version: 0.2
phases:
pre_build:
commands:
- ls -al
- codebuild-breakpoint
- cd "${SERVICE_NAME}"
- ls -al
- $(aws ecr get-login)
- TAG="$SERVICE_NAME"
build:
commands:
- docker build --tag "${REPOSITORY_URI}:${TAG}" .
post_build:
commands:
- docker push "${REPOSITORY_URI}:${TAG}"
- printf '{"tag":"%s"}' $TAG > ../build.json
artifacts:
files: build.json
The build started and produced the following logs without pausing:
[Container] 2022/02/28 13:49:03 Entering phase PRE_BUILD
[Container] 2022/02/28 13:49:03 Running command ls -al
total 148
drwxr-xr-x 2 root root 4096 Feb 28 13:49 .
drwxr-xr-x 3 root root 4096 Feb 28 13:49 ..
-rw-rw-rw- 1 root root 1818 Feb 28 10:54 user-manager\Dockerfile
-rw-rw-rw- 1 root root 140 Feb 28 10:34 user-manager\body.json
-rw-rw-rw- 1 root root 0 Feb 28 10:54 user-manager\shared-modules\
-rw-rw-rw- 1 root root 4822 Feb 21 14:52 user-manager\shared-modules\config-helper\config.js
-rw-rw-rw- 1 root root 2125 Feb 21 14:52 user-manager\shared-modules\config-helper\config\default.json
-rw-rw-rw- 1 root root 366 Feb 21 14:52 user-manager\shared-modules\config-helper\package.json
-rw-rw-rw- 1 root root 9713 Feb 21 14:52 user-manager\shared-modules\dynamodb-helper\dynamodb-helper.js
-rw-rw-rw- 1 root root 399 Feb 21 14:52 user-manager\shared-modules\dynamodb-helper\package.json
-rw-rw-rw- 1 root root 451 Feb 21 14:52 user-manager\shared-modules\token-manager\package.json
-rw-rw-rw- 1 root root 13885 Feb 21 14:52 user-manager\shared-modules\token-manager\token-manager.js
-rw-rw-rw- 1 root root 44372 Feb 28 10:34 user-manager\src\cognito-user.js
-rw-rw-rw- 1 root root 706 Feb 28 10:34 user-manager\src\package.json
-rw-rw-rw- 1 root root 32734 Feb 28 10:34 user-manager\src\server.js
[Container] 2022/02/28 13:49:03 Running command codebuild-breakpoint
2022/02/28 13:49:03 Build is paused temporarily and you can use codebuild-resume command in the session to resume this build
[Container] 2022/02/28 13:49:03 Running command cd "${SERVICE_NAME}"
/codebuild/output/tmp/script.sh: 4: cd: can't cd to user-manager
My primary question is: Why didn't the build pause and session manager link become available?
Side-quest: The reason I'm trying to debug the session is to try to determine why the process can't CD to the user-manager folder (which clearly exists). Any ideas why?
TLDR: The image on the build machine was too old.
Main quest
The template specified aws/codebuild/ubuntu-base:14.04 as the CodeBuild image. Presumably that image pre-dated the Session Manager functionality (which requires a specific version of the SSM agent to be installed).
I update the agent to aws/codebuild/standard:5.0 and was able to successfully pause on the breakpoint and connect to the session.
Side quest
Once I connected I was able to investigate the cause of the inability to CD to the folder. I can confirm that Tim's shot in the dark was correct! All the entries were in fact files - no folders.
This QuickStart is the gift that keeps on giving! When/if I get all the issues resolved I'll submit a PR to update the project. Those interested in the cause of the file/folder issue can follow up there.
Side quest update
The strange flattening behaviour was due to creating the zip file on a Windows machine and unzipping it on a unix machine (the build agent uses an Ubuntu image). Just zipped it using 7-Zip and that did the job.

docker socker at /var/run/docker.sock with AWS

I have an issue where a few tools, Portainer for example, can't find the docker socket on AWS.
I have some setup scripts that were run to set various containers.
On MacOS, it works without problems.
On a CentOS box, no problem as well.
On CentOS / AWS, containers cannot connect to the docker socket.
I am talking about a local unsecured connection to /var/run/docker.sock
What could be different on AWS?
I can see the socket:
➜ run ls -ld /var/run/docker*
drwxr-xr-x 8 root root 200 Nov 27 14:04 /var/run/docker
-rw-r--r-- 1 root root 4 Nov 27 14:03 /var/run/docker.pid
srw-rw-r-- 1 root docker 0 Nov 27 14:03 /var/run/docker.sock

Google PageSpeed Apache Error log CentOS

I installed the Google PageSpeed module to my CentOS 7.0 DA VPS.
I used this blog, by installing the PageSpeed module: http://www.haloseeker.com/install-go...h-directadmin/
When I check my Apache Error Log, I found the following errors:
[pagespeed:error] [pid 2593] [mod_pagespeed 1.11.33.1-0 #2593] Could not create directories for file /var/cache/mod_pagespeed/v3/domain.com/https,3A/,2Fwww.domain.com/icon_feed.gif,.temp
[pagespeed:error] [pid 2593] [mod_pagespeed 1.11.33.1-0 #2593] /var/cache/mod_pagespeed/v3/domain.com/https,3A/,2Fwww.domain.com/icon_feed.gif,.temp8f2OKe:0: opening temp file: No such file or directory
[pagespeed:error] [pid 2673] [mod_pagespeed 1.11.33.1-0 #2673] Failed to make directory /var/cache/mod_pagespeed/v3/domain.com/https,3A/,www.domain.com/images: Permission denied
How can I solve this problem?
Try to update your directory permission with the following command and let me know if you have any issues.
chmod -R a+w /var/cache/mod_pagespeed
This doesn't have to work. Depending on the Apache configuration (mpm_itk), it's possible that each vhost is served as another user.
So important directories are made under user A, and when another request to host B, user B cannot delete/create subdirectories.
I haven't figured out how to solve this, running CentOS and cPanel as hoster.
-rw-------. 1 tvr86nl tvr86nl 13 Aug 17 23:14 !clean!time!
drwxr-xr-x. 4 tvr86nl tvr86nl 37 Aug 17 00:45 prop_page
drwxr-xr-x. 12 tvr86nl tvr86nl 4.0K Aug 17 12:54 rname
drwxr-xr-x. 3 tvr86nl tvr86nl 22 Aug 16 18:16 v3
root#vps1.sse-ict.nl /var/mod_pagespeed/cache>
so this happens every time when these directories are created :(
perhaps a cron-job would do the trick. But it's a mod_pagespeed
shortcoming!

AWS Block Devices name doesn't match with CentOS SoftLink

On AWS EC2 Block Device is identified as /dev/sda, /dev/sdf and /dev/sdg, but inside EC2 CentOS instance when I do ll /dev/sd* it gives following:
lrwxrwxrwx. 1 root root 4 Feb 17 03:10 /dev/sda -> xvde
lrwxrwxrwx. 1 root root 4 Feb 17 03:10 /dev/sdj -> xvdj
lrwxrwxrwx. 1 root root 4 Feb 17 03:10 /dev/sdk -> xvdk
lrwxrwxrwx. 1 root root 5 Feb 17 03:10 /dev/sdk1 -> xvdk1
When I run ec2-describe-instances --aws-access-key xxxxxx<MyKey>xxx --aws-secret-key xxxxxx<MyKey>xxx --region us-east-1 ``curl -s http://169.254.169.254/latest/meta-data/instance-id`` | grep -i BLOCKDEVICE output is as follow:
/dev/sda
/dev/sdf
/dev/sdg
I am wondering how to link these two: AWS GUI Console's Block Devices and within EC2 instance Block Devices?
Thanks,
This is a device mapping alias problem. You can see more details with a solution here:
https://forums.aws.amazon.com/message.jspa?messageID=255240
Make sure you take backups of everything before making any changes!