TTNãããã¯ãŒã¯ãµãŒããŒãã¢ããªã±ãŒã·ã§ã³ãµãŒããŒãããã³åå ãµãŒããŒãåå¥ã«ã€ã³ã¹ããŒã«ã§ãããšéåžžã«äŸ¿å©ã§ãã çŸåšã¬ã€ãã«ã¯ãttn-lw-stackãªãŒã«ã€ã³ã¯ã³ãã€ã³ã¹ããŒã«ããæé ãããããŸããããç°ãªãç°å¢ãããµãŒããŒãé£æºããããå Žåã¯ãåãµãŒããŒãåå¥ã«ã€ã³ã¹ããŒã«ãããªãã·ã§ã³ã¯ãããŸããã
..ã
ããã¯ãæè»ãªå±éæ¹æ³ãå¯èœã«ããåªããæ©èœã§ãã 3ã€ã®ãµãŒããŒãã¹ãŠïŒNSãASãããã³JSïŒãã²ãŒããŠã§ã€ã«ã€ã³ã¹ããŒã«ããããJSãåããå¥ã®ãµãŒããŒã䜿çšããNSãšASã®ã¿ãã²ãŒããŠã§ã€ã«ä¿æããŠãè€æ°ã®ã²ãŒããŠã§ã€ã®éäžç®¡çãšãªã¢ãŒã管çãå¯èœã«ããããéžæã§ããŸãããªã³ã
..ã
çŸåšã3ã€ã®ãµãŒããŒïŒNSãASãããã³JSïŒãã¹ãŠãå«ãttn-lw-stackãã€ã³ã¹ããŒã«ããæ¹æ³ãã衚瀺ãããŠããŸããã
..ã
NSãASãJSããã¹ãŠ1ã€ã®ã€ã³ã¹ããŒã«/ããã±ãŒãžã«ãŸãšããã®ã§ã¯ãªããåå¥ã«ã€ã³ã¹ããŒã«ããæé ã確èªããããšæããŸãã
..ã
ã¹ã¿ãŒãã¬ã€ãã«è¿œå ããŠãã ããã
..ã
ä»ã®ãšãããããããã§ã«éšåçã«å®è£
ãããŠãããã©ããã¯ããããŸããããããã誰ããç§ãããå¹ççã«ãããè¡ãæ¹æ³ãç¥ã£ãŠããŸãã
..ã
ææ¡ãããããšã@zamashal
å®éãGetting Startedã¯çŸåšãåäžããã»ã¹ã¢ãããŒãã察象ãšããŠããŸãããã芧ã®ãšãããã³ã³ããŒãã³ããåå¥ã«éå§ã§ããŸãã èŠã;
$ ttn-lw-stack start --help
Start The Things Stack
Usage:
ttn-lw-stack start [is|gs|ns|as|js|console|gcs|dtc|qrg|all]... [flags]
ãããã®ãµãŒãã¹ãåãã¯ã©ã¹ã¿ãŒãšãµããããã®äžéšã§ããå Žåãã³ã³ããŒãã³ãããšã«ãµãŒãã¹ãçæããããšã¯ããã»ã©é£ãããããŸããã
ç§ã¯ä»ã®ãšãããã®åé¡ããã®æ¹æ³ã®èª¬æã«ã¹ã³ãŒãããŠããŸãã
@johanstokkingã
ttn-lw-stack start js --cluster.network-server "ns_ip_address" --cluster.application-server "as_ip_address"
ç§ãç解ã§ããªãã®ã¯ãJoin ServerãJoin_Reqãåä¿¡ããããŒãã§ãããJoin_Ansãæå®ããããããã¯ãŒã¯ãµãŒããŒã«èªåçã«éä¿¡ããã®ã§ããããã
å床ãæè¬ããŸãïŒ
@zamashalã¯å®éãJSããµãŒããŒã§ãããNSãšASãã¯ã©ã€ã¢ã³ãã§ãã ãããã£ãŠãNSããã³ASã§JSã¯ã©ã¹ã¿ãŒã¢ãã¬ã¹ãæ§æããŸãã ããã«ãããåã ã®ã³ã³ããŒãã³ãã§ãããåãã¯ã©ã¹ã¿ãŒå ã§æ©èœããŸãã ããã¯ãåãã¯ã©ã¹ã¿ãŒå ã§çžäºã«ä¿¡é Œããã³ã³ããŒãã³ãçšã«èšèšãããã¯ã©ã¹ã¿ãŒèªèšŒã䜿çšããããšã«æ³šæããŠãã ããã GSãNSãASããšããžã«ãããã€ããJSãã¯ã©ãŠãã«ãããã€ããŠããå Žåãããã¯ããããåœãŠã¯ãŸããŸããã
ãã®å ŽåãLoRaWANããã¯ãšã³ãã€ã³ã¿ãŒãã§ã€ã¹ãä»ããŠçžäºéçšæ©èœã䜿çšããå¿ èŠããããŸããããããµããŒããããŠããŸãã ããã«ãããNSã¯TLSã¯ã©ã€ã¢ã³ãèªèšŒãä»ããŠJSã«æ¥ç¶ã§ããŸãã
ããã«ã¯2ã€ã®éšåããããŸããJSã䜿çšããããã«NSãæ§æããããšãšã interop
æ§æã§JSãæ§æããããšã§ãïŒ --help
ïŒã æ®å¿µãªãããããã¯ãŸã å®å
šã«ã¯ææžåãããŠããŸããã
ããäžåºŠããããšã@johanstokking ïŒ ããªãã説æããããã«ãç§ã¯ãã®ã»ããã¢ãããæ©èœãããããšããŠããŸãã ç§ãæ··ä¹±ãããããšã1ã€ãããŸãã æäŸãããªã³ã¯ã«ã¯ã Semtech JoinServerãšã®çžäºéçšæ§ãèšå®ããæ¹æ³ã®äŸãããconfigure.yml
ãšexample/js.yml
ã®æ§æãè¿œå ããå¿
èŠããããŸããïŒ ãããããªããããã¯ã©ã®ããã«èŠããã§ããããïŒ
NSãå€éšJSïŒå¥åTTNã¹ã¿ãã¯ã®JSïŒãšé£æºããããã«æ§æããŸããããåå ãµãŒããŒã®ããŒã8886
ïŒInterop / tlsïŒã䜿çšããŠJoin_Reqãéä¿¡ãããšãæ¥ç¶ãæåŠãããŸããã JSã¯ãã®ããŒãã§ãªãã¹ã³ããŠããããã§ãã
ããããšãïŒ
@zamashalããã倧ãŸãã«è¡ãå¿ èŠã®ããããšã§ãã
ãã©ã°ãåç §ããŠãã ããïŒ
--interop.listen-tls string Address for the interop server to listen on (default ":8886")
--interop.sender-client-ca.blob.bucket string Bucket to use
--interop.sender-client-ca.blob.path string Path to use
--interop.sender-client-ca.directory string OS filesystem directory, which contains sender client CA configuration
--interop.sender-client-ca.source string Source of the sender client CA configuration (static, directory, url, blob)
--interop.sender-client-ca.url string URL, which contains sender client CA configuration
çžäºéçšæ©èœã«ã¯ãTLSã¯ã©ã€ã¢ã³ãèªèšŒã䜿çšããå°çšã®ãªã¹ããŒããããŸãã gRPCãšåããããªãã¯IPã¢ãã¬ã¹ã䜿çšããå°çšã®çžäºéçšããŒãïŒããã©ã«ãã¯8886ïŒã䜿çšã§ããŸãã
ã¯ã©ã€ã¢ã³ã蚌ææžãçºè¡ãããã©ã€ããŒãCAãå¿
èŠã§ãã ãããã¯NSã«ãã£ãŠãšããžã§äœ¿çšãããŸãã ä¿¡é Œã§ããã¯ã©ã€ã¢ã³ãCAãJoinServerã§æ§æã§ããŸããããã¯ãNetIDããšã§ãã ãã©ã€ããŒããããã¯ãŒã¯ã§ã¯ãã€ã§ãNetID 000000
ãš000001
ã䜿çšã§ããŸãããŸãã¯ãLoRaAllianceã«åå ããŠèªåã§ååŸããããšãã§ããŸãã
interop.sender-client-ca.source
ãdirectory
ã«èšå®ããããã«config.yml
ãå
¥åããŸããäŸïŒ
# Experimentation
000000: ca-000000.pem
# The Things Network Foundation
#000013: ca-000013.pem
ãã©ã€ããŒãCAã¯ca-000000.pem
ãŸãã äŸã®ããã«ãTTN NetIDã«TTNã®CAãè¿œå ããŠããããã©ã®ããã«æ©èœãããã瀺ãããšãã§ããŸãã
ããã¯ææžåãããŠãã
fqdn: 'thethings.example'
port: 8886
protocol: 'BI1.0'
tls:
root-ca: 'path/to/clientca.pem'
certificate: 'path/to/clientcert.pem'
key: 'path/to/clientkey.pem'
ããã§ã thethings.example
ã¯Join Serverã®FQDNã§ããã8886ã¯JSçžäºéçšæ©èœã§æ§æããlisten-tls
ã®ããŒãã§ãã
ãŸãã root-ca
ã¯ïŒäŸã®èª¬æãšã¯ç°ãªãïŒ_servercertificate_ã®ã«ãŒãCAã§ãã ããã¯åãCAã§ããå¯èœæ§ããããŸãã NSã«ãã£ãŠãã§ã«ä¿¡é ŒãããŠããåçšïŒãŸãã¯Let's EncryptïŒãµãŒããŒèšŒææžã䜿çšããŠããå Žåã¯ãçç¥ã§ããŸãã
ã©ã¡ããã®åŽã§ãããã°ãã°ãæå¹ã«ãããšïŒ log.level=debug
ïŒãåäœããŠããããšã確èªããããåäœããªãçç±ã远跡ããå¿
èŠããããŸãã 幞éãïŒ
ãŸãããããæ©èœãããå Žåã¯ããããææžåããããã®ãã«ãªã¯ãšã¹ããæåºããŠãã ããã ããããã¬ã€ããå¿ èŠã§ããããªãã¡ã¬ã³ã¹ããŒãžã«ãããã€ãã®æãå¿ èŠã§ãã
@johanstokking ãç§ã¯ããã«åãçµãã§ããŸãããããŠããŸãããã°ãç§ããããç解ãããããã«ç§ã¯ã¬ã€ããæŽæ°ããããã«ãã«ãªã¯ãšã¹ããããããšã確å®ã«ããŸãã ãã¹ãŠã®ããªãã®å©ãã«ååã«æè¬ããããšã¯ã§ããŸããïŒ
ãã@ johanstokking-ç§ã¯ãã¹ãŠãããªããšããŸããã£ãŠããããšãé¡ã£ãŠããŸãã é²æç¶æ³ããç¥ããããŸãã æ®å¿µãªãããç§ã¯ãããæ©èœãããããã«å€ãã®ãšã©ãŒã«åãçµãã§ããŸãããããã§ç§ãçŽé¢ããŠããææ°ã®ãšã©ãŒãå
±æããŸãã çžäºéçšæ©èœãèšå®ããããã©ã«ãã®ããŒã8886ã§åå ãµãŒããŒã«åå èŠæ±ãéä¿¡ããããã«ãããã¯ãŒã¯ãµãŒããŒãæ§æããåŸããããã¯ãŒã¯ãµãŒããŒãã°ã«æ¬¡ã®ãšã©ãŒã衚瀺ããç¶ããŸãã
error="join-request to join-server error: http post error: Post http://js-server_ip:8886: dial tcp js-server_ip:8886: connect: connection refused"
gRPCãµãŒããŒã®ããŒã1884ã«åå èŠæ±ãéä¿¡ããããã«ãããã¯ãŒã¯ãµãŒããŒãæ§æãããšã代ããã«ãããã¯ãŒã¯ãµãŒããŒãã°ã«æ¬¡ã®ãšã©ãŒã衚瀺ãããŸãã
level=error msg="uplink: processing uplink frame error" ctx_id=f046310d-e528-4dd2-9dcb-6d5c8232a799 error="join-request to join-server error: http post error: Post http://js-server_ip:1884: net/http: HTTP/1.x transport connection broken: malformed HTTP response \"\\x00\\x00\\f\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x00\\x00@\\x00\\x00\\x03\\x00\\x00\\xff\\xff\""
ttnã¹ã¿ãã¯ãã°ããã®æ¬¡ã®ãšã©ãŒãšçµã¿åããããŸãã
stack_1 | WARN grpc: Server.Serve failed to create ServerTransport: connection error: desc = "transport: http2Server.HandleStreams received bogus greeting from client: \"POST / HTTP/1.1\\r\\nHost: 1\"" namespace=grpc
ããªããä»ã®èª°ããç§ããããã®ãšã©ãŒã解決ããæ¹æ³ãç解ãããã®ãããªãšã©ãŒãåŒãèµ·ããå¯èœæ§ããããã®ãç¥ãã®ãæäŒã£ãŠãããããšãé¡ã£ãŠããŸãã
ä»åŸãšããããããé¡ãç³ãäžããŸãã
åå ãµãŒããŒã¯httpsçµç±ã§ã®ã¿å©çšã§ããŸãã
NSã¯DNSçµç±ã§js-server_ip
ã解決ã§ããªãããã§ãã
ããããšã@johanstokkingïŒ ããã§ããdocker-compose.ymlã®ãã¹ãã«ããŒã8886ããããããªãã£ãããšãããããŸããã ä»ç§ãçŽé¢ããŠããåé¡ã¯TLSãã³ãã·ã§ã€ã¯ãšã©ãŒã§ãïŒ
tls: failed to verify client's certificate: x509: certificate signed by unknown authority
äžã€ã«ã¯ããã©ã°--tls.insecure-skip-verify
ã䜿çšããŸããããããã§ã蚌ææžã®æ€èšŒãèŠæ±ããåããšã©ãŒãçºçããŸããã åé¡ã¯ãDockerã³ã³ããã®èªèšŒå±ãä¿¡é Œããå¿
èŠãããããšã ãšæããŸãã ã¹ã¿ãã¯ã«ã·ã§ã«ãéãããšããããã·ã³ã§èšŒææžãä¿¡é Œããããã«èšŒææžã/usr/local/share/ca-certificates/
ã«ã³ããŒããããšãããšã Permission denied
ãšã©ãŒãçºçããŸããã
--tls.insecure-skip-verify
ãã©ã°ã§èš±å¯ãããŠããã¯ãã§ãããå®è£
ãç°ãªãå¯èœæ§ããããŸãã ç§ã®åé¡ã¯ãDockerã³ã³ãããèªå·±çœ²å蚌ææžãä¿¡é Œãããªãã·ã§ã³ãæäŸããªãããšã§ãã ããã«æ¬ ããŠãããã®ã¯ãããŸããïŒ
ã¯ã©ã€ã¢ã³ãCAæ§æã§å®çŸ©ãããŠããSenderID
ã®CAã®1ã€ã«ãã£ãŠçœ²åãããŠããŸããïŒ
ããã¯ãJoinServerãã¯ã©ã€ã¢ã³ã蚌ææžãæ€èšŒããããã«äœ¿çšãããã®ã§ãã ã·ã¹ãã ã®ä¿¡é Œãªã©ã§ã¯ãããŸããã
ç§ã¯ããã«åŸãããšãè©Šã¿ãŸããããããã¯ãŠã§ããµã€ãã®æ瀺ãšå®å
šã«äžèŽããŠããŸããã
ç§ãæã£ãŠããã®ã¯ç§ã®config.ymlã«ãããã®ã§ãïŒ
000000: ca-000000.pem
join-servers:
- file: './example/js.yml'
join-euis:
- 'abcd000000000000/16'
次ã«ããããjs.ymlã«å ¥ããŸãã
fqdn: 'thethings.example'
port: 8886
protocol: 'BI1.0'
tls:
root-ca: 'path/to/clientca.pem'
certificate: 'path/to/clientcert.pem'
key: 'path/to/clientkey.pem'
éä¿¡åŽã¯ã©ã€ã¢ã³ãã®CAã¯ãŸã ææžåãããŠããŸããããã®åé¡ã解決ãŸãã¯çœ®ãæããäžç°ãšããŠãææžåãè¡ããŸãã ïŒããïŒ[ https://github.com/TheThingsNetwork/lorawan-stack/issues/1818#issuecomment-575534345 ]ãåç §ããŠãã ããã ããã¯ç¹å¥ãªãã¡ã€ã«ã§ããããã¡ã€ã«ãåç §ããããã®ç¬èªã®èšå®ããããŸãã
--interop.sender-client-ca.blob.bucket string Bucket to use
--interop.sender-client-ca.blob.path string Path to use
--interop.sender-client-ca.directory string OS filesystem directory, which contains sender client CA configuration
--interop.sender-client-ca.source string Source of the sender client CA configuration (static, directory, url, blob)
--interop.sender-client-ca.url string URL, which contains sender client CA configuration
ãããã£ãŠã source
ãdirectory
èšå®ããå¿
èŠãããããã®ãã©ã«ããŒã«åè¿°ã®åœ¢åŒã®æ§æãconfig.yml
ã«é
眮ããŸãã ããã¯ãçžäºéçšèšå®ãšã¯ç°ãªããã£ã¬ã¯ããªã§ãã
ããããšã@johanstokkingïŒ ç§ã¯ãããå¥ã®ãã£ã¬ã¯ããªã«ããã¹ãã ãšã¯æ°ã¥ããŠããŸããã§ãããç§ã¯ã€ãã«èšŒææžã®åé¡ãä¹ãè¶ããttn-stackãããã°ãã°ãããã®ãšã©ãŒãåŠçããŸããïŒç§ã¯æå³çã«ããŒãé ããŸãããããããã¯æ£ããã£ãã§ãïŒïŒ
stack_1 | INFO Join not accepted dev_eui=0000000000000000 error=error:pkg/redis:not_found (entity not found) join_eui=0000000000000000 method=POST namespace=joinserver/interop remote_addr=gateway_ip:49426 request_id=01E1D3PZ63CQ7VNCE5JE8SDC3J url=/
stack_1 | INFO Request handled duration=2.948762ms error=error:pkg/interop:join_req (join-request failed) error_cause=error:pkg/redis:not_found (entity not found) method=POST namespace=interop remote_addr=gateway_ip:49426 request_id=01E1D3PZ63CQ7VNCE5JE8SDC3J status=400 url=/
Gateway_ipã¯ãNSãšASãååšããå Žæã§ãããããšã«æ³šæããŠãã ããã
ããã¯ãNSãããã°ãã°ã«è¡šç€ºããããã®ã§ããããŸãã
time="2020-02-18T16:36:52-05:00" level=error msg="uplink: processing uplink frame error" ctx_id=ef20804f-13a8-4f7f-b90e-ce279c1e11ea error="join-request to join-server error: response error, code: JoinReqFailed, description: error:pkg/redis:not_found (entity not found)"
ç§ãèªãããšãã§ããããšããããšã©ãŒã¯ãdocker-composeã®redisã³ã³ããŒãã³ãã®èšå®ãã¹ã«ã€ããŠäžå¹³ãèšã£ãŠããããã§ãã æ§æãã¥ãŒããªã¢ã«ã«æ»ã£ãŠããã¹ãŠãäžèŽããŠããããšã確èªããŸããã ç§ãèªåã®æ§æã«æã£ãŠããã®ã¯ããã§ããïŒ
volumes:
- ${DEV_DATA_DIR:-.env/data}/redis:/data
ã ããç§ã¯å ã«é²ãã§ãããããã«å€æŽããŸããïŒ
volumes:
- './data/redis:/data'
次ã«ãã¹ã¿ãã¯ãå®è¡ããããšããã§ããªã次ã®ãšã©ãŒã衚瀺ããå§ããŸããã
stack_1 | error:cmd/internal/shared:initialize_identity_server (could not initialize Identity Server)
stack_1 | --- error:pkg/identityserver:db_needs_migration (the database needs to be migrated)
stack_1 | --- pq: database "ttn_lorawan" does not exist
ãã®å€æŽãå¿
èŠãã©ããã¯ããããŸãã./data/redis/
äžã«ãã¡ã€ã« `` appendonly.aof```ã1ã€ãã衚瀺ãããªããããäœããäžè¶³ããŠããããã§ãã
ãã®å€æŽãå¿ èŠãã©ããã¯ããããŸãã
./data/redis/
äžã«ãã¡ã€ã« `` appendonly.aof```ã1ã€ãã衚瀺ãããªããããäœããäžè¶³ããŠããããã§ãã
ããããå®éã«ã¯Redisã«ãšã£ãŠã¯åé¡ãããŸããã
ããã€ã¹ãJoinServerã«ç»é²ãããŠããªãããã§ãã
ããããããããããçç±ã§ãã ããŠãç§ãããã®ã¯ãã©ã°--js.join-eui-prefix
ã䜿çšããããšã ã1942幎ã®åé¡
redisããŒã¿ããŒã¹ã«æåã§è¡ãè¿œå ããŠããã€ã¹ãç»é²ã§ããŸããïŒ ãããããªãããã©ãŒãããã¯äœã§ããïŒ ããã¯ç§ããã®éä»ã®åé¡ãç¡èŠãç¶ããã®ãå©ãããããããŸããã
ä»ã®åé¡ã§ããã·ã¥ããŒãã«ã¢ã¯ã»ã¹ããããã·ã¥ããŒãã«ããã€ã¹ãç»é²ããããšãã§ããŸããã ã²ãŒããŠã§ã€ãèªèãããªãããšã«ã€ããŠäžå¹³ãèšã£ãŠãããšæãããsender unknown
ãšãããšã©ãŒã衚瀺ãããŠããŸãã ã³ã³ãœãŒã«ããã²ãŒããŠã§ã€ãè¿œå ããããšããŸããããããã§ãDisconnected
ãŸãã Gateway_ipãšserver_ipã®ã¢ãã¬ã¹ãå
¥åããããšããŸããããã©ã¡ãããŸã éãããªãããã§ãã
éä¿¡è
äžæã¯ããšã³ãããã€ã¹ã®NetIDããããã¯ãŒã¯ãµãŒããŒã®NetIDã«èšå®ãããŠããªãããšãæå³ããŠããå¯èœæ§ããããŸãã äž¡æ¹ãšã000000
èšå®ããå¿
èŠããããŸãã
ttn-lw-cli end-device set <app-id> <dev-id> --net-id=000000
䜿çšããŠCLIçµç±ã§ãšã³ãããã€ã¹ã®NetIDãèšå®ã§ããŸã
ttn-lw-cli
åäœãããããã®ã§ããã°ã€ã³ã³ãã³ãã¯ããã©ã«ãã®ãªãã·ã§ã³ã§ããå®è¡ã§ããŸãããæ§æãã¡ã€ã«ãŸãã¯èªèšŒå±ãæå®ãããšã permission denied
ãŸãã chmodãšchownãå€æŽããŠãããŒããã·ã§ã³ãåé¿ããããã€ãã®æ¹æ³ãè©ŠããŸããããåŒãç¶ãpermission denied
ãååŸããŸãã ttn-lw-cli login
ãšå
¥åããã ãã§ããã©ã«ãæ§æãå®è¡ãããšã次ã®ããã«ãªããŸãã
Post https://localhost:8885/oauth/token: x509: certificate signed by unknown authority
docker-compose upã¯æ£åžžã«å®è¡ãããŠããŸããã蚌ææžã®åé¡ããã®ä»ã®ãšã©ãŒã¯çºçããŠããŸããã ããŒããã·ã§ã³ãæåŠãããåå ãšãªãå¯èœæ§ã®ãããç§ãèŠéããŠããå¯èœæ§ã®ããã¢ã€ãã¢ã¯ãããŸããïŒ
ããããšãïŒ
ãµãŒããŒãšCLIã®æ§æãããã³æ£ç¢ºã«äœãããããšããŠããã®ããæçš¿ã§ããŸããïŒ
æåã«ã³ãã³ãsudo ttn-lw-cli login
ã§ãã°ã€ã³ããããšããŠããŸãããããããç§ã®èšå®ã§ãã
# sudo ttn-lw-cli config
--allow-unknown-hosts="false"
--application-server-enabled="true"
--application-server-grpc-address="localhost:8884"
--ca=""
--config="/etc/ttn-cli/.ttn-lw-cli.yml,/root/snap/ttn-lw-stack/149/.ttn-lw-cli.yml,/root/snap/ttn-lw-stack/149/.config/.ttn-lw-cli.yml"
--credentials-id=""
--device-claiming-server-grpc-address="localhost:8884"
--device-template-converter-grpc-address="localhost:8884"
--gateway-server-enabled="true"
--gateway-server-grpc-address="localhost:8884"
--identity-server-grpc-address="localhost:8884"
--input-format="json"
--insecure="false"
--join-server-enabled="true"
--join-server-grpc-address="localhost:8884"
--log.level="info"
--network-server-enabled="true"
--network-server-grpc-address="localhost:8884"
--oauth-server-address="https://localhost:8885/oauth"
--output-format="json"
--qr-code-generator-grpc-address="localhost:8884"
ãããã£ãŠãããã©ã«ããå®è¡ãããšã以åã«å
±æããcertificate signed by unknown authority
ãšã©ãŒãçºçããŸãã ãããã蚌ææžã®åé¡ã®ããã次ã®ãªãã·ã§ã³ãè¿œå ããããšããŸããïŒ sudo ttn-lw-cli login --ca "path/to/ca.pem"
ããããããã¯ç§ã«èš±å¯æåŠãšã©ãŒãäžããŸããã
次ã®ãªãã·ã§ã³ãè¿œå ããããšããŸããïŒ
sudo ttn-lw-cli login --ca "path/to/ca.pem"
ããã¯ããã ãããæ§æãã¡ã€ã«ãŸãã¯ç°å¢ã«é 眮ããããšãã§ããŸãã
ããããããã¯ç§ã«èš±å¯æåŠãšã©ãŒãäžããŸããã
CLIãŸãã¯ãµãŒããŒäžã§ïŒ ãã°ã¯ãããŸããïŒ
ãµãŒããŒãšã©ãŒã ãšæããŸããïŒ ãããç§ãèŠãããšãã§ãããã¹ãŠã§ãïŒ
root<strong i="6">@myserver</strong>:/etc/ttn-cli# sudo ttn-lw-cli login --ca="/etc/ttn-cli/ca.pem" --log.level="debug"
open /etc/ttn-cli/ca.pem: permission denied
ãŸãã chmod 777
æš©éãä»äžããããšããŸããããããã§ãåããšã©ãŒãçºçããŸãã
èšå®ãã¡ã€ã«ã/root/snap/ttn-lw-stack/149/.ttn-lw-cli.yml
è¿œå ããããšã§ããããããã®åé¡ãåé¿ããããšãã§ããŸããã
certificate signed by unknown authority
ãšã©ãŒãçºçããŸããã ttn-lw-cli
ããŒã«ã¯ã©ã®ããã«èšŒææžãä¿¡é ŒããŸããïŒ å®å
šãªãã°ã¯æ¬¡ã®ãšããã§ãã
root<strong i="8">@localhost</strong>:/etc/ttn-stack# sudo ttn-lw-cli login --callback=false --config="/root/snap/ttn-lw-stack/149/.ttn-lw-cli.yml" --log.level="debug" --insecure="true" --allow-unknown-hosts="true" --ca="/root/snap/ttn-lw-stack/149/ca.pem"
WARN Access token expired at 5:17PM
ERROR Please login with the login command
DEBUG ccResolverWrapper: sending update to cc: {[{localhost:1884 <nil> 0 <nil>}] <nil> <nil>}
DEBUG pickfirstBalancer: HandleSubConnStateChange: 0xc00087caa0, {CONNECTING <nil>}
DEBUG pickfirstBalancer: HandleSubConnStateChange: 0xc00087caa0, {READY <nil>}
DEBUG Finished unary call duration=2.376756ms grpc_method=AuthInfo grpc_service=ttn.lorawan.v3.EntityAccess namespace=grpc
INFO Opening your browser on https://localhost/oauth/authorize?client_id=cli&redirect_uri=code&response_type=code
WARN Could not open your browser, you'll have to go there yourself error=fork/exec /usr/bin/xdg-open: permission denied
INFO After logging in and authorizing the CLI, we'll get an access token for future commands.
INFO Please paste the authorization code and press enter
> MF2XI.JX2QFUHNVVWMEYTTRQ3S4DTGPI5VXBYJWVJQ2ZI.OG5C4HQXGMRQ4LVW7ES4IZRNH2L5OJOING2SWOW74LFLQAYDH64Q
ERROR Could not exchange OAuth access token error=Post https://localhost/oauth/token: x509: certificate signed by unknown authority
Post https://localhost/oauth/token: x509: certificate signed by unknown authority
docker-composeã§å®è¡ããttn-stack
ã«ãã£ãŠä¿¡é ŒãããŠããã®ãšåãca.pemã䜿çšããŠããŸãã
ttn-lw-cli
http URIãšhttpããŒãã䜿çšããŠããã°ã€ã³/蚌ææžã®åé¡ãåã³åé¿ããŸããã sudo ttn-lw-cli end-device set "mysensor1app" "mysensor1dev" --net-id=000000 --log.level="debug"
ãå®è¡ãããšã次ã®ããã«è¡šç€ºãããŸãã
root<strong i="8">@localhost</strong>:/etc/ttn-stack$ sudo ttn-lw-cli end-device set "mysensor1app" "mysensor1dev" --net-id=000000 --log.level="debug"
DEBUG Using access token (valid until 6:42PM)
DEBUG ccResolverWrapper: sending update to cc: {[{localhost:1884 <nil> 0 <nil>}] <nil> <nil>}
DEBUG pickfirstBalancer: HandleSubConnStateChange: 0xc000414730, {CONNECTING <nil>}
WARN grpc: addrConn.createTransport failed to connect to {localhost:1884 <nil> 0 <nil>}. Err :connection error: desc = "transport: authentication handshake failed: context deadline exceeded". Reconnecting...
DEBUG pickfirstBalancer: HandleSubConnStateChange: 0xc000414730, {TRANSIENT_FAILURE connection error: desc = "transport: authentication handshake failed: context deadline exceeded"}
DEBUG pickfirstBalancer: HandleSubConnStateChange: 0xc000414730, {CONNECTING <nil>}
WARN grpc: addrConn.createTransport failed to connect to {localhost:1884 <nil> 0 <nil>}. Err :connection error: desc = "transport: authentication handshake failed: context deadline exceeded". Reconnecting...
ãããç§ã®ttn-lw-cli
èšå®ã§ãïŒ
--allow-unknown-hosts="true"
--application-server-enabled="true"
--application-server-grpc-address="localhost:1884"
--ca="/root/snap/ttn-lw-stack/149/ca.pem"
--config="/etc/ttn-stack/.ttn-lw-cli.yml,/root/snap/ttn-lw-stack/149/.ttn-lw-cli.yml,/root/snap/ttn-lw-stack/149/.config/.ttn-lw-cli.yml"
--credentials-id=""
--device-claiming-server-grpc-address="localhost:1884"
--device-template-converter-grpc-address="localhost:1884"
--gateway-server-enabled="true"
--gateway-server-grpc-address="localhost:1884"
--identity-server-grpc-address="localhost:1884"
--input-format="json"
--insecure="true"
--join-server-enabled="true"
--join-server-grpc-address="localhost:1884"
--log.level="info"
--network-server-enabled="true"
--network-server-grpc-address="localhost:1884"
--oauth-server-address="http://localhost/oauth"
--output-format="json"
--qr-code-generator-grpc-address="localhost:1884"
ãã°ã€ã³åŸã«INFO Got OAuth access token
ã¡ãã»ãŒãžã衚瀺ãããŸããããããã¯èªèšŒãæåããããšã瀺ããŠããããã§ãããããã¯ç§ã®httpã»ããã¢ããã«é¢é£ããŠããå¯èœæ§ããããšæããŸãã
ãŸãã docker-compose
ãã°ãã次ã®ãšã©ãŒã衚瀺ãããããã«ãªããŸããã
stack_1 | DEBUG Rejected authentication client_id=mqtt_5bc528ca.ae4ea8 error=error:pkg/ttnpb:identifiers (invalid identifiers) error_cause=error:pkg/errors:validation (invalid `application_id`: value does not match regex pattern "^[a-z0-9](?:[-]?[a-z0-9]){2,}$") field=application_id name=ApplicationIdentifiersValidationError namespace=applicationserver/io/mqtt reason=value does not match regex pattern "^[a-z0-9](?:[-]?[a-z0-9]){2,}$" username=
stack_1 | WARN Failed to setup connection error=error:pkg/ttnpb:identifiers (invalid identifiers) error_cause=error:pkg/errors:validation (invalid `application_id`: value does not match regex pattern "^[a-z0-9](?:[-]?[a-z0-9]){2,}$") field=application_id name=ApplicationIdentifiersValidationError namespace=applicationserver/io/mqtt reason=value does not match regex pattern "^[a-z0-9](?:[-]?[a-z0-9]){2,}$" remote_addr=172.18.0.1:57472
ãããäœãæããŠããã®ãç解ã§ããŸããã§ããããç§ãè¿œå ããã®ãšåãããã€ã¹ãšã¢ããªã±ãŒã·ã§ã³ã«ã€ããŠäžå¹³ãèšã£ãŠããã®ã§ã¯ãªãããšæããŸãããããŸã ã»ã³ãµãŒãçµåãããŠããŸããã
certificate signed by unknown authority
ãšã©ãŒãçºçããŸãããttn-lw-cli
ããŒã«ã¯ã©ã®ããã«èšŒææžãä¿¡é ŒããŸããïŒ
ca
æž¡ããCAãã¡ã€ã«ã䜿çšããŸãã ãã®ãã¡ã€ã«ã¯ããµãŒããŒèšŒææžïŒèªå·±çœ²åã®å ŽåïŒãŸãã¯ãµãŒããŒèšŒææžã«çœ²åããCAã®ãããããæããŠããå¿
èŠããããŸãã
ãããç§ã®
ttn-lw-cli
èšå®ã§ãïŒ
ãã®æ§æã¯ãTLSã䜿çšããããªãå Žåã«é©ããŠããŸãã ãããããµãŒããŒã¯éTLSæ§æã§ããããã®ã¢ãã¬ã¹ããªãã¹ã³ããŠããŸããïŒ
ãŸãã
docker-compose
ãã°ãã次ã®ãšã©ãŒã衚瀺ãããããã«ãªããŸããã
ããã¯ãæå¹ãªã¢ããªã±ãŒã·ã§ã³IDã§ã¯ãªããŠãŒã¶ãŒåã§æ¥ç¶ããŠããMQTTã¯ã©ã€ã¢ã³ãã§ãã
ãã³ããããããšãïŒ æãcert.pem
ã®ä»£ããã«ca.pem
解ãcertificate signed by unknown authority
åé¡ãã ãã ããä»ã®æ¥ç¶ãšã©ãŒãçºçããŸãã ç§ã¯ééããªãããŒã1884
èããŠããŸãïŒ
user<strong i="10">@localhost</strong>:/etc/ttn-stack$ sudo netstat -tulpn | grep LISTEN
tcp6 0 0 :::1884 :::* LISTEN 18793/docker-proxy
ããŒã1884ã«Telnetã§æ¥ç¶ããŠttn-lw-cli
ããŒã«ãå®è¡ãããšãããŒã¿ãã±ãããééããããšãããããŸãã ãããã£ãŠããã±ããã®äº€æã確å®ã«è¡ãããŠããŸããããããã°ãã°ã«ã¯æ¬¡ã®ãšã©ãŒã衚瀺ãããŸãïŒ "transport: authentication handshake failed: context deadline exceeded". Reconnecting...
end-device set
ã³ãã³ãã«--insecure
ãã©ã°ãè¿œå ããããšã§ããã®åé¡ããããã解決ããŸããã TLSã«åé¡ãããããã§ããããšã«ããä»ã¯å¿é
ããŠããŸãã
å床ãæè¬ããŸãïŒ
ç§ã¯ãèšå®åŸããšãéç¥ããããã«è奮ããŠããŸã--root-keys.app-key.key
ã«å ããŠã --net-id
ã®ããã®ããã»ã¹ã«åå ãã end-device
æ£åžžã«å®äºããç§ã¯ç¬ç«ããäžã§ããšã³ãããã€ã¹ããããŒã¿ãååŸãå§ããŸããã¢ããªã±ãŒã·ã§ã³ã»ãµãŒããŒïŒ ç§ãçŽé¢ãããã¹ãŠã®åé¡ãéããŠããªãã®å€§ããªå©ãã«ããäžåºŠæè¬ããŸãïŒ
ããã¯çŽ æŽãããããšã§ãïŒ ããã«ã·ããªãªãææžåã§ããã°çŽ æŽããããšæããŸãã®ã§ããããçµã¿èŸŒãããšãã§ããŸãã
ã¢ãããŒã·ã§ã³ãšæåã®ãã³ã±ãŒãã§ããããšã«ãæè¬ããŸãã