Raspberry Pi on the IoT
Pi as Greengrass Core
Officially, the software provided by AWS is intended for Raspbian Jessie, but it also ran without any problems on Stretch in our lab. The link for downloading the software appears in the web interface while you are creating a group. Alternatively, you can select Software | AWS IoT Greengrass Core Software at bottom left in the IoT console.
In the next step of the dialog, AWS offers software for different architectures. At the end, you will see a tar.gz
file with the current version number (at the time of this article, this was 1.6.0).
Up front you need to create on the Rasp Pi a ggc_user
and a ggc_group
, of which ggc_user
is a member. If a programming language other than Python is used later (e.g., Java or JavaScript via Node.js), you would need to install it first.
Unpack the software on the Rasp Pi as root in the /greengrass
directory with the command:
tar xvpzf greengrass-linux-armv7l-1.6.0.tgz -C
If the certificates provided by AWS are used, the core also needs the root certificate from Symantec to authenticate the AWS certificates. On the Rasp Pi, load it into the /greengrass/certs
directory, where you then need to enter:
wget -O /greengrass/certs/root.ca.pem http://www.symantec.com/content/en/us/enterprise/verisign/roots/VeriSign-Class 3-Public-Primary-Certification-Authority-G5.pem
The certificate and the previously created private key also belong in the /greengrass/certs
directory.
A configuration file in JSON format is still needed; it must be named config.json
and reside in the /greengrass/config
directory (Listing 9). Next, populate the file with the results of your work up to this point. The following fields must be completed:
Listing 9
config.json for the Pi
caPath
: The name of the CA file previously retrieved from Symantec in thecerts
directory.certPath
: The name of the certificate file in thecerts
directory.keyPath
: The name of the file in thecerts
directory that contains the private key.thingArn
: The ARN of the core from the first step (aws iot create-thing
).iotHost
: The host in the AWS universe to which you want the core to connect; theaws iot describe-endpoint
command returns the name.ggHost
: The Greengrass server for the region; its name is alwaysgreengrass.iot.<Name of the region>.amazonaws.com
.
To start the core, run the ./greengrassd start
command with root rights in the /greengrass/ggc/core
folder.
If you want to check whether everything is working, you have several options. The start command outputs a PID. To check whether or not the process is running, simply enter ps
and grep
with the PID. AWS uses the MQTT port 8883, so the command netstat -tn | grep 8883
needs to point to connections to the AWS address range. These also use IPv6 if the Rasp Pi is connected accordingly.
The Greengrass Core writes its logfiles to the folder /greengrass/var/log/system
. The runtime.log
file contains general start messages and information about MQTT communication. On first establishing contact, the GGConnmanager.log
file containing information about the opening communications with AWS is interesting.
At the AWS CLI, the command
aws greengrass get-connectivity-info --thing-name LM_core
returns address data for the device if the connection was successful.
Core Work
Now everything is ready for rolling out the Lambda function on all cores of the group:
aws greengrass create-deployment --group-id <ID_of_the_group> --group-version-id <ID_of_the_last_version> --deploymentType NewDeployment
The AWS Console has a Deployments tab in the group, from which you can monitor the status. If everything is green, the process is running on the core.
The log directory has a system
folder and a user
folder, which in turn contains a folder for each AWS region in which the core has been active (i.e., eu-central-1
), which has a directory with an assigned ID. Greengrass creates a logfile for each function, and if the Python script generates errors, they appear here.
A simple function test is now possible from the Amazon Web Console. The IoT area has a Test menu entry that offers the option of either subscribing to an MQTT topic from the web browser or publishing news in a topic. Because the test now takes place on the receiving side, you can enter a hash tag (#) by Subscription topic to receive all messages. If several cores are already in use, you need to use a finer filter. After a wait of one minute, a message appears (Figure 2), which means the Rasp Pi is sending messages to the AWS IoT system as the Greengrass Core. The only thing missing is alerting.
Alerting
Although you can now tap into the MQTT system from the outside and generate alarms, it would require a separate computer. Instead, Lambda Serverless Computing comes into play; you can upload code, and other functions or similar events trigger the alarms. One of these sources can be the MQTT stream from the IoT area.
AWS also offers an inexpensive service for sending SMS messages, among other things. For the Lambda function to use these functions later, you must first create a role (Listing 10) that allows it:
Listing 10
Role for SMS
aws iam create-role --role-name mysnsrole --assume-role-policy-document file://snsrolle.json --path /
When you then create a new Lambda function in the web console, AWS prompts you for a role. Select Choose an existing role and the previously created mysnsrole (Figure 3). On the next page, enter the code shown in Listing 11.
Listing 11
SMS Senders
The last step is to create a trigger. Figure 4 shows the top of the function page. The possible triggers are listed on the left. One trigger is AWS IoT, which you need to select and configure as a rule. In the pop-up, choose Create New Rule, assign a name, and type 'select * from "iot/temperature"' in the Rule Query Statement line. Now every message from the Rasp Pi triggers a script run.
The JSON block sent by MQTT reaches the function as the Python event
hash. For example, if it is too hot, AWS sends a text message.
« Previous 1 2 3 4 Next »
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Canonical Bumps LTS Support to 12 years
If you're worried that your Ubuntu LTS release won't be supported long enough to last, Canonical has a surprise for you in the form of 12 years of security coverage.
-
Fedora 40 Beta Released Soon
With the official release of Fedora 40 coming in April, it's almost time to download the beta and see what's new.
-
New Pentesting Distribution to Compete with Kali Linux
SnoopGod is now available for your testing needs
-
Juno Computers Launches Another Linux Laptop
If you're looking for a powerhouse laptop that runs Ubuntu, the Juno Computers Neptune 17 v6 should be on your radar.
-
ZorinOS 17.1 Released, Includes Improved Windows App Support
If you need or desire to run Windows applications on Linux, there's one distribution intent on making that easier for you and its new release further improves that feature.
-
Linux Market Share Surpasses 4% for the First Time
Look out Windows and macOS, Linux is on the rise and has even topped ChromeOS to become the fourth most widely used OS around the globe.
-
KDE’s Plasma 6 Officially Available
KDE’s Plasma 6.0 "Megarelease" has happened, and it's brimming with new features, polish, and performance.
-
Latest Version of Tails Unleashed
Tails 6.0 is based on Debian 12 and includes GNOME 43.
-
KDE Announces New Slimbook V with Plenty of Power and KDE’s Plasma 6
If you're a fan of KDE Plasma, you'll be thrilled to hear they've announced a new Slimbook with an AMD CPU and the latest version of KDE Plasma desktop.
-
Monthly Sponsorship Includes Early Access to elementary OS 8
If you want to get a glimpse of what's in the pipeline for elementary OS 8, just set up a monthly sponsorship to help fund its continued existence.