Greengrass install between partition based upgrades

1

Hello,

we are running our device with an A/B OS partition so upgrades can be rolled back. we will also have a data partition for everything that will need to be persisted inbetween upgrades.

Is it possible to install greengrass to a 'data' partition and then have the greengrass service installed on both A and B partitions so it can pickup the same certificates, deployments no matter which of the 2 OS partitions is active ?

do you have any advice on how we can keep the greengrass provisioning alive between upgrades ?

is there a way to have the 'variable' part of /greengrass/v2/ split from the services ?

clogwog
asked 2 years ago289 views
2 Answers
2

Hi @Clogwog,

You can install Greengrass in any location you choose. The default /greengrass/v2, but this can be adjusting during installation by setting the -Droot=<path> option to any path you choose. Greengrass will only setup one system service in systemd since it doesn't know anything about your multi-partition setup, but you can then copy the systemd service or create a new one in the other partition as needed.

I think this answers your question, but if not please clarify what parts of Greengrass you want to be where. I can suggest to you to read the manual Greengrass installation instructions: https://docs.aws.amazon.com/greengrass/v2/developerguide/manual-installation.html#run-greengrass-core-v2-installer-manual which may give you a better understanding of what things you can configure or setup yourself for your particular requirements.

The certificates and so forth can exist anywhere, Greengrass just needs to know their paths which are configured in the config.yaml file (on initial install) or config.tlog file (after the initial install).

AWS
EXPERT
answered 2 years ago
  • Thank you for that Michael. I think we are already using the manual install method by calling

    sudo -E java -Droot="/data/greengrass/v2" -Dlog.store=FILE \
              -jar ./GreengrassCore/lib/Greengrass.jar \
              --aws-region ${AWS_REGION} \
              --thing-name ${thingname} \
              --thing-group-name SmartDvrCoreGroup \
              --thing-policy-name SmartDvrV2IoTThingPolicy \
              --tes-role-name SmartDvrV2TokenExchangeRole \
              --tes-role-alias-name SmartDvrTestCoreTokenExchangeRoleAlias \
              --component-default-user ggc_user:ggc_group \
              --provision true \
              --setup-system-service true \
              --deploy-dev-tools true
    

    So if i run it once on partition A with --provision true then I would get a new certificate on the /data/greengrass/v2/ (data partition)

    and once i already have a certificate and i run off partition B should i just run the same again but with --provision false ?

    kind regards, tom

  • Hi Tom, using provision true is automatic provisioning. You can use the link to manual provisioning to see how to set things up totally manually.

    I'm still not entirely clear on your requirements. If you install Greengrass to the data partition, then that's the only partition that Greengrass is on and will use. If you are talking about the systemd service, then yes if you install with --setup-system-service true when the OS partition is A and the B, then you will have the systemd service setup in both OS partitions. Then no matter which partition is in use, GG will run.

0

Ah, the use case is that we should be able to swap between partition A and B and only provision once.. so we can upgrade OS on partition B while A is running then reboot and continue on partition B and not having to re-provision.

I hope this is possible to install the certificates and greengrass settings on a 3rd 'Data' partition, install the systemd services on both A and B and point them to the Data partition for the certificates and settings.

This is all because it looks like that once a 'thing' is provisioned in IoT and GreenGrass we can't re-provision again using the same thingname without first deleting the thing and core device on the server side. Even if it was possible, it would probably still be desirable to keep the original provisioning/certificates etc to keep history. Just upgrading an OS doesn't really change anything to the logical functionality of the Device.

I'm a bit confused that the above is not a requirement for more customers. Do all greengrass customers install an OS and leave that running (and perhaps only do apt upgrades ) ? We would like to upgrade the whole partition so it can be a fully tested 'package' instead of upgrading a few packages that can fail anytime during the upgrade.

clogwog
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions