Developer Guide

  • 2022.3
  • 10/25/2022
  • Public Content
Contents

Device Onboarding End-to-End Use Case

This tutorial describes how to:
  1. Onboard the Fast IDentity Online (FIDO) device (the
    Robot
    ).
  2. Register the
    Robot
    in ThingsBoard*.
  3. Set up a secure TLS connection for communication.
  4. Load specified applications (containers) to the EI for AMR device.
These machines are used:
  • The Intel® Smart Edge Open
    control plane
    which deploys ThingsBoard* to the edge node (The ThingsBoard* GUI is accessed with the control plane IP and mapped port.)
    In a Single-Node deployment, ThingsBoard* is installed on the same machine as the control plane.
    In a Multi-Node deployment, ThingsBoard* is installed on an edge node, not the control plane.
  • The EI for AMR
    Robot
    that you want to onboard
    • executes amr-fdo-client in terminal 1.
    The diagram only shows two robots but you can add as many as you need.
  • The
    FDO server
    which executes the manufacturer, rendezvous and owner servers
    • edge-server-fdo-manufacturer on
      terminal 1
    • edge-server-fdo-owner on
      terminal 2
    • edge-server-fdo-rendezvous on
      terminal 3
    • terminal 4
      for configuration and control
    The
    FDO server
    can be on any machine in the same network as the
    control plane
    . In this tutorial, the
    FDO server
    is on an edge node.

The Onboarding Flow

In this flow, the FIDO device, or FDO client, is the
Robot
.
  1. The FDO owner sends the FDO script,
    fileserver
    access, and
    filelist
    to the robot at field to be onboarded.
  2. The FDO client saves and starts the FDO script.
  3. FDO loads and stores files from FileServer.
  4. FDO registers the device in ThingsBoard* and and writes the Intel® In-Band Manageability configuration.
    1. FDO provisions each new device.
      Device naming convention:
      <SEO 'tier' label value>_<SEO 'environment' label value>_<IP Address of Device>_<Hostname of Device>_<MAC Address of Device>
      Example:
      BasicFleetManagement_tutorial_127.0.0.1_noop_00005E0053EA
    2. FDO saves the Intel® In-Band Manageability configuration and certification files in the host file system.
  5. FDO registers the device in Intel® Smart Edge Open and gets the token and hash.
  6. FDO starts the Intel® Smart Edge Open install script.
  7. Intel® Smart Edge Open deploys all configured containers, including Intel® In-Band Manageability, and brings them up.
  8. When ThingsBoard* receives a new device online event, ThingsBoard* triggers a firmware and OS update. After completion, the power recycles.

Prerequisites

You must do all sections of this tutorial in order.
Configure the edge with the Get Started Guide for Robot Orchestration.
Verify that the robot has a product name.
dmidecode -t system | grep Product
If the robot does not have a product name, the onboarding flow fails because this information is required when configuring the OTA update. To assign a name, complete the following steps.
  1. Prepare for the Intel® RealSense™ camera firmware update.
    1. Place the
      .bin
      file that contains the firmware in a
      .tar.gz
      archive. Make sure that you do not archive the entire directory, only the
      .bin
      file.
    2. Set up a basic HTTP server, and upload the
      .tar.gz
      on it as a trusted repository server:
      1. Install the apache2:
        sudo apt update sudo apt install apache2
      2. Put the RealSense .bin file inside a .tar.gz, and place it on a http server:
        tar -czvf rs_12_15.tar.gz Signed_Image_UVC_5_12_15_50.bin sudo cp rs_12_15.tar.gz /var/www/html/
  2. On ThingsBoard*, open
    Rule Chain
    .
  3. Open
    Form_Config_Update
    , and, on line 15, update the URL of HTTP host that has the new firmware.
  4. Open
    Form_POTA
    , and, on line 15, update the following.
    1. The entire HTTP URL with the .tar.gz file for the firmware file.
      The link should be similar to
      http://<hostname>/<archive.tar.gz>
    2. The Manufacturer, Vendor, and the Product name with the output of the following commands. Execute these commands on the robot.
      dmidecode -t system | grep Product dmidecode -t system | grep Manufacturer dmidecode -t bios | grep Vendor
    Updating the Manufacturer, Vendor, and Product name needs to be done every time you onboard a new type of robot. If these values do not match the ones from the robot trying to onboard, the flow fails.
  5. Save all changes.

Configure the Robot and the FDO Server for the Onboarding Flow

  1. Robot
    and
    FDO server
    Download, and install the needed scripts from the latest release.
    These steps only install certain modules (
    Docker Community Edition CE
    and for
    Docker Compose
    ) and the set of scripts needed for this onboarding tutorial. These steps do
    not install the full Robot Complete Kit bundle on your Robot
    .
    1. Go to the Product Download page.
    2. Select:
      • For
        Robot
        ,
        Robot Complete Kit
        .
      • For
        FDO server
        ,
        Server Complete Kit
        .
    3. Click
      Download
      .
    4. Copy the zip file to your target machine.
    5. Extract and install the software:
      unzip edge_insights_for_amr.zip cd edge_insights_for_amr chmod 775 edgesoftware export no_proxy="127.0.0.1/32,devtools.intel.com" ./edgesoftware download ./edgesoftware list
      Get the IDs for the Docker* Community Edition CE and for Docker Compose*:
      ./edgesoftware update <ID_Docker Community Edition CE> <ID_Docker Compose> sudo groupadd docker sudo usermod -aG docker $USER newgrp docker source /etc/environment
    6. Configure password-less
      ssh
      access for
      root
      :
      • Edit
        /etc/ssh/sshd_config
        :
        sudo nano /etc/ssh/sshd_config
      • Add the following line at the end of the file:
        PermitRootLogin yes
      • Restart the
        ssh
        service:
        sudo service ssh restart sudo su service ssh restart ssh-keygen exit
  2. FDO server
    All images in the FDO pipeline are self-contained and require minimal configuration. Configuration settings are all handled by external environment files, but some environment files need to be generated by running the
    fdo_keys_gen.sh
    script:
    cd <edge_insights_for_amr_path>/Edge_Insights_for_Autonomous_Mobile_Robots_*/AMR_server_containers/01_docker_sdk_env/artifacts/02_edge_server/edge_server_fdo/ chmod +x fdo_keys_gen.sh bash fdo_keys_gen.sh .
  3. Robot
    Install the Battery Bridge Kernel Module.
    cd components/amr_battery_bridge_kernel_module/src/ chmod a+x module_install.sh # below command will install battery-bridge-kernel-module sudo module_install.sh # to uninstall battery-bridge-kernel-module (if needed) sudo module_install.sh -u
    The Battery Bridge Kernel Module does not work on Secure Boot machines. To disable UEFI Secure Boot:
    1. Go to the BIOS menu.
    2. Open Boot > Secure Boot.
    3. Disable Secure Boot.
    4. Save the new configuration, and reboot the machine.
    When the robot uses an actual battery, the sensor-driver of the robot provides the corresponding driver’s ros-interface, which writes battery status into generic ros2-topic interface /sensors/battery_state. However, this information is usually not transmitted to the generic OS interface /sys/class/power_supply. Components that interact with the OS directly (for example, Intel® In-Band Manageability), cannot get battery-information from the OS. To bridge this gap, a ROS component battery-bridge and battery-bridge-kernel-module are provided. Using this battery-bridge, battery-status can be transmitted via a kernel module to the standard OS interface /sys/class/power_supply. The kobuki driver and kobuki_ros_interfaces is proven to work with battery-bridge and battery-bridge-kernel-module components.
  4. Robot
    Set the robot type by adding your robot type to
    /etc/robottype
    . The supported values are
    amr-aaeon
    and
    amr-pengo
    . Example:
    sudo echo "amr-aaeon" > /etc/robottype
  5. Robot
    Run the following command on the client host:
    sudo apt-get update && DEBIAN_FRONTEND=noninteractive sudo apt-get install --no-install-recommends -q -y \ software-properties-common \ && if [[ -z "$http_proxy" ]] ; then sudo apt-key adv --keyserver keys.gnupg.net \ --recv-key F6E65AC044F831AC80A06380C8B3A55A6F3EFCDE; \ else sudo apt-key adv --keyserver keys.gnupg.net --keyserver-options \ http-proxy="${http_proxy}" --recv-key F6E65AC044F831AC80A06380C8B3A55A6F3EFCDE; fi \ || if [[ -z "$http_proxy" ]] ; then sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 \ --recv-key F6E65AC044F831AC80A06380C8B3A55A6F3EFCDE; else \ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --keyserver-options \ http-proxy="${http_proxy}" --recv-key F6E65AC044F831AC80A06380C8B3A55A6F3EFCDE; fi \ && sudo add-apt-repository "deb https://librealsense.intel.com/Debian/apt-repo focal main" -u \ && DEBIAN_FRONTEND=noninteractive sudo apt-get install --no-install-recommends -q -y \ rsync \ librealsense2=2.50.* \ librealsense2-utils=2.50.* \ librealsense2-dev=2.50.* \ librealsense2-gl=2.50.* \ librealsense2-net=2.50.* \ librealsense2-dbg=2.50.* \ librealsense2-udev-rules=2.50.* \ && sudo rm -rf /var/lib/apt/lists/* sudo dpkg --configure -a sudo mkdir -p /var/cache/manageability/repository-tool/sota
  6. Robot
    Disable swap:
    sudo sed -ri '/\sswap\s/s/^#?/#/' /etc/fstab swapoff -a

Prepare the Environment Needed to Build the FDO Docker* Images

These steps have to be re-executed if a terminal is re-started.
  1. Robot
    export DISPLAY=0:0 cd <edge_insights_for_amr_path>/Edge_Insights_for_Autonomous_Mobile_Robots_*/ export no_proxy=<no_proxy>,ip_from_fdo_server,ip_from_robot,localhost sudo su source ./AMR_containers/01_docker_sdk_env/docker_compose/common/docker_compose.source
  2. FDO server all terminals
    export DISPLAY=0:0 cd <edge_insights_for_amr_path>/Edge_Insights_for_Autonomous_Mobile_Robots_*/ source ./AMR_server_containers/01_docker_sdk_env/docker_compose/common/docker_compose.source
    Set up the environment on every terminal on which you want to run
    docker-compose
    commands.
  3. FDO server terminal 1
    Get the DNS:
    sudo cat /run/systemd/resolve/resolv.conf
  4. Robot
    Set the IP of the FDO server and the serial number of the robot.
    Before building the FDO client image, there are a variety of configuration flags that need to be adjusted.
    Important
    This step needs to be done for each robot you add to the cluster. You must use a unique serial number for each robot. These serial numbers are used later: when configuring the FDO server in Onboard's step 8.
    1. Open
      AMR_containers/01_docker_sdk_env/artifacts/01_amr/amr_fdo/device.config
      :
      cd <edge_insights_for_amr_path>/Edge_Insights_for_Autonomous_Mobile_Robots_*/AMR_containers nano 01_docker_sdk_env/artifacts/01_amr/amr_fdo/device.config
    2. Add the following lines:
      MANUFACTURER_IP_ADDRESS = ip_from_FDO_Server
    3. For onboarding multiple robots, use a unique serial number for the
      DEVICE_SERIAL_NUMBER
      variable.
      This value must be unique for each robot that you onboard. Therefore, the default serial number,
      1234abcd
      , can only be used once.
      DEVICE_SERIAL_NUMBER = <unique_serial_number>

Build FDO Docker* Images

  1. Robot
    Build the fdo-client image:
    cd <edge_insights_for_amr_path>/Edge_Insights_for_Autonomous_Mobile_Robots_*/AMR_containers docker-compose -f ./01_docker_sdk_env/docker_compose/01_amr/amr-sdk.all.yml build fdo-client
  2. FDO server terminal 1
    Build the FDO manufacturer server image:
    Before building the FDO manufacturer image, there are a variety of configuration flags that need to be adjusted.
    1. Open
      01_docker_sdk_env/artifacts/02_edge_server/edge_server_fdo/manufacturer/service.yml
      :
      cd <edge_insights_for_amr_path>/Edge_Insights_for_Autonomous_Mobile_Robots_*/AMR_server_containers nano 01_docker_sdk_env/artifacts/02_edge_server/edge_server_fdo/manufacturer/service.yml
    2. Add the following lines:
      # Modify the values shown below in bold in the above file with respective DNS and IP address of Rendezvous server rv-instruction: dns: dns_from_step_4 ip: ip_from_FDO_Server
    3. Build the manufacturer server image:
    docker-compose -f ./01_docker_sdk_env/docker_compose/02_edge_server/edge-server.all.yml build fdo-manufacturer
  3. FDO server terminal 2
    Build the owner server image:
    cd <edge_insights_for_amr_path>/Edge_Insights_for_Autonomous_Mobile_Robots_*/AMR_server_containers docker-compose -f ./01_docker_sdk_env/docker_compose/02_edge_server/edge-server.all.yml build fdo-owner
  4. FDO server terminal 3
    Build the rendezvous server image:
    cd <edge_insights_for_amr_path>/Edge_Insights_for_Autonomous_Mobile_Robots_*/AMR_server_containers docker-compose -f ./01_docker_sdk_env/docker_compose/02_edge_server/edge-server.all.yml build fdo-rendezvous
See Troubleshooting if docker-compose errors are encountered.

Initialize FDO

  1. FDO server - terminal 4
    Adjust the Python script for your setup.
    cd <edge_insights_for_amr_path>/Edge_Insights_for_Autonomous_Mobile_Robots_*/AMR_server_containers/ nano 01_docker_sdk_env/artifacts/02_edge_server/edge_server_fdo/scripts/sdo_script.py
    1. For
      DEF_TB_MQTT_PORT
      , replace
      1883
      with
      18883
      .
    2. For
      network
      :
      • Replace
        0.0.0.0
        with your proxy IP.
      • If you use a hostname for a proxy, get the proxy IP:
        telnet proxy_hostname proxy_port
      • Leave it as
        0.0.0.0
        if no proxy is required.
    3. file_server
      1. For
        host
        , replace
        xx.xxx.xx.x
        with SFTP hostname or IP.
      2. For
        user
        , replace
        someone
        with the SFTP username.
      3. For
        password
        , replace
        pass
        with the SFTP password.
      4. For
        fingerprint
        , replace :
        |1|pYOofp22FlwwWNHH+vaK8gWhSxw=|S713N4hkiSRJCzfJQgqMfaYTJWw= ecdsa-sha2-nistp256 AABBE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFv3xFkoWZuALLa/iH8fLBK5ciKkvep+61DAGEBSiORQbPxUtvBo0qbi14/N+KD58YEkWrrzlQIEsp/minlSVKE=
        With the output of the following command:
        ssh-keyscan -t ecdsa [host | addrlist namelist]
    4. thingsboard
      1. For
        host
        , replace
        xx.xxx.xx.x
        with the
        control plane
        IP.
      2. For
        http_port
        , replace
        9090
        with
        32764
        .
      3. For
        sec_mqtt_port
        , replace
        8883
        with
        32767
        .
      4. For
        device_key
        , replace
        9oq7uxtdsgt4yjyqdekg
        with
        9oq7uxtdsgt4yjyqdekg
        .
      5. The value for
        device_secret
        stays
        6z3j3osphpr8ck1b9ocp
        .
      The values for
      device_key
      and
      device_secret
      are obtained from the ThingsBoard* web interface. Go to Thingsboard > Device Profiles > Device Profiles details > Device Provisioning.
      In preconfigured data, the following are set in ThingsBoard*:
      device_key = "9oq7uxtdsgt4yjyqdekg" device_secret = "6z3j3osphpr8ck1b9ocp"
    5. seo
      1. For
        host
        , replace
        xx.xxx.xx.xxx
        with the
        control plane
        IP.
      2. For
        crt_hash
        , replace
        fd6d98ee914f5e08df1858b2e82e1ebacbcf35cae0ddd7e146ec18fa200a265b
        with the output of the following commands on
        control plane
        :
        cd /etc/kubernetes/pki/ openssl x509 -pubkey -in ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
    6. sftp_filelist
      1. In the
        fdo_sftp/etc/docker/certs.d
        line, replace
        10.237.22.133
        with the IP of the
        control plane
        .
      2. Add
        /
        at the beginning of every line after
        "file":"
        .
      After you made the changes it should look similar to this:
      sftp_filelist = '[ {"file":"/fdo_sftp/thingsboard.pub.pem","path":"/etc/tc" },\ {"file":"/fdo_sftp/pki/ca.crt","path":"/host/etc/kubernetes/pki" },\ {"file":"/fdo_sftp/pki/apiserver-kubelet-client.crt","path":"/host/etc/kubernetes/pki" },\ {"file":"/fdo_sftp/pki/apiserver-kubelet-client.key","path":"/host/etc/kubernetes/pki" },\ {"file":"/fdo_sftp/root/.docker/config.json","path":"/host/root/.docker/" },\ {"file":"/fdo_sftp/etc/docker/daemon.json","path":"/host/etc/docker/" }, \ {"file":"/fdo_sftp/etc/docker/certs.d/<Replace here with Control Plane IP>:30003/ca.crt","path":"/host/etc/docker/certs.d/<Replace here with Control Plane IP>:30003" },\ {"file":"/fdo_sftp/etc/systemd/system/docker.service.d/http-proxy.conf","path":"/host/etc/systemd/system/docker.service.d" },\ {"file":"/fdo_sftp/seo_install.sh","path":"/host/root" },\ {"file":"/fdo_sftp/k8s_apply_label.py","path":"/host/root" },\ {"file":"/fdo_sftp/etc/amr/ri-certs/server.pem","path":"/host/etc/amr/ri-certs" },\ {"file":"/fdo_sftp/etc/amr/ri-certs/client.key","path":"/host/etc/amr/ri-certs" },\ {"file":"/fdo_sftp/etc/amr/ri-certs/client.pem","path":"/host/etc/amr/ri-certs" }]'
  2. FDO server terminal 4
    Edit
    01_docker_sdk_env/artifacts/02_edge_server/edge_server_fdo/scripts/multi_machine_config.sh
    :
    nano 01_docker_sdk_env/artifacts/02_edge_server/edge_server_fdo/scripts/multi_machine_config.sh
    1. Assign the value from
      01_docker_sdk_env/artifacts/02_edge_server/edge_server_fdo/creds/manufacturer/service.env
      to the variable
      mfg_api_passwd
      .
      cat 01_docker_sdk_env/artifacts/02_edge_server/edge_server_fdo/creds/manufacturer/service.env
    2. Assign the value from
      01_docker_sdk_env/artifacts/02_edge_server/edge_server_fdo/creds/owner/service.env
      to the variable
      default_onr_api_passwd
      .
      cat 01_docker_sdk_env/artifacts/02_edge_server/edge_server_fdo/creds/owner/service.env
    3. Replace
      {rv-dns}
      with the FDO server DNS.
    4. Replace
      {owner-dns}
      with the FDO server DNS.
    5. Replace
      {rv-ip}
      with the FDO server IP.
    6. Replace
      {owner-ip}
      with the FDO server IP.
    7. Replace the
      http://localhost:8042
      and
      http://localhost:8039
      in both curl commands with
      http://FDO_SERVER_IP:8042
      with
      http://FDO_SERVER_IP:8039
      .
    Example (without the curly brackets):
    mfg_api_passwd={manufacturer_api_password_from_service.env} onr_api_passwd={owner_api_password_from_service.env} ....................................................... # Updating RVInfo blob in Manufacturer # Replace localhost, {rv-dns} and {rv-ip} references with respective DNS and IP address of the host machine curl -D - --digest -u "${api_user}":"${mfg_api_passwd}" --location --request POST 'http://<ip_from_FDO_SERVER>:8039/api/v1/rvinfo' \ --header 'Content-Type: text/plain' \ --data-raw '[[[5,"dns"],[3,8040],[12,1],[2,"ip_from_FDO_SERVER"],[4,8040]]]' # Updating T02RVBlob in Owner # Replace localhost, {owner-ip} and {owner-dns} references with respective DNS and IP address of the host machine curl -D - --digest -u "${api_user}":"${onr_api_passwd}" --location --request POST 'http://<ip_from_FDO_SERVER>:8042/api/v1/owner/redirect' \ --header 'Content-Type: text/plain' \ --data-raw '[["ip_from_FDO_SERVER","dns",8042,3]]'
  3. FDO server terminal 3
    Edit
    01_docker_sdk_env/artifacts/02_edge_server/edge_server_fdo/scripts/extend_upload.sh
    , and set the following variables:
    nano 01_docker_sdk_env/artifacts/02_edge_server/edge_server_fdo/scripts/extend_upload.sh
    1. Assign the value from
      01_docker_sdk_env/artifacts/02_edge_server/edge_server_fdo/creds/manufacturer/service.env
      to the variable
      default_mfg_api_passwd
      .
      cat 01_docker_sdk_env/artifacts/02_edge_server/edge_server_fdo/creds/manufacturer/service.env
    2. Assign the value from
      01_docker_sdk_env/artifacts/02_edge_server/edge_server_fdo/creds/owner/service.env
      to the variable
      owner_api_password_from_machine
      .
      cat 01_docker_sdk_env/artifacts/02_edge_server/edge_server_fdo/creds/owner/service.env
    3. Assign the
      FDO server
      IP to the variable
      default_mfg_ip
      .
    4. Assign the
      FDO server
      IP to the variable
      default_onr_ip
      .
    Example:
    default_mfg_ip="<ip_from_FDO_SERVER>" default_onr_ip="<ip_from_FDO_SERVER>" ........................... default_mfg_api_passwd="<manufacturer_api_password_from_service.env>" default_onr_api_passwd="<owner_api_password_from_service.env>"
  4. FDO server terminal 3
    Edit
    01_docker_sdk_env/artifacts/02_edge_server/edge_server_fdo/scripts/configure_serviceinfo.sh
    , and set the following variables:
    nano 01_docker_sdk_env/artifacts/02_edge_server/edge_server_fdo/scripts/configure_serviceinfo.sh
    1. Assign the
      FDO server
      IP to the variable
      OWNER_IP
      .

Onboard

FDO is a new IoT standard that is built on Intel® Secure Device Onboard (Intel® SDO) specifications. It is the first step in onboarding a device. The FDO specification specifies four entities.
  • Device: the EI for AMR device plus the FDO client (the FDO client supports the FDO protocol)
  • Manufacturer Server: the entity that is responsible for the initial steps of the FDO protocol and loading credentials onto the device, and is also a part of the production flow of the EI for AMR device
  • Owner Server: the entity that sends all required data (for example, keys and certificates) to the device in the final protocol step TO2
  • Rendezvous Server: the first contact point for the device after you switch the device on and configure it for network communication. The rendezvous server sends the device additional information, for example, how to contact the owner server entity.
All containers, including the client, follow this command structure:
docker-compose -f <.yml path used during build stage> up <fdo service name>
  1. FDO server terminal 1
    Run the manufacturer server:
    cd <edge_insights_for_amr_path>/Edge_Insights_for_Autonomous_Mobile_Robots_*/AMR_server_containers/ docker-compose -f 01_docker_sdk_env/docker_compose/02_edge_server/edge-server.all.yml up fdo-manufacturer
  2. FDO server terminal 2
    Run the owner server:
    cd <edge_insights_for_amr_path>/Edge_Insights_for_Autonomous_Mobile_Robots_*/AMR_server_containers/ docker-compose -f 01_docker_sdk_env/docker_compose/02_edge_server/edge-server.all.yml up fdo-owner
  3. FDO server terminal 3
    In a new terminal window, run the rendezvous server:
    cd <edge_insights_for_amr_path>/Edge_Insights_for_Autonomous_Mobile_Robots_*/AMR_server_containers/ docker-compose -f 01_docker_sdk_env/docker_compose/02_edge_server/edge-server.all.yml up fdo-rendezvous
  4. FDO server terminal 4
    Add rules for the following ports:
    ufw allow 8039 ufw allow 8040 ufw allow 8042
  5. Robot
    Run the client:
    cd <edge_insights_for_amr_path>/Edge_Insights_for_Autonomous_Mobile_Robots_*/AMR_server_containers/ sudo su export no_proxy=<no_proxy>,ip_from_FDO_SERVER,ip_from_ROBOT,localhost source ./01_docker_sdk_env/docker_compose/common/docker_compose.source export CONTAINER_BASE_PATH=`pwd` export ROS_DOMAIN_ID=17 CHOOSE_USER=root docker-compose -f 01_docker_sdk_env/docker_compose/05_tutorials/fdo_client_onboard.yml up
    After running the FDO client for the first time, the device initialization is complete:
    FDO Client log snippet: amr-sdk-fdo-client | 09:56:55:433 FDOProtDI: Received message type 13 : 1 bytes amr-sdk-fdo-client | 09:56:55:433 Writing to Normal.blob blob amr-sdk-fdo-client | 09:56:55:433 Hash write completed amr-sdk-fdo-client | 09:56:55:434 HMAC computed successfully! amr-sdk-fdo-client | 09:56:55:434 Writing to Secure.blob blob amr-sdk-fdo-client | 09:56:55:434 Generating platform IV of length: 12 amr-sdk-fdo-client | 09:56:55:434 Generating platform AES Key of length: 16 amr-sdk-fdo-client | 09:56:55:434 Device credentials successfully written!! amr-sdk-fdo-client | (Current) GUID after DI: <GUID> amr-sdk-fdo-client | 09:56:55:434 DIDone completed amr-sdk-fdo-client | 09:56:55:434 amr-sdk-fdo-client | ------------------------------------ DI Successful -------------------------------------- amr-sdk-fdo-client | @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ amr-sdk-fdo-client | @FIDO Device Initialization Complete@ amr-sdk-fdo-client | @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ amr-sdk-fdo-client exited with code 0
    When starting FDO containers, start the FDO client image last because the FDO client image immediately begins reaching out to the manufacturer server in order to complete device initialization (DI), and it only attempt this connection a few times before exiting. If the FDO client is successful in connecting to the manufacturer server, the manufacturer server assigns a GUID to the FDO client and generates an ownership voucher for use in the rest of the pipeline.
  6. FDO server terminal 4
    Run multi_machine_config.sh:
    Run the FDO scripts on
    FDO server
    as
    root
    .
    cd 01_docker_sdk_env/artifacts/02_edge_server/edge_server_fdo/scripts/ chmod +x * sudo su export no_proxy=<no_proxy>,ip_from_FDO_SERVER,ip_from_Robot,localhost ./multi_machine_config.sh
    Expected output:
    HTTP/1.1 401 WWW-Authenticate: Digest realm="Authentication required", qop="auth", nonce="1652260953609:a1f80c513623b4c7b87292c054d5d650", opaque="4F6AB1DF45A94C67D59892BC7DB6B6B4" Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 673 Date: Wed, 11 May 2022 09:22:33 GMT HTTP/1.1 200 Content-Length: 0 Date: Wed, 11 May 2022 09:22:33 GMT HTTP/1.1 401 WWW-Authenticate: Digest realm="Authentication required", qop="auth", nonce="1652260953705:0e2856e16da3eb830dca777a34f1f154", opaque="E11DE6169652A5495FC93933790D1A04" Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 673 Date: Wed, 11 May 2022 09:22:33 GMT HTTP/1.1 200 Content-Length: 0 Date: Wed, 11 May 2022 09:22:33 GMT
  7. FDO server terminal 4
    Run the configure_serviceinfo.sh:
    ./configure_serviceinfo.sh
    Expected output:
    Upload Device execution script to Owner Server HTTP/1.1 401 WWW-Authenticate: Digest realm="Authentication required", qop="auth", nonce="1652941145981:e5cdb0c180cd069360cd159fdcadccde", opaque="BE4E73265635CC0D98F9430BABA64DBE" Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 673 Date: Thu, 19 May 2022 06:19:05 GMT HTTP/1.1 100 HTTP/1.1 200 Content-Length: 0 Date: Thu, 19 May 2022 06:19:05 GMT
  8. FDO server terminal 4
    Add the robot by using the serial number.
    ./extend_upload.sh -s <serial_number> # By default the serial number is 1234abcd, the exepcted output is assuming this serial number. ./extend_upload.sh -s 1234abcd # use your robot's serial number.
    The serial number is the value of
    DEVICE_SERIAL_NUMBER
    from the 01_docker_sdk_env/artifacts/01_amr/amr_fdo/device.config file, set on the robot when preparing to build the FDO server in Prepare the Environment Needed to Build the FDO Docker* Images.
    Expected output:
    Success in downloading SECP256R1 owner certificate to owner_cert_SECP256R1.txt Success in downloading extended voucher for device with serial number 1234abcd Success in uploading voucher to owner for device with serial number 1234abcd GUID of the device is 7e1e0c59-6d87-4b40-b68d-e7fcc00a7e37 Success in triggering TO0 for 1234abcd with GUID 7e1e0c59-6d87-4b40-b68d-e7fcc00a7e37 with response code: 200 xxxx@FDO_SERVER: 01_docker_sdk_env/artifacts/02_edge_server/edge_server_fdo/scripts$
  9. FDO server terminal 2
    In the
    edge-server-fdo-owner
    logs, verify that TO0 finished.
    edge-server-fdo-owner | 06:49:50.463 [INFO ] TO0 completed for GUID: ...
    This task can take more than three minutes.
  10. Robot
    CHOOSE_USER=root docker-compose -f 01_docker_sdk_env/docker_compose/05_tutorials/fdo_client_onboard.yml up
  11. Robot
    In the client messages, verify that FDO completed.
    amr-fdo-client | ------------------------------------ TO2 Successful -------------------------------------- amr-fdo-client | amr-fdo-client | @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ amr-fdo-client | @FIDO Device Onboard Complete@ amr-fdo-client | @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ amr-fdo-client exited with code 0
    FDO protocol steps TO1 and TO2 can take more than five minutes.
    Expected result:
    Control plane
    In the ThingsBoard* GUI, Robot was added in Devices as a new device.
    The device is online on the Dashboard after the Intel® In-Band Manageability container in Robot is automatically brought up successfully.
    Robot
    The wandering app is deployed from the Intel® Smart Edge Open controller, and the robot starts to wander around.
  12. Verify that the onboarding was successful by checking the followings logs on the
    control plane
    :
    $ kubectl get all --output=wide --namespace onboarding NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES pod/onboarding-deployment-95f5dc897-44xpj 0/16 Pending 0 61m <none> <none> <none> <none> pod/onboarding-deployment-95f5dc897-8267z 0/16 Pending 0 61m <none> <none> <none> <none> pod/onboarding-deployment-95f5dc897-99svk 0/16 Pending 0 61m <none> <none> <none> <none> pod/onboarding-deployment-95f5dc897-j6t5j 0/16 Pending 0 61m <none> <none> <none> <none> pod/onboarding-deployment-95f5dc897-qd22f 16/16 Running 38 (4m15s ago) 61m 10.245.224.68 glaic3ehlaaeon2 <none> <none> NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR service/onboarding-service NodePort 10.105.68.202 <none> 8883:32759/TCP 61m app.kubernetes.io/instance=onboarding-abcxzy,app.kubernetes.io/name=onboarding NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR deployment.apps/onboarding-deployment 0/5 5 0 61m dds-bridge,amr-fleet-management,vda5050-ros2-bridge,amr-realsense,amr-ros-base-camera-tf,amr-aaeon-amr-interface,amr-ros-base-teleop,amr-battery-bridge,amr-object-detection,imu-madgwick-filter,robot-localization,amr-collab-slam,amr-fastmapping,amr-nav2,amr-wandering,amr-vda-navigator 10.237.22.198:30003/intel/eclipse/zenoh-bridge-dds:0.5.0-beta.9,10.237.22.198:30003/intel/amr-fleet-management:2022.3,10.237.22.198:30003/intel/amr-vda5050-ros2-bridge:2022.3,10.237.22.198:30003/intel/amr-realsense:2022.3,10.237.22.198:30003/intel/amr-ros-base-camera-tf:2022.3,10.237.22.198:30003/intel/amr-aaeon-amr-interface:2022.3,10.237.22.198:30003/intel/amr-ros-base-teleop:2022.3,10.237.22.198:30003/intel/amr-battery-bridge:2022.3,10.237.22.198:30003/intel/amr-object-detection:2022.3,10.237.22.198:30003/intel/amr-imu-madgwick-filter:2022.3,10.237.22.198:30003/intel/amr-robot-localization:2022.3,10.237.22.198:30003/intel/amr-collab-slam:2022.3,10.237.22.198:30003/intel/amr-fastmapping:2022.3,10.237.22.198:30003/intel/amr-nav2:2022.3,10.237.22.198:30003/intel/amr-wandering:2022.3,10.237.22.198:30003/intel/amr-vda-navigator:2022.3 app.kubernetes.io/instance=onboarding-abcxzy,app.kubernetes.io/name=onboarding NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR replicaset.apps/onboarding-deployment-95f5dc897 5 5 0 61m dds-bridge,amr-fleet-management,vda5050-ros2-bridge,amr-realsense,amr-ros-base-camera-tf,amr-aaeon-amr-interface,amr-ros-base-teleop,amr-battery-bridge,amr-object-detection,imu-madgwick-filter,robot-localization,amr-collab-slam,amr-fastmapping,amr-nav2,amr-wandering,amr-vda-navigator 10.237.22.198:30003/intel/eclipse/zenoh-bridge-dds:0.5.0-beta.9,10.237.22.198:30003/intel/amr-fleet-management:2022.3,10.237.22.198:30003/intel/amr-vda5050-ros2-bridge:2022.3,10.237.22.198:30003/intel/amr-realsense:2022.3,10.237.22.198:30003/intel/amr-ros-base-camera-tf:2022.3,10.237.22.198:30003/intel/amr-aaeon-amr-interface:2022.3,10.237.22.198:30003/intel/amr-ros-base-teleop:2022.3,10.237.22.198:30003/intel/amr-battery-bridge:2022.3,10.237.22.198:30003/intel/amr-object-detection:2022.3,10.237.22.198:30003/intel/amr-imu-madgwick-filter:2022.3,10.237.22.198:30003/intel/amr-robot-localization:2022.3,10.237.22.198:30003/intel/amr-collab-slam:2022.3,10.237.22.198:30003/intel/amr-fastmapping:2022.3,10.237.22.198:30003/intel/amr-nav2:2022.3,10.237.22.198:30003/intel/amr-wandering:2022.3,10.237.22.198:30003/intel/amr-vda-navigator:2022.3 app.kubernetes.io/instance=onboarding-abcxzy,app.kubernetes.io/name=onboarding,pod-template-hash=95f5dc897
    For
    amr-pengo
    , run:
    kubectl get all --output=wide --namespace onboarding-pengo
  13. Verify that the Docker* images are present on the
    Robot
    :
    $ docker images <Control_Plane_IP>:30003/intel/amr-ros-base-camera-tf latest 31735754089b 2 days ago 8.25GB <Control_Plane_IP>:30003/intel/amr-wandering latest 31735754089b 2 days ago 8.25GB <Control_Plane_IP>:30003/intel/amr-fastmapping latest 5c1bbefc1d17 2 days ago 2.28GB <Control_Plane_IP>:30003/intel/amr-collab-slam latest 415975276b1f 2 days ago 3.24GB <Control_Plane_IP>:30003/intel/amr-aaeon-amr-interface latest 5d94f57da0d1 2 days ago 2.37GB <Control_Plane_IP>:30003/intel/amr-realsense latest 1dab67f4d287 2 days ago 3GB <Control_Plane_IP>:30003/intel/amr-ros-base-camera-tf latest 0ac635f5633f 2 days ago 1.76GB <Control_Plane_IP>:30003/intel/amr-nav2 latest 769353e041bf 2 days ago 3.55GB <Control_Plane_IP>:30003/intel/amr-kobuki latest 799ed6f79385 2 days ago 3.06GB <Control_Plane_IP>:30003/intel/amr-fleet-management latest e91bf2815f65 2 days ago 1.79GB <Control_Plane_IP>:30003/intel/amr-vda-navigator latest 499c0c09b685 2 days ago 2.08GB <Control_Plane_IP>:30003/intel/amr-vda5050-ros2-bridge latest 4e8282a666be 2 days ago 2.06GB <Control_Plane_IP>:30003/intel/eclipse/zenoh-bridge-dds 0.5.0-beta.9 1a5e41449966 9 months ago 86.1MB <Control_Plane_IP>:30003/intel/node-feature-discovery v0.9.0 00019dda899b 13 months ago 123MB
    Pod deployment may take a while because of the size of the Docker* containers from the pod. If you get an error after the deployment, wait a few minutes. The pods automatically restart, and the error goes away. If the error persists after a few automatic restarts, restart the pod manually from the
    control plane
    :
    $ kubectl rollout restart deployment wandering-deployment -n wandering
  14. Verify that the Docker* container is running on the
    Robot
    :
    $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 86184dab6d92 10.237.22.39:30003/intel/amr-ros-base-camera-tf "/bin/bash -c 'sourc…" About a minute ago Up About a minute k8s_amr-ros-base-teleop_wandering-deployment-86d6b669d6-rzlgr_wandering_c00ecd97-2217-4f4f-a62c-9f99bc44ac7d_1 9d19c163076f 10.237.22.39:30003/intel/amr-wandering "/bin/bash -c 'sourc…" About a minute ago Up About a minute k8s_amr-wandering_wandering-deployment-86d6b669d6-rzlgr_wandering_c00ecd97-2217-4f4f-a62c-9f99bc44ac7d_0 b9f03850310e 10.237.22.39:30003/intel/amr-nav2 "/bin/bash -c 'sourc…" About a minute ago Up About a minute k8s_amr-nav2_wandering-deployment-86d6b669d6-rzlgr_wandering_c00ecd97-2217-4f4f-a62c-9f99bc44ac7d_0 8fb3fb882505 10.237.22.39:30003/intel/amr-fastmapping "/bin/bash -c 'sourc…" About a minute ago Up About a minute k8s_amr-fastmapping_wandering-deployment-86d6b669d6-rzlgr_wandering_c00ecd97-2217-4f4f-a62c-9f99bc44ac7d_0 1f122686f8e1 10.237.22.39:30003/intel/amr-collab-slam "/bin/bash -c 'sourc…" About a minute ago Up About a minute k8s_amr-collab-slam_wandering-deployment-86d6b669d6-rzlgr_wandering_c00ecd97-2217-4f4f-a62c-9f99bc44ac7d_0 ee7e6cd8b50a 10.237.22.39:30003/intel/amr-aaeon-amr-interface "/bin/bash -c 'sourc…" About a minute ago Up About a minute k8s_amr-aaeon-amr-interface_wandering-deployment-86d6b669d6-rzlgr_wandering_c00ecd97-2217-4f4f-a62c-9f99bc44ac7d_0 009efc5405af 10.237.22.39:30003/intel/amr-ros-base-camera-tf "/bin/bash -c 'sourc…" About a minute ago Up About a minute k8s_amr-ros-base-camera-tf_wandering-deployment-86d6b669d6-rzlgr_wandering_c00ecd97-2217-4f4f-a62c-9f99bc44ac7d_0 1a6409b8c361 10.237.22.39:30003/intel/amr-realsense "/bin/bash -c 'sourc…" About a minute ago Up About a minute k8s_amr-realsense_wandering-deployment-86d6b669d6-rzlgr_wandering_c00ecd97-2217-4f4f-a62c-9f99bc44ac7d_0
  15. After the Onboarding process is finished, the
    Firmware Update
    and
    Operating System Update
    are triggered automatically. If you want to start the update manually, see OTA Updates.

Adding Robots After the Initial Robot Setup

The manufacturer, rendezvous, and owner must still be running on the FDO server.
  1. Make sure that you meet the Prerequisites.
    1. For step 4, set a different
      DEVICE_SERIAL_NUMBER
      than for other onboarded robots.
  2. Build the fdo-client image on the
    Robot
    (Build FDO Docker* Images step 1).
  3. Run steps 5-15 in Onboard.
    1. For step 8, use the
      DEVICE_SERIAL_NUMBER
      set in step 3.

Hosts Cleanup

Doing these steps erases most of the work done in previouse steps, so only do these steps when you want to clean up your machines.
To remake a setup after these cleanup steps, restart the onboarding process from the beginning.
  1. Robot
    CHOOSE_USER=root docker-compose -f 01_docker_sdk_env/docker_compose/05_tutorials/fdo_client_onboard.yml down
  2. FDO server terminal 1
    docker-compose -f 01_docker_sdk_env/docker_compose/02_edge_server/edge-server.all.yml down
  3. Remove the
    Robot
    in the ThingsBoard* web interface.
  4. Robot
    If the Robot was added to the Intel® Smart Edge Open cluster, remove it:
    kubeadm reset systemctl restart kubelet
  5. Robot
    If the docker images are already running, remove these images:
    docker rm -f $(docker ps | grep "<CONTROL_PLANE_IP>:30003/intel/" | awk '{ print $1 }') docker rmi -f $(docker images | grep "<CONTROL_PLANE_IP>:30003/intel/" | awk '{ print $3 }')
  6. Robot
    Remove the /etc/tc directory:
    rm -rf /etc/tc

Troubleshooting

  1. If a docker-compose error is encountered while building the FDO docker images, update the docker-compose version:
    curl -L " https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

Product and Performance Information

1

Performance varies by use, configuration and other factors. Learn more at www.Intel.com/PerformanceIndex.