How to provision an IoT Device to Google Cloud IoT Core

provision-Devices-IoT-Core.md

Provisioning Devices to Google Cloud IoT Core

When deploying IoT devices on a global scale, many considerations have to be put in place. Remote accessibility, security, device management, simplicity, flow control, reliability, low latency, redundancy, integration with other cloud services represent some of the important considerations. To meet most of the requirements needed in deploying devices on a global scale, one has little or no option but to look to cloud platforms.

Google’s cloud platform provides Cloud IoT Core solution to meet the demands of secure and scalable IoT. Cloud IoT Core is a fully managed service to securely connect and manage a global device network. It features https/MQTT endpoints, automatic load balancing and global data access with Pub/Sub. Cloud IoT Core acts as a device manager and the integration with Pub/Sub enables IoT Core to also act as a communication broker. The use of Cloud IoT also ensures highway access to the rest of Google’s cloud platform.

To show off the simplicity of connecting a device to Cloud IoT Core, we are going to register a device on it, and use a sample to connect a virtual device and publish device telemetry events.

To begin;

• Select or create a new project on the Manage resources page in the GCP Console
  Manage resources page
• Ensure billing is enabled
  Learn how to enable billing
• Enable the Cloud IoT Core and Cloud Pub/Sub APIs
  Enable the APIs

Let’s go ahead and create a device registry – this is used to group a set of devices;

• Go to Google Cloud IoT Core page in the GCP Console
• Click Create a registry
• Enter my-registry for the Registry ID
• Select us-central1 for the Cloud Region
• Select MQTT for the Protocol
• In the Telemetry topic dropdown list, select Create a topic
• In the Create a topic dialog, enter my-device-events in the Name field
• Click Create in the Create a topic dialog
• Leave the other fields in their default state
• Click Create on the Cloud IoT Core page.

We just created a device registry with a Cloud Pub/Sub topic for publishing device telemetry events. Next, we add a device to the registry.

• Click Add device on the Registry Details page.
• Enter my-device for the Device ID
• Select Allow for Device communication
• Leave the other fields in their default state
• Click Add

Having just added a device to the registry, we shall be adding a public key to the device. In order to do this, we shall be making use of the Google Cloud Shell which comes with Cloud SDK and Node.js already installed. Click the Activate Cloud Shell button at the top of the Google Cloud Platform Console.

When the Cloud Shell starts, do the following:

• Run the multi-line command below to create an RS256 key

openssl req -x509 -newkey rsa:2048 -keyout rsa_private.pem -nodes -out rsa_cert.pem -subj "/CN=unused"

• Enter the command below to display the public key

cat rsa_cert.pem

• Copy the contents, ensure to include the lines that say

-----BEGIN CERTIFICATE-----to -----END CERTIFICATE-----

• On the Device details page for the device created in the preceding section, click Add public key
• Select RS256_X509 for the Public key format
• Paste your public key in the Public key value box
• Click Add

An RS256_X509 key appears on the Device details page for your device. At this point, we are homestretch, all that remains is to connect the device and start to view telemetry.

Let’s connect a virtual device and read messages published to the telemetry topic.

• In the Cloud Shell, run the command below to clone a repo from GitHub

git clone https://github.com/GoogleCloudPlatform/nodejs-docs-samples

• Navigate to the iot/mqtt_example

cd nodejs-docs-samples/iot/mqtt_example

• Copy rsa_private.pem to the current directory (iot/mqtt_example), with the following command

cp ../../../rsa_private.pem .

• Install Node.js dependencies

npm install

• Run the following command to create a subscription to the registry’s Pub/Sub topic, substituting your PROJECT_ID

gcloud pubsub subscriptions create \projects/PROJECT_ID/subscriptions/my-subscription --topic=projects/PROJECT_ID/topics/my-device-events

• Run the following command to connect the virtual device to Cloud IoT Core using MQTT protocol, substituting your PROJECT_ID and REGION

node cloudiot_mqtt_example_nodejs.js --projectId=PROJECT_ID --cloudRegion=REGION --registryId=my-registry --deviceId=my-device --privateKeyFile=rsa_private.pem --numMessages=25 --algorithm=RS256 --mqttBridgePort=443

• To read the messages published to the telemetry topic, substitute for your PROJECT_ID in the following

gcloud pubsub subscriptions pull --auto-ack \projects/PROJECT_ID/subscriptions/my-subscription

Once you run step 7 above, you should be able to see a similar output as the one below.

Congratulations! You have been able to connect a device to Cloud IoT Core and viewed telemetry data. Take out more time to explore more of Cloud IoT Core.

You can ask me privately

benslittlebitsandbobs@gmail.com

I've got an example but not from the device, from the script loading firmware to device chipId = ESP8266ROM.chip_id(ESPLoader.detect_chip()) def createDevice(): //create the keys cmd = "openssl ecparam -genkey -name prime256v1 -noout -out " + homeDir + "/.ssh/droneKeys/" + devicePrivateKey os.system(cmd) cmd = "openssl ec -in " + homeDir + "/.ssh/droneKeys/" + devicePrivateKey + " -pubout -out " + homeDir + "/.ssh/droneKeys/" + devicePublicKey os.system(cmd) cmd = "openssl ec -in " + homeDir + "/.ssh/droneKeys/" + devicePrivateKey + " -outform der -out " + homeDir + "/.ssh/droneKeys/" + devicePrivateKeyDer os.system(cmd) cmd = "openssl req -new -sha256 -key " + homeDir + "/.ssh/droneKeys/" + devicePrivateKey + " -out " + homeDir + "/.ssh/droneKeys/" + devicePrivateKeyCsr + " -subj '/CN=unused'" os.system(cmd) //save the keys cmd = "cp " + homeDir + "/.ssh/droneKeys/" + devicePrivateKeyDer + " " + privateKeyFilePath os.system(cmd) cmd = "cp " + homeDir + "/.ssh/droneKeys/" + devicePublicKey + " " + publicKeyFilePath os.system(cmd) //create the device on GCP cmd = homeDir + "/google-cloud-sdk/bin/gcloud config set project " + gcloudProject os.system(cmd) cmd = homeDir + "/google-cloud-sdk/bin/gcloud iot devices create " + deviceName +" --region="+droneRegion+" --registry="+droneRegistry+" --public-key path=" + publicKeyFilePath + ",type=es256" os.system(cmd) //create a QR code for user to scan and link account to device after purchase count = len(open(publicKeyFilePath).readlines( )) f = open(publicKeyFilePath, "r") head = f.readline() key ="" i=2 while i<count: key += f.readline().strip().replace("+","%2B") i = i +1 url = "https://chart.googleapis.com/chart?cht=qr&chs=400x400&chl={\"serial_number\":\"" + deviceName url += "\",\"type\":\"" + namePrefix url += "\",\"public_key\":\"" + key + "\"}" urllib.request.urlretrieve(url, qRFilePath ) cmd = "cp " + qRFilePath + " ~/.ssh/droneKeys/" + deviceQRFilePath os.system(cmd)

…

On Tue, 20 Jul 2021 at 20:25, Baltimore Hackerspace < ***@***.***> wrote: ***@***.**** commented on this gist. ------------------------------ cy that provides access only to the cloud resource responsible for provisioning. A provisioning script (a script that runs on the device on first boot) provides the bootstrap certificate to the provisioning server, along with any other authenticating information (I mostly use the device serial number gotten during the production of the device). The provisioning server validates the bootstrap certificate, looks up the serial number in a database to ascertain the device, and then generates and transfers a unique certificate to the device for access to the required resources on the cloud service. Please note that I use the term provisioning server to abstract away google cloud iot core. So that the concept can be cloud provid Is there a code example of doing this somewhere? Complete newbie here and the docs are overwhelming and confusing. I'm starting to understand a little bit but more examples of how to deploy real world products would help speed my learning. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <https://gist.github.com/74b1bb96b928befa6986c0f35a5b2d52#gistcomment-3821060>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AA5Z552CII6YZ2SMYRDHKGLTYXETFANCNFSM4HJ23UCA> .