Copyright © https://mongoose-os.com

Mongoose OS Forum

frame

Connection to AWS IoT without aws-iot-setup

BlyertsBlyerts Stockholm

Hi,

How do I set up an device connection to AWS IoT by not using the aws-iot-setup command? I have tried to generate certificates in AWS and put these on the device and editing the config file to point to the new certificates. But it seems not to be that straight forward..
Any one have any experience of this?
The typical way when going to production is to load the devices with the certificates directly so that they can connect on start?

Regards,
Christoffer

Comments

  • bravokeylbravokeyl Seoul, South Korea (Nomadist)
    edited June 13

    @Blyerts , the way that you are doing is correct. At this stage I see that the certs config step is needed, are you trying to skip this step and just load whatever the crt and key files in the fs directory automatically and use them for connection?

  • mjoldfieldmjoldfield Cambridge, UK

    I'm just a noob, but the following worked for me:

    Create certificates:

    $ aws --region us-east-1 iot create-keys-and-certificate \
        --set-as-active \
        --certificate-pem-outfile=fs/cert.pem \
        --public-key-outfile=fs/public.pem    \
        --private-key-outfile=fs/private.pem
    

    Connect policy and thing to certificates: I did this in the console, but you
    could do it with the aws CLI if you know the right runes.

    Configure MOS: I used the following script:

    #! /bin/sh
    
    for f in fs/*
    do
       mos put $f
    done
    
    mos config-set \
       wifi.sta.enable=true \
       wifi.ap.enable=false \
       wifi.sta.ssid='XXXXX' wifi.sta.pass=XXXX \
       aws.shadow.thing_name='xxxxxxxx \
       mqtt.enable=true \
       mqtt.server=a2uxxxxxxxxxxxx.iot.us-east-1.amazonaws.com:8883 \
       mqtt.ssl_cert=cert.pem \
       mqtt.ssl_key=private.pem \
       mqtt.ssl_ca_cert=ca_cert.pem
    
  • bravokeylbravokeyl Seoul, South Korea (Nomadist)
    edited June 13

    @mjoldfield , please note that aws iot create-keys-and-certificate creates 2048-bit RSA key pair whereas mos aws-iot-setup creates ECDSA pair as we can use these for ATECC508A crypto chip as well which only supports elliptic curve SHA. Currently RSA key pair is used for CC3200.

  • BlyertsBlyerts Stockholm

    Thank you mjoldfield!

  • only1chionly1chi Boston

    So I'm trying to do precisely the same thing you're doing. I have my certificates and policy configured using aws iot console. I've verified that the certificates are working, and correctly configured.

    The problem I'm having is with building the my application. I'm using my mos.yml file to configure mqtt settings.
    I'm also building with a local mongoose-os repository.
    My mos.yml file is also pointing to the aws library.
    However I get a build error as follows:

    mqtt: Cannot override an object
    

    did you run into this?

  • rojerrojer Dublin, Ireland

    post the contents of mos.yml here, looks like you're trying to override entire mqtt config section, which is not allowed.

  • only1chionly1chi Boston

    Here it is:

    version: "1.0"
    arch: esp8266
    mongoose_os_version: master
    sources:
    - src
    filesystem:
    - fs
    libs:
      - origin: https://github.com/mongoose-os-libs/aws
    extra_files: []
    skeleton_version: 2017-05-16
    ffi_symbols: []
    config_schema: 
    #  - ["http.enable", true]
    #  - ["http.listen_addr", "8000"]
    #  - ["http.upload_acl", "*"]
    #  - ["http.ssl_cert", "s", "", {"title": "Turn on SSL on the listener, use this cert"}]
    #  - ["http.ssl_key", "s", "", {"title": "SSL key to use"}]
    #  - ["http.ssl_ca_cert", "s", "", {"title": "Verify clients this CA bundle"}]
    #  - ["http.hidden_files", "s", "", {"title": "Hidden file pattern"}]
    
    #  - ["i2c.enable", true]
    #  - ["i2c.freq", 100000]
    #  - ["i2c.sda_gpio", 2]
    #  - ["i2c.scl_gpio", 0]
    
    #  - ["spi.enable", true]
    #  - ["spi.freq", 4000000]
    #  - ["spi.mode", 3]
    #  - ["spi.msb_first", true]
    #  - ["spi.miso_gpio", 12]
    #  - ["spi.mosi_gpio", 13]
    #  - ["spi.sclk_gpio", 14]
    
      - ["wifi.ap.enable", true]
      - ["wifi.ap.ssid", "ESP8266_??????"]
      - ["wifi.ap.pass", "Timbuktu"]
      - ["wifi.ap.hidden", false]
      - ["wifi.ap.channel", 6]
      - ["wifi.ap.max_connections", 4]
      - ["wifi.ap.ip", "192.168.4.1"]
      - ["wifi.ap.netmask", "255.255.255.0"]
      - ["wifi.ap.gw", "192.168.4.1"]
      - ["wifi.ap.dhcp_start", "192.168.4.2"]
      - ["wifi.ap.dhcp_end", "192.168.4.100"]
      - ["wifi.ap.keep_enabled", "b", true, {"title": "Keep AP enabled when station is on"}]
    
    #  - ["wifi.sta.enable", true]
    
    #  - ["aws", "o", {title: "AWS settings"}]
    #  - ["aws.shadow", "o", {title: "AWS Device Shadow settings"}]
    #  - ["aws.shadow.thing_name", "s", "smartpooltimer", {title: "Set thing name. If not specified, device.id is used"}]
    
      - ["mqtt.enable", false]
      - ["mqtt.clean_session", true]
      - ["mqtt.keep_alive", 60]
      - ["mqtt.server", "a1vjs5vsziz8ws.iot.us-east-1.amazonaws.com:8883"]
      - ["mqtt.ssl_ca_cert", "aws-root-ca.pem"]
      - ["mqtt.ssl_cert", "aws-iot-1xxxxxxxx2.crt.pem"]
      - ["mqtt.ssl_key", "ecckey.key.pem"]
      - ["mqtt.client_id", ""]
      - ["mqtt.user", ""]
      - ["mqtt.pass", ""]
      - ["mqtt.reconnect_timeout_min", 2]
      - ["mqtt.reconnect_timeout_min", 60]
      - ["mqtt.ssl_cipher_suites", ""]
      - ["mqtt.ssl_psk_identity", ""]
      - ["mqtt.ssl_psk_key", ""]
      - ["mqtt.will_topic", ""]
      - ["mqtt.will_message", ""]
    
    
    build_vars:
      FS_SIZE: 262144             # File System Size = 256K
      MGOS_ENABLE_WEB_CONFIG: 1            # Enable Webserver
    #  MGOS_ENABLE_MQTT: 1                  # Enable MQTT support
    #  MGOS_ENABLE_FILE_UPLOAD: 1
    #  MGOS_ENABLE_FILESYSTEM_SERVICE: 1   # Needed for mos ls,put,get to work
    #  MGOS_ENABLE_WIFI: 1                 # Enable WiFi
    #  MGOS_DEBUG_UART: 1                  # Enable UART debugging
    #  MGOS_ENABLE_RPC: 1                  # Framing protocol for communication.
    #  MGOS_ENABLE_RPC_CHANNEL_UART: 1     # Needed for make mos tool to work.
    #  MGOS_ENABLE_CONFIG_SERVICE: 1       # Needed for mos config-* commands to work
    #  MGOS_ENABLE_DNS_SD: 1               # Enable network discovery
    #  MGOS_ENABLE_UPDATER: 1              # Enable OTA updates
    #  MGOS_ENABLE_UPDATER_RPC: 0          # Enable OTA via mg_rpc framing protocol
    #  MGOS_ENABLE_UPDATER_POST: 1         # Enable OTA via HTTP POST
    tags:
       - c
       - wifi
    #   - mqtt
    #   - js
    deps: []
    
  • rojerrojer Dublin, Ireland

    i pasted this into mos.yml and it works for me, no errors

  • only1chionly1chi Boston

    Does it have to do with the manner in which I'm building my project? The fact that I'm using a local repository?

  • only1chionly1chi Boston

    This is my build log...

    chiz@chiz-VirtualBox:~/share/workspace/test_mongoose-os$ mos build --local --repo ~/share/mongoose-os/ --verbose --clean
    Handling lib "aws"...
    The --lib flag was not given for it, checking repository
    Prepared local dir: "/home/chiz/.mos/libs/aws"
    Handling lib "mqtt"...
    The --lib flag was not given for it, checking repository
    Prepared local dir: "/home/chiz/.mos/libs/mqtt"
    Using mongoose-os located at "/home/chiz/share/mongoose-os/"
    Sources: [/home/chiz/.mos/libs/mqtt/src/*.c /home/chiz/.mos/libs/mqtt/src/*.cpp /home/chiz/.mos/libs/aws/src/*.c /home/chiz/.mos/libs/aws/src/*.cpp src/*.c src/*.cpp /home/chiz/.mos/tmp/deps_init_.c]
    Building...
    Docker arguments: run --rm -i -v /home/chiz/share/workspace/test_mongoose-os:/app -v /home/chiz/share/mongoose-os:/mongoose-os -v /home/chiz/share/mongoose-os:/home/chiz/share/mongoose-os -v /home/chiz/.mos/libs/mqtt/src:/home/chiz/.mos/libs/mqtt/src -v /home/chiz/.mos/libs/aws/src:/home/chiz/.mos/libs/aws/src -v /home/chiz/share/workspace/test_mongoose-os/src:/home/chiz/share/workspace/test_mongoose-os/src -v /home/chiz/.mos/tmp:/home/chiz/.mos/tmp -v /home/chiz/share/workspace/test_mongoose-os/fs:/home/chiz/share/workspace/test_mongoose-os/fs -v /home/chiz/.mos/tmp:/home/chiz/.mos/tmp --user 1000:1000 docker.cesanta.com/esp8266-build:2.0.0-1.5.0-r5 /bin/bash -c nice make '-j' '2' '-C' '/app' '-f' '/mongoose-os/fw/platforms/esp8266/Makefile.build' 'BUILD_DIR=build/objs' 'APP_VERSION=1.0' 'APP_CXXFLAGS=-DMG_ENABLE_MQTT=1' 'MGOS_ENABLE_WEB_CONFIG=1' 'FS_STAGING_DIR=build/fs' 'APP=test_mongoose-os' 'GEN_DIR=build/gen' 'FS_SIZE=262144' 'APP_SOURCES=/home/chiz/.mos/libs/mqtt/src/*.c /home/chiz/.mos/libs/mqtt/src/*.cpp /home/chiz/.mos/libs/aws/src/*.c /home/chiz/.mos/libs/aws/src/*.cpp src/*.c src/*.cpp /home/chiz/.mos/tmp/deps_init_.c' 'APP_FS_FILES=fs/*' 'APP_CFLAGS=-DMG_ENABLE_MQTT=1' 'FW_DIR=build/fw' 'FFI_SYMBOLS=' 'APP_CONF_SCHEMA=/home/chiz/.mos/tmp/mos_conf_schema_561967736' 'MGOS_PATH=/mongoose-os' 'PLATFORM=esp8266'
    make: Entering directory '/app'
      MKDIR /app/build/fw
      MKDIR /app/build/objs
      MKDIR /app/build/gen
      MKDIR /app/build/objs/fw_temp
    CC esptool2.c
    gcc -O2 -Wall -c esptool2.c -o /app/build/objs/esptool2.o
      GEN   /app/build/gen/sys_config.c
    CC esptool2_elf.c
    gcc -O2 -Wall -c esptool2_elf.c -o /app/build/objs/esptool2_elf.o
    LD /app/build/objs/esptool2
    gcc -o /app/build/objs/esptool2 /app/build/objs/esptool2.o /app/build/objs/esptool2_elf.o
    While parsing /home/chiz/.mos/tmp/mos_conf_schema_561967736: mqtt: Cannot override an object
    /mongoose-os/fw/src/sys_config.mk:15: recipe for target '/app/build/gen/sys_config.c' failed
    make: *** [/app/build/gen/sys_config.c] Error 1
    make: *** Waiting for unfinished jobs....
    make: Leaving directory '/app'
    Error: exit status 2
    chiz@chiz-VirtualBox:~/share/workspace/test_mongoose-os$ 
    
  • rojerrojer Dublin, Ireland

    hm. weird. still does not reproduce for me. can you find /home/chiz/.mos/tmp/mos_conf_schema_561967736 and see what's inside?

  • only1chionly1chi Boston

    I actually can't find that temporary folder. It seems to be cleaned out.

  • only1chionly1chi Boston

    Did you build into a local repository?

  • rojerrojer Dublin, Ireland

    we added a flag to keep temp files after build. please update the mos tool, add --keep-temp-files and post the temp conf_schema here.

  • only1chionly1chi Boston

    The error is generated by the sys_config.mk file. It seems as if the the project mos.yml files are first processed before the library (aws & mqtt) mos files. Here is the output of the mos.yml file which I found in the build tmp folder...

    name: test_mongoose-os
    version: "1.0"
    arch: esp8266
    author: ""
    description: ""
    mongoose_os_version: master
    sources:
    - local_libs/mqtt/src
    - local_libs/aws/src
    - src
    filesystem:
    - fs
    extra_files: []
    ffi_symbols: []
    config_schema:
    - - mqtt
      - o
      - title: MQTT settings
    - - mqtt.enable
      - b
      - false
      - title: Enable MQTT
    - - mqtt.server
      - s
      - iot.eclipse.org:1883
      - title: MQTT server
    - - mqtt.client_id
      - s
      - ""
      - title: ClientID t send to the broker. Defaults to device.id.
    - - mqtt.user
      - s
      - ""
      - title: User name
    - - mqtt.pass
      - s
      - ""
      - title: Password
    - - mqtt.reconnect_timeout_min
      - i
      - 2
      - title: Starting reconnect timeout
    - - mqtt.reconnect_timeout_max
      - i
      - 60
      - title: Maximum reconnect timeout
    - - mqtt.ssl_cert
      - s
      - ""
      - title: Client certificate to present to the server
    - - mqtt.ssl_key
      - s
      - ""
      - title: Private key corresponding to the certificate
    - - mqtt.ssl_ca_cert
      - s
      - ""
      - title: Verify server certificate using this CA bundle
    - - mqtt.ssl_cipher_suites
      - s
      - ""
      - title: Cipher suites to offer to the server
    - - mqtt.ssl_psk_identity
      - s
      - ""
      - title: PSK identity (must specify PSK cipher suites)
    - - mqtt.ssl_psk_key
      - s
      - ""
      - title: PSK key
    - - mqtt.clean_session
      - b
      - true
      - title: Clean Session
    - - mqtt.keep_alive
      - i
      - 60
      - title: Keep alive interval
    - - mqtt.will_topic
      - s
      - ""
      - title: Will topic
    - - mqtt.will_message
      - s
      - ""
      - title: Will message
    - - debug.stdout_topic
      - s
      - ""
      - title: MQTT topic to publish STDOUT to
    - - debug.stderr_topic
      - s
      - ""
      - title: MQTT topic to publish STDERR to
    - - aws
      - o
      - title: AWS settings
    - - aws.shadow
      - o
      - title: AWS Device Shadow settings
    - - aws.shadow.thing_name
      - s
      - ""
      - title: Set thing name. If not specified, device.id is used
    - - i2c.enable
      - true
    - - i2c.freq
      - 100000
    - - i2c.sda_gpio
      - 2
    - - i2c.scl_gpio
      - 0
    - - wifi.ap.enable
      - true
    - - wifi.ap.ssid
      - ESP8266_??????
    - - wifi.ap.pass
      - Timbuktu
    - - wifi.ap.hidden
      - false
    - - wifi.ap.channel
      - 6
    - - wifi.ap.max_connections
      - 4
    - - wifi.ap.ip
      - 192.168.4.1
    - - wifi.ap.netmask
      - 255.255.255.0
    - - wifi.ap.gw
      - 192.168.4.1
    - - wifi.ap.dhcp_start
      - 192.168.4.2
    - - wifi.ap.dhcp_end
      - 192.168.4.100
    - - wifi.ap.keep_enabled
      - b
      - true
      - title: Keep AP enabled when station is on
    - - mqtt
      - o
      - title: MQTT settings
    - - mqtt.enable
      - false
    
  • rojerrojer Dublin, Ireland
    edited June 14

    hm. in teh merged config schema this part

    - - mqtt
      - o
      - title: MQTT settings
    

    appears twice, that is the problem. i wonder where it comes from.

  • only1chionly1chi Boston

    That fixed the problem. I was changing some mqtt settings in my top level "mos.yml" file. Thanks very much for the help.

  • rojerrojer Dublin, Ireland
Sign In or Register to comment.