IOTGateway
Introduction
IOTGateway service enables cloud to connect to the device, thereby allowing clients to invoke device APIs remotely. The service connects to the cloud service. See Reference Cloud for Jetson devices running Jetson Platform Services using the tcpmux protocol. Device connection to the cloud is done secure through a provisioning process supported by two components: the TCPMux client and the provisioning agent.
tcpmux client
The tcpmux client is the iotgateway component responsible for making an outgoing connection to the cloud, which stays persistent from that point. Based on this mechanism, the system is not subject to firewall rules that be present in the encompassing network of the device. Instrumental to making this connection, the provisioning agent downloads the required public key infrastructure (PKI) assets.
Provisioning Agent:
The provisioning agent is an edge device component and is in charge of procuring the necessary pki assets needed by the device to connect securely to the cloud. This agent needs to authenticate to the provisioning server agent service when making a request for new certificates. The OTP provided by the provisioning server admin service should be configured in the provisioning agent. Based on the configured OTP,the provisioning agent requests a signed certificate by sending a request to the server. The server(provisioning server agent service) authenticates the request by validating the OTP and the CSR sent, then use the latter to issue certificate. The prov agent will persist that certificate onto the device. It will also download CACerts as separate requests. Refer to the Reference Cloud for Jetson devices running Jetson Platform Services for information on how to configure it and Connecting device to reference Cloud for the description of the provisioning callflow.
Notify Hub:
Notify Hub enables microservices to push events notifications to external clients through reference cloud. Examples of these events include gem alerts from Analytics microservice, system alerts from Monitoring. It can further be extended to support custom events derived from user created microservices. It starts with an api client subscribing to a specific gem type. If no gem type if provided, it will default to all gem alerts. The subscrition should message will push to the device through tcpmux-client. The subscription configuration will contain an http based destination endpoint to pushed alerts to. It should also contain a JWT token for authenticating to the destination. It can optionally contains a filter for alert subscription. here is a sample config.
{
"cloud_endpoint": "http://mock-reference-cloud:7000/notify/api/v3/msg",
"cloud_jwt": "sadfjhlhf.afhlkahjkflhkasfdhj.falfksdjsdgfa",
"filter":[
{
"sensorId": "abcd",
"tripwires": [
{
"tripwireId": "TW1",
"alertRuleTypes": ["increment", "flowrate"]
}
],
"rois": [
{
"roiId": "*",
"alertRuleTypes": ["*"]
}
]
}
]
}
Start and Stop Service
sudo systemctl start jetson-iot-gateway
sudo systemctl stop jetson-iot-gateway
sudo systemctl restart jetson-iot-gateway
Verify Connection to Cloud
You can verify that the device is connected to the cloud in two ways:
tcpmux logs: The tcpmux-client will not be trying to reconnect to the cloud. The log entry INFO:device:verifyCloudCert should end with 1. Run this command to check the live logs
$ sudo docker logs -f tcpmux-clientThe log output should look like this.
device serial number: 1421622125118 starting tcpmux client 2024-01-03 18:56:09+0000 [-] Log opened. 2024-01-03 18:56:09+0000 [-] Starting factory <device.DeviceClientProtocolFactory object at 0xffffaafce0d0> INFO:device:DeviceClientProtocolFactory.startedConnecting INFO:device:DeviceClientProtocolFactory.buildProtocol INFO:device:DeviceClientProtocol.__init__ INFO:device:DeviceClientProtocol.connectionMade INFO:device:verifyCloudCert <OpenSSL.SSL.Connection object at 0xffffa92eead0> <OpenSSL.crypto.X509 object at 0xffffa9700290> 0 2 1 INFO:device:verifyCloudCert <OpenSSL.SSL.Connection object at 0xffffa92eead0> <OpenSSL.crypto.X509 object at 0xffffa9700290> 0 1 1 INFO:device:verifyCloudCert <OpenSSL.SSL.Connection object at 0xffffa92eead0> <OpenSSL.crypto.X509 object at 0xffffa9700290> 0 0 1 2024-01-03 18:56:10+0000 [-] Starting factory <device.OutboundProtocolFactory object at 0xffffa92c3450> INFO:device:DeviceClientProtocol.stringReceivedIn case of failure, you should see a periodic attempt to reconnect.
device serial number: 1422022102399 starting tcpmux client 2023-12-05 21:22:07+0000 [-] Log opened. 2023-12-05 21:22:07+0000 [-] Starting factory <device.DeviceClientProtocolFactory object at 0xffff9f77c050> INFO:device:DeviceClientProtocolFactory.startedConnecting WARNING:device:DeviceClientProtocolFactory.clientConnectionFailed; [Failure instance: Traceback (failure with no frames): <class twisted.internet.error.TimeoutError>: User timeout caused connection failure.] 2023-12-05 21:22:37+0000 [-] <twisted.internet.tcp.Connector instance at 0xffff9f667f10 disconnected IPv4Address(type=TCP, host=tcpmux.xxx.com, port=30099)> will retry in 2 seconds 2023-12-05 21:22:37+0000 [-] Stopping factory <device.DeviceClientProtocolFactory object at 0xffff9f77c050> 2023-12-05 21:22:39+0000 [-] Starting factory <device.DeviceClientProtocolFactory object at 0xffff9f77c050> INFO:device:DeviceClientProtocolFactory.startedConnecting 2023-12-05 21:22:39+0000 [Uninitialized] <twisted.internet.tcp.Connector instance at 0xffff9f667f10 disconnected IPv4Address(type=TCP, host=tcpmux.xxx.com, port=30099)> will retry in 6 seconds 2023-12-05 21:22:39+0000 [-] Stopping factory <device.DeviceClientProtocolFactory object at 0xffff9f77c050> WARNING:device:DeviceClientProtocolFactory.clientConnectionFailed; [Failure instance: Traceback (failure with no frames): <class twisted.internet.error.ConnectionRefusedError>: Connection was refused by other side: 111: Connection refused.]