Raspberry Pi on the IoT
Creating the Core
The first step is to create a core definition. (Please see the "Definitions" box.) The following command generates the JSON-like syntax that passes the core as a combination of the ARN of the certificate and the ARN of the thing.
Definitions
A pattern that recurs in the Greengrass data model is definitions and definition versions. Commands that create something always follow the form create-<XXX>-definition
. You can create an initial version in JSON format with the --initial-version
option. If you change the definition, you need to create a new version of the component <XXX>
with create-<XXX>-definition-version
. If this is contained in another component (and they are all in group-definition
), you need to create a new version of the surrounding object, up to the highest hierarchy level.
The subcomponent is always transferred in the form of its version (ARN or unique ID). If you query a specific component with get-<XXX>-definition
, the response contains a LatestVersion
field with the ID of the last version created. For example, if the ARN of a core definition is
arn:aws:greengrass:eu-central-1:566776501337:/greengrass/definition/cores/ 37d2b2ac-b3ff-491d-b56d-071fbb9ade51
and the last version has the ID aae9c658-16fa-4c1b-91aa-ef54340552ac
, the entire ARN of the last version of the core definition is given as the ARN of the core followed by /versions/<ID>
, such as:
arn:aws:greengrass:eu-central-1:566776501337:/greengrass/definition/cores/37d2b2ac-b3ff-491d-b56d-071fbb9ade51/versions/aae9c658-16fa-4c1b-91aa-ef54340552ac
aws greengrass create-core-definition --name LM1_GG_Core --initial-version,Cores=[{CertificateArn=arn:aws:iot:eu-central-1:566776501337:cert/6c597228cf5e4da63ee7dc4364f5a282e431a1581014fbd3cd558b86878f4fdc,Id=LM_GG_Core_ID,SyncShadow=False,ThingArn=arn:aws:iot:eu-central-1:566776501337:thing/LM_Core}]'
The Cores=[
… ]
allows you to enter multiple cores between the square brackets.
If you want another Rasp Pi with its own certificate to supply data, you just create a new certificate and a new thing and repeat the steps above for the new device to create a new version of the definition with the command:
aws greengrass create-core-definition-version
Other arguments for a core include a unique ID and the Boolean value SyncShadow
, which specifies whether you want to create a shadow object. The shadow object is not necessary, so the value is False
. Listing 3 shows the return value that AWS sends in response to the command.
Listing 3
Return Core Definition
Because the resource belongs to the group and the function, the next step is to create a resource for access to /dev/gpiomem
:
aws greengrass create-resource-definition --initial-version file://resource.json
The most time-consuming task is the resource definition (Listing 4). The function definition then follows, which, from Greengrass's point of view, is the combination of a Lambda ARN, the assignment of the resource just defined, and an ID. Before it can begin, however, you first have to create the AWS Lambda function in the Lambda area.
Listing 4
JSON Code for the Resource
Lambada with Lambda
The trick is now to create and distribute the code that will run on the Raspberry Pi (or Pis) with Amazon's Lambda platform, which is intended for the use of serverless computing on AWS computers. To begin, you set the code for AWS, which various mechanisms call, and the output can then be passed on to the AWS world.
Greengrass now lets you download Lambda functions to a core and run them there. To generate the Lambda function, you first download the AWS IoT Greengrass Core SDK under Software in the IoT console.
After unpacking, the aws_greengrass_core_sdk/examples/HelloWorld/greengrassHelloWorld
folder contains a sample application and the greengrasssdk
folder for Python, which is where the application presented here ends up.
Listing 5 shows the Python code to run on the Greengrass Core. The code assumes that a DHT22 sensor is connected to GPIO pin 4. Before you put the whole thing online, first run a function test with a version of the script that does not use the Greengrass functionality.
Listing 5
Lambda Function for the Core
In this case, the function requires downloading and installing the Adafruit DHT module from the Adafruit GitHub site [9]. Although the Lambda functions are encapsulated, they can use all the modules installed on the Pi. You might be familiar with the code in line 11 that initializes the client, which is reminiscent of the interaction between AWS and the boto3 client, except a slimmed down version is used here.
The Python file and the greengrasssdk
folder are now packed into a ZIP file, which you use when creating the Lambda function. Before you generate the Lambda function, first define a role again that lets the function use the Lambda service:
aws iam create-role --role-name LM-Role --assume-role-policy-document file://lmrolle.json--path /service-role/
The JSON file containing the role definition is shown in Listing 6. Next, you create the Lambda function and upload:
Listing 6
JSON Role Definition
aws lambda create-function --role arn:aws:iam::566776501337:role/service-role/LM-Role--function-name LM-FunctionOnCore --runtime python2.7 --handler greengrassTemp.function_handler --zip-file fileb://gg.zip
The ARN that matches the role is provided by the response that AWS returns when it creates the role. The handler
option is used in Lambda functions to react to a trigger event (during which data is transferred). Because the function is not event driven, but measures and publishes the temperature and then waits a minute and repeats the action, the body can be empty – but it must exist. The naming convention is the name of Python script without the <.name of the handler method>
extension.
If you want to use Greengrass to trigger actions on the core after subscribing to an MQTT queue, you need to call precisely this method.
The AWS Lambda service manages the code in versions. Users cannot work without them. If the code changes, select Save | Actions | Publish new version. The code will not work before you do this. The same applies to the CLI:
aws lambda publish-version --function-name LM-FunctionOnCore
When assigning the Lambda to a Greengrass group, you specify either the version or an alias. If the code changes later, you then publish a new version and change the alias so that it points to the new version. Greengrass also distributes new code in this way. The automatically generated $Latest
alias with which more experienced Lambda developers might be familiar will not work here.
The following command creates the alias with a reference to the new first version:
aws lambda create-alias --function-name LM-FunctionOnCore --name LMAlias --function-version 1
Again, AWS returns a JSON block; this time, the AliasArn
field is important for the next call.
AWS uses one of several function definitions to assign Lambdas to a Greengrass group. On creating the function definition, you submit an initial version referencing the Lambda version that has just been created:
aws greengrass create-function-definition --name LM-LambdaFunctionDefinition --initial-version file://function.json
Listing 7 shows the content of the corresponding function.json
file.
Listing 7
function.json
Granting read and write access to the resource is important. The argument for FunctionArn
is the ARN of the generated alias. If something changes in the Lambda function, you need to publish a new version within the function. The alias to which the ARN refers here now points to this new version.
Subscription
The missing component of the group is now the subscription, which regulates which members of the Greengrass group are allowed to send anything at all – and to whom. In the example here, I want the Lambda function on the device to be able to send to the IoT Core. The code uses iot/temperature
as the theme (Listing 5, line 24), which could be inserted as a filter. In the first step, however, it could be a source of error, because a single typo is all it takes to filter out more than you want. To create the subscription, use:
aws greengrass create-subscription-definition --name GG-Subscription --initial-version 'Subscriptions=[{Id=GG-Abo-Id,Target=cloud,Subject=#,Source=arn:aws:lambda:eu-central-1:566776501337:function:LM-FunctionOnCore:LMAlias}]'
Finally, the last link in the chain that glues everything together is still missing: the Greengrass group itself. As with the core definition, the concept of versioning applies. The aws greengrass create-group
command also has an --initialVersion
option. The command that merges the previously created objects into a Greengrass group is:
aws greengrass create-group --name LM1TestGroup --initial-version file://groupsource.json
As expected, a JSON file lists all version ARNs of all components created (Listing 8). This step concludes the preparatory work. A click on the web console opens the group onscreen (Figure 1).
Listing 8
groupsource.json
« Previous 1 2 3 4 Next »
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Linux Servers Targeted by Akira Ransomware
A group of bad actors who have already extorted $42 million have their sights set on the Linux platform.
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.
-
XZ Gets the All-Clear
The back door xz vulnerability has been officially reverted for Fedora 40 and versions 38 and 39 were never affected.
-
Canonical Collaborates with Qualcomm on New Venture
This new joint effort is geared toward bringing Ubuntu and Ubuntu Core to Qualcomm-powered devices.
-
Kodi 21.0 Open-Source Entertainment Hub Released
After a year of development, the award-winning Kodi cross-platform, media center software is now available with many new additions and improvements.
-
Linux Usage Increases in Two Key Areas
If market share is your thing, you'll be happy to know that Linux is on the rise in two areas that, if they keep climbing, could have serious meaning for Linux's future.
-
Vulnerability Discovered in xz Libraries
An urgent alert for Fedora 40 has been posted and users should pay attention.
-
Canonical Bumps LTS Support to 12 years
If you're worried that your Ubuntu LTS release won't be supported long enough to last, Canonical has a surprise for you in the form of 12 years of security coverage.
-
Fedora 40 Beta Released Soon
With the official release of Fedora 40 coming in April, it's almost time to download the beta and see what's new.
-
New Pentesting Distribution to Compete with Kali Linux
SnoopGod is now available for your testing needs