iotedged can't work with systemd < 227

[imZack]

systemd introduced sd_listen_fds_with_names since version 227 and Debian 8 use systemd 215 which won't pass env LISTEN_FDNAMES to iotedged.

Here is a workaround for me now, by adding Environment=LISTEN_FDNAMES=iotedge.mgmt.socket:iotedge.socket manually in /etc/systemd/system/multi-user.target.wants/iotedge.service

The entire file:

[Unit]
Description=Azure IoT Edge daemon
After=network-online.target iotedge.socket iotedge.mgmt.socket
Requires=network-online.target iotedge.socket iotedge.mgmt.socket
Documentation=man:iotedged(8)

[Service]
ExecStart=/usr/bin/iotedged -c /etc/iotedge/config.yaml
Environment=LISTEN_FDNAMES=iotedge.mgmt.socket:iotedge.socket
KillMode=process
TimeoutStartSec=600
TimeoutStopSec=40
Restart=on-failure
User=iotedge
Group=iotedge

[Install]
WantedBy=multi-user.target
Also=iotedge.socket iotedge.mgmt.socket

Do iotedged really need to use LISTEN_FDNAMES? Or maybe add a fallback mechanism would be great.

[myagley]

Hi. We are aware of this issue. It is one of the main reasons we don't officially support Debian 8. We would like to not be dependent on LISTEN_FDNAMES. However, there are a couple of things we need to address to make that work.

Currently, we have two listening sockets, which have different permissions. Socket unit files support multiple Listen stanzas but do not support setting different permissions for these stanzas. This is why there are two socket units. We need to make some updates to allow for the same permissions across the sockets so that we can eliminate the iotedge.mgmt.socket unit.

As a note, you can set the listen addresses to fd://0 and fd://1. This won't attempt to read the LISTEN_FDNAMES env var and uses only LISTEN_FDS. However, systemd does not pass the file descriptors in a deterministic fashion when split between two units. If we can eliminate the second socket unit, we can then use this approach.

As a workaround, you can skip using the systemd socket activation altogether, and specify connect and listen addresses in the config file to a different directory (using the unix scheme). This directory needs to be writable by the iotedge user, as we need to unlink when binding.

[roicostas]

However, iotedge daemon does not set the correct permissions to the sockets files, so edgeHub for example cannot write to workload socket as its user is not root:

ls -la /var/run/iotedge/

total 0
drwxr-xr-x. 2 iotedge iotedge 80 jul 19 10:30 .
drwxr-xr-x. 32 root root 1020 jul 19 08:23 ..
srwxr-xr-x. 1 iotedge iotedge 0 jul 19 10:30 mgmt.sock
srwxr-xr-x. 1 iotedge iotedge 0 jul 19 10:30 workload.sock

Config:
listen:
management_uri: "unix:///var/run/iotedge/mgmt.sock"
workload_uri: "unix:///var/run/iotedge/workload.sock"

connect:
management_uri: "unix:///var/run/iotedge/mgmt.sock"
workload_uri: "unix:///var/run/iotedge/workload.sock"

This happens on rhel7.5

[myagley]

This was addressed here and will be available in the next release: #113

I'm going to close this for now. As we add more platforms, we will verify that they work with the systemd version for the distribution. Thanks.