How to Install Docker on the Robotics RB3 Development Platform

Preparing the board to pull the ROS image from a container

Docker makes it easier to package an application into containers and run it in different development environments. Using a container simplifies the process of making ROS, an open-source meta-operating system for robots, available to the Robotics RB3 development platform. (Note that it is possible to install ROS without Docker, but that currently requires installing multiple dependencies.)

As described in Flashing a New, Complete Image (from Linaro) onto the Board, the image from Linaro has been successfully tested with Docker and a container for ROS. ROS does not need to be inside a Docker container, but that is currently the simplest procedure for getting ROS to work on the Robotics RB3 development platform.

Update the RB3 development board

Flash the board with the latest version of the Linaro Debian desktop image.

Set up Docker

  1. To pull images from Docker, first create a Docker account.
  2. Uninstall old versions of Docker.
    $ sudo apt-get remove docker docker-engine docker.io containerd runc
    

Install Docker using the repository

Set up the repository

  1. Update the apt package index:
      $ sudo apt-get update
    
  2. Install packages to allow HTTPS:
      $ sudo apt-get install apt-transport-https ca-certificates curl gnupg2 software-properties-common
    
  3. Add Docker's official GPG Key:
      $ curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add –
    
  4. Verify the key with fingerprint:
      $ sudo apt-key fingerprint 0EBFCD88
      pub   4096R/0EBFCD88 2017-02-22
      Key fingerprint = 9DC8 5822 9FC7 DD38 854A  E2D8 8D81 803C 0EBF CD88
      uid                  Docker Release (CE deb) [email protected]
      sub   4096R/F273FCD8 2017-02-22
    
  5. Set up the Stable repository for arm64 platform:
      $ sudo add-apt-repository "deb [arch=arm64] https://download.docker.com/linux/debian  $(lsb_release -cs) stable"
    

Install Docker Engine - Community

  $ sudo apt-get update
  $ sudo apt-get install docker-ce docker-ce-cli containerd.io

Troubleshooting iptables

Once you run the foregoing commands, you may see an error indicating failure, as in this screenshot:

Check the version of Docker:

  $ sudo docker version

The screenshot below indicates that the Docker Engine is installed, but the daemon is not running.

Launch Docker:

  $ sudo service docker start

The following error message will appear:

The problem is that the Docker installer uses iptables for network address translation (NAT). However, Debian uses a modified version of nftables. One option is to convert the entries to nftables.

Alternately, you can set Debian up to use iptables-legacy by running these commands:

  $ sudo update-alternatives --set iptables /usr/sbin/iptables-legacy
  $ sudo update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy

Restart Docker:

  $ sudo service docker start

Running ROS

Once Docker is running, pull a ROS image:

  docker pull ros


Install Java to a Docker container on the Qualcomm Robotics RB3

  1. In the Terminal, enter the following command to pull an Ubuntu image onto the Qualcomm Robotics RB3:
      $ docker pull ubuntu:16.04
    
    View the newly created image with the following command:
      $ docker image list
    
  2. Create a container for the newly created Ubuntu image and run it:
      $ docker run -it –name=Ubuntu_container1 ubuntu:16.04
    

  3. Once inside the Ubuntu container, install Java with the following commands:
      $ apt-get update && apt-get install -y openjdk-8-jdk && apt-get install -y ant && apt-get clean && rm -rf /var/lib/apt/lists/* && rm -rf /var/cache/oracle-jdk8-installer
      $ apt-get update && apt-get install -y ca-certificates-java && apt-get clean && update-ca-certificates -f && rm -rf /var/lib/apt/lists/* && rm -rf /var/cache/oracle-jdk8-installer
    
  4. Set the JAVA_HOME environment variable.
      $ export JAVA_HOME="/usr/lib/jvm/java-8-openjdk-amd64/"
    
    Ensure that java has been installed successfully
      $ java -version
    

Install AWS Greengrass to a Docker container on the Qualcomm Robotics RB3

Enable symlink and hardlink protection in Ubuntu container

  1. Make sure you have the Ubuntu 16.04 Docker image installed on the Qualcomm Robotics RB3, as described above. Start the Ubuntu Docker container using the following commands:
      $ docker container start <container_id>
      $ docker exec -it <container_id> /bin/bash
    

    start docker container on RB3

  2. Create the sysctl configuration file with the options to enable protection:
      $ sudo sh -c 'echo "fs.protected_hardlinks = 1" >> /etc/sysctl.d/local-ggc.conf' 
      $ sudo sh -c 'echo "fs.protected_symlinks = 1" >> /etc/sysctl.d/local-ggc.conf'
    
  3. Exit from the container by typing the command exit or by hitting ctrl+d. Stop the container with the command docker stop <container_id>. Then, restart the container.
  4. Once inside the Ubuntu container, you can verify protection is enabled.
      $ cat /proc/sys/fs/protected_{hardlinks,symlinks}
    
  5. Add a user for Greengrass.
      $ adduser --system ggc_user 
      $ addgroup --system ggc_group 
    
    The figure below summarizes the steps executed so far.

    Enable sym/hard link protection

  6. Install SQLite3.
      $ apt-get update
      $ apt-get install sqlite3
    
  7. Install CMake.
      $ apt-get install cmake
    

Install AWS CLI in Ubuntu container

  1. In the terminal of the Docker container, check the python installation by typing python –version . If python is not installed, enter the following command:
      $ apt-get update && apt-get install python
    
  2. Download the AWS CLI Bundled installer.
      $ curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip"
    
  3. Unzip the package.
      $ unzip awscli-bundle.zip
    
  4. Run the installer.
      $ sudo ./awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws 
    

    Install AWS CLI

Create an AWS Greengrass group and an AWS Greengrass core

The following steps assume you have an AWS account.

  1. Sign in to the AWS Management console.
  2. In the console, search for IoT Greengrass.

    Search for GG in AWS console

  3. On the AWS Greengrass page, choose Get Started and Manage your groups.

    Get started with groups

  4. On the Greengrass groups page, click on Create Group.

    Create a GG group

  5. On the "Set up your Greengrass group" page, choose Use default creation.

    Create a default GG group

  6. Type a name for your group, and then choose Next.

    Name GG group

  7. Use the default name for your AWS Greengrass core, and then choose Next.

    Name GG group

  8. Choose Create Group and Core.

    Create GG group and core

  9. Click the link to download the .tar file consisting of the private key, public key and certificate for your AWS Greengrass core.

    Download Keys and certificate

  10. Click on Choose your platform. On the next page, Download the Greengrass software package for Armv8 (AArch64) architecture and Arch Linux distribution. When the download is complete, choose Finish.

    Choose Platform- Armv8-Arch Linux

Now all the certificates and AWS Greengrass software are copied onto the Qualcomm Robotics RB3. The next step is to move them to the Ubuntu container.

Copy and extract the Greengrass software package and security resources into your Ubuntu container

  1. First, copy the downloaded files from the Qualcomm Robotics RB3 to the Ubuntu container. On the Qualcomm Robotics RB3, open a terminal window and enter the following commands:
      $ docker cp /<path-to-Downloads>/greengrass-linux-aarch64-1.10.2.tar.gz <container_id>: /<destination-dir>
      $ docker cp /<path-to-Downloads>/3e05e19e41-setup.tar.gz <container_id>:/<destination-dir>
    

    Copy Greengrass Software and resources to ubuntu container

  2. Start the Ubuntu container and confirm that the files have been copied.

    Greengrass and resources copied to ubuntu container

  3. Unzip the files.
      $ tar -zxvf greengrass-linux-aarch64-1.10.2.tar.gz -C /
      $ tar -zxvf 3e05e19e41-setup.tar.gz
    

Install AWS Greengrass certificates to your Ubuntu container on the Qualcomm Robotics RB3

  1. On the Qualcomm Robotics RB3, download the AWS IoT root CA certificate from the Verisign Class 3 Public Primary G5 root CA certificate link in the AWS IoT documentation. Or, enter the following command in the terminal:
      $ wget https://www.websecurity.digicert.com/content/dam/websitesecurity/digitalassets/desktop/pdfs/roots/VeriSign-Class%203-Public-Primary-Certification-Authority-G5.pem
    
  2. Copy the downloaded file from the Qualcomm Robotics RB3 to the Ubuntu container.
      $ docker cp /<path-to-Downloads>/VeriSign-Class\ 3-Public-Primary-Certification-Authority-G5.pem <container_id>: /<destination-dir>
    
  3. In the Ubuntu container, move the file to the /greengrass/certs directory and rename it as root-ca.pem, as shown below.

    Move root CA file

  4. In the Ubuntu container, copy the private key and certificate of the AWS Greengrass core into the /greengrass/certs directory. Use the names from the table below in copying the files.

    Rename key and certificate

  5. Copy the files to /greengrass/certs.

    Move key and certificate

Configure the Greengrass core

The following steps associate the AWS Greengrass core (Ubuntu container) with the AWS IoT thing created for it. The process uses the thing's ARN, the unique identifier assigned in the cloud to the AWS Greengrass core device when provisioned.

  1. Find the thing ARN for the AWS Greengrass core. In the AWS Greengrass console, from the navigation page, choose Groups.

    Greengrass Groups

  2. Choosing the group displays group details.

    Choose your group

  3. In the navigation pane, choose Cores and the correct AWS Greengrass core to display core details.

    Choose your core

  4. Copy the ARN of the AWS Greengrass core.

    Thing ARN

  5. On the AWS Greengrass core device (Ubuntu container), open a terminal window and type the following:
      $ vim /greengrass/config/config.json
    
  6. The contents of config.json initially resemble the following:

    default config.json

  7. Modify config.json as follows:

    updated config.json

    The following table describes the attributes used for updating config.json:

    Attributes and descriptions

  8. Start the AWS Greengrass core to connect to the cloud.
      $ cd /greengrass/ggc/core
      $ ./greengrassd start
    
    When the Greengrass daemon start successfully, the following displays:

    Start Greengrass