Raspberry Pi on the IoT

Pi as Greengrass Core

Officially, the software provided by AWS is intended for Raspbian Jessie, but it also ran without any problems on Stretch in our lab. The link for downloading the software appears in the web interface while you are creating a group. Alternatively, you can select Software | AWS IoT Greengrass Core Software at bottom left in the IoT console.

In the next step of the dialog, AWS offers software for different architectures. At the end, you will see a tar.gz file with the current version number (at the time of this article, this was 1.6.0).

Up front you need to create on the Rasp Pi a ggc_user and a ggc_group, of which ggc_user is a member. If a programming language other than Python is used later (e.g., Java or JavaScript via Node.js), you would need to install it first.

Unpack the software on the Rasp Pi as root in the /greengrass directory with the command:

tar xvpzf greengrass-linux-armv7l-1.6.0.tgz -C

If the certificates provided by AWS are used, the core also needs the root certificate from Symantec to authenticate the AWS certificates. On the Rasp Pi, load it into the /greengrass/certs directory, where you then need to enter:

wget -O /greengrass/certs/root.ca.pem http://www.symantec.com/content/en/us/enterprise/verisign/roots/VeriSign-Class 3-Public-Primary-Certification-Authority-G5.pem

The certificate and the previously created private key also belong in the /greengrass/certs directory.

A configuration file in JSON format is still needed; it must be named config.json and reside in the /greengrass/config directory (Listing 9). Next, populate the file with the results of your work up to this point. The following fields must be completed:

Listing 9

config.json for the Pi


  • caPath: The name of the CA file previously retrieved from Symantec in the certs directory.
  • certPath: The name of the certificate file in the certs directory.
  • keyPath: The name of the file in the certs directory that contains the private key.
  • thingArn: The ARN of the core from the first step (aws iot create-thing).
  • iotHost: The host in the AWS universe to which you want the core to connect; the aws iot describe-endpoint command returns the name.
  • ggHost: The Greengrass server for the region; its name is always greengrass.iot.<Name of the region>.amazonaws.com.

To start the core, run the ./greengrassd start command with root rights in the /greengrass/ggc/core folder.

If you want to check whether everything is working, you have several options. The start command outputs a PID. To check whether or not the process is running, simply enter ps and grep with the PID. AWS uses the MQTT port 8883, so the command netstat -tn | grep 8883 needs to point to connections to the AWS address range. These also use IPv6 if the Rasp Pi is connected accordingly.

The Greengrass Core writes its logfiles to the folder /greengrass/var/log/system. The runtime.log file contains general start messages and information about MQTT communication. On first establishing contact, the GGConnmanager.log file containing information about the opening communications with AWS is interesting.

At the AWS CLI, the command

aws greengrass get-connectivity-info --thing-name LM_core

returns address data for the device if the connection was successful.

Core Work

Now everything is ready for rolling out the Lambda function on all cores of the group:

aws greengrass create-deployment --group-id <ID_of_the_group> --group-version-id <ID_of_the_last_version> --deploymentType NewDeployment

The AWS Console has a Deployments tab in the group, from which you can monitor the status. If everything is green, the process is running on the core.

The log directory has a system folder and a user folder, which in turn contains a folder for each AWS region in which the core has been active (i.e., eu-central-1), which has a directory with an assigned ID. Greengrass creates a logfile for each function, and if the Python script generates errors, they appear here.

A simple function test is now possible from the Amazon Web Console. The IoT area has a Test menu entry that offers the option of either subscribing to an MQTT topic from the web browser or publishing news in a topic. Because the test now takes place on the receiving side, you can enter a hash tag (#) by Subscription topic to receive all messages. If several cores are already in use, you need to use a finer filter. After a wait of one minute, a message appears (Figure 2), which means the Rasp Pi is sending messages to the AWS IoT system as the Greengrass Core. The only thing missing is alerting.

Figure 2: The client's message in the test console.


Although you can now tap into the MQTT system from the outside and generate alarms, it would require a separate computer. Instead, Lambda Serverless Computing comes into play; you can upload code, and other functions or similar events trigger the alarms. One of these sources can be the MQTT stream from the IoT area.

AWS also offers an inexpensive service for sending SMS messages, among other things. For the Lambda function to use these functions later, you must first create a role (Listing 10) that allows it:

Listing 10

Role for SMS


aws iam create-role --role-name mysnsrole --assume-role-policy-document file://snsrolle.json --path /

When you then create a new Lambda function in the web console, AWS prompts you for a role. Select Choose an existing role and the previously created mysnsrole (Figure 3). On the next page, enter the code shown in Listing 11.

Listing 11

SMS Senders


Figure 3: Web console dialog for creating a Lambda function.

The last step is to create a trigger. Figure 4 shows the top of the function page. The possible triggers are listed on the left. One trigger is AWS IoT, which you need to select and configure as a rule. In the pop-up, choose Create New Rule, assign a name, and type 'select * from "iot/temperature"' in the Rule Query Statement line. Now every message from the Rasp Pi triggers a script run.

Figure 4: The web console page for the function. The triggers are listed on the left.

The JSON block sent by MQTT reaches the function as the Python event hash. For example, if it is too hot, AWS sends a text message.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Programming Snapshot – Alexa

    Asking Alexa only for built-in functions like the weather report gets old quickly, and add-on skills from the skills store only go so far. With a few lines of code, Mike teaches this digital pet some new tricks.

  • WiFi Thermo-Hygrometer

    A WiFi sensor monitors indoor humidity and temperature and a Node-RED dashboard reports the results, helping you to maintain a pleasant environment.

  • Java 8

    In mid-March, Oracle released the eighth version of Java. In addition to small tweaks, the long-awaited release extends the core language, adding elements of functional programming – the first significant development since Java 5.

  • IoT with RabbitMQ

    Connect multiple protocols and servers together on your IoT projects.

  • JavaScript Alternatives

    JavaScript is the stuff of which many interactive web clients is made, but it comes with a fair amount of historical ballast. The creators of four alternative scripting languages seek to ditch the ballast.

comments powered by Disqus

Direct Download

Read full article as PDF:

Price $2.95