Merge branch 'main' into 2024-12-15_main_fix-socket

README.md

@@ -1,11 +1,5 @@
 # AWS Greengrass Nucleus Lite
 
-🚧 🚧 🚧 WORK IN PROGRESS 🚧 🚧 🚧
-
-> This software does not yet have an official release. Feel free to test and
-> report issues you find, but some functionality may be buggy and there may be
-> breaking changes before the initial release.
-
 AWS IoT Greengrass runtime for constrained devices.
 
 The Greengrass Nucleus Lite provides a smaller alternative to the Classic
@@ -67,6 +61,13 @@ corebus. This table identifies the corebus component that does the work.
 | GetClientDeviceAuthToken                | _Future_                     |
 | AuthorizeClientDeviceAction             | _Future_                     |
 
+## Additional Details
+
+Known issues are documented [here](./docs/KNOWN_ISSUES.md) with some potential
+workarounds. Additionally only basic recipe types are supported, more
+information on missing features can be found
+[here](./docs/RECIPE_SUPPORT_CHANGES.md).
+
 ## Security
 
 See [CONTRIBUTING](docs/CONTRIBUTING.md#security-issue-notifications) for more

debian/postinst

@@ -51,6 +51,7 @@ services:
       runWithDefault:
         posixUser: "${gg_user}:${gg_group}"
       greengrassDataPlanePort: "8443"
+      platformOverride: {}
 EOL
     echo "Configuration file created at $config_file"
 }

docs/Fleet-provisioning.md

@@ -9,6 +9,24 @@ can get valid certificates. you can follow the link
 [here](https://docs.aws.amazon.com/greengrass/v2/developerguide/fleet-provisioning-setup.html)
 to learn how to create appropriate policies and claim certificate.
 
+```
+Note:
+Currently, fleet provisioning can only be run manually.
+Hence you will need to follow few important pre-steps
+
+1. Make sure you are logged in as root
+2. Allow read access to all user for your certificates
+    chmod -R +rx /ggcredentials/
+3. Make sure you do not fill iotCredEndpoint/iotDataEndpoint under
+  `aws.greengrass.NucleusLite` you should only fill these fields
+  under `aws.greengrass.fleet_provisioning`'s config
+4. If this is your not first run, remove the socket at
+    /run/greengrass/iotcoredfleet, if it exists
+5. Fleet provisioning assumes the your GGL_SYSTEMD_SYSTEM_USER
+  and GGL_SYSTEMD_SYSTEM_GROUP to be ggcore:ggcore please change
+  appropriately if you change these values during compile time
+```
+
 Sample Fleet provisioning template:
 
 ```json
@@ -73,52 +91,41 @@ config should roughly look as below.
 system:
   privateKeyPath: ""
   certificateFilePath: ""
-  rootCaPath: "/home/ubuntu/repo/fleetClaim/AmazonRootCA1.pem"
-  rootPath: "/home/ubuntu/aws-greengrass-lite/run_fleet/"
-  thingName: ""
+  rootCaPath: "/ggcredentials/fleetClaim/AmazonRootCA1.pem" #[Modify here]
+  rootPath: "/var/lib/greengrass/" #[Modify here]
+  thingName: "" #[Must leave blank]
 services:
   aws.greengrass.NucleusLite:
     componentType: "NUCLEUS"
     configuration:
       awsRegion: "us-east-1"
-      iotCredEndpoint: ""
-      iotDataEndpoint: ""
+      iotCredEndpoint: "" #[Must leave blank]
+      iotDataEndpoint: "" #[Must leave blank]
       iotRoleAlias: "GreengrassV2TokenExchangeRoleAlias"
       runWithDefault:
-        posixUser: "ubuntu:ubuntu"
+        posixUser: "user:group" #[Modify here]
       greengrassDataPlanePort: "8443"
-      tesCredUrl: "http://127.0.0.1:8080/"
   aws.greengrass.fleet_provisioning:
     configuration:
-      iotDataEndpoint: "dddddddddddddd-ats.iot.us-east-1.amazonaws.com"
-      iotCredEndpoint: "aaaaaaaaaaaaaa.credentials.iot.us-east-1.amazonaws.com"
-      claimKeyPath: "/home/ubuntu/fleetClaim/private.pem.key"
-      claimCertPath: "/home/ubuntu/fleetClaim/certificate.pem.crt"
-      templateName: "FleetTestNew"
-      templateParams: '{"SerialNumber": "14ALES55UFA"}'
-```
-
-With all this setup for IoT core now let's begin provisioning the device. First
-we will start an instance of ggconfigd
-
-```sh
-cd ./run
-../build/bin/ggconfigd
+      iotDataEndpoint: "aaaaaaaaaaaaaa-ats.iot.us-east-1.amazonaws.com" #[Modify here]
+      iotCredEndpoint: "cccccccccccccc.credentials.iot.us-east-1.amazonaws.com" #[Modify here]
+      claimKeyPath: "/ggcredentials/fleetClaim/private.pem.key" #[Modify here]
+      claimCertPath: "/ggcredentials/fleetClaim/certificate.pem.crt" #[Modify here]
+      templateName: "FleetTestNew" #[Modify here]
+      templateParams: '{"SerialNumber": "AAA55555"}' #[Modify here]
 ```
 
-In another shell, run the config script and the fleet provisioning
+In root user shell, run fleet provisioning
 
 ```sh
 cd ./run
-../build/bin/ggl-config-init --config ./init_config.yml
 ../build/bin/fleet-provisioning
 ```
 
 Now this will trigger the fleet provisioning script which will take a few
-minutes to complete, the shell doesn't automatically exits so look for a Info
-level log: `Process Complete, Your device is now provisioned`. then you can kill
-the process or wait for auto terminate of `300 seconds`.
+minutes to complete.
 
-You can then kill the config daemon as well.
+> Note: Device will reboot in case of successful run
 
-Now you can return to `## Running the nucleus` step in [SETUP.md](SETUP.md)
+If you are storing the standard output then look for log:
+`Process Complete, Your device is now provisioned`.

docs/INSTALL.md

@@ -7,20 +7,8 @@ init system.
 
 ## Dependencies
 
-This project uses the following third party library dependencies:
-
-- openssl
-- libcurl >= 7.86
-- sqlite
-- libyaml
-- libsystemd
-- liburiparser
-- libuuid
-- libevent
-- libzip
-- libcgroup-tools
-
-On Ubuntu, these can be installed with:
+This project uses third party library dependencies on Ubuntu > 24.04, these can
+be installed with:
 
 ```sh
 sudo apt install libssl-dev libcurl4-openssl-dev libsqlite3-dev libyaml-dev \
@@ -79,6 +67,10 @@ adduser -g <gid from previous command> ggcore
 Then run:
 
 ```
+sudo mkdir /ggcredentials
+//cp your aws credentials(device certificates, private key, root ca) to this folder
+chown -R ggcore:ggcore /ggcredentials
+
 mkdir /var/lib/greengrass
 chown ggcore:ggcore /var/lib/greengrass
 ```