By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to prevent Greengrass SecureTunneling Component lockup preventing further connections

0

We use the GreengrassV2SecureTunnelingComponent to remotely access the unit - I found one instance where the service had locked up it seems for many weeks, and this prevented futher sessions from being established. A new tunnel notification message was received, but nothing further happened. SubscribeResponseHandler - Received new tunnel notification message..

Restarting greengrass resulted in the ability to start new remote sessions. Is there any configuration for this component to allow a timeout so that it can't lockup somehow and prevent future connections ?

Component remains running

123456 root@som /greengrass/v2/logs $ ps -efa |grep -i secu
root      6008  5394  0 Mar05 ?        00:00:00 sudo -n -E -H -u ggc_user -g ggc_group -- sh -c java -jar /greengrass/v2/packages/artifacts/aws.greengrass.SecureTunneling/1.0.16/GreengrassV2SecureTunnelingComponent-1.0-all.jar linux
ggc_user  6011  6008  0 Mar05 ?        00:00:00 sh -c java -jar /greengrass/v2/packages/artifacts/aws.greengrass.SecureTunneling/1.0.16/GreengrassV2SecureTunnelingComponent-1.0-all.jar linux aarch64
ggc_user  6013  6011  0 Mar05 ?        02:39:37 java -jar /greengrass/v2/packages/artifacts/aws.greengrass.SecureTunneling/1.0.16/GreengrassV2SecureTunnelingComponent-1.0-all.jar linux aarch64
root     24593 20896  0 02:32 pts/0    00:00:00 tail -F aws.greengrass.SecureTunneling.log
123456 root@som /greengrass/v2/logs $ uptime
 02:35:00 up 70 days, 21:03,  2 users,  load average: 0.90, 0.81, 0.84
Topics
Internet of Things (IoT)
Tags
AWS IoT Greengrass
Language
English
majh
asked 21 days ago135 views
2 Answers
0

Hello,

There are various parameters which might have been causing this issue. Inorder to identify the same can you please let us know the version of component you are using on your device? Also are you using IoT tunnel console on the source side for connecting to the device or localproxy?

Thanks

AWS
rePost-User-7792115
answered 20 days ago
  • majh
    20 days ago

    Hi, thanks for your comment. The SecureTunneling component version is 1.0.16, I was using localproxy to connect source side.

0

Hey, thanks for posting. Can you try running ps again? This time, grep for device-client and count the total number of entries in the resulting list. If the list is long, then the component may have been blocking additional child processes from spawning until the old ones are killed. If that is the case, then it is a known issue and we are taking steps to mitigate this. The latest version of the component 1.0.19 increases the limit so that this issue should happen less frequently, but the actual mitigation will come in a future release. Note that if you decide to upgrade the component to 1.0.19+, you will need to upgrade localproxy as well https://docs.aws.amazon.com/greengrass/v2/developerguide/secure-tunneling-component.html#secure-tunneling-component-changelog

AWS
rePost-User-4984457
answered 17 days ago
  • majh
    16 days ago

    hi thanks for your response - this unit has been restarted now so i'm unable to check for device-client count. I will try updating to 1.0.19 and the localproxy build. Thanks.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content