HOW TO: configure/install IOTOBSF VM appliance of Snap4City

×

Warning message

You can't delete this newsletter because it has not been sent to all its subscribers.

this Snap4City IOTOBSF VM has been described in https://www.snap4city.org/471 It includes (i) the standard IOT Orion Broker FiWare, plus (ii) the Snap4City Security Filter for enforcing mutual authentication and secure connection from IOT Devices and IOT Broker, from IOT Broker and Node-RED IOT Applications of Snap4City. This VM is also called "iotobsf" internally. 

This virtual machine is based on Debian operating system v8.11 (without graphic Desktop Environment) and it has been run on VMware ESXi v6.5, but you can run on VMware player. In particular, this VM contains what is described in https://www.snap4city.org/471
As a prerequisite for using this virtual machine, it is necessary to download and install the free VMware Workstation Player (tested with version 15). With this tool you can launch the VM, which by default was created with the following specifications (which can be modified in the VMware "Settings" configuration panel):

number of processor: 8 (you can increase when needed)

RAM:                                    8 GB (it can be easily increased)

Hard-Disk:                           500 GB (thin provisioning) you need at least 34 Gbyte at the first running on your HD

Access to the Operating System, credentials

IP: static à verify into your system (ifconfig da Debian shell)

Operating system: Debian v8.11

username: debian,     password: debian,     password of super user (su): debian

Access to Services

APACHE TOMCAT

username: admin                             password: password                       roles:admin-gui,manager-gui,manager-script

Configuration and Deploy

1) The VM is provided with a static IP network configuration, to which the hostname "iotobsf" has been associated. To ensure correct operation in any local network, check and note the static IP assigned when the VM is turned on:

 

2) It is necessary to reconfigure the /etc/hosts file as superuser (su), assigning to the hostname "iotobsf" the current IP (leaving the other configuration parameters unchanged):

It's important to configure this information also in the  Snap4CityMAIN  /etc/hosts file.  see also https://www.snap4city.org/drupal/node/471

You also need to associate the IP of the VM with the host "iotobsf" in your work environment, in the computer that you use to work with the Snap4City VM, for example to open dashboard or to create them.
In Linux,  please modify the usual /etc/hosts file as above,
in Windows the hosts file to be modified is located in the path ......\Windows\System32\drivers\etc

3) At this point, your local IOTOBSF is accessible for you from any browser in your local network where the VM is running at the address: http://iotobsf:8080/ . Please note that each computer that need to access to that URL has to provide the host file configured as above. You should be able to see:

Configuring IOTOBSF to be used in MAIN

Once the IOTOBSF is up and running, It's needed to configure the SNAP4CITY MAIN to use the IOTOBSF.

Please go to http://dashboard and log with an user with role usertooladmin or userrootadmin (it's important that the choosen user belong to the "Organization" that this orion broker will serve). Please click on IOT Directory and Device --> IOT Broker

And configure a new Context Broker like:

Press confirm. The new ContextBroker is now available to be used: by default the new Context Broker is set private. If you wish to share the new Context Broker to any user belonging the "Organization", please click on the button "MYOWNPRIVATE" on the row indicating the new Context Broker, and add a new Group Delegations to "Organization, All groups" (or eventually you can make this Context Broker PUBLIC so anyone can see this Context Broker). Press confirm to register the new delegation.

Security concerns

The Snap4CityMAIN and IOTOBSF VM come pre-configurated onboard with a set of default credentials/certificated to be used for TESTING purpose. Please note that for REAL deplyoment, this set of credentials/certificate has to be update for specific use (mainly assigning a public COMMON NAME that the IOTOBSF use for exposing his services). Please follow the information labelled "Optional" in the information available on https://github.com/disit/iot-directory/tree/master/web


Additional Notes

  •  (TODO) The access to the Broker FiWare via the link http://iotobsf:1026/v2/entities/ is closed for security reasons.

    • (TODO) To enable the direct access please digit "iptables -D OUTPUT -p tcp --dport 1026 -j DROP"

    • (TODO) To remove the direct access please digit "iptables -A OUTPUT -p tcp --dport 1026 -j DROP"

  • In case more than a broker is needed, the label "iotobsf" should be renamed to "iotobsf1" , "iotobsf2", etc...

  • It's also important to proper configure the "Organization" the specific installation will serve (default one is "Oganization"):

    • "vi /opt/tomcat/webapps/orionbrokerfilter/WEB-INF/classes/application-deploy.properties" for configuring the parameter "spring.prefixelementID" with the proper "Organization" this orion broker serves.The prefixelementID is composed by the ContextBroker you choose (default one is iotobsf) and the name of the Organization (i.e. Organization:iotobsf)

    • systemctl restart tomcat

  • This Snap4CityMAIN   is a starting point to deploy a Snap4City platform, details on what is included into this VM can be found on https://www.snap4city.org/471

  • For a more in-depth tutorial on the use of the various features of the platform it is advisable to register on https://www.snap4city.org/ and follow the tutorials and videos displayed on the main page, accessible from the menu item "My Snap4City.org" .