Skip to content

Latest commit

 

History

History
124 lines (111 loc) · 3.41 KB

Fleet-provisioning.md

File metadata and controls

124 lines (111 loc) · 3.41 KB

Fleet provisioning

Fleet provisioning is an alternative way of provisioning a device with claim certificates. This will allow you provision a fleet of devices with a common claim certificate.

To get started you would need aws claim certificates from IoT Core, so that we can get valid certificates. you can follow the link here to learn how to create appropriate policies and claim certificate.

Sample Fleet provisioning template:

{
  "Parameters": {
    "SerialNumber": {
      "Type": "String"
    },
    "AWS::IoT::Certificate::Id": {
      "Type": "String"
    }
  },
  "Resources": {
    "policy_TestAllowAllPolicy": {
      "Type": "AWS::IoT::Policy",
      "Properties": {
        "PolicyName": "TestPolicy"
      }
    },
    "certificate": {
      "Type": "AWS::IoT::Certificate",
      "Properties": {
        "CertificateId": {
          "Ref": "AWS::IoT::Certificate::Id"
        },
        "Status": "Active"
      }
    },
    "thing": {
      "Type": "AWS::IoT::Thing",
      "OverrideSettings": {
        "AttributePayload": "MERGE",
        "ThingGroups": "DO_NOTHING",
        "ThingTypeName": "REPLACE"
      },
      "Properties": {
        "AttributePayload": {},
        "ThingGroups": [],
        "ThingName": {
          "Fn::Join": [
            "",
            [
              "greengrass",
              {
                "Ref": "SerialNumber"
              }
            ]
          ]
        }
      }
    }
  }
}

Here we can assume your template name is FleetTestNew and your template requires you to only provide a serial number as parameter. Then your nucleus config should roughly look as below.

---
system:
  privateKeyPath: ""
  certificateFilePath: ""
  rootCaPath: "/home/ubuntu/repo/fleetClaim/AmazonRootCA1.pem"
  rootPath: "/home/ubuntu/aws-greengrass-lite/run_fleet/"
  thingName: ""
services:
  aws.greengrass.Nucleus-Lite:
    componentType: "NUCLEUS"
    configuration:
      awsRegion: "us-east-1"
      iotCredEndpoint: ""
      iotDataEndpoint: ""
      iotRoleAlias: "GreengrassV2TokenExchangeRoleAlias"
      runWithDefault:
        posixUser: "ubuntu:ubuntu"
      greengrassDataPlanePort: "8443"
      tesCredUrl: "http://127.0.0.1:8080/"
  aws.greengrass.fleet_provisioning:
    configuration:
      iotDataEndpoint: "dddddddddddddd-ats.iot.us-east-1.amazonaws.com"
      iotCredEndpoint: "aaaaaaaaaaaaaa.credentials.iot.us-east-1.amazonaws.com"
      claimKeyPath: "/home/ubuntu/fleetClaim/private.pem.key"
      claimCertPath: "/home/ubuntu/fleetClaim/certificate.pem.crt"
      templateName: "FleetTestNew"
      templateParams: '{"SerialNumber": "14ALES55UFA"}'

With all this setup for IoT core now let's begin provisioning the device. First we will start an instance of ggconfigd

cd ./run
../build/bin/ggconfigd

In another shell, run the config script and the fleet provisioning

cd ./run
../build/bin/ggl-config-init --config ./init_config.yml
../build/bin/fleet-provisioning

Now this will trigger the fleet provisioning script which will take a few minutes to complete, the shell doesn't automatically exits so look for a Info level log: Process Complete, Your device is now provisioned. then you can kill the process or wait for auto terminate of 300 seconds.

You can then kill the config daemon as well.

Now you can return to ## Running the nucleus step in SETUP.md