Tips & Troubleshoot

Tip1. CLI version check

  • Checking AWS CLI version To check if you have AWS CLI installed and to check its version please run following command
aws --version

You should see similar output as

aws-cli/2.1.30 Python/3.8.8 Linux/4.14.219-119.340.amzn1.x86_64 exe/x86_64.amzn.2018 prompt/off

Tip2. IAM User / AWS Configure missing

If you ran the following command:

aws sts get-session-token

and getting

Unable to locate credentials. You can configure credentials by running “aws configure”.

Let’s first run following to see if you actually have aws configure setup.

aws configure list

Output:

      Name                    Value             Type    Location
      ----                    -----             ----    --------
   profile                <not set>             None    None
access_key                <not set>             None    None
secret_key                <not set>             None    None
    region                <not set>             None    None

This means you have not setup aws configure correctly and you need to setup per instructions here

also you should be able to obtain your existing IAM user if you are using that details from IAM console by clicking on Create access key as per below:

AWS_IAM_Console

Tip3. Greengrass setup troubleshoot

If you get following output when trying to install greengrass, if fails first time trying to create the TES Role but succeeds the second time in a new terminal window but does not install the cli

You get similar output:

/greengrass/v2/bin/greengrass-cli: No such file or directorySubsequent run errors on permissions to retireve the TES Policy

Update your IAM policy as per instructions here

Also if you see following:

Error while trying to setup Greengrass Nucleus
software.amazon.awssdk.services.iam.model.NoSuchEntityException: The role with name GreengrassV2TokenExchangeRole cannot be found. (Service: Iam, Status Code: 404, Request ID: f01063ac-702a-4e96-aa2b-12ea85342445, Extended Request ID: null)
        at software.amazon.awssdk.core.internal.http.CombinedResponseHandler.handleErrorResponse(CombinedResponseHandler.java:123)
        at software.amazon.awssdk.core.internal.http.CombinedResponseHandler.handleResponse(CombinedResponseHandler.java:79)

Re-run the setup command to make sure role got picked up and its in sync.

Tip4. Greengrass CLI is missing

If you have encountered Greengrass CLI is not installed, please have a look at missing systemd in your environment also you can force install again manully using greengrass component deployment per instructions here

Tip5. Greengrass CLI Commands

You can find list of AWS IoT Greengrass CLI commands here

Tip6. I’m seeing AWS_ERROR_SUCCESS

AWS_ERROR_SUCCESS is the “error” indicating the operation succeeded. Greengrass uses the IoT device SDK - which is built on top of a common runtime written in C. The C functions use error codes to indicate status. When an operation succeeds, it returns AWS_ERROR_SUCCESS . Similar to how when you execute a program and it exits, a normal exit code is 0 indicating it ended successfully. See more here

Tip7. Received “mosquitto_pub: not found.” error in component log

Sounds like your environment does not have the mosquitto client installed by default. Please run “sudo apt install moquitto-clients” to install the client.

Tip8. What is my region

If you have setup AWS configure correctly in the lab you can run following command to echo on command line

echo $AWS_DEFAULT_REGION

Else you can try running AWS CLI call to obtain it per below, more detail around this command can be found here

aws iot describe-endpoint

from the output below use correct section i.e. abc123defghijk.iot.us-west-2.amazonaws.com

{
    "endpointAddress": "abc123defghijk.iot.us-west-2.amazonaws.com"
}

Tip9. Unable to locate credentials

When running the command using terminal you see similiar to following:

aws s3 cp --recursive /home/ubuntu/environment/GreengrassCore/ s3://$S3_BUCKET/
upload failed: ./NOTICE to s3://ggcv2-workshop-ip-172-31-39-243-1339485682/NOTICE Unable to locate credentials

It means your aws configure is not setup properly make sure you have this configure correctly and can run a sample command after it i.e.

aws iot describe-endpoint

Tip9. GreengrassV2TokenExchangeRole doesnt exist

If you have re-done this workshop and didn’t do complete clean up then most likely the GGv2 installer in C.1 didnt create this role again thinking it exists, make sure to delete Roles from IAM as clean instructions and re-run setup to get the role auto created for you.

Operation check of sample component

In this step, we will show you how to check the operation of the deployed sample component. For details, please see the official document here.

Operation-Tip1. How do i know which component is deployed and running?

Please run the following command

sudo /greengrass/v2/bin/greengrass-cli component list

you should see similar output

Components currently running in Greengrass:
Component Name: FleetStatusService
Version: 0.0.0
State: RUNNING
Configuration: {"periodicUpdateIntervalSec":86400.0}
Component Name: UpdateSystemPolicyService
Version: 0.0.0
State: RUNNING
Configuration: null
Component Name: com.example.BridgeSubscriber
Version: 1.0.0
State: BROKEN
Configuration: {"topic":"mytopic2/test"}
Component Name: com.example.Publisher
Version: 1.0.0
State: RUNNING
Configuration: {"accessControl":{"aws.greengrass.ipc.pubsub":{"com.example.Publisher:pubsub:1":{"operations":["aws.greengrass#PublishToTopic"],"policyDescription":"Allows access to publish to all topics.","resources":["*"]}}}}
Component Name: com.example.Subscriber
Version: 1.0.0
State: RUNNING
Configuration: {"accessControl":{"aws.greengrass.ipc.pubsub":{"com.example.Subscriber:pubsub:1":{"operations":["aws.greengrass#SubscribeToTopic"],"policyDescription":"Allows access to publish to all topics.","resources":["*"]}}}}
Component Name: com.example.MqttBridge
Version: 1.0.0
State: RUNNING
Configuration: {"region":"eu-central-1"}

Operation-Tip2. How do i undeployed or remove a component?

You can do run similiar command to remove locally (replace name of the component to which you want to apply this to):

sudo /greengrass/v2/bin/greengrass-cli --ggcRootPath /greengrass/v2 deployment create --remove "com.example.MqttBridge"

Once this is done you can run component list command above on point T7.

Operation-Tip3. Deployed component

  • You can check the log of the deployed component by executing the following command. The log confirmed in the previous step was written by the application. If this log file does not exist, the deployment may have failed.
sudo tail -f /greengrass/v2/logs/com.example.HelloWorld.log

Operation-Tip4. Running components

  • You can see the list of components on the device with the following command. You can also check the life cycle of each component as State in the state of RUNNING, FINISHED, BROKEN, and so on.
sudo /greengrass/v2/bin/greengrass-cli component list

You will also see your running Hello world component here along with other components if deployment was successful.

Component Name: com.example.HelloWorld
Version: 1.0.0
State: RUNNING
Configuration: {"Message":"world"}

Please take a look for more information on the list of component life cycles here

Operation-Tip5. Re-deploy component

  • Run the deploy command again if you want the component artifacts and recipes to reflect any changes you have done to it (replace name of the component to which you want to apply this to).
sudo /greengrass/v2/bin/greengrass-cli deployment create \
  --recipeDir ~/environment/GreengrassCore/recipes \
  --artifactDir ~/environment/GreengrassCore/artifacts \
  --merge "com.example.HelloWorld=1.0.0"

Operation-Tip6. Restart component

  • You can also restart the component by executing the command as follows (replace name of the component to which you want to apply this to).
sudo /greengrass/v2/bin/greengrass-cli component restart   --names "com.example.HelloWorld"

Operation-Tip7. Cancelling deployment

You can cancel an active deployment to prevent its software components from installing on AWS IoT Greengrass core devices. If you cancel a deployment that targets a thing group, core devices that you add to the group won’t receive that continuous deployment. If a core device already runs the deployment, you won’t change the components on that device when you cancel the deployment. You will need deploymentId obtained in above step when you did component Deployment.

aws greengrassv2 cancel-deployment \
  --deployment-id [YourDeploymentId]

Upon successful completion you will see deployment status changed to CANCELLED

Operation-Tip8. Deleting component

You will need ARN to delete a component using AWS CLI, CAUTION is advised when deleting a component as this operation deletes the component’s recipe and artifacts. As a result, “deployments that refer to this component version will FAIL”. If you have deployments that use this component version, you can remove the component from the deployment or update the deployment to use a valid version (make sure ARN applies to relevant component which you want to apply this to).

aws greengrassv2 delete-component --arn arn:aws:greengrass:eu-west-1:xxxxxxxxxx:components:com.example.HelloWorld:versions:1.0.0 --region [YourRegion]