This article is a memorandum on setting up the Edge Platform for SAP IoT services for SAP BTP for the Cloud Foundry Environment on a Raspberry PI.
First
When setting up the Internet of Things Edge Platform on your Raspberry PI, you need to be aware that you cannot start the gateway unless you have at least 2GB of memory, which means you need a Raspberry PI4 model with a larger memory. This means that you need a Raspberry PI4 model with a larger memory to run the platform, and I was not able to run the platform on a Raspberry PI 3 or Zero due to memory issues.
This time I am using the following version of the OS.
pi@raspberrypi:~ $ uname -a
Linux raspberrypi 5.10.17-v7l+ #1403 SMP Mon Feb 22 11:33:35 GMT 2021 armv7l GNU/Linux |
Note 1: I’m using a Raspberry PI 4 with 4GB memory model, I think it will work with 2GB model but I haven’t tested it.
Note 2: It may be possible to get this to work on Raspberry PIs with less than 2GB of memory by using various parameters and memory-related packages that are added later.
Install JRE
The Edge Gateway requires a Java 8 runtime environment to operate.
Connect your Raspberry PI to the network and log in using a terminal or SSH.
I recommend to update package list first.
| pi@raspberrypi:~ $ sudo apt-get update |
then execute following.
| pi@raspberrypi:~ $ sudo apt-get install openjdk-8-jre |
Of course you can also install the JDK as ‘openjdk-8-jdk’.
Verify that the installation was successful.
|
pi@raspberrypi:~ $ java -version
openjdk version “1.8.0_212”
OpenJDK Runtime Environment (build 1.8.0_212-8u212-b01-1+rpi1-b01)
OpenJDK Client VM (build 25.212-b01, mixed mode)
|
Once this is done, Next , set up the gateway.
Setup Edge gateway
In this section,I will try to set up a REST Edge gateway.
First, transfer IOTCHCPXX_X-XXXXXXXX.ZIP to your Raspberry PI and extract it. The one I used is IOTCHCP69_0-70002561.ZIP.
I created a directory called IOTCHCP and extracted it there.
|
pi@raspberrypi:~ $ mkdir IOTCHCP
pi@raspberrypi:~ $ cd IOTCHCP
pi@raspberrypi:~/IOTCHCP $ unzip ../IOTCHCP69_0-70002561.ZIP
Archive: ../IOTCHCP69_0-70002561.ZIP
creating: documentation-4.69.0/
inflating: documentation-4.69.0/all-4.69.0-fortify.pdf
inflating: documentation-4.69.0/common-4.69.0-fortify.pdf
inflating: documentation-4.69.0/iot.cf.edge.platform.coap.pdf
inflating: documentation-4.69.0/iot.cf.edge.platform.file.pdf
inflating: documentation-4.69.0/iot.cf.edge.platform.modbus.pdf
inflating: documentation-4.69.0/iot.cf.edge.platform.mqtt.pdf
inflating: documentation-4.69.0/iot.cf.edge.platform.opc.ua.pdf
inflating: documentation-4.69.0/iot.cf.edge.platform.rest.pdf
inflating: documentation-4.69.0/iot.cf.edge.platform.sigfox.pdf
inflating: documentation-4.69.0/iot.cf.edge.platform.snmp.pdf
inflating: gateway-4.69.0.zip
inflating: sdk-4.69.0.zip
inflating: SIGNATURE.SMF
pi@raspberrypi:~/IOTCHCP $
|
Under this directory, create a folder named ‘gateway’ and extract gateway-4.69.0.zip into it.
| pi@raspberrypi:~/IOTCHCP $ mkdir gateway
pi@raspberrypi:~/IOTCHCP $ cd gateway
pi@raspberrypi:~/IOTCHCP/gateway $ unzip ../gateway-4.69.0.zip
pi@raspberrypi:~/IOTCHCP/gateway $ ls
adapters gateway-upgrade.jar plugins
build.bat merge.bat upgrade.bat
build.sh merge.sh upgrade.sh
config migrate.bat version.json
configuration migrate.sh
gateway-upgrade-migration.jar org.eclipse.osgi.jar
pi@raspberrypi:~/IOTCHCP/gateway $
|
Then Build. Since we will be using the REST gateway, we will use the following
|
pi@raspberrypi:~/IOTCHCP/gateway $ ./build.sh REST
Build script … starting
PARAMETRS: REST
Merge script … starting
WARN: Custombundles dir is NOT present in system
Plugin configuration … starting
Removing unnecessary files … starting
pi@raspberrypi:~/IOTCHCP/gateway $
|
Specify ‘REST’ as the argument of build.sh to build.
The next step is to edit config_gateway_rest.xml under the config directory.
This is always a bit complicated, but you just have to learn it.
First, access the IoT cockpit and write down the necessary information. Log in and select the tenant you want to use.
Check the URL field of your web browser. It should look like the following.
https://xxxxxxx-xxxx-xxxxx-xxxx-xxxxxx.xxxx.cp.iot.sap/yyyyyy-yyyyyy-yyyyyy-yyyyyy-yyyyyyyyyy/iot/cockpit/#/tenant/zzzzzzzzzz
break this down
https://xxxxxxx-xxxx-xxxxx-xxxx-xxxxxx.xxxx.cp.iot.sap/yyyyyy-yyyyyy-yyyyyy-yyyyyy-yyyyyyyyyy/iot/cockpit/#/tenant/zzzzzzzzzz
The parts that are colored above should be <HOSTNAME>,<INSTANCENAME>,<TENANTNAME>.
<HOSTNAME> = xxxxxxx-xxxx-xxxxx-xxxx-xxxxxx.xxxx.cp.iot.sap
<INSTANCENAME> = yyyyy-yyyyyy-yyyyyy-yyyyyy-yyyyyyyyy
<TENANTNAME> = zzzzzzzzzz
(The above will be used in next explanations.)
It’s the minimum required part.
First, replace 127.0.0.1 in the cnf:connectionString part of line 9 with <HOSTNAME>.
<cnf:connectionString>failover:(nio+ssl://<HOSTNAME>:61616?daemon=true&soTimeout=60000&verifyHostName=true)?initialReconnectDelay=5000</cnf:connectionString>
|
Next, near line 23, change the description of the <cnf:address> tag inside the <cnf:coreconnetion> tag.
It’s a bit complicated here.
| <cnf:address>https:/<HOSTNAME>/<INSTANCENAME>/iot/core/api/v1/tenant/<TENANTNAME></cnf:address> |
The last line is line 56.
Finally, line 56.
Now, edit the <cnf:gateway> tag to specify the Alternate ID of the gateway. This value will be displayed in the list of gateways on the cockpit。
The Edge is part of the gateway. And since the Edge is likely to be used more than once by its nature, it should be easy to identify which Edge device it is in the cockpit.
<cnf:gateway gatewayAlternateId=”EDGERESTGATEWAYONRPI”>
|
This completes the editing.
This time , I assume that the Edge gateway will be installed in a secure network dedicated to the Edge device, and that communication between the sensor device and the Edge gateway will be done without certificate authentication.
Edit the /gateway/config/services/sap.NettyConfiguration.cfg file under the directory where you extracted the gateway.
|
# Enables a Netty server
enabled = true
# Host name or IP address to identify a specific network interface on which to listen
host = localhost
# TCP/IP port on which the server listens for connections
port = 8699
# Expose service on https
enableSSL = false
|
Change ‘enableSSL’ to ‘false’ since it is set to true by default.
Also, edit sap.RestAdapterConfiguration.cfg.
pi@raspberrypi:~/IOTCHCP/gateway/config/services $ vi sap.RestAdapterConfiguration.cfg
# Enable/Disable the device authorization checks
useDeviceAuth = false
|
The ‘useDeviceAuth’ here is also set to ‘true’ by default, so set it to false.
This setting is for communication without encryption, so be careful when using it in practice.
Finally, download and deploy the Onboarding Certificate.
You can download the Onboarding Certificate from the Cockpit page.
Be sure to rename the file to “gateway-registration-certificate.json” after downloading it. The gateway will read a file with this name.
This file should be placed in the config/certificates directory under the gateway directory.
If the ‘certificates’ directory does not exist, create it as shown below, and then place the Onboarding Certificate in it.
|
pi@raspberrypi:~/IOTCHCP/gateway/config $ mkdir certificates
pi@raspberrypi:~/IOTCHCP/gateway/config/certificates $ cd certificates
pi@raspberrypi:~/IOTCHCP/gateway/config/certificates $ mv $HOME/gateway-registration-certificate.json ./
|
You are now ready to go.
Execute Edge gateway
After doing this, you can finally start the gateway.
Run gateway.sh.
|
pi@raspberrypi:~/IOTCHCP/gateway $ ./gateway.sh
(snip)
234 18:12:44,279 [DiscoveryManager] INFO (DiscoveryManager:62) – Initialization successfully finished, start loading API endpoint
234 18:12:44,280 [DiscoveryManager] INFO (DiscoveryManager:71) – API endpoint loaded, start network configuration
234 18:12:44,280 [DiscoveryManager] INFO (DiscoveryManager:75) – Network configuration performed, retrieving the network nodes
234 18:12:44,280 [DiscoveryManager] INFO (DiscoveryManager:78) – Nodes successfully retrieved, start node configuration
234 18:12:44,280 [DiscoveryManager] INFO (DiscoveryManager:642) – +————– Gateway Initialization Complete ———————+
|
Check the list of gateways in the IoT cockpit. If the gateway you registered is displayed, you have succeeded.
Option:Autostart setting for edge gateway
As the name suggests, the “edge” is the end of the network.
Unlike enterprise systems, most of the systems at this end do not have an administrator nearby at all times. I used to be an embedded systems engineer. I used to be an embedded system engineer, which is now called an edge system. What was required for systems in this environment was that when a problem occurred, a less computer-savvy person on site could handle it.
However, there are limits to what someone who is not familiar with computers can do. In particular, it would be difficult for them to operate Linux. However, you should be able to press the power button and reboot.
So, let’s set up the edge gateway to start automatically when the Raspberry PI is turned on.
There are several ways to make the Raspberry PI start automatically, but this time we will use systemd.
First, create a file like the one below. I will call it ‘iotedgegateway.service’ and create the following file.
[Unit]
Description=SAP IoT Edge Gateway(REST)
After=syslog.target[Service]
Type=simple
WorkingDirectory=/home/pi/IOTCHCP/gateway
ExecStart=/home/pi/IOTCHCP/gateway/gateway.sh
TimeoutStopSec=5
StandardOutput=null[Install]
WantedBy = multi-user.target |
according to the environment.
Copy this file to /etc/systemd/system. This needs to be done with sudo.
Then reload the service list and start it manually first. ( sudo systemctl start iotedgegateway)
|
pi@raspberrypi:~ $ sudo mv iotedgegateway.service /etc/systemd/system
pi@raspberrypi:~ $ sudo systemctl daemon-reload
pi@raspberrypi:~ $ sudo systemctl start iotedgegateway
pi@raspberrypi:~ $ sudo systemctl status iotedgegateway
● iotedgegateway.service – SAP IoT Edge Gateway(REST)
Loaded: loaded (/etc/systemd/system/iotedgegateway.service; enabled;
Active: active (running) since Thu 2021-05-13 16:55:57 JST; 10s ago
Main PID: 989 (gateway.sh)
Tasks: 25 (limit: 3860)
CGroup: /system.slice/iotedgegateway.service
├─989 /bin/bash /home/pi/IOTCHCP/gateway/gateway.sh
└─990 java -Dorg.apache.activemq.UseDedicatedTaskRunner=fals
2021-05-13 16:55:57 raspberrypi systemd[1]: Started SAP IoT Edge Gateway(R
pi@raspberrypi:~ $ sudo systemctl stop iotedgegateway
|
You can use sudo systemctl status iotedgegateway to check if it has started successfully.
Once it is confirmed that it is working, stop it. This can be done by “sudo systemctl stop iotedgegateway”.
Now the service has been created, but it is not set to start automatically. To set it to auto-start
| pi@raspberrypi:~ $ sudo systemctl enable iotedgegateway |
Reboot the Raspberry PI and run sudo systemctl status iotedgegateway to check if it is active.
Summary and point
I have set up REST’s Edge gateway on my Raspberry PI and got it working.
Here are some points to consider when choosing a gateway.
The REST and MQTT gateways are also available on the Cloud side. The same MQTT and REST gateways are also available on the Edge side.
The difference is that all gateways on the Cloud require authentication with a client certificate. All gateways on the Cloud require authentication with a client certificate, while gateways on the Edge side allow you to choose the authentication method, and you can even choose no authentication.
This is because Edge gateways are supposed to be accessed by devices that exist on the same network with a certain level of security. Cloud gateways, on the other hand, are accessed over the Internet and require some mechanism to ensure security, which is why they require access with client certificates.
Edge gateways are useful when the sensors and devices to be connected have communication capabilities, but are not functionally capable of communicating using certificates. It is the Edge gateway that actually connects to the IoT service, and it is the Edge gateway that authenticates the device with the Onboarding Certificate.
In some cases, a private wireless LAN network is sufficient, and whether to use client certificate authentication there as well depends on the requirements and specifications of the devices.
In the next article, I will try to send data from “IchigoJam” a simple small computer that I happened to touch, to SAP IoT services for SAP BTP for the Cloud Foundry Environment via REST gateway on this RaspberryPI.
Stay home now for great feature.
