Fleet Provisioning -- Greengrass Core installation Issue



I am running into issues with setting up a device using Fleet Provisioning -- I have all of the certification rotations happening as described in the docs, [1] & [2]

I have followed these docs all the way through up to installing greengrass with a partial configuration file, the fleet-provisioning component, and as a system-service.

I believe the next step is to communicate with AWS IoT core topics and return the appropriate certificates. I wrote a small program that uses the same approach found in [3]. After using the fleet provisioning topics to grab the newly created "permanent" keys and place them in the correct /greengrass/v2 root folder.... is where my questions begin.

Once I have these "permanent" keys -- How to I continue with instantiating the fully configured version of Greengass?

These are the things I would expect but I haven't seen (I can't find any explicit documentation on where this happens):

  1. Where is the creation of the Greengrass Core device happening in AWS IoT (for me this is not occurring at any point, I have installed greengrass core and used the "permanent" certs to connect. How does this happen -- if I can get this stage to work then I think that I am set)

  2. What is the purpose of "https://d2s8p88vqu9w66.cloudfront.net/releases/aws-greengrass-FleetProvisioningByClaim/fleetprovisioningbyclaim-latest.jar" Component? I can't figure out what it is doing since the gathering of the "permanent" certs are occurring through my use of the IoT Topics described in [3]

  3. Where does the full configuration of /greengrass/v2/config/effectiveConfig.yaml happen? I am not seeing "aws.greengrass.Nucleus" service item in the effectiveConfig.yaml be configured in any way. ( I have already written a script to populate this config file with items from the "partial config" used in "fleet provisioning". But, I was thinking that this updating of the config file should happen in a more automated fashion. If I am wrong then I will keep my scripts that populate effectiveConfig.yaml values with the correct info

[1] https://docs.aws.amazon.com/greengrass/v2/developerguide/fleet-provisioning-setup.html
[2] https://docs.aws.amazon.com/greengrass/v2/developerguide/fleet-provisioning.html
[3] https://github.com/aws/aws-iot-device-sdk-python-v2/blob/d28543090167d04ea6d4628821e578efb9cc6cff/samples/fleetprovisioning.py

  • I am having the exact the same problem... I get an IoT thing registered but no the GGV2 Core Device, which I assume shall be created after the Fleet provision. How do I know provision went well? I have the thingCert.pem in "/greengrass/v2/" folder and the thing is created in IoT Core. I get these errors in "/greengrass/v2/logs/greengrass.log"

    2022-06-24T05:25:20.883Z [WARN] (pool-2-thread-11) com.aws.greengrass.deployment.IotJobsHelper: No connection available during subscribing to Iot Jobs descriptions topic. Will retry in sometime. {ThingName=rpiZero}
    2022-06-24T05:26:10.037Z [ERROR] (pool-2-thread-10) com.aws.greengrass.mqttclient.MqttClient: Error subscribing. {topic=$aws/things/rpiZero/shadow/name/AWSManagedGreengrassV2Deployment/update/accepted}
    2022-06-24T05:26:10.043Z [WARN] (pool-2-thread-10) com.aws.greengrass.deployment.ShadowDeploymentListener: Caught exception while subscribing to shadow topics, will retry shortly. {}
asked a year ago48 views
2 Answers

Next steps -- "manual provisioning" --> [1]
use the already existing "GreengrassInstaller" installed when the device was initially "provisioned"
provide a fully configured ~/GreengrassInstaller/config.yaml (using data pulled from the "partial-config" file that was used in "fleet-provisioning"):
run the installer with necessary args. [2]
restart greengrass ==> sudo systemctl restart greengrass.service

[1] https://docs.aws.amazon.com/greengrass/v2/developerguide/manual-installation.html
[2] https://docs.aws.amazon.com/greengrass/v2/developerguide/manual-installation.html#run-greengrass-core-v2-installer-manual

POTENTIAL ANSWER TO #2: assists in the creation of aws iot resources when using the fleet-provisioning create-keys topics?

Although I have attempted to reinitilize the Greengrass installation using an updated config.yaml file (this file includes the updated informatin for file paths to certs, data-endoint, credential-endpoint, etc) for greengrass to work correctly as a fully configured device --- BUT I am still not seeing a "greengrass core" device being created at any point.

Should this have happened when the "thing" connected for the first using the "permanent" certificates produced from "fleet-provisioning"?

Edited by: awiggins on Oct 26, 2021 6:21 PM

answered a year ago

Welp.... it helps to save the credentials that you are receiving back from Fleet Provisioning Topics into their respective .pem & private key file to be used when Greengrass starts back up --> smh

I do hope someone finds this helpful...

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions