The m2ag-thing-framework (formerly m2ag-iot-framework) has reached alpha 3. The functionality of this release represents MVP for the project. The framework generates (RFC?) compliant webthings and is compatible with the Mozilla IoT gateway.
Designed with security and privacy in mind the m2ag-thing-framework comes out of the box pre-configured for ssl for every thing and http basic auth for the api and management app. Coming in beta one will be a jwt implementation for the webthing security to provide peace of mind that devices can not be easily hijacked.
The device side implementation can happily run inside your firewall and never connect to the internet after the initial install. All data is kept locally. Data logging and rules engine support can be provided by the Mozilla IoT gateway. All files needed to run the thing are local after configuration.
The html5 management app is used to configure and monitor the device. Custom devices pages are automatically generated for installed things allowing debug and monitoring. The pages can be individually addressed to they can be used as ui’s for simple cases. The management app needs to be connected to the cloud while modules are being added to a thing, but afterwards does not.
Configurations can be modified with ease. The things git hub repo will contain predefined things and components that can used. Custom modules can be created by following a simple pattern. Alpha 2 will only support making properties available. Future releases will address events and actions.
I realize it has been quite sometime since my last post detailing how to install the m2ag.labs iot framework. After that post I looked over my progress and goals and did research in to existing projects. I came across Mozillia’s IoT project and was happy to find something I can work with.
Part of my goal was to provide for automatic ui configuration of common controls, easy web access and standard way of defining IoT devices. Mozilla’s project does that and more while supporting proposed w3c standards. This covers a large part of my development effort so I am definitely adopting the webthings and gateway for my project.
I still have the management interface to workout, including a point and click configuration mechanism and easy certificate generation and installation. These will be my milestone 1 goals. I will also be developing examples and documentation for the project.
The m2ag.labs IoT framework currently targets the Raspberry PI and Raspbian. The framework is in pre-alpha but us useable with custom modules installed. Custom modules will be the topic of next weeks post, along with some example code.
The usual warnings apply — this framework may not be compatible with the alpha or later versions of the framework. Some the of the internals need some work, but the framework can be made to work for you now.
Install Raspbian Lite
Perform initial start up
Configure WIFI, SSH, i2c, change password and hostname
I use Raspbian Lite unless there is a need for desktop UI on the device. Generally the stuff I do runs headless and is controlled via a web app.
After the image is written do the initial start up for the PI. The easiest way is to add a ssh file to the boot directory of the image we just created and connect the device to an ethernet hub. Just ssh to firstname.lastname@example.org and go. Another way is to plug in a monitor and keyboard but I am too lazy to go get one. The RaspberryPI site has instructions on setting up headless with wifi but I haven’t had much luck getting this to work lately (the wifi won’t start) .
After we get logged in (pi/raspberry) we need to configure wifi and enable ssh (if we haven’t already) It’s a good idea to go a head a change:
the default password
the time zone
Next – install the X509 certificates. This has been discussed previously on m2aglabs.com. I haven’t decided if I will add a configuration option to run without ssh. I’m not thinking it is a good idea. But — ssh can be turned off with a little manual file editing. For the device, it is in the file device/comm/comm.py. The logger is just one file. For the client look in device/api/static/js/comm.js. I don’t think it is a good idea to not use ssh, even in a controlled network.
To create and deploy the certificates follow the instructions in this link or use the tool at https://github.com/dakshshah96/local-cert-generator to generate the certs. Remember — the root CA has to be imported to each OS that wants to access the IoT device securely. The blog post at m2aglabs.com contains links to instructions for the most common systems. I use Mac, IOS and Linux around here but Windows and Android are all good.
After the certificates are generated place them in the pi users home directory in a .certs subdirectory. Both the Flask app and Mosquitto MQTT server will access them from here. We are looking for the filenames server.crt and server.key.
Next – cd to home/pi and get the install.sh with wget :
This script does apt update and upgrade first, then the install. It can take quite a while to complete. When the script is complete the system should be installed and running. Check the script results for errors. Then navigate to your device on port 5000 (raspib.local:5000) and get the client page opened (be sure to have imported the root CA so ssl will work.
You will get a warning about no user name password. Click on ‘credentials’ in the upper right and enter the default username/password (pi/raspberry).
The device will use the hostname as a login for mqtt, default password is raspberry. When we get the page and the login we can see that the api app is running and ssl is correctly recognized by the browser.
Click on ‘Get Device’ list to populate the list. You should see a listing for the device that you can click on:
This selects the device setup us up for an mqtt connection to the IoT core of or device. Commands can be sent via the Communications tab:
If you have a piezo buzzer attached to pin 13 the preceding command will make it play a tone. In the command — the prm object can carry your custom command to your IoT device. Returned data will be available in the output area. I have a post here that details how I set my buzzer up.
Limited DB access via Database tab,
The code is pre-alpha so there are plenty of warts. There is a problem with the HTML5 app that make the initial mqtt connection a little contrary but it can be made to work. Just try sending a command a couple of times if you can’t get the initial command to work. Much work needs to be done to HTML5 app ( would you like to help? ).
The UI and accompanying API are going to get some usability improvements next, followed by some work on the IoT device.
A while back I released some simple code to allow access to a SQLite database on my embedded devices. A python/html5 app that provided an HTML5 interface to a python api. My goal is a simple to use method that allows quick and easy access to databases on raspberry pi (or similar) used for configuration and logging on my IoT devices. The requirements are minimal :
Some assembly is required — mainly in the form of generating self signed certificates for the devices and browsers that will be used to access them. Check out my previous post about securing local IoT devices. Generate the certs that you need before installing the sqlite.remote tool.
Since I use this on the Raspberry PI it is installed in the pi user’s home directory. Any system that supports python should work, as should any user.
Then cd to the install directory and chmod the installer script:
chmod +x install.sh
Then ./install.sh to install dependencies. This app requires flask and flask_httpauth. Depending on your current update status the dependencies may already be installed.
After the install is completed the install can be tested by changing to the project root and running:
python3 api.py sqlite-remote.sqlite
This should start the api server and show a message like this in the console:
As you can see we are using the barebones development server to run our api. Despite the message to not use this in production, I am using this in production. My usage only calls for one or two users at a time infrequently hitting the api. I decided to trade a simple implementation for a more robust web server and more complicated install. Plus, the web server would generally sit idle for day to day use.
It should also be noted that the api is being served over https. This is requires a self signed certificate to be installed on the device. This is configured at the bottom of api.py:
Adjust the paths to the correct certificate files. The api can be run without ssl if desired. For me, I want to provide at least a minimal level of security to my IoT devices. I intend this to be a config and control interface, but the devices will generally be inside a controlled firewall. Self signed certs and a basic login meets my needs.
As part of the install a service a file is and copied to the systemd system directory. If the default location (/home/pi/m2ag-sqlite-remote) is changed, change it in this file. To enable the service:
sudo systemctl m2ag-sqlite-remote enable
sudo systemctl m2ag-sqlite-remote start
After the api is running navigate to your device at:
The default user is “pi” and the password is “raspberry”. These can be set in the credentials popup:
Select close to get back to query screen. If the query button is pressed with an empty query an “Ok” message will be returned. This tells us the configuration is correct:
To change the password use e the credentials popup:
‘Ok’ will appear in the status on a successful change.
To add new users first select * from users and get the hash for pi’s password and then insert a user using the same password hash. You can then use the new user’s credentials and change the password with the set password dialog.
This app should handle most updates and edits to tables. Since the services setup specifies the database at startup additional tables to be added to the sqlite-remote.sqlite database. The only requirement for the app is the user table with a text username and password fields. This table could be added to any database. Just insert the pi user (or any other user) into the user tables via the command line app or some other tool.
It is hoped that you find this app useful, please feel free to open issues on github or comment here if there are problems with the app. Keep in mind it is barebones on purpose, all I need it to do is update tables remotely for me. If more complex usage is envisioned it may be modifications will need to be made.
If you find this work helpful perhaps you would consider supporting m2ag.labs open source efforts by buying us coffee. Any amount would be appreciated. Please use this link to do so: