AWS re:Postを使用することにより、以下に同意したことになります AWS re:Post 利用規約
AWS re:Postre:Post

Lambda runtime - Permissio denied

1

Hi,
I've been playing with Greengrass Core for a while (installed on Nvidia Jetson Nano). I installed 1.11 version and deployed my lambda. Everything was working as expected.
Yesterday new version showed up so I removed the previous GGC and installed V2 instead. I deployed my lambda (exactly the same) code to new GGC (V2) and code is not working. This is what I see in the logs:
2020-12-16T13:50:10.509Z [ERROR] (pool-2-thread-41) Greengrass_HelloWorld: /usr/bin/python3.7: can't open file '/home/greengrass/v2/work/Greengrass_HelloWorld/work/worker/0/runtime/python/lambda_runtime.py': [Errno 13] Permission denied. {serviceInstance=0, serviceName=Greengrass_HelloWorld, currentState=RUNNING}

When I'm checking the the file lambda_runtime.py it has 'r' (read) access for all (user/group/other). Any idea what is happening? As I understand I'm not controlling the runtime code so how can I fix it?

トピック
モノのインターネット (IoT)
タグ
AWS IoT Greengrass
言語
English
Szymon999
質問済み 3年前206ビュー
6回答
0

Hi Szymon999,

Can you list the permissions on the following directories?

  • /home
  • /home/greengrass
  • /home/greengrass/v2

Is the lambda configured to run in NoContainer mode or GreengrassContainer mode?

Greengrass manages the permissions of the directories within its installation directory. In order to run the processes as different users though, the user needs to have read + execute permission on the directory hierarchy up to the artifact that is being executed.

I suspect that /home/greengrass needs be chmod og+rx

AWS
Rob
回答済み 3年前
0

Hi Szymon999,

Thanks for using Greengrass v2. Can you share some details about your GGC setup?

  1. What is the component-default-user in the initial setup? Did you configure the user while deploying the lambda component?
  2. Can you enable debug logging and provide more logs?
  3. Can you provide the config files at /home/greengrass/v2/config/config.tlog and /home/greengrass/v2/config/effectiveConfig.yaml? Make sure you mask out the sensitive information if any.

Thanks,
Hui

AWS-User-5233880
回答済み 3年前
0

Hi,
This problem was indeed caused by the permission issues. I found that components are executed by ggc_user (configured at the installation) and I had to grant /home/greengrass dir correct permissions.
Thanks.

Szymon999
回答済み 3年前
0

Hi,

can you provide the command to do that?

I have got the same issue, what is weird it is working on another core ....
Hope it's the same issue ..

Thanks

jujuz7777777
回答済み 3年前
0

Yes, can you please provide a more verbose answer on this topic, thanks!

bnjmn
回答済み 3年前
0

I am also new to this greengrass v2. So I may be wrong.
I beileve that permissions are given to ggc_user and ggc_group as component-default-user if you don't explicitly specify other user name and group name when you create component. So you have to add ggc_user as user and ggc_group as group as system like below. I think that you have to do it every device manually.

Log into your device by SSH and do the next both two lines sudo adduser and sudo addgroup as shown in
https://docs.amazonaws.cn/en_us/greengrass/v1/developerguide/setup-filter.rpi.html

sudo adduser --system ggc_user
sudo addgroup --system ggc_group

For the first core device, you might have done this but for the second one, you might have forgotten to do this again.
Hope this helps you.

jx2900
回答済み 3年前

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ