Closed kzawad1 closed 1 year ago
There's an important step you might have missed; did you run:
microk8s.kubectl exec -it management-$REF -- \
./createsuperuser \
-username $USERNAME \
-email $EMAIL \
-name “$FIRST $LAST”
Where management-$REF
is whatever pod name is associated with the management pod, and the $USERNAME/$EMAIL/$FIRST $LAST
is whatever is associated with your Ubuntu SSO account.
Note that you would run this snippet directly in the iot-management repo you cloned locally.
Also note that my command is using the microk8s
snap, modify as needed for however you've installed kubectl
.
Ok, I didn't know I had to do that.
I just ran the command and I am getting an error, so I need to figure out what I need to do in terms of setup in order to run this command. The error is, so it is obviously not installed:
microk8s.kubectl: command not found
If you haven't read the white paper, you can find it here. It goes through a lot of setup instruction.
Because I do this using the microk8s
snap, you can use the microk8s.kubectl
command I reference by doing the following:
snap install microk8s --channel=1.25-strict/edge
sudo usermod -a -G snap_microk8s $LOGNAME
newgrp snap_microk8s
sudo microk8s enable hostpath-storage
sudo microk8s enable dns
After doing that setup, you should then be able to run the command.
Thank you for sending that. I don't understand the Postgres step. It states:
The Kubernetes deployment also needs the password of the PostgresSQL database to be changed, and then the service deployment is straightforward.
I don't know if I manually have to install the Postgres and setup the password or if the command automatically creates this. What do I need to change exactly. I don't understand.
Right now I am getting the following error:
krzysztof@pop-dev:~/iot-management$ kubectl create -f k8s-postgres.yaml
Error from server (AlreadyExists): error when creating "k8s-postgres.yaml": configmaps "postgres-config" already exists
Error from server (AlreadyExists): error when creating "k8s-postgres.yaml": persistentvolumes "postgres-pv-volume" already exists
Error from server (AlreadyExists): error when creating "k8s-postgres.yaml": persistentvolumeclaims "postgres-pv-claim" already exists
Error from server (AlreadyExists): error when creating "k8s-postgres.yaml": deployments.apps "postgres" already exists
Error from server (AlreadyExists): error when creating "k8s-postgres.yaml": services "postgres" already exists
krzysztof@pop-dev:~/iot-management$
What exactly needs to be done to get over this error?
I reread the "Secure IoT Device Management" and found out why I was running into the error. I got past it.
Now, what is unclear from that document is the "Exposing the services". For all the previous commands up until this point they all returned. However, the kubectl port forward
commands don't return, so I think I need to open 3 terminals for just prototyping this on my local development machine.
Do I need to have three separate terminals open to run the kubectl port forward
commands for prototyping only? (This obviously need to change for production).
Glad to hear you've resolved the issue! Do you mind mentioning what the solution was for posterity?
You are correct that kubectl
commands block; while testing I append an &
to background the task.
Ok, I just wanted to get "iot-management" running on my Ubuntu development machine. Therefore, I just cloned the "iot-management" repository and ran the commands from there.
However, this is not possible. All the projects are interconnected: iot-devicetwin, iot-identity, & iot-managment. Therefore, there is an entire sequence of steps that need to be performed to get this up and working that is not detailed in the guide but implied. For instance, cloning the repositories and performing Go builds.
I've deleted and recreated the Ubuntu development virtual machine a few times. Now, I am stuck at the point where I go to the URL http://management:8010 it just sits there and spins (the web browser with no errors). I can't figure out if I forgot to do a Go build before starting the pod, so there isn't anything to reply to the request. Or if it has to do with the port forwarding or something else.
It seems kind of odd to hold up the entire terminal with kubectl port forward
and port forwarding is something you want to do once and forget about it. Not have to have 3 terminal sessions running to make it work.
Hmm... I need to wipe the VM and start over again.
Everything is up and running in terms of the server side of things. Now, getting into an issue where I can't register devices:
Getting the error:
Mar 03 15:45:37 ubuntu iot-agent.mqtt[1780]: 2023/03/03 15:45:37 Error with enrollment: (EnrollDevice) assertion model: type of snap "snapd" must be one of app|base|gadget|kernel|core
Do I need to remove the iot-agent snap and reinstall it without using --devmode
?
Ah yes; this is a known issue - there was talk of a solution proposal at the end of last year, so I'll ask some people for an update on that.
In the meanwhile, the solution is to use a newer iot-identity image (part of the iot-agent repository).
There are two options: use someone else's, or build your own.
For the first option: check on Docker Hub - bugraaydogar's probably works (@bugraaydogar?). To do this, you'll modify the sonicblue
in the iot-identity repository's k8s yaml file with the new username.
For the second option: you can host an image yourself locally.
sudo apt install docker.io # or snap install docker & invoke docker below with sudo
sudo microk8s enable registry
cd iot-identity
docker build -t iot-identity .
docker tag iot-identity:latest localhost:32000/iot-identity:latest
docker push localhost:32000/iot-identity:latest
And update the iot-identity k8s yaml file to refer to your own localhost:
sed -i ‘s/sonicblue/localhost:32000/’ path/to/iot-identity/k8s-identity.yaml
Hmm... I tried the second option and it doesn't work. I'm getting the same thing.
I tried this second option while the pods where running. It didn't work, so I deleted the virtual machine and started from scratch again.
Here is the steps for the "iot-identity" setup:
# Go to home directory
cd ~
# Clone the iot-identity repository
git clone https://github.com/canonical/iot-identity.git
cd iot-identity/
# Update k8s-identity.yaml with items (ca.crt & ca.key) in identity.yaml
gedit ../iot-x509/identity.yaml k8s-identity.yaml
# Remove the ca.crt & ca.key files
rm ./datastore/test_data/ca.crt
rm ./datastore/test_data/ca.key
cp ~/iot-x509/ca.crt ./datastore/test_data/
cp ~/iot-x509/ca.key ./datastore/test_data/
go mod tidy
go build cmd/identity/main.go
# Deploy the database and service
kubectl create -f k8s-postgres.yaml
kubectl create -f k8s-identity.yaml
Maybe it is because I have the sequence wrong. Where are the steps/commands you mention above supposed to be ran? Before or after "go build"?
I figured it out and I got it working.
It shows "Enrolled".
I think at this point I will close this in the next few dates if no one adds any comments or possibly getting another solution submitted.
After building the source code and running the project I access the service via http://localhost:8010 .
Here are the steps:
What do I need to add to the setup to allow it to login?