AWS IoT Greengrass

config.yaml

---
system:
  certificateFilePath: "/greengrass/v2/greengrass-nils_certificate.pem"
  privateKeyPath: "/greengrass/v2/greengrass-nils_private.key"
  rootCaPath: "/greengrass/v2/AmazonRootCA1.pem"
  rootpath: "/greengrass/v2"
  thingName: "greengrass-nils"
services:
  aws.greengrass.Nucleus:
    componentType: "NUCLEUS"
    version: "2.12.1"
    configuration:
      awsRegion: "eu-central-1"
      iotRoleAlias: "iot-credentials-alias"
      iotDataEndpoint: "XYZ-ats.iot.eu-central-1.amazonaws.com"
      iotCredEndpoint: "XYZ.credentials.iot.eu-central-1.amazonaws.com"

greengrass.md

AWS IoT Greengrass

• Setting up AWS IoT Greengrass core devices
• Amazon Corretto (OpenJDK)
• Monitoring gateway connection status

Tested with:

• Raspberry Pi 3
• Ubuntu 22.04 LTS (64-bit)
• AWS Greengrass v2.12.1

AWS IoT Greengrass officially supports Linux devices running the following architectures:

• Armv7l
• Armv8 (AArch64)
• x86_64

To determine your OS version, run getconf LONG_BIT or uname -m at the command line.

root

Run following steps as root:

sudo -i

Check permission for user root to run sudo with any user and any group:

grep "root" < /etc/sudoers

If missing, edit /etc/sudoers and add:

root ALL=(ALL:ALL) ALL

Ubuntu

Install requirements:

apt-get update
apt-get dist-upgrade
apt-get install zip unzip

cgroups

The kernel must support cgroups v1, and you must enable and mount the following cgroups:

• The memory cgroup for AWS IoT Greengrass to set the memory limit for containerized Lambda functions.
• The devices cgroup for containerized Lambda functions to access system devices or volumes.

The AWS IoT Greengrass Core software doesn't support cgroups v2.

To meet this requirement, boot the device with the following Linux kernel parameters.

Normal:

Edit /etc/default/grub:

GRUB_CMDLINE_LINUX="cgroup_enable=memory cgroup_memory=1 systemd.unified_cgroup_hierarchy=0"

Run:

update-grub && reboot

Raspberry Pi:

Boot the Raspberry Pi with the following Linux kernel parameters: Edit /boot/cmdline.txt:

echo "cgroup_enable=memory cgroup_memory=1 systemd.unified_cgroup_hierarchy=0" > "/boot/cmdline.txt"
reboot

Java

Install Amazon Corretto 21:

curl -fsSL "https://apt.corretto.aws/corretto.key" | gpg --dearmor -o "/usr/share/keyrings/corretto-keyring.gpg" && \
echo "deb [signed-by=/usr/share/keyrings/corretto-keyring.gpg] https://apt.corretto.aws stable main" | tee "/etc/apt/sources.list.d/corretto.list"
apt-get update
apt-get install -y java-21-amazon-corretto-jdk
java -version

Greengrass core

Create

mkdir -p "/greengrass/v2"

Get Root CA:

curl -L "https://www.amazontrust.com/repository/AmazonRootCA1.pem" -o "/greengrass/v2/AmazonRootCA1.pem"

Copy config, private key and certificate.

cd /root
curl -L "https://d2s8p88vqu9w66.cloudfront.net/releases/greengrass-nucleus-latest.zip" -o "greengrass.zip"
jarsigner -verify -certs -verbose "greengrass.zip"
unzip "greengrass.zip" -d GreengrassInstaller && rm "greengrass.zip"
java -jar ./GreengrassInstaller/lib/Greengrass.jar --version

Copy [DEVICE]_config.yaml config:

nano -w "GreengrassInstaller/config.yaml"

Install:

java -Droot="/greengrass/v2" -Dlog.store=FILE \
  -jar ./GreengrassInstaller/lib/Greengrass.jar \
  --init-config ./GreengrassInstaller/config.yaml \
  --component-default-user ggc_user:ggc_group \
  --setup-system-service true

Output:

Creating user ggc_user 
ggc_user created 
Creating group ggc_group 
ggc_group created 
Added ggc_user to ggc_group 
Successfully set up Nucleus as a system service

Status:

systemctl status greengrass

Greengrass service role

Docu: https://docs.aws.amazon.com/greengrass/v2/developerguide/greengrass-service-role.html

Associate:

aws greengrassv2 associate-service-role-to-account --role-arn "[ROLE-ARN]" --region "eu-central-1"

Check:

aws greengrassv2 get-service-role-for-account --region "eu-central-1"

Docker

Docu: https://docs.aws.amazon.com/iot-sitewise/latest/userguide/connect-partner-app.html#cpa-install-docker

Install Docker Engine: https://docs.docker.com/engine/install/ubuntu/

Run the following command to uninstall all conflicting packages:

for MY_PKG in docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc; do apt-get remove "$MY_PKG"; done

🚨 2024-03-26: Docker version 20.10 is the latest version that is verified to work with the SiteWise Edge gateway software.

Install Docker manually and manage upgrades manually:

Go to https://download.docker.com/linux/ubuntu/dists/.

Download the following deb files for the Docker Engine, CLI, containerd, and Docker Compose packages:

curl "https://download.docker.com/linux/ubuntu/dists/jammy/pool/stable/arm64/containerd.io_1.6.9-1_arm64.deb" -o "containerd.io.deb" && \
curl "https://download.docker.com/linux/ubuntu/dists/jammy/pool/stable/arm64/docker-ce_20.10.24~3-0~ubuntu-jammy_arm64.deb" -o "docker-ce.deb" && \
curl "https://download.docker.com/linux/ubuntu/dists/jammy/pool/stable/arm64/docker-ce-cli_20.10.24~3-0~ubuntu-jammy_arm64.deb" -o "docker-ce-cli.deb" && \
curl "https://download.docker.com/linux/ubuntu/dists/jammy/pool/stable/arm64/docker-buildx-plugin_0.13.1-1~ubuntu.22.04~jammy_arm64.deb" -o "docker-buildx-plugin.deb" && \
curl "https://download.docker.com/linux/ubuntu/dists/jammy/pool/stable/arm64/docker-compose-plugin_2.25.0-1~ubuntu.22.04~jammy_arm64.deb" -o "docker-compose-plugin.deb" && \
echo "OK"

Install the .deb packages:

dpkg -i "containerd.io.deb" \
  "docker-ce.deb" \
  "docker-ce-cli.deb" \
  "docker-buildx-plugin.deb" \
  "docker-compose-plugin.deb"

To add ggc_user, or the non-root user that you use to run Docker container components, to the docker group, run the following command:

usermod -aG docker ggc_user

Verify that the Docker Engine installation is successful by running the hello-world image.

service docker start
docker info
docker run hello-world