How to Install Docker on the Robotics RB3 Development Platform
Preparing the board to pull the ROS image from a container
Docker makes it easier to package an application into containers and run it in different development environments. Using a container simplifies the process of making ROS, an open-source meta-operating system for robots, available to the Robotics RB3 development platform. (Note that it is possible to install ROS without Docker, but that currently requires installing multiple dependencies.)
As described in Flashing a New, Complete Image (from Linaro) onto the Board, the image from Linaro has been successfully tested with Docker and a container for ROS. ROS does not need to be inside a Docker container, but that is currently the simplest procedure for getting ROS to work on the Robotics RB3 development platform.
Update the RB3 development board
Flash the board with the latest version of the Linaro Debian desktop image.
Set up Docker
- To pull images from Docker, first create a Docker account.
- Uninstall old versions of Docker.
$ sudo apt-get remove docker docker-engine docker.io containerd runc
Install Docker using the repository
Set up the repository
- Update the apt package index:
$ sudo apt-get update
- Install packages to allow HTTPS:
$ sudo apt-get install apt-transport-https ca-certificates curl gnupg2 software-properties-common
- Add Docker's official GPG Key:
$ curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add –
- Verify the key with fingerprint:
$ sudo apt-key fingerprint 0EBFCD88 pub 4096R/0EBFCD88 2017-02-22 Key fingerprint = 9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88 uid Docker Release (CE deb) docker@docker.com sub 4096R/F273FCD8 2017-02-22
- Set up the Stable repository for arm64 platform:
$ sudo add-apt-repository "deb [arch=arm64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
Install Docker Engine - Community
$ sudo apt-get update $ sudo apt-get install docker-ce docker-ce-cli containerd.io
Troubleshooting iptables
Once you run the foregoing commands, you may see an error indicating failure, as in this screenshot:
Check the version of Docker:
$ sudo docker version
The screenshot below indicates that the Docker Engine is installed, but the daemon is not running.
Launch Docker:
$ sudo service docker start
The following error message will appear:
The problem is that the Docker installer uses iptables for network address translation (NAT). However, Debian uses a modified version of nftables. One option is to convert the entries to nftables.
Alternately, you can set Debian up to use iptables-legacy by running these commands:
$ sudo update-alternatives --set iptables /usr/sbin/iptables-legacy $ sudo update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
Restart Docker:
$ sudo service docker start
Running ROS
Once Docker is running, pull a ROS image:
docker pull ros
Install Java to a Docker container on the Qualcomm Robotics RB3
- In the Terminal, enter the following command to pull an Ubuntu image onto the Qualcomm Robotics RB3:
$ docker pull ubuntu:16.04
View the newly created image with the following command:$ docker image list
- Create a container for the newly created Ubuntu image and run it:
$ docker run -it –name=Ubuntu_container1 ubuntu:16.04
- Once inside the Ubuntu container, install Java with the following commands:
$ apt-get update && apt-get install -y openjdk-8-jdk && apt-get install -y ant && apt-get clean && rm -rf /var/lib/apt/lists/* && rm -rf /var/cache/oracle-jdk8-installer $ apt-get update && apt-get install -y ca-certificates-java && apt-get clean && update-ca-certificates -f && rm -rf /var/lib/apt/lists/* && rm -rf /var/cache/oracle-jdk8-installer
- Set the
JAVA_HOME
environment variable.$ export JAVA_HOME="/usr/lib/jvm/java-8-openjdk-amd64/"
Ensure that java has been installed successfully$ java -version
Install AWS Greengrass to a Docker container on the Qualcomm Robotics RB3
Enable symlink and hardlink protection in Ubuntu container
- Make sure you have the Ubuntu 16.04 Docker image installed on the Qualcomm Robotics RB3, as described above. Start the Ubuntu Docker container using the following commands:
$ docker container start <container_id> $ docker exec -it <container_id> /bin/bash
- Create the sysctl configuration file with the options to enable protection:
$ sudo sh -c 'echo "fs.protected_hardlinks = 1" >> /etc/sysctl.d/local-ggc.conf' $ sudo sh -c 'echo "fs.protected_symlinks = 1" >> /etc/sysctl.d/local-ggc.conf'
- Exit from the container by typing the command exit or by hitting ctrl+d. Stop the container with the command
docker stop <container_id>
. Then, restart the container. - Once inside the Ubuntu container, you can verify protection is enabled.
$ cat /proc/sys/fs/protected_{hardlinks,symlinks}
- Add a user for Greengrass.
$ adduser --system ggc_user $ addgroup --system ggc_group
The figure below summarizes the steps executed so far. - Install SQLite3.
$ apt-get update $ apt-get install sqlite3
- Install CMake.
$ apt-get install cmake
Install AWS CLI in Ubuntu container
- In the terminal of the Docker container, check the python installation by typing python –version . If python is not installed, enter the following command:
$ apt-get update && apt-get install python
- Download the AWS CLI Bundled installer.
$ curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip"
- Unzip the package.
$ unzip awscli-bundle.zip
- Run the installer.
$ sudo ./awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws
Create an AWS Greengrass group and an AWS Greengrass core
The following steps assume you have an AWS account.
- Sign in to the AWS Management console.
- In the console, search for IoT Greengrass.
- On the AWS Greengrass page, choose Get Started and Manage your groups.
- On the Greengrass groups page, click on Create Group.
- On the "Set up your Greengrass group" page, choose Use default creation.
- Type a name for your group, and then choose Next.
- Use the default name for your AWS Greengrass core, and then choose Next.
- Choose Create Group and Core.
- Click the link to download the .tar file consisting of the private key, public key and certificate for your AWS Greengrass core.
- Click on Choose your platform. On the next page, Download the Greengrass software package for Armv8 (AArch64) architecture and Arch Linux distribution. When the download is complete, choose Finish.
Now all the certificates and AWS Greengrass software are copied onto the Qualcomm Robotics RB3. The next step is to move them to the Ubuntu container.
Copy and extract the Greengrass software package and security resources into your Ubuntu container
- First, copy the downloaded files from the Qualcomm Robotics RB3 to the Ubuntu container. On the Qualcomm Robotics RB3, open a terminal window and enter the following commands:
$ docker cp /<path-to-Downloads>/greengrass-linux-aarch64-1.10.2.tar.gz <container_id>: /<destination-dir> $ docker cp /<path-to-Downloads>/3e05e19e41-setup.tar.gz <container_id>:/<destination-dir>
- Start the Ubuntu container and confirm that the files have been copied.
- Unzip the files.
$ tar -zxvf greengrass-linux-aarch64-1.10.2.tar.gz -C / $ tar -zxvf 3e05e19e41-setup.tar.gz
Install AWS Greengrass certificates to your Ubuntu container on the Qualcomm Robotics RB3
- On the Qualcomm Robotics RB3, download the AWS IoT root CA certificate from the Verisign Class 3 Public Primary G5 root CA certificate link in the AWS IoT documentation. Or, enter the following command in the terminal:
$ wget https://www.websecurity.digicert.com/content/dam/websitesecurity/digitalassets/desktop/pdfs/roots/VeriSign-Class%203-Public-Primary-Certification-Authority-G5.pem
- Copy the downloaded file from the Qualcomm Robotics RB3 to the Ubuntu container.
$ docker cp /<path-to-Downloads>/VeriSign-Class\ 3-Public-Primary-Certification-Authority-G5.pem <container_id>: /<destination-dir>
- In the Ubuntu container, move the file to the
/greengrass/certs
directory and rename it asroot-ca.pem
, as shown below. - In the Ubuntu container, copy the private key and certificate of the AWS Greengrass core into the
/greengrass/certs
directory. Use the names from the table below in copying the files. - Copy the files to
/greengrass/certs
.
Configure the Greengrass core
The following steps associate the AWS Greengrass core (Ubuntu container) with the AWS IoT thing created for it. The process uses the thing's ARN, the unique identifier assigned in the cloud to the AWS Greengrass core device when provisioned.
- Find the thing ARN for the AWS Greengrass core. In the AWS Greengrass console, from the navigation page, choose Groups.
- Choosing the group displays group details.
- In the navigation pane, choose Cores and the correct AWS Greengrass core to display core details.
- Copy the ARN of the AWS Greengrass core.
- On the AWS Greengrass core device (Ubuntu container), open a terminal window and type the following:
$ vim /greengrass/config/config.json
- The contents of
config.json
initially resemble the following: - Modify
config.json
as follows:config.json
: - Start the AWS Greengrass core to connect to the cloud.
$ cd /greengrass/ggc/core $ ./greengrassd start
When the Greengrass daemon start successfully, the following displays: