Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/epomatti/azure-iot-solution

IoT Edge with downstream devices and DNS
https://github.com/epomatti/azure-iot-solution

azure azure-dps azure-iotedge azure-iothub python terraform

Last synced: 3 months ago
JSON representation

IoT Edge with downstream devices and DNS

Awesome Lists containing this project

README 

        
# Azure IoT Solution



A complete solution combining several Azure IoT features and products:






> ℹ️ All commands should be run from the project root



## Cloud IoT



### 1 - Create the certificates



Start by creating the required certificates:



```sh

bash scripts/generateCerts.sh

```



### 2 - Create the Azure resources



Create the infrastructure:



```sh

terraform -chdir="infrastructure" init

terraform -chdir="infrastructure" apply -auto-approve

```



Run the extra configuration not available via Terraform:



```sh

bash scripts/terraformExtra.sh

```



Change the hostname of the IoT Edge OS to `edgegateway` to match the certificates:



> IoT Edge requires it to be exact or have the first component in the FQDN

>

> Reboot is required



```sh

# Change to: edgegateway.fusiontech.iot

sudo nano /etc/hostname

```



Restart the VM: `az vm restart -g rg-fusiontech -n vm-fusiontech-edgegateway`



> ⚠️ After changing the hostname, need to add a manual DNS registry: `edgegateway.fusiontech.iot A 10.0.90.4`. I should find a fix for this if I have time.



```sh

az network private-dns record-set a add-record -g rg-fusiontech -z fusiontech.iot -n edgegateway.fusiontech.iot -a "10.0.90.4"

```



(Optional) Verify the cloud-init completion:



```sh

# Connect to the IoT Edge VM

ssh edgegateway@

ssh downstream@



# Check if the cloud-init status is "done", otherwise wait with "--wait"

cloud-init status



# Confirm that the IoT Edge runtime has been installed

iotedge --version



# Restart the VM to enable any Kernel updates

az vm restart -n "vm-fusiontech-edgegateway" -g "rg-fusiontech"

az vm restart -n "vm-fusiontech-downstream001" -g "rg-fusiontech"

```



### 3 - Configure the IoT Edge device



Run the configuration script locally:



```sh

# Run locally

bash scripts/uploadEdgeConfig.sh

```



This will copy the prepared files to the IoT Edge device VM.



Now, in the remote VM shell, run the installation script:



```sh

# Run remotely in the Azure VM shell

sudo bash edgeconfig.sh

```



Confirm that the IoT Edge runtime has been installed:



```sh

sudo iotedge system logs



# Add --iothub-hostname if using DPS to also test for IoT Hub

sudo iotedge check --iothub-hostname iot-fusiontech.azure-devices.net

```



### 4 - Deploy Modules



Create the deployment "RedisEdge":



```sh

az iot edge deployment create --deployment-id "gateway" \

    --hub-name $(jq -r .iothub_name infrastructure/output.json) \

    --content "@iotedge/deployments/gateway.json" \

    --labels '{"Release":"001"}' \

    --target-condition "tags.Environment='Staging'" \

    --priority 10

```



Check the portal and the IoT device:



```sh

# List the modules in the Azure VM

iotedge list

```



### 5 - Provision downstream devices



Upload the configuration:



```sh

bash scripts/uploadDownstreamDeviceConfig.sh

```



Register the downstream device:



```sh

# Get the IoT Edge Gateway device scope

az iot hub device-identity show --device-id "edgegateway.fusiontech.iot" --hub-name $(jq -r .iothub_name infrastructure/output.json) --query deviceScope -o tsv



# Create the downstream device identity

az iot hub device-identity create -n $(jq -r .iothub_name infrastructure/output.json) \

    -d "downstream-device-01.fusiontech.iot" \

    --device-scope "{deviceScope of gateway device}" \

    --am x509_ca

```



Verify the connectivity:



```sh

openssl s_client -connect edgegateway.fusiontech.iot:8883 -CAfile azure-iot-test-only.root.ca.cert.pem -showcerts

```



Run the downstream device code:



```sh

python3 downstream.py

```



### 6 - Deploy a custom module



Get the credentials for the ACR:



```

az acr credential show --name acriotedgefusion789

```



Login to docker:



```

docker login -u acriotedgefusion789 -p  acriotedgefusion789.azurecr.io

```



Login do ACR:



```

az acr login -n acriotedgefusion789

```



Create a copy of the deployment configuration:



```

cp ./iotedgesolution/deployment.template.json ./iotedgesolution/deployment.json

```



Change the `myacr` password placeholder `` in the deployment template.



Build the image:



```sh

# Build the image for the local registry

docker build --rm -f "./iotedgesolution/modules/filtermodule/Dockerfile.amd64.debug" -t localhost:5000/filtermodule:0.0.1-amd64 "./iotedgesolution/modules/filtermodule"



# Or build the image for an Azure Container Registry

docker build --rm -f "./iotedgesolution//modules/filtermodule/Dockerfile.amd64" -t acriotedgefusion789.azurecr.io/filtermodule:0.0.1-amd64 "./iotedgesolution/modules/filtermodule"

```



Push the image to ACR:



```

docker push acriotedgefusion789.azurecr.io/filtermodule:0.0.1-amd64

```



Deploy the custom module:



```sh

az iot edge deployment create --deployment-id "new-custom-module" \

    --hub-name $(jq -r .iothub_name infrastructure/output.json) \

    --content "@iotedgesolution/deployment.json" \

    --labels '{"Release":"001"}' \

    --target-condition "tags.Environment='Staging'" \

    --priority 10

```



## Python development



### Local Python



```

cd device

```



Create the local development device certificates:



```sh

bash generateDevCerts.sh

```



Create the `.env` and edit the `PROVISIONING_IDSCOPE` variable:



```sh

cp .example.env .env

```



Install and run the device:



```sh

pipenv install --dev

pipenv shell

python device.py

```



### Docker



```sh

docker build . -t iothub-pydevice:latest

```



```sh

docker run --rm iothub-pydevice:latest arg1 arg2

```



## Reference



- [GitHub IoT Edge - IoT Edge VM Deploy](https://github.com/Azure/iotedge-vm-deploy)

- [Azure DPS - Device OEM Security Practices](https://learn.microsoft.com/en-us/azure/iot-dps/concepts-device-oem-security-practices)

- [Azure DPS - How to roll devices](https://learn.microsoft.com/en-us/azure/iot-dps/how-to-roll-certificates)

- [AWS - HSM](https://aws.amazon.com/blogs/iot/enhancing-iot-device-security-using-hardware-security-modules-and-aws-iot-device-sdk/)

- [Azure - EST](https://learn.microsoft.com/en-us/azure/iot-edge/tutorial-configure-est-server?view=iotedge-1.4)