By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to publish msgs to MQTT broker in the core when it is in disconnected mode?

0

I have a GG core running on a Pi and connected to a device via ethernet. They will be located in a field where there will be multiple internet disconnections for 10 to 20 minutes each. I want the MQTT connection between the core and the client device to continue to work. Here are my questions:

  1. How to publish/subscribe to MQTT in the core in the disconnected mode?
  2. How do you configure the max time for the credentials to be cached by the core?
  3. How to set a lambda function to work on the core in the disconnected mode as well?

The IPDetector in the core detects the static IP address that I set for the GG core but when I tried it in the code below at the endpoint URL, it was not working. I tried adding SSL:// in the beginning for both the public and the static IPs but not working. I want the code to work with my static IP address for the core since it will be the only connection between the core and the client device when there is no internet. I also want to have a subscriber at the core that does not have to check the internet, otherwise, it will not work when there is not internet.

Below is the code I tried for the publisher on the client device:

# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0

import time as t
import json
import AWSIoTPythonSDK.MQTTLib as AWSIoTPyMQTT

# Define ENDPOINT, CLIENT_ID, PATH_TO_CERTIFICATE, PATH_TO_PRIVATE_KEY, PATH_TO_AMAZON_ROOT_CA_1, MESSAGE, TOPIC, and RANGE
ENDPOINT = <PUBLIC_IP/STATIC_IP FOR THE CORE DEVICE>
CLIENT_ID = <MY_CLIENT_THING_NAME>
PATH_TO_CERTIFICATE = <PATH_TO_CLIENT_CERTIFICATE>
PATH_TO_PRIVATE_KEY = <PATH_TO_CLIENT_PRIVATE_KEY>
PATH_TO_AMAZON_ROOT_CA_1 = <PATH_TO_AMAZON_ROOT_CA1><
MESSAGE = "Hello World"
TOPIC = "clients/TEST/hello/world"
RANGE = 20

myAWSIoTMQTTClient = AWSIoTPyMQTT.AWSIoTMQTTClient(CLIENT_ID)
myAWSIoTMQTTClient.configureEndpoint(ENDPOINT, 8883)
myAWSIoTMQTTClient.configureCredentials(PATH_TO_AMAZON_ROOT_CA_1, PATH_TO_PRIVATE_KEY, PATH_TO_CERTIFICATE)

myAWSIoTMQTTClient.connect()
print('Begin Publish')
for i in range (RANGE):
    data = "{} [{}]".format(MESSAGE, i+1)
    message = {"message" : data}
    myAWSIoTMQTTClient.publish(TOPIC, json.dumps(message), 1) 
    print("Published: '" + json.dumps(message) + "' to the topic: " + TOPIC)
    t.sleep(0.1)
print('Publish End')
myAWSIoTMQTTClient.disconnect()
Topics
Internet of Things (IoT)
Tags
AWS IoT GreengrassAWS IoT Core
Language
English
Shiko
asked 7 months ago327 views
1 Answer
0

Hi, for the client devices to communicate with the core device via MQTT, they'll have to authenticate the MQTT broker on the core device using the certificate authority(CA). Client devices can obtain the core device CA certificate chain from the cloud using the discovery client. The documentation provided in this page provides the code sample that does all of it and lets the client devices to successfully connect, publish and subscribe messages to the core device.

  1. However, if your client devices also disconnect regularly, you may want to explore the offline authentication solution where you can bring your own certificate authority. More information about this offline authentication capability and its limitations can be found here.

  2. By default, core device caches the credentials for a minute. You can increase this time by configuring the security->clientDeviceTrustDurationMinutes in the client device auth component.

  3. There's no additional configuration for setting the lambda to work in the disconnected mode. However, we recommend you to work with GreengrassV2 native components instead of lambda components. Tutorial for creating a component using GDK CLI can be found here.

AWS
Saranya
answered 7 months ago
profile pictureAWS
EXPERT
Greg_B
reviewed 7 months ago
  • Greg_B EXPERT
    7 months ago

    Shiko, from your source code, it looks like you're using V1 of the Python SDK. I recommend you instead use V2: https://github.com/aws/aws-iot-device-sdk-python-v2

  • Shiko
    7 months ago

    Thanks Greg, I switched to the new version but I am getting some errors regarding the disconnected mode as well. I just replied with the issue (point 1) in my last comment

  • Shiko
    7 months ago

    Thanks Saranya for replying In my case, both the client and the core will experience multiple internet disconnections for 10 - 20 min. I have multiple questions here: 1 - If I increase the time in security->clientDeviceTrustDurationMinutes, will this guarantee the connection between the client and the core during the disconnection time? and once the internet is resumed, the credentials store should be updated. Here is the experiment I did and didn't work as expected. I set this variable to 10 minutes, deployed the new config for the component and made sure it was successful, then I turned off the internet from the PI only (client device can access the internet) and now the device is connected to the PI via ethernet and the IPDetector detected the static IP of the PI. I started the connection right away from the device to the PI and it worked fine for 2 min (sending msgs and processing them at the core) then the device disconnected from the mqtt connection established with the core (disconnect_future = mqtt_connection.disconnect()) and tried to reconnect again to the core's mqtt via python SDK 2 but I keep getting "Connection failed with exception AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE: TLS (SSL) negotiation failed" How can I keep connecting/disconnecting to the core in these 10 min duration? 2 - Why is it recommended to use components over lambda functions in GG? Are there limitations to lambda functions that are not available in the components?

  • Saranya
    7 months ago

    Answer for 1: https://repost.aws/questions/QUdlP7RPbtTC6dharYb10gnw 2. Lambda components are mainly provided to help migrate your applications from Greengrass v1 to v2. If you're developing an application for the first time in v2, we highly recommend native components as they're easy to develop and have more support in terms of new features and improvements.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content