IoT Part 2 - Greengrass

Transcript

1. IoT Overview - Part 2 AWS IoT Greengrass March 2021

2. Intros AWS 2 Austin Loveless - Founder Full Stack/DevOps Engineer

   - Stuzo AWS Community Hero Kevin Tinn – Co-organizer Cloud Application Architect, Practice Lead – World Wide Technology AWS Community Builder

3. Agenda AWS 3 • Greengrass Overview • Device and service

   setup • Greengrass (gg) core setup • gg lambda deployment • MQTT message queueing • On-demand vs long-lived lambdas • gg subscriptions • Devices • Device Shadows • Demo

4. AWS IoT Greengrass – Service Overview AWS 4 • Provides

   extension of AWS Services to on-premises devices • Lambda • Machine learning • Message queueing • Secrets management • Data Streaming • Optimized IoT (Internet of Things) use cases • Provisioning and deployment capabilities • Over the air updates • Offline operating capabilities • Built-in security

5. Setting up Greengrass – Device Operating System Setup AWS 5

   • Can run on a variety of ARM and x86 devices, for this meeting I am using a Raspberry Pi for my Greengrass node and interacting with it from my laptop across the local area network • Getting started with the Raspberry Pi • Format the SD card (I used SD Card Formatter app) • Flash the SD card w/ Raspberry Pi image (belenaEtcher w/ 2020- 02-13-raspian-buster.zip image) • Insert the SD card into your Pi, boot the device, and go through config (Will need keyboard, mouse, and display connected)

6. Setting up Greengrass - Device Setup AWS 6 • Get

   on network/enable SSH • With keyboard, mouse, and display connected: • Configure WiFi • Run sudo raspi-config • Change hostname (optional) – I used gg • Network options > hostname • Enable SSH • Interfacing options > SSH • Get IP: hostname –I • Reboot: sudo reboot

7. Setting up Greengrass - Software Setup AWS 7 • Add

   default user and group: • sudo adduser --system ggc_user • sudo addgroup --system ggc_group • Harden the devices w/ symlink protection • cd /etc/sysctl.d • Add the following to 98-rpi.conf file: • fs.protected_hardlinks = 1 • fs.protected_symlinks = 1 • sudo reboot • Allow gg to set Lambda memory limits: • cd /boot/

8. Setting up Greengrass - Software Setup, cont. AWS 8 •

   Allow gg to set Lambda memory limits: • cd /boot/ • Edit cmdline.txt: • cgroup_enable=memory cgroup_memory=1 • sudo reboot • Install python 3.7 for today’s examples, Java 8 runtime if you want to use stream manager in gg

9. Setting up Greengrass - Software Setup, cont. AWS 9 •

   Check for required dependencies: • cd /home/pi/Downloads • mkdir greengrass-dependency-checker-GGCv1.11.x • cd greengrass-dependency-checker-GGCv1.11.x • wget https://github.com/aws-samples/aws- greengrass-samples/raw/master/greengrass- dependency-checker-GGCv1.11.x.zip • unzip greengrass-dependency-checker-GGCv1.11.x.zip • cd greengrass-dependency-checker-GGCv1.11.x • sudo modprobe configs • sudo ./check_ggc_dependencies | more

10. Setting up Greengrass – Service config AWS 10 • In

    AWS portal: • Create your gg group: • Navigate to IoT Core > Greengrass > Classic (v1) > Groups • During this process, create your gg core device • Grab the certs!

11. Setting up Greengrass – Core Config AWS 11 • Download

    the gg runtime and copy it & certs to your gg device using secure copy (Or Putty): • cd <path-to-downloaded-files> • scp greengrass-<OS-architecture-1.11.0.tar.gz> pi@<IP- address>:/home/pi • scp <hash>-setup.tar.gz pi@<IP-address>:/home/pi • Unzip the runtime and copy your certs into the cert directory: • sudo tar -xzvf greengrass-OS-architecture-1.11.0.tar.gz -C / • sudo tar -xzvf hash-setup.tar.gz -C /greengrass • Download AMZN root cert into certs directory: • cd /greengrass/certs/ • sudo wget -O root.ca.pem https://www.amazontrust.com/repository/AmazonRootCA1.pem

12. What’s up with all the certs? AWS 12 Security is

    built-in, remember?

13. Starting Greengrass AWS 13 • cd /greengrass/ggc/core/ • sudo ./greengrassd

    start • ps aux | grep PID-number

14. An interesting title AWS 14

15. Deploying Lambdas to gg AWS 15 • gg allows us

    to use the familiar Lambda programming model to deploy software to our gg device, let’s take a look at a simple use case • Grab the python gg SDK from https://docs.aws.amazon.com/greengrass/v1/developerguide/lambd a-functions.html#lambda-sdks-core • Navigate to the HelloWorld directory and copy the SDK:

16. Package the Lambda and Deploy AWS 16 • zip -r

    hello_world_python_lambda.zip greengrasssdk greengrassHelloWorld.py • In the AWS portal create a lambda, configure it, and create an Alias • To the portal! • Create the lambda • Add it to the group • Deploy it over the air to the gg Pi • Set up a subscription from Lambda to IoT Cloud and deploy

17. View the messages using the Test Console AWS 17

18. MQTT Overview AWS 18 • MQTT (Message Queuing Telemetry Transport):

    TCP-based messaging standard intended for the IoT • Pub/Sub architecture (Publisher/Subscriber; i.e. many-to-many) • Lightweight/efficient • Bi-directional • Secure • Reliable on unreliable networks

19. gg On-demand vs Long-lived Lambdas AWS 19 • Greengrass offers

    the ability to run a lambda on demand (As you would think of Lambdas on AWS) • gg also the ability to run Lambdas in perpetuity, this allows to keep state (Counters, etc.) • There is another example of a hello world counter Lambda in the examples, let’s take a quick look at it for the purpose of discussion. Please go through the deployment process on this one one your own as an exercise to get familiar with Greengrass • To the portal…

20. Subscriptions AWS 20 • Subscriptions are used to route messages

    between various components of a gg group • IoT Cloud (AWS) • Devices (More on this later) • Connectors • Device Shadows (More on this later as well) • To the console…

21. Devices AWS 21 • Registered devices can interact with the

    gg node, each other, and AWS in a secure manager; i.e. the things in the IoT • Registered devices can interact with the gg node, each other, and AWS in a secure manager; i.e. the things in the IoT • They don’t need to know the specifics of each other, as they can use gg as the intermediary (e.g. IP Addresses)

22. Devices, continued AWS 22 • Let’s look at some devices

    created during the IoT tutorial • https://docs.aws.amazon.com/greengrass/v1/developerguide/modul e4.html • For the purpose of time, let’s just talk from the tutorial, and code • We will get into a more in-depth device use case with Device Shadows • Notice in the code discovery of the Greengrass Core node from AWS, allowing the devices to not need to know a specific IP for the core

23. Devices Shadows AWS 23 • Shadows allow a device’s state

    to be available to other devices • Devices can update another device’s shadow in order to change the state of the device • Interaction with shadows is done via specific topics: https://docs.aws.amazon.com/iot/latest/developerguide/reserved- topics.html#reserved-topics-shadow • Mid-2020 AWS supports unnamed (classic) and named shadows • This allows a device to have multiple states, if needed • Our example will use a classic shadow to demonstrate a device changing the state of another device via device shadow

24. Devices Shadows - Use Case AWS 24 • Two simulated

    devices: a traffic light, and a traffic light controller • The controller interacts with topics to modify the device shadow of The light so that simulated traffic light changes state (Red/yellow/green)

25. Devices Shadows - Use Case AWS 25 • Let’s take

    a look at the devices in the portal • I’m running this code that simulates the devices on my laptop, but there this could easily be done on a Pi • Let’s take a look at the code, and the demo

26. Greengrass – Advanced Topics AWS 26 • Local secrets management

    • Group management • ML and inference at the edge • Security intrusion detection • Pricing: https://aws.amazon.com/greengrass/pricing/ • Stream management

27. Thanks For questions and feedback, please connect on LinkedIn and

    send a message LinkedIn / Kevin Tinn LinkedIn / Austin Loveless