diff --git a/docs/Fleet-provisioning.md b/docs/Fleet-provisioning.md index 1c513a33b..2d3c49f5c 100644 --- a/docs/Fleet-provisioning.md +++ b/docs/Fleet-provisioning.md @@ -9,6 +9,21 @@ can get valid certificates. you can follow the link [here](https://docs.aws.amazon.com/greengrass/v2/developerguide/fleet-provisioning-setup.html) to learn how to create appropriate policies and claim certificate. +``` +Note: +Currently, fleet provisioning can only be run manually. +Hence you will need to follow few important pre-steps + +1. Make sure you are logged in as root +2. Allow read access to all user for your certificates + chmod -R +rx /ggcredentials/ +3. Make sure you do not fill iotCredEndpoint/iotDataEndpoint under + `aws.greengrass.NucleusLite` you should only fill these fields + under `aws.greengrass.fleet_provisioning`'s config +4. If this is your not first run, remove the socket at + /run/greengrass/iotcoredfleet, if it exists +``` + Sample Fleet provisioning template: ```json @@ -73,52 +88,41 @@ config should roughly look as below. system: privateKeyPath: "" certificateFilePath: "" - rootCaPath: "/home/ubuntu/repo/fleetClaim/AmazonRootCA1.pem" - rootPath: "/home/ubuntu/aws-greengrass-lite/run_fleet/" - thingName: "" + rootCaPath: "/ggcredentials/fleetClaim/AmazonRootCA1.pem" #[Modify here] + rootPath: "/var/lib/greengrass/" #[Modify here] + thingName: "" #[Must leave blank] services: aws.greengrass.NucleusLite: componentType: "NUCLEUS" configuration: awsRegion: "us-east-1" - iotCredEndpoint: "" - iotDataEndpoint: "" + iotCredEndpoint: "" #[Must leave blank] + iotDataEndpoint: "" #[Must leave blank] iotRoleAlias: "GreengrassV2TokenExchangeRoleAlias" runWithDefault: - posixUser: "ubuntu:ubuntu" + posixUser: "user:group" #[Modify here] greengrassDataPlanePort: "8443" - tesCredUrl: "http://127.0.0.1:8080/" aws.greengrass.fleet_provisioning: configuration: - iotDataEndpoint: "dddddddddddddd-ats.iot.us-east-1.amazonaws.com" - iotCredEndpoint: "aaaaaaaaaaaaaa.credentials.iot.us-east-1.amazonaws.com" - claimKeyPath: "/home/ubuntu/fleetClaim/private.pem.key" - claimCertPath: "/home/ubuntu/fleetClaim/certificate.pem.crt" - templateName: "FleetTestNew" - templateParams: '{"SerialNumber": "14ALES55UFA"}' -``` - -With all this setup for IoT core now let's begin provisioning the device. First -we will start an instance of ggconfigd - -```sh -cd ./run -../build/bin/ggconfigd + iotDataEndpoint: "aaaaaaaaaaaaaa-ats.iot.us-east-1.amazonaws.com" #[Modify here] + iotCredEndpoint: "cccccccccccccc.credentials.iot.us-east-1.amazonaws.com" #[Modify here] + claimKeyPath: "/ggcredentials/fleetClaim/private.pem.key" #[Modify here] + claimCertPath: "/ggcredentials/fleetClaim/certificate.pem.crt" #[Modify here] + templateName: "FleetTestNew" #[Modify here] + templateParams: '{"SerialNumber": "AAA55555"}' #[Modify here] ``` -In another shell, run the config script and the fleet provisioning +In root user shell, run fleet provisioning ```sh cd ./run -../build/bin/ggl-config-init --config ./init_config.yml ../build/bin/fleet-provisioning ``` Now this will trigger the fleet provisioning script which will take a few -minutes to complete, the shell doesn't automatically exits so look for a Info -level log: `Process Complete, Your device is now provisioned`. then you can kill -the process or wait for auto terminate of `300 seconds`. +minutes to complete. -You can then kill the config daemon as well. +> Note: Device will reboot in case of successful run -Now you can return to `## Running the nucleus` step in [SETUP.md](SETUP.md) +If you are storing the standard output then look for log: +`Process Complete, Your device is now provisioned`.