AWS Greengrass Secure Tunnel Component Fails to Install

2

The component 'aws.greengrass.SecureTunneling' (v1.0.7) is not installing on an Ubuntu 18.04 device with Greengrass. What command/service does it use to determine the OS type ?

Output of common os-checking commands:

lsb_release -a

LSB Version:	core-9.20170808ubuntu1-noarch:security-9.20170808ubuntu1-noarch
Distributor ID:	Ubuntu
Description:	Ubuntu 18.04.6 LTS
Release:	18.04
Codename:	bionic

arch

arch

hostnamectl

         Icon name: computer
        Machine ID: a3d9197b765643568af09eb2bd3e5ce7
           Boot ID: 485f9ca2cc4549d694968e332c58f415
  Operating System: Ubuntu 18.04.6 LTS
            Kernel: Linux 4.9.253-tegra
      Architecture: arm64

Logs:

redacted@terminal$ sudo tail -n 100 /greengrass/v2/logs/aws.greengrass.SecureTunneling.log
2022-05-31T15:49:53.220Z [INFO] (pool-2-thread-5665) aws.greengrass.SecureTunneling: shell-runner-start. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=STARTING, command=["java -jar /greengrass/v2/packages/artifacts/aws.greengrass.SecureTunneling/1.0..."]}
2022-05-31T15:49:56.358Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. [INFO ] 2022-05-31 16:49:56.348 [main] SecureTunneling - Starting secure tunneling component!. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-05-31T15:49:56.408Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. WARNING: sun.reflect.Reflection.getCallerClass is not supported. This will impact performance.. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-05-31T15:49:56.450Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. [ERROR] 2022-05-31 16:49:56.402 [main] SecureTunneling - Exception initializing secure tunneling task.. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-05-31T15:49:56.451Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. com.aws.greengrass.component.securetunneling.exceptions.SecureTunnelingTaskException: Unable to determine compatible OS distribution information! Supported OS distributions: [amzn2,ubuntu,raspberrypi]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-05-31T15:49:56.452Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at com.aws.greengrass.component.securetunneling.utils.PlatformResolver.getOSDistroInfoForArch(PlatformResolver.java:51) ~[GreengrassV2SecureTunnelingComponent-1.0-all.jar:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-05-31T15:49:56.452Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at com.aws.greengrass.component.securetunneling.SecureTunneling.extractExecutablePathFromArgs(SecureTunneling.java:66) ~[GreengrassV2SecureTunnelingComponent-1.0-all.jar:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-05-31T15:49:56.452Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at com.aws.greengrass.component.securetunneling.SecureTunneling.main(SecureTunneling.java:33) ~[GreengrassV2SecureTunnelingComponent-1.0-all.jar:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-05-31T15:49:56.509Z [INFO] (Copier) aws.greengrass.SecureTunneling: Run script exited. {exitCode=1, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-05-31T15:49:56.515Z [INFO] (pool-2-thread-5659) aws.greengrass.SecureTunneling: shell-runner-start. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=STARTING, command=["java -jar /greengrass/v2/packages/artifacts/aws.greengrass.SecureTunneling/1.0..."]}
2022-05-31T15:49:59.375Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. [INFO ] 2022-05-31 16:49:59.368 [main] SecureTunneling - Starting secure tunneling component!. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-05-31T15:49:59.425Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. WARNING: sun.reflect.Reflection.getCallerClass is not supported. This will impact performance.. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-05-31T15:49:59.472Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. [ERROR] 2022-05-31 16:49:59.419 [main] SecureTunneling - Exception initializing secure tunneling task.. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-05-31T15:49:59.472Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. com.aws.greengrass.component.securetunneling.exceptions.SecureTunnelingTaskException: Unable to determine compatible OS distribution information! Supported OS distributions: [amzn2,ubuntu,raspberrypi]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-05-31T15:49:59.472Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at com.aws.greengrass.component.securetunneling.utils.PlatformResolver.getOSDistroInfoForArch(PlatformResolver.java:51) ~[GreengrassV2SecureTunnelingComponent-1.0-all.jar:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-05-31T15:49:59.473Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at com.aws.greengrass.component.securetunneling.SecureTunneling.extractExecutablePathFromArgs(SecureTunneling.java:66) ~[GreengrassV2SecureTunnelingComponent-1.0-all.jar:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-05-31T15:49:59.473Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at com.aws.greengrass.component.securetunneling.SecureTunneling.main(SecureTunneling.java:33) ~[GreengrassV2SecureTunnelingComponent-1.0-all.jar:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-05-31T15:49:59.508Z [INFO] (Copier) aws.greengrass.SecureTunneling: Run script exited. {exitCode=1, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
asked 2 years ago960 views
7 Answers
1
Accepted Answer

I found for 32 bit arm

{
  "reset": [],
  "merge": {
    "OS_DIST_INFO": "raspberrypi"
  }
}

And for 64 bit arm

{
  "reset": [],
  "merge": {
    "OS_DIST_INFO": "ubuntu"
  }
}

Worked nicely here

answered 2 years ago
profile picture
EXPERT
reviewed 4 months ago
profile picture
EXPERT
reviewed 7 months ago
1

I have this same problem, with Raspberry Pi. I have changed my hostname to be raspberrypi, but that does not solve the problem. I have the latest version of Raspberry Pi 64-bit. This is my uname -a output:

Linux raspberrypi 5.15.32-v8+ #1538 SMP PREEMPT Thu Mar 31 19:40:39 BST 2022 aarch64 GNU/Linux

answered 2 years ago
0

Hi there,

Happy to help with this. Can you show me the output of uname -a?

AWS
answered 2 years ago
  • Linux <pc-name-redacted> 4.9.253-tegra #1 SMP PREEMPT Sat Feb 19 08:58:27 PST 2022 aarch64 aarch64 aarch64 GNU/Linux

  • Hi, any update on this issue ? Any reason why the gg component may be unable to check the OS ?

0

Hi,

Sorry for the delay! I was verifying some things before I replied.

As you can see from the log output there the component checks to see if you are using one of the compatible OS distributions:

com.aws.greengrass.component.securetunneling.exceptions.SecureTunnelingTaskException: Unable to determine compatible OS distribution information! Supported OS distributions: [amzn2,ubuntu,raspberrypi]. 

It uses the uname output to do this. Unfortunately, the uname output on your ubuntu machine doesn't contain the string "ubuntu". I can bring this issue up with my team to explore options for handling this issue in the future. However, there isn't anything we can do to resolve this issue for you quickly. If you can get your uname output to include "ubuntu" and then attempt to install again that should resolve the issue. But I cannot offer any specific advice on how to accomplish that.

I hope this helps. Please let me know if there is anything else I can do here.

Thanks,

Shane

AWS
answered 2 years ago
  • Would the following solution work ? Does it use the actual call to the cli 'uname' to check for ubuntu ?

    https://askubuntu.com/questions/651163/can-i-change-uname

    Is there no other workaround for this issue ? Is there a way to disable the os-check, or to force it to read as ubuntu ?

  • Additional question:

    Would setting the following configuration on a deployment allow it to skip / override the OS check, and thus to work normally ? As we know that the OS is ubuntu, it's just that uname doesn't contain 'ubuntu'.

    {
      "reset": [],
      "merge": {
        "OS_DIST_INFO": "ubuntu"
      }
    }
    
0

The spoofing of uname does work as specified here: https://askubuntu.com/questions/651163/can-i-change-uname I don't recommend this, but I have tried it. You can:

  • rename uname to uname.spoof
  • create a shell script in /usr/bin called uname
  • chmod 755 uname The script should look like this:

echo -n "raspberrypi "

uname.spoof "${@}"

answered 2 years ago
0

The accepted answer does not work with the current 64bit version of Raspberry Pi OS. The uname hack works (with ubuntu) if you have access to the device, but for previously deployed devices this is not an option. It's been 5 months since there was any discussion on this issue, when might we expect a fix from AWS? I'd rather have the component fail on a device due to lack of OS support, than to have it fail over an arbitrary string search.

answered 2 years ago
0

If your are trying to setup up IoT Secure Tunnel in an RPI put arm_64bit=0 in /boot/config.txt and reboot before deploy the Secure tunnel component.

profile pictureAWS
Raul_H
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions