Welcome to part 2 of using Arduino IoT Device with Azure IoT Edge. You should have installed all the prerequisites from the part 1 post (my last one). The information is almost a direct lift from Microsoft as this is their suggested setup. I have no intellectual property right to this information provided. If you get stuck you can contact me.
This post is going to cover some of the additional steps that will need to be performed so that your laptop is configured correctly. Since we are using our Edge device "as a gateway*, so we need:- a) our IoT Device to be able to find it
- b) to have valid certificates so the IoT Device will open a successful TLS connection to the Edge
- Open a command prompt __*as an Administrator*__
- Open (with notepad) c:\windows\system32\drivers\etc\hosts
- Notepad.exe c:\windows\system32\drivers\etc\hosts
- Add a row at the bottom with the following 127.0.0.1 mygateway.local
- Save and close the file
- Confirm you can successfully "ping mygateway.local"
- Make an \edge folder (mkdir c:\edge)
- cd to the \edge folder (cd \edge)
- Run the following powershell command:
- Set-ExecutionPolicy Unrestricted
- Run the following commands to set up our use of OpenSSL
- $ENV:PATH += ";c:\utils\OpenSSL\bin"
- $ENV:OPENSSL_CONF="c:\utils\OpenSSL\bin\openssl.cnf"
- . \azure-iot-sdk-c\tools\CACertificates\ca-certs.ps1
- Run
- Test-CACertsPrerequisites
- make sure it returns the result "SUCCESS"
- If the Test-CACertsprequisites call fails, it means that the local machine already contains Azure IoT test certs (possibly from a previously deployment.
- If that happens, you need to follow Step 5 - Cleanup of the instructions
- https://github.com/Azure/azure-iot-sdk-c/blob/CACertToolEdge/tools/CACertificates/CACertificateOverview.md) before moving on
- * DO NOT CLOSE THE POWERSHELL session yet (if you do, just reopen it and re-add the environment variables above)
- We are now ready to generate the TLS certificates for our Edge device
- make sure you are still in the c:\edge folder in your PowerShell session
- Run
- New-CACertsCertChain rsa
- to generate our test certs (in production, you would use a real CA for this...)
- In the azure portal, navigate back to your IoT Hub and click on "Certificates" on the left-nav and click "+Add".
- Give your certificate a name, and upload the c:\edge\RootCA.cer" file
- Now we need to generate certs for our specific gateway to do so, run
- New-CACertsEdgeDevice myGateway
- Command in Powershell. This will generate the gateway specific certs (MyGateway.*).
- When prompted to enter a password during the signing process, just enter "1234".
- NOTE: If anything goes wrong during this process and you need to repeat it, you'll likely need to clean up the existing certs before generating new ones. To do so, follow Step 5 - Cleanup, of the process outlined (https://github.com/Azure/azure-iot-sdk-c/blob/CACertToolEdge/tools/CACertificates/CACertificateOverview.md)
- Microsoft provides a python-based, cross-platform configuration and setup tool for IoT Edge. To install the tool, open an administrator command prompt and run:
- pip install -U azure-iot-edge-runtime-ctl
- ## Configure and start IoT Edge
- Now that we have all the pieces in place, we are ready to start up our IoT Edge device. We will start it by specifying the IoT Edge Device connection string capture above, as well as specifying the certificates we generated to allow downstream devices to establish valid TLS sessions with our Edge gateway.
- To setup and configure our IoT Edge device, run the following command (if you used '1234' for the password above, enter it again here when prompted). Make sure that Docker is running.
- iotedgectl setup --connection-string "
" --edge-hostname "mygateway.local" --device-ca-cert-file c:\edge\myGateway-public.pem --device-ca-chain-cert-file c:\edge\myGateway-all.pem --device-ca-private-key-file c:\edge\myGateway-private.pem --owner-ca-cert-file c:\edge\RootCA.pem - Replace *IoT Edge Device connection string* with the Edge device connection string you captured above. If it prompts you for a password for the edge private cert, use '12345' (NOTE: different from the password above!)
- We're ready now to start our IoT Edge device
- iotedgectl start
- You can see the status of the docker images by running
- docker ps
- at this point (because we haven't added any modules to our Edge device yet), you should only see one container/module running called 'edgeAgent'
- If you want to see if the edge Agent successfully started, run
- docker logs -f edgeAgent
- Note that you may see an error in the edgeAgent logs about having an 'empty configuration'. That's fine, because we haven't set a configuration yet!
- CTRL-C to exit the logs when you are ready
## Install IoT Edge configuration tool