Category Archives: Uncategorized

m2ag.labs iot framework reloaded

I realize it has been quite sometime since my last post detailing how to install the m2ag.labs iot framework. After that post I looked over my progress and goals and did research in to existing projects. I came across Mozillia’s IoT project and was happy to find something I can work with.

Part of my goal was to provide for automatic ui configuration of common controls, easy web access and standard way of defining IoT devices. Mozilla’s project does that and more while supporting proposed w3c standards. This covers a large part of my development effort so I am definitely adopting the webthings and gateway for my project.

I still have the management interface to workout, including a point and click configuration mechanism and easy certificate generation and installation. These will be my milestone 1 goals. I will also be developing examples and documentation for the project.

The new architecture will use webthings as a standard

m2ag.lab iot framework

Installing the pre-alpha m2ag.labs IoT framework

The m2ag.labs IoT framework currently targets the Raspberry PI and Raspbian. The framework is in pre-alpha but us useable with custom modules installed. Custom modules will be the topic of next weeks post, along with some example code.

The usual warnings apply — this framework may not be compatible with the alpha or later versions of the framework. Some the of the internals need some work, but the framework can be made to work for you now.

Steps:

  1. Install Raspbian Lite
  2. Perform initial start up
  3. Configure WIFI, SSH, i2c,  change password and hostname
  4. Reboot and login via SSH
  5. Update OS via apt
  6. Generate and place X509 certificates
  7. Get  installer and run

Install Raspian:

Use the Raspberry PI imager  to write Raspbian Lite to your sd card. I use 32 gb Samsung Evo cards. There is direction for choosing a micro sd at the Raspberry PI site.

I use Raspbian Lite unless there is a need for desktop UI on the device. Generally the stuff I do runs headless and is controlled via a web app.

After the image is written do the initial start up for the PI. The easiest way is to add a ssh file to the boot directory of the image we just created and connect the device to an ethernet hub. Just ssh to pi@raspberrypy.local and go. Another way is to plug in a monitor and keyboard but I am too lazy to go get one. The RaspberryPI  site has  instructions on setting up headless with wifi but I haven’t had much luck getting this to work lately (the wifi won’t start) .

After we get logged in (pi/raspberry) we need to configure wifi and enable ssh (if we haven’t already) It’s a good idea to go a head a change:

  •  the default password
  • the time zone
  • enable i2c

Next –  install the X509 certificates. This has been discussed previously on m2aglabs.com. I haven’t decided if I will add a configuration option to run without ssh. I’m not thinking it is a good idea. But — ssh can be turned off with a little manual file editing. For the device, it is in the file device/comm/comm.py. The logger is just one file. For the client look in device/api/static/js/comm.js. I don’t think it is a good idea to not use ssh, even in a controlled network.

To create and deploy the certificates follow the instructions in this link or use the tool at  https://github.com/dakshshah96/local-cert-generator to generate the certs. Remember — the root CA has to be imported to each OS that wants to access the IoT device securely. The blog post at m2aglabs.com contains links to instructions for the most common systems. I use Mac, IOS and Linux around here but Windows and Android are all good.

After the certificates are generated place them in the pi users home directory in a .certs subdirectory. Both the Flask app and Mosquitto MQTT server will access them from here. We are looking for the filenames server.crt and server.key.

Next – cd to home/pi and get the install.sh with wget :

wget https://raw.githubusercontent.com/m2ag-labs/m2ag-iot-installer/master/install.sh
chmod +x install.sh
/install.sh

This script does apt update and upgrade first, then the install. It can take quite a while to complete. When the script is complete the system should be installed and running. Check the script results for errors. Then navigate to your device on port 5000 (raspib.local:5000) and get the client page opened (be sure to have imported the root CA so ssl will work.

You will get a warning about no user name password. Click on ‘credentials’ in the upper right and enter the default username/password (pi/raspberry).

provide default credentials (pi/raspberry) and click ‘close’

The device will use the hostname as a login for mqtt, default password is raspberry. When we get the page and the login we can see that the api app is running and ssl is correctly recognized by the browser.

Click on ‘Get Device’ list to populate the list. You should see a listing for the device that you can click on:

Select the device to proceed.

This selects the device setup us up for an mqtt connection to the IoT core of or device. Commands can be sent via the Communications tab:

command to sound a sample alert

If you have a piezo buzzer attached to pin 13 the preceding command will make it play a tone. In the command — the prm object can carry your custom command to your IoT device. Returned data will be available in the output area. I have a post here that details how I set my buzzer up.

Limited DB access via Database tab,

registry and users are currently implemented.

The code is pre-alpha so there are plenty of warts. There is a problem with the HTML5 app that make the initial mqtt connection a little contrary but it can be made to work. Just try sending a command a couple of times if you can’t get the initial command to work. Much work needs to be done to HTML5 app ( would you like to help? ).

The UI and accompanying API are going to get some usability improvements next, followed by some work on the IoT device.

The repos are here.

If you are working on COVID related projects and would like to use this framework to boot strap your effort I would be happy to assist in getting you going. Contact me here.

If you find this work helpful perhaps you would consider supporting m2ag.labs open source efforts by buying us coffee. Any amount would be appreciated. Please use this link to do so:

Small Donate Button

Thanks for stopping by.

sqlite.remote version 1.0

March 22, 2020

A while back I released some simple code to allow access to a SQLite database on my embedded devices. A python/html5 app that provided an HTML5 interface to a python api. My goal is a simple to use method that allows quick and easy access to  databases on raspberry pi (or similar) used for configuration and logging on my IoT devices. The requirements are minimal :

  1. User login via http auth
  2. The ability to change a user password.
  3. SSL via self signed certificates
  4. Basic database access via a browser based app

Today version 1.0 of the sqlite.remote tool is being released. Available via git hub, the app meets the goals specified above.

Some assembly is required — mainly in the form of generating self signed certificates for the devices and browsers that will be used to access them. Check out my previous post about securing local IoT devices.  Generate the certs that you need before installing the sqlite.remote tool.

Installation:

Since I use this on the Raspberry PI it is installed in the pi user’s home directory. Any system that supports python should work, as should any user.

First clone the git hub repository:

 git clone https://github.com/m2ag-labs/m2ag-sqlite-remote.git

Then cd to the install directory and chmod the installer script:

chmod +x install.sh

Then ./install.sh to install dependencies. This app requires flask and flask_httpauth. Depending on your current update status the dependencies may already be installed.

After the install is completed the install can be tested by changing to the project root and running:

python3  api.py sqlite-remote.sqlite

This should start the api server and show a  message like this in the console:

As you can see we are using the barebones development server to run our api. Despite the message to not use this in production, I am using this in production. My usage only calls for one or two users at a time infrequently hitting the api. I decided to trade a simple implementation for a more robust web server and more complicated install. Plus, the web server would generally sit idle for day to day use.

It should also be noted that the api is being served over https. This is requires a self signed certificate to be installed on the device. This is configured at the bottom of api.py:

Adjust the paths to the correct certificate files. The api can be run without ssl if desired. For me, I want to provide at least a minimal level of security to my IoT devices. I intend this to be a config and control interface, but the devices will generally be inside a controlled firewall. Self signed certs  and a basic login meets my needs.

As part of the install a service a file is and copied to the systemd system directory. If the default location (/home/pi/m2ag-sqlite-remote) is changed, change it in this file.  To enable the service:

sudo systemctl m2ag-sqlite-remote enable
and 
sudo systemctl m2ag-sqlite-remote start

After the api is running navigate to your device at:

https://your-device.local:5001  to get the app page:

The default user is “pi” and the password is “raspberry”. These can be set in the credentials popup:

Select close to get back to query screen. If the query button is pressed with an empty query an “Ok” message will be returned. This tells us the configuration is correct:

To change the password use e the credentials popup:

‘Ok’ will appear in the status on a successful change.

To add new users first select * from users and get the hash for pi’s password and then insert a user using the same password hash. You can then use the new user’s credentials and change the password with the set password dialog.

General usage:

This app should handle most updates and edits to tables. Since the services setup specifies the database at startup additional tables to be added to the sqlite-remote.sqlite database. The only requirement for the app is the user table with a text username and password fields. This table could be added to any database. Just insert the pi user (or any other user) into the user tables via the command line app or some other tool.

It is hoped that you find this app useful, please feel free to open issues on github or comment here if there are problems with the app. Keep in mind it is barebones on purpose, all I need it to do is update tables remotely for me. If more complex usage is envisioned it may be modifications will need to be made.

If you find this work helpful perhaps you would consider supporting m2ag.labs open source efforts by buying us coffee. Any amount would be appreciated. Please use this link to do so:

Small Donate Button

Thanks for stopping by.