Searching the knowledge base
Inhaltsverzeichnis
< Alle Themen

Installing Eclipse Kura™

Aktualisiert

Eclipse Kura™ is provided as a dep-package can be downloaded from the official Eclipse Kura™ website. (Eclipse IoT(5), 2021) Download the latest version for the Raspberry PI 2-3 platform, although we are already using the 4 model.

To install the deb-package, we require the gdebi package installation toll.

apt-get update
apt-get install gdebi-core

When the deb-package has been downloaded, it can be installed with gdebi:

gdebi kura_4.1.2_raspberry-pi-2-3_installer.deb

.

.

.

Finished. KURA has been installed to /opt/eclipse/kura and will start automatically after a reboot

The deployment is done in the folder /opt/eclipse/ kura_4.1.2_raspberry-pi-2 with a symbolic link to /opt/eclipse/kura.

Eclipse Kura™  is designed to provide a full set of services and functionalities beside its main purpose to act as an IoT edge component. So – from a network security perspective – for example it comes with a firewall-  and flooding protection configuration. It configures the wlan0 interface to act as an access point and comes with an own dhcp-server to appear is a kind of router to the ‘edge’ environment.

Eclipse Kura™ also provides a web-based, user interface for the administration and management of your IoT gateway. The Kura Gateway Administration Console enables us to monitor the gateway status, manage the network configuration, and manage the installed application and services. Access to the Kura Gateway Administration Console requires that a unit running Eclipse Kura is reachable via its Ethernet or Wi-Fi network interfaces (i.e., eth0, eth1, or wlan0). The default (out-of-the-box) network configuration for the supported platforms is as follows:

Raspberry Pi 3

eth0

  • Status: Enabled for WAN
  • Configure: DHCP (DHCP client)

wlan0

  • Status: Enabled for LAN
  • Configure: Manually (Static IP)
  • IP Address: 172.16.1.1
  • Subnet Mask: 255.255.255.0
  • Wireless Mode: Access Point
  • SSID: kura_gateway_<eth0_MAC_Address>
  • Wireless Security: WPA/WPA2
  • Passphrase: testKEYS

Connections on HTTP port 80 for these interfaces is allowed by default through the built-in firewall. The Kura Gateway Administration Console can be accessed by typing the IP address of the gateway into the browser’s URL bar. Once the URL is submitted, the user is required to log in and is then redirected to the Administration Console (e.g., 172.16.1.1/kura) shown in the screen capture below. The default login name and password is admin/admin. (Eclipse IoT(6), 2021)

Some of these out-of-the box configurations are something we don’t want to run on our Natrix Gateway.

First of all, we don’t want the Natrix Gateway to appear as a router with wlan0 configured as an access point. Furthermore, hardening the system is a complete and separate value proposition of the Natrix Gateway, so we do this on our own and don’t let it Kura done.

Consequently, there are a couple of configurations which we need to adapt after the installation.

Configuring DHCP service

Kura disables IPV6 but we require IPV6 on the Natrix Gateway. To revise what the Kura installation script did in terms of disabling IPV6 we need to go into the /etc/sysctl file and comment out (‘#’) all entries which have been added at the end of the file

nano /etc/sysctl.conf

#net.ipv6.conf.all.disable_ipv6 = 1      #ERRATA UPDATE (14-12-2016): SECURITY (IPV6)
#net.ipv6.conf.default.disable_ipv6 = 1
#net.ipv6.conf.lo.disable_ipv6 = 1
#net.ipv6.conf.eth0.disable_ipv6 = 1
#net.ipv6.conf.eth1.disable_ipv6 = 1
#net.ipv6.conf.wlan0.disable_ipv6 = 1
#net.ipv6.conf.wlan1.disable_ipv6 = 1

Network interface settings

Kura overwrites the current network interface configuration which is stored in the file /etc/network/interfaces. We need to open the file and need to bring back to the status which we already described in the chapter CONFIGURING NETWORK INTERFACES.

 

Wifi AccessPoint settings (optional)

If we would decide to run the Natrix gateway wlan0 interface as an access point, and not as a typical WiFi client as we intend to do, then the file /etc/hostapd-wlan0.conf  must be configured accordingly.

Logging settings

For the sake to have all Eclipse Kura™ related log-files in one folder, we change the logging properties settings in the /opt/eclipse/kura/log4j/log4j.xml file.

Firstly, we adapt the log_dir parameter:

nano /opt/eclipse/kura/user/log4j.xml

-->
<Configuration status="warn" strict="true" name="KuraConfig" monitorInterval="30">

    <Properties>
        <Property name="filename">/var/log/kura/kura</Property>
    </Properties>
    <Filter type="ThresholdFilter" level="trace"/>
 
    <Appenders>
        <RollingFile name="RollingFile" fileName="${filename}.log" filePattern="${filename}-%d{MM-dd-yy-HH-mm-ss}-%i.log.gz">
            <PatternLayout>
                <Pattern>%d{ISO8601} [%t] %-5p %c{1.} - %m%n%throwable{full}</Pattern>
            </PatternLayout>
            <Policies>
                <SizeBasedTriggeringPolicy size="20 MB"/>
            </Policies>
            <DefaultRolloverStrategy max="10"/>
        </RollingFile>
    </Appenders>
 
    <Loggers>
        <Logger name="org.eclipse" level="info" additivity="false">
            <AppenderRef ref="RollingFile"/>
        </Logger>
 
        <Root level="info">
            <AppenderRef ref="RollingFile"/>
        </Root>
  </Loggers>
 
</Configuration>

In order to make the new log-directory working, we need to add manually the /var/log/kura directory:

mkdir /var/log/kura

Service startup settings

After the installation of the deb package we will find a service ‘kura’ in the system. This according to the configuration of the service it utilizes on of the shell scripts located /opt/eclipse/kura/bin directory. By default, the ‘kura’ service executes the start_kura_background.sh script.  We need to adjust some JVM parameters in the script for a proper start of the ‘kura’ service. For example, we are adjusting the log-path, where we add a subfolder /kura to the /var/log directory to have all kura and later also project related log files together in one place. Furthermore, we need to adapt some settings on modules and libraries and parametrize the GC Logfile rotation.

We shall assure that the Eclipse Kura™ OSGI framework starts with the Oracle JDK. We have the ability to adapt this in the nohup attribute of the startup parameters (e.g. nohup /usr/java/jdk1.8.0_241/bin/java -Xms512m -Xmx512m \), but this could cause an issue when we update the Oracle JDK and expect Eclipse Kura™ to run with it. Much saver it is to set the Oracle JDK as standard JVM with the update-alternatives –config java command and leave java in the nohup attribute parameter. Eclipse Kura™ is looking for the standard JVM to start with.

 All changes are marked in bold:

nano /opt/eclipse/kura/bin/ start_kura_background.sh
.
.
if [ -z "$KURA_RUNNING" ] ; then
  nohup /usr/java/jdk1.8.0_241/bin/java -Xms512m -Xmx512m \
        -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/log/kura-heapdump.hprof \
        -XX:ErrorFile=/var/log/kura/kura-error.log \
        -XX:+IgnoreUnrecognizedVMOptions \
        --add-modules=ALL-SYSTEM \
        -Dkura.os.version=raspbian \
        -Dkura.arch=armv7_hf \
        -Djava.library.path=/usr/lib/jni \
        -Dtarget.device=raspberry-pi-2 \
        -Declipse.ignoreApp=true \
        -Dkura.home=${DIR} \
        -Dkura.configuration=file:${DIR}/framework/kura.properties \
        -Dkura.custom.configuration=file:${DIR}/user/kura_custom.properties \
        -Ddpa.configuration=${DIR}/data/dpa.properties \
        -Dlog4j.configurationFile=file:${DIR}/user/log4j.xml \
        -Djava.security.policy=${DIR}/framework/jdk.dio.policy \
        -Djdk.dio.registry=${DIR}/framework/jdk.dio.properties \
        -Djdk.tls.trustNameService=true \
        -Dosgi.console=5002 \
        -Declipse.consoleLog=true >> /var/log/kura/kura-console.log 2>> /var/log/kura/kura-console.log \
        -jar ${DIR}/plugins/org.eclipse.equinox.launcher_1.4.0.v20161219-1356.jar \
        -configuration /tmp/.kura/configuration &

    #Save the PID
    KURA_PID=$!
    echo "Kura Started (pid="$KURA_PID") ..." >> /var/log/kura/kura-console.log
    echo $KURA_PID > /var/run/kura.pid
else
    echo "Failed to start Kura. It is already running ..." >> /var/log/kura/kura-console.log
fi
.
.
.

Eclipse Kura™ Network settings

As we explained already in a previous chapter, Eclipse Kura™ comes with a couple of network interface and iptables settings. This is a very smart approach and frees Administrators of the work to do all settings manually on their Gateway. However, we want to have our own control over those settings. For example, we don’t want any DHCP server running on our Gateway, it is simply not needed. Same for the firewall settings via iptables. Cybersecurity is something which we take  very seriously. Hence we spend a separate chapter on how to harden the Natrix Gateway, where iptables settings is a part of.

Another thing which we need to change is to configure our WiFi module as Access point.

Ideally, we are doing this in the Eclipse Kura™ Administration pages. In case we implemented all configuration changes which have been discussed in the previous subchapters of the Eclipse Kura™ installation chapter, we can launch the Kura-framework the first time:

service kura start

Launch the Eclipse Kura™ Administration pages via http://[ip-address-of our-gateway]:80. The default login credentials are

User:     admin

Password: admin

Once you logged in, navigate to the [Network]->[wlan0] section and here to the [TCP/IP] tab. Set the status of the interface to ‘Enable for WAN’. You will be confronted with a Warning message which we can ignore by simply closing the pop-upped window.

In the [Wireless] tab we are able to define the SSID and password of the wireless network we would like our Natrix Gateway get connected to.

Be sure that the mode we want our wlan0 interface to operate in is set to ‘Station Mode’, which means it acts a s a simply WiFi client, and not as Access point which is the default configuration of the framework after installation.

For the eth0 interface we go for the ‘Enabled for LAN’ status.

All settings made via the Admin-console are saved here: /opt/eclipse/kura/user/kuranet.conf file:

nano /opt/eclipse/kura/user/kuranet.conf 
.
#Tue Oct 05 10:05:04 CEST 2021
net.interface.eth0.config.nat.enabled=false
net.interface.eth0.config.dhcpServer4.passDns=false
net.interface.wlan0.config.dhcpServer4.enabled=false
net.interface.wlan0.config.nat.dst.interface=unknown
net.interface.eth0.config.nat.dst.interface=unknown
net.interface.wlan0.config.nat.enabled=false
net.interface.eth0.config.ip4.status=netIPv4StatusEnabledLAN
net.interface.wlan0.config.wifi.mode=INFRA
net.interface.wlan0.config.wifi.infra.ignoreSSID=false
net.interface.wlan0.config.nat.masquerade=true
net.interface.wlan0.config.wifi.infra.driver=nl80211
net.interface.eth0.config.dhcpServer4.enabled=false
net.interface.wlan0.config.dhcpServer4.passDns=false
net.interface.wlan0.config.wifi.infra.pingAccessPoint=false
net.interface.lo.config.ip4.status=netIPv4StatusEnabledLAN
net.interface.wlan0.config.ip4.status=netIPv4StatusEnabledWAN

Another area where Eclipse Kura™ actively modifies network settings is on the interfaces as such. We modify the /opt/eclipse/kura/.data/interfaces file according to the example below:

nano /opt/eclipse/kura/.data/interfaces 
# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)
 
# The loopback interface
auto lo
iface lo inet static
	address 127.0.0.1
	netmask 255.0.0.0

# Wired or wireless interfaces
auto eth0
iface eth0 inet dhcp
iface eth0 inet6 auto

auto wlan0
iface wlan0 inet dhcp
iface wlan0 inet6 auto

Now you can reboot the Natrix Gateway. After the device has powered up again, you can reach the admin console via both network interfaces, which was our aim.