I have register AWS IoT Greengrass group.
I also download Greengrass certificate from console and AmazonRoot-CA1
here is list my certificate files(store in /greengrass/certs/):
-rw-r--r-- 1 pi pi 1220 Jan 15 10:07 82ab16xxxx.cert.pem
-rw-r--r-- 1 pi pi 1679 Jan 15 10:07 82ab16xxxx.private.key
-rw-r--r-- 1 pi pi 451 Jan 15 10:07 82ab16xxxx.public.key
-rw-r--r-- 1 pi pi 1188 Jan 15 10:07 root.ca.pem
When I start greengrassd by command:
sudo ./greengrassd start
I have error:
Setting up greengrass daemon
Validating hardlink/softlink protection
Waiting for up to 40s for Daemon to start
Error occured while generating TLS config: ErrUnknownURIScheme: no handlers matched for path: .../greengrass/certs/root.ca.pem
The Greengrass daemon process with [pid = 18029] died
I have try to re-install OS but still error.
I also install mosquitto-clients and mosquitto on raspberrypi
Thanks.
I'm guessing your issue is that you haven't activated your root CA from the console.
try this instead:
sudo wget -O root.ca.pem https://www.amazontrust.com/repository/AmazonRootCA1.pem
try doing this directly in your certs directory then restarting your deamon.
Related
Am struggling to use ssl with QWebSocket. Get the following error messages:
QML debugging is enabled. Only use this in a safe environment.
qt.tlsbackend.ossl: Incompatible version of OpenSSL (built with OpenSSL 1.x, runtime version is >= 3.x)
qt.network.ssl: The backend "cert-only" does not support QSslKey
qt.network.ssl: Active TLS backend does not support key creation
qt.network.ssl: The backend "cert-only" does not support QSslKey
qt.network.ssl: Active TLS backend does not support key creation
qt.network.ssl: The backend "cert-only" does not support QSslKey
qt.network.ssl: Active TLS backend does not support key creation
qt.network.ssl: The backend "cert-only" does not support QSslKey
qt.network.ssl: Active TLS backend does not support key creation
WSInterface::onError(): Got the web-socket connection error: QAbstractSocket::UnsupportedSocketOperationError
Using Qt 6.4.2 installed from the Qt Installer as binaries (not built from source) on Fedora 37 on Intel with gcc 12.2
QSslSocket::supportsSsl() return false.
/usr/lib64 is holding:
-rwxr-xr-x. 1 root root 430944 Nov 18 08:51 libssl3.so
lrwxrwxrwx. 1 root root 15 Nov 2 00:41 libssl.so -> libssl.so.3.0.5
lrwxrwxrwx. 1 root root 15 Nov 2 00:41 libssl.so.3 -> libssl.so.3.0.5
-rwxr-xr-x. 1 root root 677480 Nov 2 00:41 libssl.so.3.0.5
I can't see any ssl (or even references to libssl using ldd in the Qt directories)
If I add /usr/lib64 to the front of LD_LIBRARY_PATH the application sig faults on:
this->WebSocket = new QWebSocket();
Since the Qt Maintenance Tool provides the source code for OpenSSL 1.1.1q, I downloaded that and built it using the following commands. Build and install was smooth:
sudo dnf group install 'Development Tools' -y
sudo dnf install perl-core zlib-devel -y
cd ~/Qt/Tools/OpenSSL/src
./config --prefix=/usr/lib64 --openssldir=/usr/lib64 shared zlib
make -j8
make test
sudo make install
make install added the following files to /usr/lib64
lrwxrwxrwx. 1 root root 29 Jul 22 02:33 libevent_openssl-2.1.so.7 -> libevent_openssl-2.1.so.7.0.1
-rwxr-xr-x. 1 root root 36840 Jul 22 02:33 libevent_openssl-2.1.so.7.0.1
lrwxrwxrwx. 1 root root 28 Oct 24 18:02 libxmlsec1-openssl.so -> libxmlsec1-openssl.so.1.2.34
lrwxrwxrwx. 1 root root 28 Oct 24 18:02 libxmlsec1-openssl.so.1 -> libxmlsec1-openssl.so.1.2.34
-rwxr-xr-x. 1 root root 304712 Oct 24 18:02 libxmlsec1-openssl.so.1.2.34
-rw-r--r--. 1 root root 10909 Jan 10 18:43 openssl.cnf
-rw-r--r--. 1 root root 10909 Jan 10 18:43 openssl.cnf.dist
ossl-modules:
total 1736
drwxr-xr-x. 2 root root 38 Jan 8 18:32 .
dr-xr-xr-x. 173 root root 118784 Jan 10 18:43 ..
-rwxr-xr-x. 1 root root 1488504 Nov 2 00:41 fips.so
-rwxr-xr-x. 1 root root 120392 Nov 2 00:41 legacy.so
This did not seem to change the result - same error messages when running the application; same sig fault when adding /usr/lib64 in front of LD_LIBRARY_PATH
There seems to no mention on how to proceed in the help. Qt Forum / Bugs and Stackoverflow seem to have lots of articles. Besides the LD_LIBRARY_PATH and building from source the other suggestion seems to be install openssl 1.1.1 from the package manager.
sudo dnf install openssl-1.1.1q-1.fc35.x86_64.rpm
Can't find the .rpm. If I download it from:
https://download-ib01.fedoraproject.org/pub/fedora/linux/releases/35/Everything/x86_64/os/Packages/o/openssl-1.1.1l-2.fc35.x86_64.rpm
then Fedora refuses to install it.
Any guidance would be appreciated.
Using steps provided here, I kicked off a CodeBuild with the following advanced options checked:
Enable session connection
Allow AWS CodeBuild to modify this service role so it can be used with this build project
The buildspec included a codebuild-breakpoint:
version: 0.2
phases:
pre_build:
commands:
- ls -al
- codebuild-breakpoint
- cd "${SERVICE_NAME}"
- ls -al
- $(aws ecr get-login)
- TAG="$SERVICE_NAME"
build:
commands:
- docker build --tag "${REPOSITORY_URI}:${TAG}" .
post_build:
commands:
- docker push "${REPOSITORY_URI}:${TAG}"
- printf '{"tag":"%s"}' $TAG > ../build.json
artifacts:
files: build.json
The build started and produced the following logs without pausing:
[Container] 2022/02/28 13:49:03 Entering phase PRE_BUILD
[Container] 2022/02/28 13:49:03 Running command ls -al
total 148
drwxr-xr-x 2 root root 4096 Feb 28 13:49 .
drwxr-xr-x 3 root root 4096 Feb 28 13:49 ..
-rw-rw-rw- 1 root root 1818 Feb 28 10:54 user-manager\Dockerfile
-rw-rw-rw- 1 root root 140 Feb 28 10:34 user-manager\body.json
-rw-rw-rw- 1 root root 0 Feb 28 10:54 user-manager\shared-modules\
-rw-rw-rw- 1 root root 4822 Feb 21 14:52 user-manager\shared-modules\config-helper\config.js
-rw-rw-rw- 1 root root 2125 Feb 21 14:52 user-manager\shared-modules\config-helper\config\default.json
-rw-rw-rw- 1 root root 366 Feb 21 14:52 user-manager\shared-modules\config-helper\package.json
-rw-rw-rw- 1 root root 9713 Feb 21 14:52 user-manager\shared-modules\dynamodb-helper\dynamodb-helper.js
-rw-rw-rw- 1 root root 399 Feb 21 14:52 user-manager\shared-modules\dynamodb-helper\package.json
-rw-rw-rw- 1 root root 451 Feb 21 14:52 user-manager\shared-modules\token-manager\package.json
-rw-rw-rw- 1 root root 13885 Feb 21 14:52 user-manager\shared-modules\token-manager\token-manager.js
-rw-rw-rw- 1 root root 44372 Feb 28 10:34 user-manager\src\cognito-user.js
-rw-rw-rw- 1 root root 706 Feb 28 10:34 user-manager\src\package.json
-rw-rw-rw- 1 root root 32734 Feb 28 10:34 user-manager\src\server.js
[Container] 2022/02/28 13:49:03 Running command codebuild-breakpoint
2022/02/28 13:49:03 Build is paused temporarily and you can use codebuild-resume command in the session to resume this build
[Container] 2022/02/28 13:49:03 Running command cd "${SERVICE_NAME}"
/codebuild/output/tmp/script.sh: 4: cd: can't cd to user-manager
My primary question is: Why didn't the build pause and session manager link become available?
Side-quest: The reason I'm trying to debug the session is to try to determine why the process can't CD to the user-manager folder (which clearly exists). Any ideas why?
TLDR: The image on the build machine was too old.
Main quest
The template specified aws/codebuild/ubuntu-base:14.04 as the CodeBuild image. Presumably that image pre-dated the Session Manager functionality (which requires a specific version of the SSM agent to be installed).
I update the agent to aws/codebuild/standard:5.0 and was able to successfully pause on the breakpoint and connect to the session.
Side quest
Once I connected I was able to investigate the cause of the inability to CD to the folder. I can confirm that Tim's shot in the dark was correct! All the entries were in fact files - no folders.
This QuickStart is the gift that keeps on giving! When/if I get all the issues resolved I'll submit a PR to update the project. Those interested in the cause of the file/folder issue can follow up there.
Side quest update
The strange flattening behaviour was due to creating the zip file on a Windows machine and unzipping it on a unix machine (the build agent uses an Ubuntu image). Just zipped it using 7-Zip and that did the job.
I have an issue where a few tools, Portainer for example, can't find the docker socket on AWS.
I have some setup scripts that were run to set various containers.
On MacOS, it works without problems.
On a CentOS box, no problem as well.
On CentOS / AWS, containers cannot connect to the docker socket.
I am talking about a local unsecured connection to /var/run/docker.sock
What could be different on AWS?
I can see the socket:
➜ run ls -ld /var/run/docker*
drwxr-xr-x 8 root root 200 Nov 27 14:04 /var/run/docker
-rw-r--r-- 1 root root 4 Nov 27 14:03 /var/run/docker.pid
srw-rw-r-- 1 root docker 0 Nov 27 14:03 /var/run/docker.sock
I installed the Google PageSpeed module to my CentOS 7.0 DA VPS.
I used this blog, by installing the PageSpeed module: http://www.haloseeker.com/install-go...h-directadmin/
When I check my Apache Error Log, I found the following errors:
[pagespeed:error] [pid 2593] [mod_pagespeed 1.11.33.1-0 #2593] Could not create directories for file /var/cache/mod_pagespeed/v3/domain.com/https,3A/,2Fwww.domain.com/icon_feed.gif,.temp
[pagespeed:error] [pid 2593] [mod_pagespeed 1.11.33.1-0 #2593] /var/cache/mod_pagespeed/v3/domain.com/https,3A/,2Fwww.domain.com/icon_feed.gif,.temp8f2OKe:0: opening temp file: No such file or directory
[pagespeed:error] [pid 2673] [mod_pagespeed 1.11.33.1-0 #2673] Failed to make directory /var/cache/mod_pagespeed/v3/domain.com/https,3A/,www.domain.com/images: Permission denied
How can I solve this problem?
Try to update your directory permission with the following command and let me know if you have any issues.
chmod -R a+w /var/cache/mod_pagespeed
This doesn't have to work. Depending on the Apache configuration (mpm_itk), it's possible that each vhost is served as another user.
So important directories are made under user A, and when another request to host B, user B cannot delete/create subdirectories.
I haven't figured out how to solve this, running CentOS and cPanel as hoster.
-rw-------. 1 tvr86nl tvr86nl 13 Aug 17 23:14 !clean!time!
drwxr-xr-x. 4 tvr86nl tvr86nl 37 Aug 17 00:45 prop_page
drwxr-xr-x. 12 tvr86nl tvr86nl 4.0K Aug 17 12:54 rname
drwxr-xr-x. 3 tvr86nl tvr86nl 22 Aug 16 18:16 v3
root#vps1.sse-ict.nl /var/mod_pagespeed/cache>
so this happens every time when these directories are created :(
perhaps a cron-job would do the trick. But it's a mod_pagespeed
shortcoming!
On AWS EC2 Block Device is identified as /dev/sda, /dev/sdf and /dev/sdg, but inside EC2 CentOS instance when I do ll /dev/sd* it gives following:
lrwxrwxrwx. 1 root root 4 Feb 17 03:10 /dev/sda -> xvde
lrwxrwxrwx. 1 root root 4 Feb 17 03:10 /dev/sdj -> xvdj
lrwxrwxrwx. 1 root root 4 Feb 17 03:10 /dev/sdk -> xvdk
lrwxrwxrwx. 1 root root 5 Feb 17 03:10 /dev/sdk1 -> xvdk1
When I run ec2-describe-instances --aws-access-key xxxxxx<MyKey>xxx --aws-secret-key xxxxxx<MyKey>xxx --region us-east-1 ``curl -s http://169.254.169.254/latest/meta-data/instance-id`` | grep -i BLOCKDEVICE output is as follow:
/dev/sda
/dev/sdf
/dev/sdg
I am wondering how to link these two: AWS GUI Console's Block Devices and within EC2 instance Block Devices?
Thanks,
This is a device mapping alias problem. You can see more details with a solution here:
https://forums.aws.amazon.com/message.jspa?messageID=255240
Make sure you take backups of everything before making any changes!