Closed MarcoRBosco closed 1 year ago
Which version or build of localproxy are you using?
Are you creating the new tunnel via CLI -- or can you try the Web Console flow with the integrated SSH terminal in the browser?
Comparing your component output running the AWS IoT Device Client version, I am not certain it fully started, as your output is missing a few log lines from the sample output in the README. Are you using Fedora as host OS, or did you also build the container using Fedora as base image layer?
Which version or build of localproxy are you using? v3.0.2
Are you creating the new tunnel via CLI -- or can you try the Web Console flow with the integrated SSH terminal in the browser?
We also tried the integrated SSH terminal in the browser but it stucks in connect without throwing any error (as it is a test the private key doesn't have a key passphrase):
Are you using Fedora as host OS, or did you also build the container using Fedora as base image layer?
We are using Fedora IoT as a host. We didn't modifie the docker file so we didn't change the base image. We made minor changes in build-custom.sh:
#!/usr/bin/env bash
if [ $# -ne 3 ]; then
echo 1>&2 "Usage: $0 IMAGE-NAME COMPONENT-NAME COMPONENT-VERSION"
exit 3
fi
IMAGE_NAME=$1
COMPONENT_NAME=$2
VERSION=$3
cp recipe.yaml ./greengrass-build/recipes
podman build -t $IMAGE_NAME:$VERSION src/
podman save --output ./greengrass-build/artifacts/$COMPONENT_NAME/$VERSION/image.tar.gz $IMAGE_NAME:$VERSIO
As mentioned the docker file is mantained unmodified.
Thanks @MarcoRBosco !
I've pushed compatibility improvements to a new branch: https://github.com/awslabs/aws-greengrass-labs-containerized-secure-tunneling/tree/compatibility-improvements Please let me know if this works for you.
I successfully connected using the Web Console SSH feature, as well as the most recent stable release of localproxy.
Thank you for the changes @Kriechi !
We tested the new branch and we had an issue to publish the component:
[2023-02-19 11:17:45] ERROR - Failed to publish new version of the component 'aws.greengrass.labs.CustomSecureTunneling'
=============================== ERROR ===============================
Could not publish the component due to the following error.
Failed to publish new version of component with the given configuration.
[Errno 2] No such file or directory: '/home/engapplic/aws-greengrass-labs-containerized-secure-tunneling/greengrass-build/recipes/recipe.yaml'
This is due to this change commit c47858b2fa850531fcb6726e275ec7bcab6fb773 so we kept the build-custom.sh as the previous version and the component publish worked.
We tested the new container in our gateway testing machine and with localproxy v3.0.2 worked as a charm, but in the web console interface still gets blocked in connect.
We also have two minor problems but we think is related with the use of podman
insted of docker
we still need to check them:
@MarcoRBosco I pushed a re-write of the last commit to correctly fix the build script.
Please let me know if the build process using gdk is working for you now - you might have to clean up the greengrass-build
directory once.
I got the web console interface working with password authentication only at the moment - though that should not be an issue of the component itself. If it works with the stand-alone localproxy, the component itself is working fine.
Regarding the deployment state: is your deployment healthy or showing an error? Is this a new problem with the branch, or also happening on the main branch?
@Kriechi with this new push the build process is working perfectly.
Regarding the deployment state: is your deployment healthy or showing an error? Healthy
Is this a new problem with the branch, or also happening on the main branch? It started with the new branch. But to be honest I made a lot of deployments revisions (>20) with this component. I need to make one last test to clean the whole setup and restart the testing process. But I understand that the component shoud be listed in the thing components in the AWS IoT Console.
The greengrass log doesn't throw any error. What is strange that the deployment finished well but the last update of the thing is 4 days ago when it should get updated with the deployment.
@MarcoRBosco you should see the component status in your AWS Console when viewing the GGv2 Core device. The aws.greengrass.labs.CustomSecureTunneling
component should be in Running
state, as it is a long-running process which should not exit or stop:
State is reported periodically or during events, see https://docs.aws.amazon.com/greengrass/v2/developerguide/device-status.html
If you could please validate and confirm that the changes on the branch solve the issues you reported, I will merge it to the main branch and resolve this issue. Thanks!
Hello @Kriechi,
Sorry, due to schedule problems I couldn't test that the component appears in AWS Console.
We hope we can re-engage with the tests as soon as possible.
I’ll keep you updated if the issue with the AWS console is resolved.
We are trying to use the container with following setup:
Fedora IoT 37.20230215.0
Greengrass nucleus v2.9.2
After deploying the container with some minor tweaks in the
recipe.yaml
in order to use the container withpodman
:Once is deployed we open the tunnel getting the following logs of the container:
Then we create a tunnel and start the local proxy in another machine
/localproxy -r eu-central-1 -s 5555 -t source-client-access-token
. We can open to source connection but not to the destination.When we try to start the ssh session with
ssh username@localhost -p 5555
we get the following oputput of the proxy and the SSH session never starts:We cannot see what is blocking to start the SSH session.