forked from awslabs/aws-iot-device-client
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsetup.sh
executable file
·315 lines (294 loc) · 11.2 KB
/
setup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
#!/bin/sh
set -e
# Prompt color constants
PMPT='\033[95;1m%s\033[0m\n'
GREEN='\033[92m%s\033[0m\n'
RED='\033[91m%s\033[0m\n'
if [ $(id -u) = 0 ]; then
printf ${RED} "WARNING: Only run this setup script as root if you plan to run the AWS IoT Device Client as root,\
or if you plan to run the AWS IoT Device Client as a service. Otherwise, you should run this script as\
the user that will execute the client."
fi
### Build Configuration File ###
printf ${PMPT} "Do you want to interactively generate a configuration file for the AWS IoT Device Client? y/n"
read -r BUILD_CONFIG
if [ $(id -u) = 0 ]; then
OUTPUT_DIR=/root/.aws-iot-device-client/
else
OUTPUT_DIR=/home/$(whoami)/.aws-iot-device-client/
fi
### Config Defaults ###
CONF_OUTPUT_PATH=${OUTPUT_DIR}aws-iot-device-client.conf
HANDLER_DIR=${OUTPUT_DIR}jobs
DD_INTERVAL=300
LOG_TYPE="STDOUT"
LOG_LEVEL="DEBUG"
LOG_LOCATION="/var/log/aws-iot-device-client/aws-iot-device-client.log"
if [ "$BUILD_CONFIG" = "y" ]; then
while [ "$CONFIGURED" != 1 ]; do
printf ${PMPT} "Specify AWS IoT endpoint to use:"
read -r ENDPOINT
printf ${PMPT} "Specify path to public PEM certificate:"
read -r CERT
printf ${PMPT} "Specify path to private key:"
read -r PRIVATE_KEY
printf ${PMPT} "Specify path to ROOT CA certificate:"
read -r ROOT_CA
printf ${PMPT} "Specify thing name:"
read -r THING_NAME
### Logging Config ###
printf ${PMPT} "Would you like to configure the logger? y/n"
CONFIGURE_LOGS=""
read -r CONFIGURE_LOGS
if [ "$CONFIGURE_LOGS" = "y" ]; then
printf ${PMPT} "Specify desired log level: DEBUG/INFO/WARN/ERROR"
read -r LOG_LEVEL
printf ${PMPT} "Specify log type: STDOUT for standard output, FILE for file"
read -r LOG_TYPE
if [ "$LOG_TYPE" = "FILE" ] || [ "$LOG_TYPE" = "file" ]; then
printf ${PMPT} "Specify path to desired log file (if no path is provided, will default to ${LOG_LOCATION}:"
read -r LOG_LOCATION_TMP
if [ "${LOG_LOCATION_TMP}" ]; then
LOG_LOCATION=${LOG_LOCATION_TMP}
else
printf ${GREEN} "Creating default log directory..."
if command -v "sudo" > /dev/null; then
sudo -n mkdir -p /var/log/aws-iot-device-client/ | true
CURRENT_USER=$(whoami)
sudo -n chown "$CURRENT_USER":"$CURRENT_USER" /var/log/aws-iot-device-client/
else
printf ${RED} "WARNING: sudo command not found"
mkdir -p /var/log/aws-iot-device-client/ | true
fi
chmod 745 /var/log/aws-iot-device-client/
fi
fi
fi
### Jobs Config ###
printf ${PMPT} "Enable Jobs feature? y/n"
JOBS_ENABLED=""
read -r ENABLE_JOBS
if [ "$ENABLE_JOBS" = "y" ]; then
JOBS_ENABLED="true"
printf ${PMPT} "Specify absolute path to Job handler directory (if no path is provided, will default to ${HANDLER_DIR}):"
read -r HANDLER_DIR_TEMP
if [ "$HANDLER_DIR_TEMP" ]; then
HANDLER_DIR=$HANDLER_DIR_TEMP
fi
else
JOBS_ENABLED="false"
fi
### ST Config ###
printf ${PMPT} "Enable Secure Tunneling feature? y/n"
ST_ENABLED=""
read -r ENABLE_ST
if [ "$ENABLE_ST" = "y" ]; then
ST_ENABLED="true"
else
ST_ENABLED="false"
fi
### DD Config ###
printf ${PMPT} "Enable Device Defender feature? y/n"
DD_ENABLED=""
read -r ENABLE_DD
if [ "$ENABLE_DD" = "y" ]; then
DD_ENABLED="true"
printf ${PMPT} "Specify an interval for Device Defender in seconds (default is 300):"
read -r INTERVAL_TEMP
if [ "$INTERVAL_TEMP" ]; then
DD_INTERVAL=$INTERVAL_TEMP
fi
else
DD_ENABLED="false"
fi
### FP Config ###
printf ${PMPT} "Enable Fleet Provisioning feature? y/n"
FP_ENABLED=""
read -r ENABLE_FP
if [ "$ENABLE_FP" = "y" ]; then
FP_ENABLED="true"
printf ${PMPT} "Specify Fleet Provisioning Template name you want to use for Provisioning your device:"
read -r TEMPLATE_NAME_TEMP
if [ "$TEMPLATE_NAME_TEMP" ]; then
FP_TEMPLATE_NAME=$TEMPLATE_NAME_TEMP
fi
printf ${PMPT} "Specify Fleet Provisioning Template parameters you want to use for Provisioning your device:"
read -r TEMPLATE_PARAMS_TEMP
if [ "$TEMPLATE_PARAMS_TEMP" ]; then
FP_TEMPLATE_PARAMS=$TEMPLATE_PARAMS_TEMP
else
FP_TEMPLATE_PARAMS="{}"
fi
printf ${PMPT} "Specify absolute path to Certificate Signing Request (CSR) file used for creating new certificate while provisioning device by keeping private key secure:"
read -r CSR_FILE_TEMP
if [ "$CSR_FILE_TEMP" ]; then
FP_CSR_FILE=$CSR_FILE_TEMP
fi
printf ${PMPT} "Specify absolute path to Device Private Key file:"
read -r DEVICE_KEY_TEMP
if [ "$DEVICE_KEY_TEMP" ]; then
FP_DEVICE_KEY=$DEVICE_KEY_TEMP
fi
else
FP_ENABLED="false"
fi
### PUBSUB Config ###
printf ${PMPT} "Enable Pub Sub sample feature? y/n"
PUBSUB_ENABLED=""
read -r ENABLE_PUBSUB
if [ "$ENABLE_PUBSUB" = "y" ]; then
PUBSUB_ENABLED="true"
printf ${PMPT} "Specify a topic for the feature to publish to:"
read -r PUB_TOPIC
printf ${PMPT} "Specify the path of a file for the feature to publish (Leaving this blank will publish 'Hello World!'):"
read -r PUB_FILE
printf ${PMPT} "Specify a topic for the feature to subscribe to:"
read -r SUB_TOPIC
printf ${PMPT} "Specify the path of a file for the feature to write to (Optional):"
read -r SUB_FILE
else
PUBSUB_ENABLED="false"
fi
CONFIG_OUTPUT="
{
\"endpoint\": \"$ENDPOINT\",
\"cert\": \"$CERT\",
\"key\": \"$PRIVATE_KEY\",
\"root-ca\": \"$ROOT_CA\",
\"thing-name\": \"$THING_NAME\",
\"logging\": {
\"level\": \"$LOG_LEVEL\",
\"type\": \"$LOG_TYPE\",
\"file\": \"$LOG_LOCATION\"
},
\"jobs\": {
\"enabled\": $JOBS_ENABLED,
\"handler-directory\": \"$HANDLER_DIR\"
},
\"tunneling\": {
\"enabled\": $ST_ENABLED
},
\"device-defender\": {
\"enabled\": $DD_ENABLED,
\"interval\": $DD_INTERVAL
},
\"fleet-provisioning\": {
\"enabled\": $FP_ENABLED,
\"template-name\": \"$FP_TEMPLATE_NAME\",
\"template-parameters\": \"$FP_TEMPLATE_PARAMS\",
\"csr-file\": \"$FP_CSR_FILE\",
\"device-key\": \"$FP_DEVICE_KEY\"
},
\"samples\": {
\"pub-sub\": {
\"enabled\": $PUBSUB_ENABLED,
\"publish-topic\": \"$PUB_TOPIC\",
\"publish-file\": \"$PUB_FILE\",
\"subscribe-topic\": \"$SUB_TOPIC\",
\"subscribe-file\": \"$SUB_FILE\"
}
}
}"
printf ${PMPT} "Does the following configuration appear correct? If yes, configuration will be written to ${CONF_OUTPUT_PATH}: y/n"
printf ${GREEN} "${CONFIG_OUTPUT}"
read -r GOOD_TO_GO
if [ "$GOOD_TO_GO" = "y" ]; then
CONFIGURED=1
mkdir -p "$OUTPUT_DIR" &>/dev/null | true
echo "$CONFIG_OUTPUT" | tee "$CONF_OUTPUT_PATH" >/dev/null
chmod 745 "$OUTPUT_DIR"
chmod 644 "$CONF_OUTPUT_PATH"
printf ${GREEN} "Configuration has been successfully written to ${CONF_OUTPUT_PATH}"
fi
tput sgr0
done
fi
printf ${PMPT} "Do you want to copy the sample job handlers to the specified handler directory (${HANDLER_DIR})? y/n"
read -r COPY_HANDLERS
if [ "$COPY_HANDLERS" = "y" ]; then
mkdir -p ${HANDLER_DIR}
chmod 700 ${HANDLER_DIR}
cp ./sample-job-handlers/* ${HANDLER_DIR}
chmod 700 ${HANDLER_DIR}/*
fi
printf ${PMPT} "Do you want to install AWS IoT Device Client as a service? y/n"
read -r INSTALL_SERVICE
if [ "$INSTALL_SERVICE" = "y" ]; then
if ! [ $(id -u) = 0 ]; then
printf ${RED} "WARNING: You may need to rerun this setup script as root ('sudo ./setup.sh') \
to successfully install the AWS IoT Device Client as a service"
fi
### Get DeviceClient Artifact Location ###
FOUND_DEVICE_CLIENT=false
DEVICE_CLIENT_ARTIFACT_DEFAULT="./build/aws-iot-device-client"
while [ "$FOUND_DEVICE_CLIENT" != true ]; do
printf ${PMPT} "Enter the complete directory path for the aws-iot-device-client. (Empty for default: ${DEVICE_CLIENT_ARTIFACT_DEFAULT})"
read -r DEVICE_CLIENT_ARTIFACT
if [ -z "$DEVICE_CLIENT_ARTIFACT" ]; then
DEVICE_CLIENT_ARTIFACT="$DEVICE_CLIENT_ARTIFACT_DEFAULT"
fi
if [ ! -f "$DEVICE_CLIENT_ARTIFACT" ]; then
printf ${RED} "File: $DEVICE_CLIENT_ARTIFACT does not exist."
else
FOUND_DEVICE_CLIENT=true
fi
done
### Get DeviceClient Service File Location ###
FOUND_SERVICE_FILE=false
SERVICE_FILE_DEFAULT="./setup/aws-iot-device-client.service"
while [ "$FOUND_SERVICE_FILE" != true ]; do
printf ${PMPT} "Enter the complete directory path for the aws-iot-device-client service file. (Empty for default: ${SERVICE_FILE_DEFAULT})"
read -r SERVICE_FILE
if [ -z "$SERVICE_FILE" ]; then
SERVICE_FILE="$SERVICE_FILE_DEFAULT"
fi
if [ ! -f "$SERVICE_FILE" ]; then
printf ${RED} "File: $SERVICE_FILE does not exist."
else
FOUND_SERVICE_FILE=true
fi
done
printf ${PMPT} "Do you want to run the AWS IoT Device Client service via Valgrind for debugging? y/n"
read -r SERVICE_DEBUG
if [ "$SERVICE_DEBUG" = "y" ]; then
LOG_FILE="/var/log/aws-iot-device-client/aws-iot-device-client-debug"
printf ${GREEN} "Valgrind output can be found at $LOG_FILE-{PID}.log. {PID} corresponds
to the current process ID of the service, and will change if the system is rebooted"
DEBUG_SCRIPT="#!/bin/sh
valgrind --log-file=\"${LOG_FILE}-\$\$.log\" /sbin/aws-iot-device-client-bin"
BINARY_DESTINATION="/sbin/aws-iot-device-client-bin"
else
BINARY_DESTINATION="/sbin/aws-iot-device-client"
fi
printf ${PMPT} "Installing AWS IoT Device Client..."
if command -v "systemctl" &>/dev/null; then
systemctl stop aws-iot-device-client.service || true
cp "$SERVICE_FILE" /etc/systemd/system/aws-iot-device-client.service
if [ "$SERVICE_DEBUG" = "y" ]; then
echo "$DEBUG_SCRIPT" | tee /sbin/aws-iot-device-client >/dev/null
else
# In case we previously ran in debug, make sure to delete the old binary
rm -f /sbin/aws-iot-device-client-bin
fi
cp "$DEVICE_CLIENT_ARTIFACT" "$BINARY_DESTINATION"
chmod 700 "$BINARY_DESTINATION"
systemctl enable aws-iot-device-client.service
systemctl start aws-iot-device-client.service
systemctl status aws-iot-device-client.service
elif command -v "service" &>/dev/null; then
service stop aws-iot-device-client.service || true
cp "$SERVICE_FILE" /etc/systemd/system/aws-iot-device-client.service
if [ "$SERVICE_DEBUG" = "y" ]; then
echo "$DEBUG_SCRIPT" | tee /sbin/aws-iot-device-client >/dev/null
else
# In case we previously ran in debug, make sure to delete the old binary
rm -f /sbin/aws-iot-device-client-bin
fi
cp "$DEVICE_CLIENT_ARTIFACT" "$BINARY_DESTINATION"
chmod 700 "$BINARY_DESTINATION"
service enable aws-iot-device-client.service
service start aws-iot-device-client.service
service status aws-iot-device-client.service
fi
printf ${PMPT} "AWS IoT Device Client is now running! Check /var/log/aws-iot-device-client/aws-iot-device-client.log for log output."
fi