tedge connect aws should be compatible with Just in Time Provisioning
Closed this issue · 2 comments
Is your feature improvement request related to a problem? Please describe.
When using AWS IoT Core and Just In Time Provisioning (JITP), the tedge connect aws command fails the connectivity check, as the JITP only creates the "Thing" on the first connection. However the bridge configuration does get established on the second connection attempt.
Below shows the first connection attempt via tedge connect aws:
$ sudo tedge connect aws
Checking if systemd is available.
Checking if configuration for requested bridge already exists.
Validating the bridge certificates.
Saving configuration for requested bridge.
Restarting mosquitto service.
Awaiting mosquitto to start. This may take up to 5 seconds.
Enabling mosquitto service on reboots.
Successfully created bridge connection!
Sending packets to check connection. This may take up to 2 seconds.
ERROR: Local MQTT publish has timed out.
Warning: Bridge has been configured, but Aws connection check failed.
Checking if tedge-mapper is installed.
Starting tedge-mapper-aws service.
Persisting tedge-mapper-aws on reboot.
tedge-mapper-aws service successfully started and enabled!The above shows the following unexpected error message.
ERROR: Local MQTT publish has timed out.
Warning: Bridge has been configured, but Aws connection check failed.However if nothing is done, the bridge does eventually successfully connect to AWS IoT. Running the tedge reconnect aws connection results in a successful connection check.
Note: The above tedge connect aws does not fail (i.e. it does return an exit code 0), however it still alerts the user that something is wrong, even though technically that might not be the case as a subsequent connection would be successful.
Describe the solution you'd like
The tedge connect aws should be compatible with the Aws IoT Just In Time Provisioning and perform the necessary actions to validate the AWS IoT connection.
It might be necessary to retry the connection attempt, or to establish an initial connection via Rust (e.g. similar to what tedge connect c8y does) before it hands of the connection to the bridge.
Describe alternatives you've considered
Additional context
Manually testing (or running the on demand system test) requires the following pre-requisites:
- ca certificate (including private key) - we can use the qaenvironment ca
- AWS IoT Core instance with the JITP configured (and associated with the ca certificate used to generate the certificates) - I can provide access to an instance
Review done in the relative PR