EdgeAgent The X509 certificate could not be added to the store. #6005
Comments
|
Hi @harounshehata |
ancaantochi
added
the
needinfo
|
Yes for both the edgeHub and edgeAgent the Hostbindings are created. The permissions are also set according to the documentation. |
|
can you please share the binding you set for edgeagent? |
|
Yes sure these are the container create options: |
|
These are the file permissions: |
|
@asergaz yes I posted it, I think we have introduced a circular dependency now, the SO post links to this Github issue and vice versa :D |
|
Can you please run these commands and share the results:
|
|
|
|
I only have these users: |
Can you please run 2 more commands:
|
|
Result of the first command: Result of the second command: |
|
No I am not doing anything special in the createOptions, this is an almost empty deployment. |
|
In aziot-edged logs there a few errors when it starts, was this an update from a previous version? Sorry, the ps command didn't help because edgeAgent was not running, can you please run it in a loop to catch the result while edgeAgent is running. Following command restarts iotedge (to trigger an edgeAgent start) and runs ps in a loop:
please change the upper limit if necessary until the result contains 2 lines, second one should look like:
then please check what is the user id: |
|
No I did not have a previous version, this is a fresh installation of the edge-runtime. |
|
It should start at some point and quickly fail, if you can please change the loop {1..100} and sleep 1 instead of 10 |
|
|
|
The error is really misleading but I found the root cause. For some reason the runtime was creating old version of edgeAgent and edgeHub (1.1.0), I have manually specified 1.2.7 now in the deployment manifest and restarted the device and then it was almost working. |
|
@harounshehata Can you confirm that the initial issue (EdgeAgent failing) is now resolved? There's connectivity with IoT Hub? @ancaantochi do you have any idea on the |
|
Yes the issue is resolved and I can successfully connect to the IoT Hub and telemetry messages are received in the cloud. |
|
If you leave the command iotedge check is it still blocked after a few minutes? I tried to reproduce the issue with blocking public network access on 443 and I can see that after the first 6 lines it takes a while to move on, that's because it tries to connect to https://aka.ms/latest-aziot-identity-service to get the latest released version, It should timeout and continue the check, like this: √ keyd configuration is well-formed - OK |
|
Yes I can confirm that this was the case, thanks for your great help! |
Expected Behavior
Edge Agent should be able to setup correctly and connect to the IoT Hub.
Current Behavior
After the provisioning process (https://docs.microsoft.com/en-us/azure/iot-edge/how-to-provision-single-device-linux-symmetric?view=iotedge-2020-11&tabs=azure-portal#install-iot-edge), I noticed that the EdgeAgent is failing immediately.
The EdgeAgent Docker logs show:
The file in question does not exist, no directory "/home/edgeagentuser"
Running sudo iotedge check, gets stuck after:
What kind of permissions do I need so that the edgeAgent can add the certificate to the store?
Steps to Reproduce
Provide a detailed set of steps to reproduce the bug.
Context (Environment)
Public access to IoTHub is disabled and device accesses iothub through private endpoint. Connection to hostname is successfull.
Output of
iotedge checkClick here
Device Information
Runtime Versions
iotedge version]: 1.2.5docker version]: 20.10.11+azure-3Logs
aziot-edged logs
edge-agent logs
Additional Information
Please provide any additional information that may be helpful in understanding the issue.
The text was updated successfully, but these errors were encountered: