Documents de référence

https://docs.amazonaws.cn/en_us/greengrass/v2/developerguide/quick-installation.html?icmpid=docs_gg_console

Enregistrement du processus

Préparation de l'installation automatiséeIAMAutorisations nécessaires
https://docs.amazonaws.cn/en_us/greengrass/v2/developerguide/provision-minimal-iam-policy.html

Configuré localement pouraws cliConfirmer leIAM user

aws sts get-caller-identity

Viens.IAMCréez d'abord unpolicy. Attention au remplacementaccount-id Pour votre propre compte ID, GreengrassV2TokenExchangeRoleSi modifié, Il est nécessaire d'installer le --tes-role-name Les noms indiqués plus loin sont les mêmes ( Pas besoin de changer. , C'est le nom par défaut sans paramètre ). Notez également que arn:aws-cn Avec ce qui est écrit dans le document arn:awsC'est différent, Attention aux modifications

{
    
    "Version": "2012-10-17",
    "Statement": [
        {
    
            "Sid": "CreateTokenExchangeRole",
            "Effect": "Allow",
            "Action": [
                "iam:AttachRolePolicy",
                "iam:CreatePolicy",
                "iam:CreateRole",
                "iam:GetPolicy",
                "iam:GetRole",
                "iam:PassRole"
            ],
            "Resource": [
                "arn:aws-cn:iam::account-id:role/GreengrassV2TokenExchangeRole",
                "arn:aws-cn:iam::account-id:policy/GreengrassV2TokenExchangeRoleAccess"
            ]
        },
        {
    
            "Sid": "CreateIoTResources",
            "Effect": "Allow",
            "Action": [
                "iot:AddThingToThingGroup",
                "iot:AttachPolicy",
                "iot:AttachThingPrincipal",
                "iot:CreateKeysAndCertificate",
                "iot:CreatePolicy",
                "iot:CreateRoleAlias",
                "iot:CreateThing",
                "iot:CreateThingGroup",
                "iot:DescribeEndpoint",
                "iot:DescribeRoleAlias",
                "iot:DescribeThingGroup",
                "iot:GetPolicy"
            ],
            "Resource": "*"
        },
        {
    
            "Sid": "DeployDevTools",
            "Effect": "Allow",
            "Action": [
                "greengrass:CreateDeployment",
                "iot:CancelJob",
                "iot:CreateJob",
                "iot:DeleteThingShadow",
                "iot:DescribeJob",
                "iot:DescribeThing",
                "iot:DescribeThingGroup",
                "iot:GetThingShadow",
                "iot:UpdateJob",
                "iot:UpdateThingShadow"
            ],
            "Resource": "*"
        }
    ]
}

Oui.policyAppliquer àaws cli Utilisateurs utilisés par l'Association

SSHÀ la tarte aux framboises

# Installationjre(11)
sudo apt install -y default-jre

# Créer un utilisateur
sudo useradd --system --create-home ggc_user
sudo groupadd --system ggc_group

# ModifiercgroupsParamètres de démarrage
sudo vi /boot/cmdline.txt
#  Ajouter ce qui suit à la fin 
cgroup_enable=memory cgroup_memory=1 systemd.unified_cgroup_hierarchy=0

# Redémarrage terminé
sudo reboot

#  Après le redémarrage, utilisez la configuration ci - dessus IAM policyDeuserDeAK/SK Variables d'environnement du système de configuration de l'information 
export AWS_ACCESS_KEY_ID=xxxx
export AWS_SECRET_ACCESS_KEY=xxxx

# Télécharger le paquet d'installation
cd ~
curl -s https://d2s8p88vqu9w66.cloudfront.net/releases/greengrass-nucleus-latest.zip > greengrass-nucleus-latest.zip && unzip greengrass-nucleus-latest.zip -d GreengrassCore

#  Vérifiez dans le paquet d'installation GreenGrassInformations sur la version
java -jar ./GreengrassCore/lib/Greengrass.jar --version
# AWS Greengrass v2.5.6

# Effectuer l'installation
sudo -E java -Droot="/greengrass/v2" -Dlog.store=FILE -jar ./GreengrassCore/lib/Greengrass.jar --aws-region cn-north-1 --thing-name GreengrassRaspberryPi  --component-default-user ggc_user:ggc_group --provision true --setup-system-service true --deploy-dev-tools true

Sortie pendant l'installation :

Provisioning AWS IoT resources for the device with IoT Thing Name: [GreengrassRaspberryPi]...
Found IoT policy "GreengrassV2IoTThingPolicy", reusing it
Creating keys and certificate...
Attaching policy to certificate...
Creating IoT Thing "GreengrassRaspberryPi"...
Attaching certificate to IoT thing...
Successfully provisioned AWS IoT resources for the device with IoT Thing Name: [GreengrassRaspberryPi]!
Setting up resources for aws.greengrass.TokenExchangeService ...
TES role alias "GreengrassV2TokenExchangeRoleAlias" does not exist, creating new alias...
TES role "GreengrassV2TokenExchangeRole" does not exist, creating role...
IoT role policy "GreengrassTESCertificatePolicyGreengrassV2TokenExchangeRoleAlias" for TES Role alias not exist, creating policy...
Attaching TES role policy to IoT thing...
No managed IAM policy found, looking for user defined policy...
No IAM policy found, will attempt creating one...
IAM role policy for TES "GreengrassV2TokenExchangeRoleAccess" created. This policy DOES NOT have S3 access, please modify it with your private components' artifact buckets/objects as needed when you create and deploy private components
Attaching IAM role policy for TES to IAM role for TES...
Configuring Nucleus with provisioned resource details...
Downloading Root CA from "https://www.amazontrust.com/repository/AmazonRootCA1.pem"
Created device configuration
Successfully configured Nucleus with provisioned resource details!
Creating a deployment for Greengrass first party components to the device
Configured Nucleus to deploy aws.greengrass.Cli component
Creating user ggc_user
ggc_user created
Creating group ggc_group
ggc_group created
Added ggc_user to ggc_group
Successfully set up Nucleus as a system service

Une fois l'installation réussie, vous pouvez Amazon IoT Voir l'état de l'appareil dans la console :