- Newest
- Most votes
- Most comments
To publish messages to AWS IoT Core we recommend using the Greengrass SDK and not boto3
: it allows to leverage the Greengrass Nucleus spooler that can cache messages while the device is disconnected and send them as soon as connectivity is re-established.
https://aws.github.io/aws-iot-device-sdk-js-v2/node/modules/greengrasscoreipc.html#Client
As per your question about retries, what you are doing is correct (check also this answer), but a better implementation would have different retries policies for different errors. More over it should also implement an exponential backoff strategy. You can use libraries such as https://www.npmjs.com/package/exponential-backoff
Few additional comments of the recipe you are using:
Lifecycle:
Install:
Script: cd {artifacts:decompressedPath}/component && npm install
RequiresPrivilege: true
Run:
Script: "node {artifacts:decompressedPath}/component/index.js"
RequiresPrivilege: true
Do not use RequiresPrivilege
since it means the script is running with root
permissions with all the relative security implications. The reason you need to use RequiresPrivilege
is because you are trying to modify the package folders. These folders are owned and managed by Greengrass and your components should not modify them. Instead, just copy package.json
to the work folder of the component and run npm install
from there. The recipe should look like:
Lifecycle:
Install:
Script: cp {artifacts:decompressedPath}/component/package.json . && npm init -y && npm install
Run:
Script: "node {artifacts:decompressedPath}/component/index.js"
Hi Massimiliano,
Thanks for the information, I will look at the greengrass sdk. Do I need to add any component dependencies when using the greengrassipc like disk spooler? Are there any examples of implementing this?
for the recipe example you provided I am still getting a permission error. I also changed your recipe slightly so copy the entire package to the work directory and then ran npm install as it needs the index.js in the same directory:
---
RecipeFormatVersion: "2020-01-25"
ComponentName: "{COMPONENT_NAME}"
ComponentVersion: "{COMPONENT_VERSION}"
ComponentDescription: "Test"
ComponentPublisher: "{COMPONENT_AUTHOR}"
ComponentDependencies:
aws.greengrass.TokenExchangeService:
VersionRequirement: ">=2.0.0 <2.1.0"
DependencyType: "HARD"
Manifests:
- Platform:
os: all
Artifacts:
- URI: "s3://BUCKET_NAME/COMPONENT_NAME/COMPONENT_VERSION/component.zip"
Unarchive: ZIP
Lifecycle:
Install:
Script: whoami && echo ${PWD} && cp {artifacts:decompressedPath}/component/* . && npm init -y && npm install
Run:
Script: "node index.js"
I also added in whoami and got the working directory to understand what user is running the command and in what folder:
whoami - devuser
${PWD} - /greengrass/v2/work/test
devuser in the default user I have created to run the components.
permissions on the work folder are:
drwxr-xr-x 17 root root 4096 Aug 10 00:15 work
permissions on the 'test' (component folder) in the work directory are:
drwx------ 2 devuser devuser 4096 Aug 10 00:28 test
permissions on the node package files in the test folder are:
-r--r----- 1 devuser devuser 882 Aug 10 00:28 index.js
-r--r----- 1 devuser devuser 406 Aug 10 00:28 package.json
-r--r----- 1 devuser devuser 88267 Aug 10 00:28 package-lock.json
I then get the following errors still... to me the permissions look suitable?
2023-08-09T23:28:16.077Z [INFO] (Copier) test: stdout. devuser. {scriptName=services.test.lifecycle.Install.Script, serviceName=test, currentState=NEW}
2023-08-09T23:28:16.078Z [INFO] (Copier) test: stdout. /greengrass/v2/work/test. {scriptName=services.test.lifecycle.Install.Script, serviceName=test, currentState=NEW}
2023-08-09T23:28:17.453Z [WARN] (Copier) test: stderr. npm ERR! code EACCES. {scriptName=services.test.lifecycle.Install.Script, serviceName=test, currentState=NEW}
2023-08-09T23:28:17.454Z [WARN] (Copier) test: stderr. npm ERR! syscall open. {scriptName=services.test.lifecycle.Install.Script, serviceName=test, currentState=NEW}
2023-08-09T23:28:17.455Z [WARN] (Copier) test: stderr. npm ERR! path /greengrass/v2/work/test/package.json. {scriptName=services.test.lifecycle.Install.Script, serviceName=test, currentState=NEW}
2023-08-09T23:28:17.457Z [WARN] (Copier) test: stderr. npm ERR! errno -13. {scriptName=services.test.lifecycle.Install.Script, serviceName=test, currentState=NEW}
2023-08-09T23:28:17.463Z [WARN] (Copier) test: stderr. npm ERR! Error: EACCES: permission denied, open '/greengrass/v2/work/test/package.json'. {scriptName=services.test.lifecycle.Install.Script, serviceName=test, currentState=NEW}
2023-08-09T23:28:17.464Z [WARN] (Copier) test: stderr. npm ERR! [Error: EACCES: permission denied, open '/greengrass/v2/work/test/package.json'] {. {scriptName=services.test.lifecycle.Install.Script, serviceName=test, currentState=NEW}
2023-08-09T23:28:17.464Z [WARN] (Copier) test: stderr. npm ERR! errno: -13,. {scriptName=services.test.lifecycle.Install.Script, serviceName=test, currentState=NEW}
2023-08-09T23:28:17.464Z [WARN] (Copier) test: stderr. npm ERR! code: 'EACCES',. {scriptName=services.test.lifecycle.Install.Script, serviceName=test, currentState=NEW}
2023-08-09T23:28:17.465Z [WARN] (Copier) test: stderr. npm ERR! syscall: 'open',. {scriptName=services.test.lifecycle.Install.Script, serviceName=test, currentState=NEW}
2023-08-09T23:28:17.465Z [WARN] (Copier) test: stderr. npm ERR! path: '/greengrass/v2/work/test/package.json'. {scriptName=services.test.lifecycle.Install.Script, serviceName=test, currentState=NEW}
2023-08-09T23:28:17.466Z [WARN] (Copier) test: stderr. npm ERR! }. {scriptName=services.test.lifecycle.Install.Script, serviceName=test, currentState=NEW}
2023-08-09T23:28:17.466Z [WARN] (Copier) test: stderr. npm ERR!. {scriptName=services.test.lifecycle.Install.Script, serviceName=test, currentState=NEW}
2023-08-09T23:28:17.466Z [WARN] (Copier) test: stderr. npm ERR! The operation was rejected by your operating system.. {scriptName=services.test.lifecycle.Install.Script, serviceName=test, currentState=NEW}
2023-08-09T23:28:17.467Z [WARN] (Copier) test: stderr. npm ERR! It is likely you do not have the permissions to access this file as the current user. {scriptName=services.test.lifecycle.Install.Script, serviceName=test, currentState=NEW}
2023-08-09T23:28:17.467Z [WARN] (Copier) test: stderr. npm ERR!. {scriptName=services.test.lifecycle.Install.Script, serviceName=test, currentState=NEW}
2023-08-09T23:28:17.467Z [WARN] (Copier) test: stderr. npm ERR! If you believe this might be a permissions issue, please double-check the. {scriptName=services.test.lifecycle.Install.Script, serviceName=test, currentState=NEW}
2023-08-09T23:28:17.468Z [WARN] (Copier) test: stderr. npm ERR! permissions of the file and its containing directories, or try running. {scriptName=services.test.lifecycle.Install.Script, serviceName=test, currentState=NEW}
2023-08-09T23:28:17.468Z [WARN] (Copier) test: stderr. npm ERR! the command again as root/Administrator.. {scriptName=services.test.lifecycle.Install.Script, serviceName=test, currentState=NEW}
2023-08-09T23:28:17.471Z [WARN] (Copier) test: stderr. {scriptName=services.test.lifecycle.Install.Script, serviceName=test, currentState=NEW}
2023-08-09T23:28:17.472Z [WARN] (Copier) test: stderr. npm ERR! A complete log of this run can be found in:. {scriptName=services.test.lifecycle.Install.Script, serviceName=test, currentState=NEW}
2023-08-09T23:28:17.472Z [WARN] (Copier) test: stderr. npm ERR! /home/devuser/.npm/_logs/2023-08-09T23_28_17_019Z-debug-0.log. {scriptName=services.test.lifecycle.Install.Script, serviceName=test, currentState=NEW}
2023-08-09T23:28:17.488Z [WARN] (pool-2-thread-159) test: shell-runner-error. {scriptName=services.test.lifecycle.Install.Script, serviceName=test, currentState=NEW, command=["whoami && echo ${PWD} && cp /greengrass/v2/packages/artifacts-unarchived/test/..."]}
If I manually change the permissions with write permission the node related files in work/test/ then redeploy the component it works successfully.
-rw-r----- 1 devuser devuser 882 Aug 10 00:37 index.js
-rw-r----- 1 devuser devuser 424 Aug 10 00:37 package.json
-rw-r----- 1 devuser devuser 88267 Aug 10 00:37 package-lock.json
What steps am I missing to do this correctly?
Relevant content
- asked 3 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 3 months ago