Skip to content

Commit

Permalink
Merge pull request #211 from fcabrera23/sample-fixer
Browse files Browse the repository at this point in the history 
Sample fixer
  • Loading branch information
@fcabrera23
fcabrera23 authored Dec 14, 2022
2 parents 11f6cd4 + 6adf3c7 commit b7dc780
Show file tree
Hide file tree
Showing 16 changed files with 224 additions and 481 deletions.
44 changes: 18 additions & 26 deletions ...op-customvision-textmsg-uwpapp/Documentation/Configuring the IoT Edge Device.MD
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,14 +19,15 @@ In this part we configure the Azure IoT Edge for Linux instance on the IoT edge
1. **Create Certificates folder inside the EFLOW VM**
* Use SSH to log in to the EFLOW VM environment.

```powershell
Connect-EflowVm
```
```powershell
Connect-EflowVm
```

* Inside the EFLOW VM environment, use mkdir to create the Certificates folder

```powershell
mkdir ~/certs/
sudo mkdir /var/certs/
sudo chmod 777 /var/certs/
```

2. **Copy Certificates to EFLOW VM environment**
Expand All @@ -35,8 +36,10 @@ In this part we configure the Azure IoT Edge for Linux instance on the IoT edge

```powershell
Copy-EflowVmFile -fromFile .\certs\* -toFile ~/certs/ -pushFile
Copy-EflowVmFile -fromFile .\private\* -toFile ~/certs/ -pushFile
```


3. **Log in to the Linux environment**

```powershell
Expand All @@ -53,32 +56,21 @@ As the Azure Device Client Namespace is used, we use the underlying AMQP protoco
1. **Read the certificates**
Run the following command to allow Azure IoT Edge to read the certificates.
```bash
sudo chown -R iotedge: ~/certs
sudo chown aziotcs:aziotcs /var/certs
```
1. **Provision the Azure IoT Edge for Linux configuration**
1. **Configure certificates**
To edit config.yaml run the following command:
```bash
sudo nano /etc/aziot/config.toml
sudo chmod -R 777 /var/certs/
```
> **Note:**
> Skip the following step if Azure IoT Edge was deployed using EFLOW installation. Only replace the connection if it was manually provisioned.

* Replace `"<IoT Edge Device connection string>"` in the 'Manual provisioning configuration with the connection string that you obtained in Step 2-6.

* Set the location of the certificates that were copied ot the device earlier.
```yaml
# Manual provisioning configuration
provisioning:
source: "manual"
device_connection_string: "<IoT Edge Device connection string>"
```
* Set the location of the certificates that were copied ot the device earlier.
```yaml
certificates:
device_ca_cert: "/home/efl-user/certs/new-edge-device-full-chain.cert.pem"
device_ca_pk: "/home/efl-user/certs/new-edge-device.key.pem"
trusted_ca_certs: "/home/efl-user/certs/azure-iot-test-only.root.ca.cert.pem"
trust_bundle_cert = "file:///var/certs/azure-iot-test-only.root.ca.cert.pem"
[edge_ca]
cert = "file:///var/certs/new-edge-device-full-chain.cert.pem"
pk = "file:///var/certs/new-edge-device.key.pem"
```
> **Note:** <Make sure there are no whitespaces before certificates paths and two spaces indenting each sub part.

Expand All @@ -87,12 +79,12 @@ As the Azure Device Client Namespace is used, we use the underlying AMQP protoco

> **Note:** Skip the next step if you are on a network with dynamic DNS, then edge modules will automatically be able to resolve the VM’s IP address from its hostname.

* To save the file and exit nano, press <kbd>CTRL</kbd>+<kbd>x</kbd>, confirm save and exit with <kbd>Y</kbd> and press <kbd>Enter</kbd>. This concludes the provisioning and configuration.

1. **Restart IoT Edge**
Restart IoT Edge by running the following command.
Apply the new configuration running the following command.
```base
sudo systemctl restart aziot-*
sudo iotedge config apply
```
1. **Check the IoT Edge configuration**
Check that IoT Edge is configured correctly by running the below command.
Expand Down
22 changes: 3 additions & 19 deletions ...omvision-textmsg-uwpapp/Documentation/Create Certificates for Authentication.MD
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,30 +12,14 @@
- [ ] [Troubleshooting](./Troubleshooting.MD)
---
# Step 4: Create Certificates for Authentication
This part describes the relevant steps to create sample certificates for the authentication between downstream device and IoT Edge.
This part describes the relevant steps to create sample certificates for the authentication between downstream device and IoT edge.

* **To create a sample PKI with certificate validity for one month**
Complete the steps within the [Create certificates](https://docs.microsoft.com/azure/iot-edge/tutorial-machine-learning-edge-05-configure-edge-device#create-certificates) section of [Tutorial: Configure an IoT Edge device](https://docs.microsoft.com/azure/iot-edge/tutorial-machine-learning-edge-05-configure-edge-device).
> **Note:** You only need to generate certificates and do not need to upload them to Azure Key Vault as described in the section following Create certificates..
Complete the steps within the steps of [Create demo certificates to test IoT Edge device features](https://learn.microsoft.com/en-us/azure/iot-edge/how-to-create-transparent-gateway?view=iotedge-1.4&tabs=eflow#create-demo-certificates).

* **To generate customizable test certificates**
Follow the steps described in [Generate test certificates for Edge Gateway](https://github.com/Azure-Samples/IoTEdgeAndMlSample/tree/master/CreateCertificates) to create sample certificates to use for the interop solution. It generates certificates with default subject name "turbofanGateway" and 30 days validity. To extend the validity of certificates (or) to change the subject name, make the following modifications to **dockerfile** then rebuild the docker image.
Follow the steps described in [Generate test certificates for Edge Gateway](https://github.com/Azure-Samples/IoTEdgeAndMlSample/tree/master/CreateCertificates) to create sample certificates to use for the interop solution. It generates certificates with default subject name "turbofanGateway" and 30 days validity. To extend the validity of certificates (or) to change the subject name, make the following modifications to **dockerfile** then re-build the docker image.

* _To extend the certificate validity to 365 days_
1. Replace `RUN yum -y install openssl git \` with `RUN yum -y install openssl git sed \`
1. Add following extra line after `&& chmod 700 startup.sh`
```powershell
RUN sed -i -e '/days_till_expire/s/30/365/' certGen.sh
```

* _To customize the subject name_
1. Add the below line before the "ENTRYPOINT [ "/work/startup.sh" ]
```powershell
RUN sed -i -e 's/turbofanGateway/sampleedgedevice/' startup.sh
```
You can also use your own root CA certificate in case you have a (test) PKI for downstream devices and edge devices. In any of the two latter cases, replace the private key, certificate chain, and root CA cert.

Copy the above generated sample PKI certificates i.e. private key 'new-edge-device.key.pem', certificate chain 'new-edge-device-full-chain.cert.pem', root CA cert 'azure-iot-test-only.root.ca.cert.pem' for authenticating the IoT Edge Device to the folder 'C:\certs' for future use.

Go to [Next Step](./Develop%20the%20Windows%20C%23%20UWP%20Application.MD)
17 changes: 8 additions & 9 deletions samples/interop-customvision-textmsg-uwpapp/Documentation/Troubleshooting.MD
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,14 @@

## Progress

- [x] [Introduction](../README.md)
- [x] [Step 1 - Setup Development Environment](./Setup%20DevVM.MD)
- [x] [Step 2 - Setup Azure Resources](./Setup%20Azure%20Resources.MD)
- [x] [Step 3 - Setup Azure IoT Edge for Linux on Windows](./Setup%20Azure%20IoT%20Edge%20for%20Linux%20on%20Windows.MD)
- [x] [Step 4 - Develop and publish the IoT Edge Linux module](./Develop%20and%20publish%20the%20IoT%20edge%20Linux%20module.MD)
- [x] [Step 5 - Create Certificates for Authentication](./Create%20Certificates%20for%20Authentication.MD)
- [x] [Step 6 - Develop the Windows C# Console Application](./Develop%20the%20Windows%20C%23%20Console%20Application.MD)
- [x] [Step 7 - Configuring the IoT Edge Device](./Configuring%20the%20IoT%20Edge%20Device.MD)
- [x] [Step 8 - Run samples](./Run%20samples.MD)
- [x] [Introduction](../README.md)
- [x] [Step 1 - Setup Azure Resources](./Setup%20Azure%20Resources.MD)
- [x] [Step 2 - Setup Azure IoT Edge for Linux on Windows](./Setup%20Azure%20IoT%20Edge%20for%20Linux%20on%20Windows.MD)
- [x] [Step 3 - Develop and publish the IoT Edge Linux module](./Develop%20and%20publish%20the%20IoT%20edge%20Linux%20module.MD)
- [x] [Step 4 - Create Certificates for Authentication](./Create%20Certificates%20for%20Authentication.MD)
- [x] [Step 5 - Develop the Windows C# Console Application](./Develop%20the%20Windows%20C%23%20Console%20Application.MD)
- [x] [Step 6 - Configuring the IoT Edge Device](./Configuring%20the%20IoT%20Edge%20Device.MD)
- [x] [Step 7 - Run samples](./Run%20samples.MD)
- [ ] **Troubleshooting**
---

Expand Down
54 changes: 22 additions & 32 deletions ...les/interop-textmsg-consoleapp/Documentation/Configuring the IoT Edge Device.MD
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,19 +2,18 @@
## Progress

- [x] [Introduction](../README.md)
- [x] [Step 1 - Setup Development Environment](./Setup%20DevVM.MD)
- [x] [Step 2 - Setup Azure Resources](./Setup%20Azure%20Resources.MD)
- [x] [Step 3 - Setup Azure IoT Edge for Linux on Windows](./Setup%20Azure%20IoT%20Edge%20for%20Linux%20on%20Windows.MD)
- [x] [Step 4 - Develop and publish the IoT Edge Linux module](./Develop%20and%20publish%20the%20IoT%20edge%20Linux%20module.MD)
- [x] [Step 5 - Create Certificates for Authentication](./Create%20Certificates%20for%20Authentication.MD)
- [x] [Step 6 - Develop the Windows C# Console Application](./Develop%20the%20Windows%20C%23%20Console%20Application.MD)
- [ ] **Step 7 - Configuring the IoT Edge Device**
- [ ] [Step 8 - Deploy the Modules onto the IoT Edge Device](./Deploy%20the%20Modules%20onto%20the%20IoT%20Edge%20Device.MD)
- [ ] [Step 9 - Run the Console Application](./Run%20the%20Console%20Application.MD)
- [x] [Step 1 - Setup Azure Resources](./Setup%20Azure%20Resources.MD)
- [x] [Step 2 - Setup Azure IoT Edge for Linux on Windows](./Setup%20Azure%20IoT%20Edge%20for%20Linux%20on%20Windows.MD)
- [x] [Step 3 - Develop and publish the IoT Edge Linux module](./Develop%20and%20publish%20the%20IoT%20edge%20Linux%20module.MD)
- [x] [Step 4 - Create Certificates for Authentication](./Create%20Certificates%20for%20Authentication.MD)
- [x] [Step 5 - Develop the Windows C# Console Application](./Develop%20the%20Windows%20C%23%20Console%20Application.MD)
- [ ] **Step 6 - Configuring the IoT Edge Device**
- [ ] [Step 7 - Deploy the Modules onto the IoT Edge Device](./Deploy%20the%20Modules%20onto%20the%20IoT%20Edge%20Device.MD)
- [ ] [Step 8 - Run the Console Application](./Run%20the%20Console%20Application.MD)
- [ ] [Troubleshooting](./Troubleshooting.MD)
---

# Step 7: Configuring the IoT Edge Device.
# Step 6: Configuring the IoT Edge Device.
In this part we configure the Azure IoT Edge for Linux instance on the IoT edge device.


Expand All @@ -28,7 +27,8 @@ In this part we configure the Azure IoT Edge for Linux instance on the IoT edge
* Inside the EFLOW VM environment, use mkdir to create the Certificates folder

```powershell
mkdir ~/certs/
sudo mkdir /var/certs/
sudo chmod 777 /var/certs/
```

2. **Copy Certificates to EFLOW VM environment**
Expand All @@ -37,6 +37,7 @@ In this part we configure the Azure IoT Edge for Linux instance on the IoT edge

```powershell
Copy-EflowVmFile -fromFile .\certs\* -toFile ~/certs/ -pushFile
Copy-EflowVmFile -fromFile .\private\* -toFile ~/certs/ -pushFile
```


Expand All @@ -56,31 +57,21 @@ As the Azure Device Client Namespace is used, we use the underlying AMQP protoco
1. **Read the certificates**
Run the following command to allow Azure IoT Edge to read the certificates.
```bash
sudo chown -R iotedge: ~/certs
sudo chown aziotcs:aziotcs /var/certs
```
1. **Provision the Azure IoT Edge for Linux configuration**
1. **Configure certificates**
To edit config.yaml run the following command:
```bash
sudo nano /etc/aziot/config.toml
sudo chmod -R 777 /var/certs/
```

> **Note:** Skip the following step if Azure IoT Edge was deployed using EFLOW installation. Only replace the connection if it was manually provisioned.


* Replace `"<IoT Edge Device connection string>"` in the 'Manual provisioning configuration with the connection string that you obtained in Step 2-6.
```yaml
# Manual provisioning configuration
provisioning:
source: "manual"
device_connection_string: "<IoT Edge Device connection string>"
```
* Set the location of the certificates that were copied ot the device earlier.
```yaml
certificates:
device_ca_cert: "/home/iotedge-user/certs/new-edge-device-full-chain.cert.pem"
device_ca_pk: "/home/iotedge-user/certs/new-edge-device.key.pem"
trusted_ca_certs: "/home/iotedge-user/certs/azure-iot-test-only.root.ca.cert.pem"
trust_bundle_cert = "file:///var/certs/azure-iot-test-only.root.ca.cert.pem"
[edge_ca]
cert = "file:///var/certs/new-edge-device-full-chain.cert.pem"
pk = "file:///var/certs/new-edge-device.key.pem"
```
> **Note:** <Make sure there are no whitespaces before certificates paths and two spaces indenting each sub part.

Expand All @@ -89,13 +80,12 @@ As the Azure Device Client Namespace is used, we use the underlying AMQP protoco

> **Note:** Skip the next step if you are on a network with dynamic DNS, then edge modules will automatically be able to resolve the VM’s IP address from its hostname.

* To save the file and exit nano, press <kbd>CTRL</kbd>+<kbd>x</kbd>, confirm save and exit with <kbd>Y</kbd> and press <kbd>Enter</kbd>. This concludes the provisioning and configuration.

1. **Restart IoT Edge**
Restart IoT Edge by running the following command.
Apply the new configuration running the following command.
```base
sudo systemctl restart aziot-*
sudo iotedge config apply
```
1. **Check the IoT Edge configuration**
Check that IoT Edge is configured correctly by running the below command.
Expand Down
37 changes: 11 additions & 26 deletions ...erop-textmsg-consoleapp/Documentation/Create Certificates for Authentication.MD
View file
Original file line number Diff line number Diff line change
@@ -1,41 +1,26 @@
# Interop Console App with Linux Edge Module
## Progress

- [x] [Introduction](../README.md)
- [x] [Step 1 - Setup Development Environment](./Setup%20DevVM.MD)
- [x] [Step 2 - Setup Azure Resources](./Setup%20Azure%20Resources.MD)
- [x] [Step 3 - Setup Azure IoT Edge for Linux on Windows](./Setup%20Azure%20IoT%20Edge%20for%20Linux%20on%20Windows.MD)
- [x] [Step 4 - Develop and publish the IoT Edge Linux module](./Develop%20and%20publish%20the%20IoT%20edge%20Linux%20module.MD)
- [ ] **Step 5 - Create Certificates for Authentication**
- [ ] [Step 6 - Develop the Windows C# Console Application](./Develop%20the%20Windows%20C%23%20Console%20Application.MD)
- [ ] [Step 7 - Configuring the IoT Edge Device](./Configuring%20the%20IoT%20Edge%20Device.MD)
- [ ] [Step 8 - Deploy the Modules onto the IoT Edge Device](./Deploy%20the%20Modules%20onto%20the%20IoT%20Edge%20Device.MD)
- [ ] [Step 9 - Run the Console Application](./Run%20the%20Console%20Application.MD)
- [x] [Introduction](../README.md)
- [x] [Step 1 - Setup Azure Resources](./Setup%20Azure%20Resources.MD)
- [x] [Step 2 - Setup Azure IoT Edge for Linux on Windows](./Setup%20Azure%20IoT%20Edge%20for%20Linux%20on%20Windows.MD)
- [x] [Step 3 - Develop and publish the IoT Edge Linux module](./Develop%20and%20publish%20the%20IoT%20edge%20Linux%20module.MD)
- [ ] **Step 4 - Create Certificates for Authentication**
- [ ] [Step 5 - Develop the Windows C# Console Application](./Develop%20the%20Windows%20C%23%20Console%20Application.MD)
- [ ] [Step 6 - Configuring the IoT Edge Device](./Configuring%20the%20IoT%20Edge%20Device.MD)
- [ ] [Step 7 - Deploy the Modules onto the IoT Edge Device](./Deploy%20the%20Modules%20onto%20the%20IoT%20Edge%20Device.MD)
- [ ] [Step 8 - Run the Console Application](./Run%20the%20Console%20Application.MD)
- [ ] [Troubleshooting](./Troubleshooting.MD)
---
# Step 5: Create Certificates for Authentication
# Step 4: Create Certificates for Authentication
This part describes the relevant steps to create sample certificates for the authentication between downstream device and IoT edge.

* **To create a sample PKI with certificate validity for one month**
Complete the steps within the [Create certificates](https://docs.microsoft.com/azure/iot-edge/tutorial-machine-learning-edge-05-configure-edge-device#create-certificates) section of [Tutorial: Configure an IoT Edge device](https://docs.microsoft.com/azure/iot-edge/tutorial-machine-learning-edge-05-configure-edge-device).
> **Note:** You only need to generate certificates and do not need to upload them to Azure Key Vault as described in the section following Create certificates.
Complete the steps within the steps of [Create demo certificates to test IoT Edge device features](https://learn.microsoft.com/en-us/azure/iot-edge/how-to-create-transparent-gateway?view=iotedge-1.4&tabs=eflow#create-demo-certificates).

* **To generate customizable test certificates**
Follow the steps described in [Generate test certificates for Edge Gateway](https://github.com/Azure-Samples/IoTEdgeAndMlSample/tree/master/CreateCertificates) to create sample certificates to use for the interop solution. It generates certificates with default subject name "turbofanGateway" and 30 days validity. To extend the validity of certificates (or) to change the subject name, make the following modifications to **dockerfile** then re-build the docker image.

* _To extend the certificate validity to 365 days_
1. Replace `RUN yum -y install openssl git \` with `RUN yum -y install openssl git sed \`
1. Add following extra line after `&& chmod 700 startup.sh`
```powershell
RUN sed -i -e '/days_till_expire/s/30/365/' certGen.sh
```

* _To customize the subject name_
* add the below line before the "ENTRYPOINT [ "/work/startup.sh" ]
```powershell
RUN sed -i -e 's/turbofanGateway/sampleedgedevice/' startup.sh
```
You can also use your own root CA certificate in case you have a (test) PKI for downstream devices and edge devices. In any of the two latter cases, replace the private key, certificate chain, and root CA cert.

Go to [Next Step](./Develop%20the%20Windows%20C%23%20Console%20Application.MD)
Loading

0 comments on commit b7dc780

Please sign in to comment.