Connecting/ Accessing Hono services from local Machine

[charanhs123]

Hello @calohmn , I am trying to connect to Hono MQTT adapter from my M5core 2 device for updating telemetry data like temperature mentioned in cloud2edge tutorial , where Hono is running on Kubernetes on an Ubuntu desktop VM on a Proxmox server. But unfortunately, I am not able to establish the connection or update the telemetry value of my device. The device credentials and everything is the same as shown in the Cloud2edge tutorial ,

so how can I solve this problem, any help would be appreciated

Thank you

[calohmn]

Have you followed the tour and have you been able to send telemetry data via the curl commands described in the tour? How have you deployed the cloud2edge chart - with the NodePort or Loadbalancer option (as described here)?

You could try publishing MQTT data first from your local machine using Mosquitto. If you have followed the tour and run the setCloud2EdgeEnv.sh script, a mosquitto_pub request could look like this:

mosquitto_pub -d -h ${MQTT_ADAPTER_IP} -p ${MQTT_ADAPTER_PORT_MQTTS} -u demo-device@org.eclipse.packages.c2e -P demo-secret ${MOSQUITTO_OPTIONS} -t telemetry -m '{
  "topic": "org.eclipse.packages.c2e/demo-device/things/twin/commands/modify",
  "headers": {},
  "path": "/features/temperature/properties/value",
  "value": 45
}'

Note that in the default configuration, the MQTT adapter only accepts secure connections. The setCloud2EdgeEnv.sh script sets the MOSQUITTO_OPTIONS environment variable (as used above in the mosquitto_pub command), containing the --cafile <truststore-filepath> option with the configured truststore. (Also the --insecure option is set to disable hostname verification for local testing.) You could check if your MQTT device supports creating secure connections and check the configured truststore.

[charanhs123]

Yes i have followed the tour and i am able to send telemetry data using curl command like mentioned using HTTPS URL and i have set the Load Balancer Option,

iffroot4@iffroot:~$ kubectl get svc -n cloud2edge
NAME                                   TYPE           CLUSTER-IP       EXTERNAL-IP     PORT(S)                           AGE
c2e-ditto-dittoui                      ClusterIP      10.98.159.220    <none>          8080/TCP                          8d
c2e-ditto-gateway                      ClusterIP      10.107.249.158   <none>          8080/TCP                          8d
c2e-ditto-nginx                        LoadBalancer   10.107.79.168    10.107.79.168   8080:30117/TCP                    8d
c2e-ditto-swaggerui                    ClusterIP      10.109.140.103   <none>          8080/TCP                          8d
c2e-hono-adapter-amqp                  LoadBalancer   10.96.138.249    10.96.138.249   5671:32671/TCP                    8d
c2e-hono-adapter-http                  LoadBalancer   10.106.9.32      10.106.9.32     8443:30443/TCP                    8d
c2e-hono-adapter-mqtt                  LoadBalancer   10.108.226.16    10.108.226.16   8883:30883/TCP                    8d
c2e-hono-artemis                       ClusterIP      10.111.20.54     <none>          5671/TCP                          8d
c2e-hono-dispatch-router               ClusterIP      10.102.16.119    <none>          5673/TCP                          8d
c2e-hono-dispatch-router-ext           LoadBalancer   10.99.117.200    10.99.117.200   15671:30671/TCP,15672:30672/TCP   8d
c2e-hono-service-auth                  ClusterIP      10.105.55.143    <none>          5671/TCP,8088/TCP                 8d
c2e-hono-service-command-router        ClusterIP      10.109.127.105   <none>          5671/TCP                          8d
c2e-hono-service-device-registry       ClusterIP      10.103.27.181    <none>          5671/TCP,8080/TCP,8443/TCP        8d
c2e-hono-service-device-registry-ext   LoadBalancer   10.111.205.51    10.111.205.51   28443:31443/TCP                   8d
c2e-mongodb                            ClusterIP      10.104.50.221    <none>          27017/TCP                         8d

Also NO i am not able to send from the machine (Ubunut on VM) by mqtt

`iffroot4@iffroot:~$ mosquitto_pub -d -h ${MQTT_ADAPTER_IP} -p ${MQTT_ADAPTER_PORT_MQTTS} -u demo-device@org.eclipse.packages.c2e -P demo-secret ${MOSQUITTO_OPTIONS} -t telemetry -m '{
  "topic": "org.eclipse.packages.c2e/demo-device/things/twin/commands/modify",
  "headers": {},
  "path": "/features/temperature/properties/value",
  "value": 45
}'
Error: Problem setting TLS options: File not found.

iffroot4@iffroot:~$ mosquitto_pub -d -h ${MQTT_ADAPTER_IP} -p ${MQTT_ADAPTER_PORT_MQTTS} -u my-auth-id-1@my-tenant:my-password -t telemetry -m '{
  "topic": "org.acme/my-device-1/things/twin/commands/modify",
  "headers": {},
  "path": "/features/temperature/properties/value",
  "value": 45
}'
Client null sending CONNECT
OpenSSL Error[0]: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Error: Protocol error

iffroot4@iffroot:~$ echo $TRUSTSTORE_PATH
/tmp/c2e_hono_truststore.pem

in this case, I have tried with the demo device and my-device-1, I am getting an error response and the truststore path is set properly too so what is the issue? the demo device or CA file?

Also coming to my main question I have my pc which is hosting Proxmox which in turn has this VM so it's a three-step where I want to connect to the MQTT service of Ubuntu on my VM from my Local Host or M5core 2 device how can I do it? , i hope you got my point @calohmn

[charanhs123]

Hello @calohmn let me make it simple for you , i have the following services running on ubuntu VM so how can i access the Hono Services outside VM that is from local Machine which is hosting the VM thats my point.

iffroot4@iffroot:~$ kubectl get svc -n cloud2edge
NAME                                   TYPE           CLUSTER-IP       EXTERNAL-IP     PORT(S)                           AGE
c2e-ditto-dittoui                      ClusterIP      10.98.159.220    <none>          8080/TCP                          8d
c2e-ditto-gateway                      ClusterIP      10.107.249.158   <none>          8080/TCP                          8d
c2e-ditto-nginx                        LoadBalancer   10.107.79.168    10.107.79.168   8080:30117/TCP                    8d
c2e-ditto-swaggerui                    ClusterIP      10.109.140.103   <none>          8080/TCP                          8d
c2e-hono-adapter-amqp                  LoadBalancer   10.96.138.249    10.96.138.249   5671:32671/TCP                    8d
c2e-hono-adapter-http                  LoadBalancer   10.106.9.32      10.106.9.32     8443:30443/TCP                    8d
c2e-hono-adapter-mqtt                  LoadBalancer   10.108.226.16    10.108.226.16   8883:30883/TCP                    8d
c2e-hono-artemis                       ClusterIP      10.111.20.54     <none>          5671/TCP                          8d
c2e-hono-dispatch-router               ClusterIP      10.102.16.119    <none>          5673/TCP                          8d
c2e-hono-dispatch-router-ext           LoadBalancer   10.99.117.200    10.99.117.200   15671:30671/TCP,15672:30672/TCP   8d
c2e-hono-service-auth                  ClusterIP      10.105.55.143    <none>          5671/TCP,8088/TCP                 8d
c2e-hono-service-command-router        ClusterIP      10.109.127.105   <none>          5671/TCP                          8d
c2e-hono-service-device-registry       ClusterIP      10.103.27.181    <none>          5671/TCP,8080/TCP,8443/TCP        8d
c2e-hono-service-device-registry-ext   LoadBalancer   10.111.205.51    10.111.205.51   28443:31443/TCP                   8d
c2e-mongodb                            ClusterIP      10.104.50.221    <none>          27017/TCP                         8d

[calohmn]

Regarding the Error: Problem setting TLS options: File not found. error you got when using mosquitto_pub: This looks like the setCloud2EdgeEnv.sh script didn't write the $TRUSTSTORE_PATH file (/tmp/c2e_hono_truststore.pem in your case). Could you run

./setCloud2EdgeEnv.sh $RELEASE $NS $TRUSTSTORE_PATH

and check if there are errors?

Regarding your 2nd mosquitto_pub command: iffroot4@iffroot:~$ mosquitto_pub -d -h ${MQTT_ADAPTER_IP} -p ${MQTT_ADAPTER_PORT_MQTTS} -u my-auth-id-1@my-tenant:my-password -t telemetry [...] You have to specify the --cafile <truststore-filepath> parameter - otherwise there is the TLS error. In your 1st command, the --cafile parameter was in there because you had the ${MOSQUITTO_OPTIONS} there. ${MOSQUITTO_OPTIONS} is set by the setCloud2EdgeEnv.sh script to contain --cafile <truststore-filepath> --insecure.

As for your main question:

I have my pc which is hosting Proxmox which in turn has this VM so it's a three-step where I want to connect to the MQTT service of Ubuntu on my VM from my Local Host or M5core 2 device how can I do it?

This sounds like a question on how to configure the networking in Proxmox and your VM in order to be able to connect to the c2e-hono-adapter-mqtt Kubernetes service endpoint (external IP 10.108.226.16 above) from your host or the device. I don't know anything about Proxmox and in general this is out of scope of the cloud2edge chart. I would suggest you check the Proxmox documentation or ask in a corresponding forum about this.

[charanhs123]

Thank you @calohmn the problem of MQTT was solved , I have a question how does Hono works then? if it has a constraint of not able to connect to outside world ? Do we have to keep a PC running Hono services than on a server ?

[charanhs123]

Hello @sophokles73 and @calohmn ,

I have now set up cloud2edge on my PC(Ubuntu) and not in a VM, and I want to Publish the Telemetry data from a device (M5 core 2) to Hono to update the Digital Twin in Ditto. I have used the same credentials and everything related to Hono and Ditto as shown in Cloud2edge Tutorial, also I have assigned external IP to Hono services (Minikube Tunnel).

How can I publish the message to Hono from my devices like M5 core 2?

( I have been trying a lot to figure out this problem, as it is part of my Master Thesis, so your help would be appreciated )

Thank you

[calohmn]

I have a question how does Hono works then? if it has a constraint of not able to connect to outside world ? Do we have to keep a PC running Hono services than on a server ?

When running Kubernetes inside a VM and you want to access any Kubernetes services from the host, you have to properly configure your VM for this kind of network access. This is unrelated to Hono and there are no constraints there in Hono.

How can I publish the message to Hono from my devices like M5 core 2?

You first have to make sure that your device can connect to the loadbalancer IP of the c2e-hono-adapter-mqtt service (requiring a corresponding network configuration for your device). If publishing a message doesn't work, you can check the kind of error you get from the MQTT client you are using in the device and you can check the logs of the "c2e-hono-adapter-mqtt-[id]" Kubernetes pod. If the device connection request has reached the pod, you would see a log line like

DEBUG [org.ecl.hon.ada.mqt.imp.VertxBasedMqttProtocolAdapter] (vert.x-eventloop-thread-1) connection request from client [client-id: ba298aba-5ce8-4f8f-a54a-dae7467396fa]

there. If you encounter problems regarding establishing the secure connection, and you first want to try using an insecure connection, you can enable the insecure ports of the hono MQTT adapter by adding

--set hono.adapters.mqtt.hono.mqtt.insecurePortEnabled=true --set hono.adapters.mqtt.hono.mqtt.insecurePortBindAddress=0.0.0.0

to the cloud2edge chart helm install command. The loadbalancer port to connect to would then be 31883 (see the MQTT_ADAPTER_PORT_MQTT environment variable set by the setCloud2EdgeEnv.sh script).

[charanhs123]

Thank you @calohmn the problem was solved