in src/main/java/com/awslabs/aws/greengrass/provisioner/implementations/helpers/BasicGreengrassHelper.java [555:617]
public DeploymentStatus waitForDeploymentStatusToChange(GreengrassGroupId greengrassGroupId, String deploymentId) {
GetDeploymentStatusRequest getDeploymentStatusRequest = GetDeploymentStatusRequest.builder()
.groupId(greengrassGroupId.getGroupId())
.deploymentId(deploymentId)
.build();
// If the deployment is building we will retry
RetryPolicy<GetDeploymentStatusResponse> buildingDeploymentPolicy = new RetryPolicy<GetDeploymentStatusResponse>()
.withDelay(Duration.ofSeconds(5))
.withMaxRetries(10)
.handleResultIf(this::isBuilding)
.onRetry(failure -> log.warn("Waiting for the deployment to transition to in progress..."))
.onRetriesExceeded(failure -> log.error("Deployment never transitioned to in progress. Cannot continue."));
// If the deployment has any of these fatal errors we will give up immediately
Fallback<GetDeploymentStatusResponse> failureDeploymentStatusPolicy = Fallback.of(GetDeploymentStatusResponse.builder().deploymentStatus(FAILURE).build())
// Greengrass probably can't read a SageMaker model #1
.handleResultIf(statusResponse -> shouldRedeploy(statusResponse, "Greengrass does not have permission to read the object", "If you are using a SageMaker model your Greengrass service role may not have access to the bucket where your model is stored."))
// Greengrass probably can't read a SageMaker model #2
.handleResultIf(statusResponse -> shouldRedeploy(statusResponse, "refers to a resource transfer-learning-example with nonexistent S3 object", "If you are using a SageMaker model your model appears to no longer exist in S3."))
// Configuration is not valid
.handleResultIf(statusResponse -> shouldRedeploy(statusResponse, "group config is invalid", "Group configuration is invalid"))
// Group definition is not valid
.handleResultIf(statusResponse -> shouldRedeploy(statusResponse, "We cannot deploy because the group definition is invalid or corrupted", "Group definition is invalid"))
// Artifact could not be downloaded
.handleResultIf(statusResponse -> shouldRedeploy(statusResponse, "Artifact download retry exceeded the max retries", "Artifact could not be downloaded (exceeded maximum retries)"))
// Greengrass is not configured to run as root but some Lambda functions require root
.handleResultIf(statusResponse -> shouldRedeploy(statusResponse, "Greengrass is not configured to run lambdas with root permissions", "Greengrass is not configured to run as root but some Lambda functions are configured to run as root"))
// The user or group Greengrass is running as does not have access to a file on the host
.handleResultIf(statusResponse -> shouldRedeploy(statusResponse, "user or group doesn't have permission on the file", "The user or group Greengrass is running as does not have access to a file on the host"))
// A file is missing on the Greengrass host
.handleResultIf(statusResponse -> shouldRedeploy(statusResponse, "file doesn't exist", "A file is missing on the Greengrass host"))
// A configuration parameter is invalid
.handleResultIf(statusResponse -> shouldRedeploy(statusResponse, Arrays.asList("configuration parameter", "does not match required pattern"), "One or more configuration parameters were specified that did not match the allowed patterns. Adjust the values and try again."));
// If the deployment is failing because of apparent IAM issues we'll throw an exception and the caller will try again
Fallback<GetDeploymentStatusResponse> needsIamReassociationPolicy = Fallback.<GetDeploymentStatusResponse>ofException(e -> new IamReassociationNecessaryException())
// No service role associated with this account
.handleResultIf(statusResponse -> throwIamReassociationExceptionIfNecessary(statusResponse, "TES service role is not associated with this account", "A service role is not associated with this account for Greengrass. See the Greengrass service role documentation for more information [https://docs.aws.amazon.com/greengrass/latest/developerguide/service-role.html]"))
// Service role may be missing
.handleResultIf(statusResponse -> throwIamReassociationExceptionIfNecessary(statusResponse, "GreenGrass is not authorized to assume the Service Role associated with this account", "The service role associated with this account may be missing. Check that the role returned from the CLI command 'aws greengrass get-service-role-for-account' still exists. See the Greengrass service role documentation for more information [https://docs.aws.amazon.com/greengrass/latest/developerguide/service-role.html]"))
// Invalid security token
.handleResultIf(statusResponse -> throwIamReassociationExceptionIfNecessary(statusResponse, "security token included in the request is invalid", "Invalid security token, a redeployment is necessary"))
// Cloud service event
.handleResultIf(statusResponse -> throwIamReassociationExceptionIfNecessary(statusResponse, "having a problem right now", "Cloud service event, a redeployment is necessary"));
log.info("Checking deployment status...");
GetDeploymentStatusResponse getDeploymentStatusResponse = Failsafe.with(needsIamReassociationPolicy, failureDeploymentStatusPolicy, buildingDeploymentPolicy)
.get(() -> greengrassClient.getDeploymentStatus(getDeploymentStatusRequest));
String deploymentStatus = getDeploymentStatusResponse.deploymentStatus();
switch (deploymentStatus) {
case IN_PROGRESS:
case SUCCESS:
return DeploymentStatus.SUCCESSFUL;
case FAILURE:
return DeploymentStatus.FAILED;
}
throw new RuntimeException(String.join("", "Unexpected deployment status [", deploymentStatus, "]"));
}