Closed patrikSohlman closed 2 years ago
Hi @patrikSohlman,
check the SSL certificates: openssl s_client -connect 192.168.1.90:5671 -showcerts should return "depth=0 CN = 192.168.1.90"
CONNECTED(00000005)
depth=3 CN = Root xxxxx
verify return:1
depth=2 CN = Intermediate xxxxx
verify return:1
depth=1 CN = xxxxxx.ca
verify return:1
depth=0 CN = 192.168.1.90
verify return:1
I have done this tutorial https://docs.microsoft.com/en-us/azure/iot-edge/tutorial-nested-iot-edge?view=iotedge-2020-11 and everything works fine. In this tutorial, they add the /var/secrets/aziot/certs/red-iot-cert-test.root.ca.cert.pem certificate to the certificate store of the OS.
Hi @shaeussler
I've looked at that tutorial, I did though get stuck with generating the certs on Cloud shell and decided to generate it locally. I have added the root cert to the certificate store as seen with: (I've also run sudo update-ca-certificates
)
root@iot-gate-imx8:~# ls /usr/local/share/ca-certificates/
red-iot-cert-test.root.ca.cert.pem.crt
Checking the SSL certificates:
CONNECTED(00000003)
Can't use SSL_get_servername
depth=3 CN = Azure_IoT_Hub_CA_Cert_Test_Only
verify return:1
depth=2 CN = Azure_IoT_Hub_Intermediate_Cert_Test_Only
verify return:1
depth=1 CN = layer3.ca
verify return:1
depth=0 CN = 192.168.1.90
verify return:1
Hey @patrikSohlman, although it is hard to say for sure, it seems to me that this is connectivity problem b/w layers. The error from the service log and iotedge check made me believe that:
Jul 08 13:55:30 iot-gate-imx8 aziot-edged[11149]: 2021-07-08T13:55:30Z [WARN] - The daemon could not start up successfully: Could not retrieve device information
Jul 08 13:55:30 iot-gate-imx8 aziot-edged[11149]: 2021-07-08T13:55:30Z [WARN] - caused by: HTTP request error
Jul 08 13:55:30 iot-gate-imx8 aziot-edged[11149]: 2021-07-08T13:55:30Z [WARN] - caused by: connection error: Connection reset by peer (os error 104)
× container on the default network can connect to upstream HTTPS / WebSockets port - Error
Container on the default network could not connect to 192.168.1.90:443
× container on the IoT Edge module network can connect to upstream HTTPS / WebSockets port - Error
Container on the azure-iot-edge network could not connect to 192.168.1.90:443
Things to double check (from the docs):
Also, in your config toml and deployment files on child device, I would change from 192.168.1.90:443/azureiotedge-agent:1.2
to $upstream:443/azureiotedge-agent:1.2
everywhere.
Hope this helps.
Hej @vadim-kovalyov, I agree with you that this seems to be the case. I ran a nmap
to see if I could find anything strange. From what I gather it looks like the AMQP and MQTT port is closed, although ìotedge check
states that communcation is working fine across those protocols so I'm not sure if that is what is causing the issue:
root@iot-gate-imx8:~# nmap -sT 192.168.1.90
Starting Nmap 7.70 ( https://nmap.org ) at 2021-07-12 14:54 UTC
Nmap scan report for IMX8-layer3.lan (192.168.1.90)
Host is up (0.0013s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
443/tcp open https
5000/tcp open upnp
And to add to that, is the section of connectivity checks in ìotedge check
just referencing communication in terms of messages to the edgeHub or is it all communication? I am asking just due to the fact that the check √ Agent image is valid and can be pulled from upstream - OK
is passing, and that should then be looking at port 443. And the guide states that port 443 should be removed as a createOption
for the edgeHub, and instead added as the port that the IoTEdgeAPIProxy
listens to.
After the service has been running through the weekend the logs of the child device now reports:
Jul 12 14:57:15 iot-gate-imx8 aziot-edged[749]: 2021-07-12T14:57:15Z [INFO] - Checking edge runtime status
Jul 12 14:57:15 iot-gate-imx8 aziot-edged[749]: 2021-07-12T14:57:15Z [INFO] - Creating and starting edge runtime module edgeAgent
Jul 12 14:57:15 iot-gate-imx8 aziot-identityd[759]: 2021-07-12T14:57:15Z [INFO] - <-- PUT /identities/modules/$edgeAgent?api-version=2020-09-01&type=aziot {"content-type": "application/json", "host": "2f72756e2f617a696f742f6964656e74697479642e736f636b:0", "content-length": "40"}
Jul 12 14:57:15 iot-gate-imx8 aziot-keyd[764]: 2021-07-12T14:57:15Z [INFO] - <-- GET /key/device-id?api-version=2020-09-01 {"host": "keyd.sock"}
Jul 12 14:57:15 iot-gate-imx8 aziot-keyd[764]: 2021-07-12T14:57:15Z [INFO] - --> 200 {"content-type": "application/json"}
Jul 12 14:57:15 iot-gate-imx8 aziot-keyd[764]: 2021-07-12T14:57:15Z [INFO] - <-- POST /sign?api-version=2020-09-01 {"content-type": "application/json", "host": "keyd.sock", "content-length": "398"}
Jul 12 14:57:15 iot-gate-imx8 aziot-keyd[764]: 2021-07-12T14:57:15Z [INFO] - --> 200 {"content-type": "application/json"}
Jul 12 14:57:15 iot-gate-imx8 aziot-identityd[759]: 2021-07-12T14:57:15Z [INFO] - !!! Hub client error
Jul 12 14:57:15 iot-gate-imx8 aziot-identityd[759]: 2021-07-12T14:57:15Z [INFO] - !!! caused by: expected value at line 1 column 1
Jul 12 14:57:15 iot-gate-imx8 aziot-identityd[759]: 2021-07-12T14:57:15Z [INFO] - --> 404 {"content-type": "application/json"}
Jul 12 14:57:15 iot-gate-imx8 aziot-edged[749]: 2021-07-12T14:57:15Z [WARN] - Error in watchdog when checking for edge runtime status:
Jul 12 14:57:15 iot-gate-imx8 aziot-edged[749]: 2021-07-12T14:57:15Z [WARN] - A module runtime error occurred.
Jul 12 14:57:15 iot-gate-imx8 aziot-edged[749]: 2021-07-12T14:57:15Z [WARN] - caused by: HTTP response error: [404 Not Found] {"message":"Hub client error\ncaused by: expected value at line 1 column 1"}
In terms of the config and deployment files I read from the guide that I can not use $upstream/azureiotedge-agent:1.2
in the config.toml as the edgeHub needs to run for that routing to work, therefor I need to hardcode it the first time it pulls the agent as stated here.
The deployment.json for the child is referencing the parent with $upstream
for when the agent is actually deployed the first time:
{
"modulesContent": {
"$edgeAgent": {
"properties.desired": {
"modules": {},
"runtime": {
"settings": {
"minDockerVersion": "v1.25"
},
"type": "docker"
},
"schemaVersion": "1.1",
"systemModules": {
"edgeAgent": {
"settings": {
"image": "$upstream:443/azureiotedge-agent:1.2",
"createOptions": ""
},
"type": "docker"
},
"edgeHub": {
"settings": {
"image": "$upstream:443/azureiotedge-hub:1.1",
"createOptions": "{\"HostConfig\":{\"PortBindings\":{\"5671/tcp\":[{\"HostPort\":\"5671\"}],\"8883/tcp\":[{\"HostPort\":\"8883\"}]}}}"
},
"type": "docker",
"status": "running",
"restartPolicy": "always"
}
}
}
},
"$edgeHub": {
"properties.desired": {
"routes": {
"route": "FROM /messages/* INTO $upstream"
},
"schemaVersion": "1.1",
"storeAndForwardConfiguration": {
"timeToLiveSecs": 7200
}
}
}
}
}
@patrikSohlman, sorry for late reply. Do you still have connectivity issues?
About nmap, I think it does not include ports in question by default, you need to specify them in params. And you're right about $upstream
, sorry for confusion.
I'll close this for now. Please reopen or create a new issue if you have further questions.
Hi @vadim-kovalyov, I missed your last update, sorry for that. I am still having issues, and I can´t really figure out what the next step should be. I know I had similar issues when trying this when nested IoT Edge was in preview. If I remember correctly, the fix back then was creating certificates with the hostname as CN and then adding that entry to both edgeHub
and edgeAgent
/etc/hosts files as well as well as the hosts /etc/hosts. I do not really like that solution as that would require me to add that at each deployment. Adding to that, the guide linked to creating certs is explicitly stating that the certs should not be named the same as the hostname: "The name passed to the create_edge_device_ca_certificate command should not be the same as the hostname parameter in the config file, or the device's ID in IoT Hub.".
I can of course try whatever you would like me to, I just need to be pointed towards the solution you think is feasible and most in line with a proper production setup (Fully aware of the fact that I need to use proper certificates for the production scenario, and not just test certs).
And please reopen if you can, I think there is value in keeping this discussion in the same issue.
Hello Patrik,
Looking back at the conversation I see an error when you try to connect using open ssl:
"can't use SSL_GetServername"
This will be an issue for CN checks.
I also your connected status is (3) instead of (5).
Could you try again the command:openssl s_client -connect 192.168.1.90:5671 -showcerts
You should see at the bottom:
Can you give me the full log?
Thank you!
Yeah not a problem.
root@iot-gate-imx8:~# openssl s_client -connect 192.168.1.90:5671 -showcerts
CONNECTED(00000003)
Can't use SSL_get_servername
depth=3 CN = Azure_IoT_Hub_CA_Cert_Test_Only
verify return:1
depth=2 CN = Azure_IoT_Hub_Intermediate_Cert_Test_Only
verify return:1
depth=1 CN = layer3.ca
verify return:1
depth=0 CN = 192.168.1.90
verify return:1
---
Certificate chain
0 s:CN = 192.168.1.90
i:CN = layer3.ca
-----BEGIN CERTIFICATE-----
MIID1zCCAb+gAwIBAgIBADANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAlsYXll
cjMuY2EwHhcNMjEwNzE0MTMyNjE1WhcNMjEwODEzMTMyNjE1WjAXMRUwEwYDVQQD
DAwxOTIuMTY4LjEuOTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDh
zYTC+K6XOVdEOeqpZtLSBH4yHEXpn74fCNxS8uHfxdzcjW5YH+bviSzcxszcq893
xOxn4NX/nk5xTwSXzH7CDLNVFok05/honQvAUmnhwXjWAK71ganjX628IfUwtCK8
7GsRgYe8CNwzZ6Xcc6yOqEgQa99lQKoyt8mr3JsMIOzZfi/3yaADMfcXvOO3bmAV
+XEMgw1vhtY8jKvynF8pHkhItyrGGjcsmVJodbCJpXGrqeP6BvBrekHkRsn+qybc
Z8k+PUMmh/FV+ZdK3JuaagHHNg0KQ5RNBlLxRNt1MT8/yFk7OpPxiVXqdzP7ZXW7
mFCCWkPQCWSbHRUHtLaTAgMBAAGjMTAvMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBgG
A1UdEQQRMA+CB2VkZ2VodWKHBMCoAVowDQYJKoZIhvcNAQELBQADggIBAF8BOsf8
6w4fOFVTO24IaM2fkEsYu28KXJ7XLAFdPAYuSZ8TlzDf3NNy4rNdt0YNa/696YxX
/Ef6prj8eS4FkGZAePj39nZizs5G8EdHubHwFB00FoTRnrOK4OMpgbxceBWR+Igy
B2MOwFvCNFU4clGx2ccltkInTa/Bws9K4tcfhrKQAGHzc1iR5jAhtz29SjB9LhGt
dl7kIUUIN66X+hPH86NRoTk2aDl4AZcFj2Ovp/rIndszoUR9YFyGXn4lbLDcAyjd
N70xDPgEoNayxazfuunxiwqqoBMAxF38QHPbgpkUBL41/o0MAtHhmWujbw11HPFX
2w/mAD/fapgnpgEqxqMD5UeSmi0m9NHPfs068uQO8m4Ud88Mcdq3Jv48zdhv/g93
8m4QF3bs53bLgd/UaxLkD9jnl4JAcMdvByXUKMsebZu5rvkORgquP2TKEtlgVo4Y
yOi1C0qnkrJEPFG/RYnrTpRyIIt2xO6+Jv3gs0618FZFL2Jp8J1TIw1kRMELzqrx
DPms9r1D+fisS09np6Be5HVhrpJ50l8lJkxsNHYlOoGAKj3ELO5hUe6ig3Cg8O7s
MJOqo/aTs1ApRJ5nW55aRbol2TGuDMvVyP7IfEPL/9O8UjdoqoTjZt7+/Vc2WD1y
dpCbnash+pVsfZsuefbCfrjmD+a6BDmZTuVc
-----END CERTIFICATE-----
1 s:CN = layer3.ca
i:CN = Azure_IoT_Hub_Intermediate_Cert_Test_Only
-----BEGIN CERTIFICATE-----
MIIFXTCCA0WgAwIBAgICEAYwDQYJKoZIhvcNAQELBQAwNDEyMDAGA1UEAwwpQXp1
cmVfSW9UX0h1Yl9JbnRlcm1lZGlhdGVfQ2VydF9UZXN0X09ubHkwHhcNMjEwNzA4
MTI0OTA0WhcNMjMwNjA4MTI0OTA0WjAUMRIwEAYDVQQDDAlsYXllcjMuY2EwggIi
MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDdj7g6CXkqMGlhu+1nNvQfa6cc
CDrSpUJ/RRS3hsMF9ao+mhIPSZYTMnHy+wg28+dsfXxgJCoFdrlhEclMPaXFjBW8
vXZcc4DSnHmNTifNzbYHp0HiEnSXcMzj+3/lG4W7yTeDv4tcmZS8RtRIlyKDSA5u
QATzFVMG/CpHEN+exwKoMA1ZqKhv0VdBDDbmJJqdcGzoOSzSuBEDAvO114p/Cgr0
OTbVr/9unhlU3sGWyxR8KDbyN7OtUpZSEnU1JOgmhN1sdHtNWnKqGJyHDzasyWue
7XQW8A/LJuyxliq+BWt5S5X/Z+QlrvKMSQJ1uYhElKIEG8wabWROKqs1GAz6D/CV
cdGqY9iE0Dj2f3RJNE4qdD4jKkdjXJP1nVPvAjhGXm7ExmTz53ZKNoD0+kOxxaub
lEobqVrrPtkGFnlTjC0nCVzZ9uZaOf3tQROwAjCZ2oZcqhxoX2NHep4dGwxEGUl6
DnykIK8KbZzx8Kx47IFSTSqxB2w+vGgMke7jQkcqwzyRjU78LY8gOIk2k6j2Vvuk
8C+BM96sJPmcWFfemvoD+x9vxXv1QZRzuV6cHkgRy6enpLFZma0/hK64wdlHvNPW
FXvSRIbLQt5Ky3cD9oSCIHIT2WZX3QxuV4zxgCjU1yHL6QDNXzjxKm9TGwxZb3Gi
zXCvVVf6IgGxN51j0QIDAQABo4GYMIGVMB0GA1UdDgQWBBStxBKEzHQUjnrHcUOc
+WVlZI+z3zBTBgNVHSMETDBKgBQQ7PT6K2MVBuYD1NlwR1R1KiQg66EupCwwKjEo
MCYGA1UEAwwfQXp1cmVfSW9UX0h1Yl9DQV9DZXJ0X1Rlc3RfT25seYICEAAwDwYD
VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIB
AFkiCGKPQ/SQwRo1e3hL0iFU4OZiRLKu0pm/9off6/1DNs8N7VbQ7iIyJx+mpWzA
S/I5F3bjPpOv5oRrDTOOgBzmiToJ31cBSx2T6XT1a5o/3OOBR/YiwC2mo7R1A4Z3
UXyMJPPJJQpeCVRW9EZq+iJHIOVuj5+o4ffwIdBD9nWKO+jlC5XRhSXkeIVgTG6m
r4VM8WvLRrpTeyHRh7z4wBqwNcKctU4xPsDQiSJSg45zaQCdgn9IRWdIyoh5qVB3
XwAfwUZ+jbktNC4AQbjr7MkpVSrtbCilxLmCdACQAHfLQb9z8BOzqCp66QCKXz8j
3Fke0kdV7k1L3rt14yKttdqM2q5mTxt5sv/2fq7HuiyFQKqBbz8WklSKH745KN6I
fSjPjCsRsur9fKPLNFuKW1CIuDMQMLSFM6OrgcRI9audXqNOeAyMhrl/EaVhMXOb
jniOnz1Jdzfs4Cv7S5OOrFbvzKBJArwbdiUSY4kAa7Pw8BLkz6FbdBwsWHbUy2yI
JCWbDgMTprBPwufIszizG2r58yQuEASuZd9i3qzfTeFrkfJv+P4mxO8p/uO/6Jbc
aXM0tCJ58xq4eG8WetIILFOfnFljDegwgKurlmiBNL9LQSGW3mSmHXkhQJREa+8L
EKAWWNpPS6QOUXh4NfDINAwRUUttiwGDJhlNxkxtI8x+
-----END CERTIFICATE-----
2 s:CN = Azure_IoT_Hub_Intermediate_Cert_Test_Only
i:CN = Azure_IoT_Hub_CA_Cert_Test_Only
-----BEGIN CERTIFICATE-----
MIIFhTCCA22gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwKjEoMCYGA1UEAwwfQXp1
cmVfSW9UX0h1Yl9DQV9DZXJ0X1Rlc3RfT25seTAeFw0yMTA2MjgxMTU2NTJaFw0y
MzA1MjkxMTU2NTJaMDQxMjAwBgNVBAMMKUF6dXJlX0lvVF9IdWJfSW50ZXJtZWRp
YXRlX0NlcnRfVGVzdF9Pbmx5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
AgEAwS+oR6V7zLIBwnnsJKv9iifvKt6AdVSqoK54zy2gn7x1QBlitfXnfumir+qf
LtCJhObsrMM0GgHetVturgvASLU7l2+qlzYmykkZkjZ/OV4CL0wzdsWh2Dk/f74z
Ko2ngE264o30k10YqUVME5dxxxNdx7kLFA4gRN0rZj4FHBSH8+aSkV8wzG5u4X0O
lJMB08+rc2TkIJ+QNCoNjqCZ10I8QqI913ZA/kpooEfFgkor172jQ1eV9LXwezPm
pvtaHUssvU4pcPCPFgr80KnLENsPEe/LtyFH53oF8qOD5BWvD6fH/qZuyWH7j4FN
JgQKUnw2IPP+XPL5mgpGa3DVD87fVyeUXVYwRpnuoS85UoZjbB9gB0xgIoiBKt4P
KziVpu+3OGHIFJxgmhhH6cBTW7b10yCZKYEVyLLKeOJ1IPFB+piwSY8U9FPYsj8V
Z262640SKLGuVNwDekU3wZjSVOe0TADWlbvooc29m+eY2f7S5Sr05f0ACJoLD79C
VD6HRsRf6WaUY18xZ/NHAHiMSvBM3uj3eNZQgqMenhdTT990pUIKPstosnNlr5PK
GkOQKCRVbeODuyWakDB73MLTHdFnz1CPHabbNqwxLksv2xiivnB8sVxtcXwYfAQK
JtX5PuNdrgccJ8yvXgQuA3okXJtsgeviK+Ftg/5GsjinEmkCAwEAAaOBqjCBpzAd
BgNVHQ4EFgQUEOz0+itjFQbmA9TZcEdUdSokIOswZQYDVR0jBF4wXIAUPIOl86r3
yBhmZl/yt+eidYSyftihLqQsMCoxKDAmBgNVBAMMH0F6dXJlX0lvVF9IdWJfQ0Ff
Q2VydF9UZXN0X09ubHmCFB7dR3ctFf+w9pbN4xjonDhgjn5lMA8GA1UdEwEB/wQF
MAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBOqPtYej7M
pfnTFFDo8DMEXdosgIg2sz92VIqJPtgRKR5qkM/0fL+6n5iGJ2Gmk82872nEzWi1
BzFkMB6CUX1yW9NlC9r0QTfAhEiye2rthCig4sdw7KPi8gcXl/SWNLWfFaXU/JPb
LqiRIcuKmVjCXQ6aY4bAGp0BHISzw4endYpNK0IxOESuONGz2pMWZ0PgdB1BqBuB
jMlfxU0jQbAz8NAJIqsVegEWPf6TOrK9vkhL7q0b21poCD5/7SFJjJbzb3DflcLU
KQ4vVMVB0/YqDBfc8a/qOxufbOWOlOwK3Wiq8jr0HTYKR/+vU9ZIk+ayJr9ToTFT
xVYgchOSPmyLsIPybyU4ZVCXnijayMsq39bDR7GP/hckHWv3VWD22Rlp4Up0sCsb
WCi6+jlkKWH3fenF7672wmaYGCCA2LM5etQj4sdv48mMA0jS4dQVKG2sZW6gUUkS
5uzy5V8v/KE7yxLQTkTzZ6aWzkDaMRA2SAKkPBFTxozb4adD48Eiqiy88iOCKXTA
HplkwGEAneiPm6sj/AyQv2K3uczsBLUH0eWdtpZllUrpBXX0hSAjppDeeozFaQYy
eBcgQPzUNx/MyczMPaFLWNyeWJA+P5Zmt6ezfAitQZwHKX9DE09rrMKgFOcXPn66
zo9esZChhleakSHMBx8k9O9/mN0JeHn/LQ==
-----END CERTIFICATE-----
---
Server certificate
subject=CN = 192.168.1.90
issuer=CN = layer3.ca
---
No client certificate CA names sent
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:ECDSA+SHA1:RSA+SHA224:RSA+SHA1:DSA+SHA224:DSA+SHA1:DSA+SHA256:DSA+SHA384:DSA+SHA512
Shared Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4475 bytes and written 388 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 0E3F50F3EEDDBD0C174937BF25FDF2C4DCAC4536241C2E7C893BEF58AC2B3F98
Session-ID-ctx:
Master-Key: 0A1E2361A5D48B5BD9E6F5418DD7E9D6EAD3E74ABD8E64DCA5990E5F905D0D030C07397DDA1798593AE67AD6E0EC5C71
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 0f 0a 5d f5 b2 dd f0 87-7c db ef 54 ed e1 8c 46 ..].....|..T...F
0010 - 40 fc d5 82 e5 87 e6 8f-54 db 19 2c f5 4b 73 a9 @.......T..,.Ks.
0020 - 87 a3 6d 0a 87 2a 3e 5b-a5 a5 c6 ab 3b d2 3f 7b ..m..*>[....;.?{
0030 - f0 1e e6 af d4 88 98 29-b8 05 57 d8 ea 7d 7b 6e .......)..W..}{n
0040 - 16 06 26 8e 63 a8 78 df-1b 07 94 26 82 ca 10 ab ..&.c.x....&....
0050 - ad e1 a1 74 61 6a fe e6-ff 80 56 c7 ae b6 bc af ...taj....V.....
0060 - 21 0e 47 58 be f6 bf b6-a7 ce f8 18 fc 1d 29 36 !.GX..........)6
0070 - f4 9f 47 db a0 7d 0e 89-a7 b5 f5 5d 72 89 25 40 ..G..}.....]r.%@
0080 - cb 43 2a d8 00 ed 9a 1b-b5 ff 6f 4f f2 04 f5 d6 .C*.......oO....
0090 - 46 ab d9 c0 4d 2b c7 51-0c 2a a7 1a a0 b0 1c bb F...M+.Q.*......
Start Time: 1627719184
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---
I am thinking that this is the underlying issue, and as stated above, the fix might be to name the certs the same as the hostnames and utilizing /etc/hosts for proper routing, thankful for any other suggestions of course.
we are having the exact same problem. what I am thinking it is an open_ssl issue
I am having the same issue as well in my Nested Edge Gateway Scenario. My Gateway Device works fine and all necessary modules are deployed (Agent, Hub, APIProxy, costum registry with necessary modules for both devices). My downstream device is also an IoT Edge device with the necessary x509 certificates from the certificate hierarchy of the test-only azure iot root certificate. When I use:
openssl s_client -connect 192.168.178.77:443 -showcerts
I also get:
CONNECTED(00000003)
Can't use SSL_get_servername
depth=3 CN = Azure_IoT_Hub_CA_Cert_Test_Only
verify return:1
depth=2 CN = Azure_IoT_Hub_Intermediate_Cert_Test_Only
verify return:1
depth=1 CN = GATEWAY.ca
verify return:1
depth=0 CN = 192.168.178.77
verify return:1
with a return code: 0 in the end
Start Time: 1629216385
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
So the connection to my Gateway device is possible and working? Or is the error with "can't use SSL_get_servername" the reason for the errors?
For iotedge check --verbose I get the following error, which is repeated in the connectivity checks:
× configuration has correct URIs for daemon mgmt endpoint - Error
Unable to find image '192.168.178.77/azureiotedge-diagnostics:1.2.3' locally
docker: Error response from daemon: manifest for 192.168.178.77/azureiotedge-diagnostics:1.2.3 not found: manifest unknown: manifest unknown.
See 'docker run --help'.
caused by: docker returned exit code: 125, stderr = Unable to find image '192.168.178.77/azureiotedge-diagnostics:1.2.3' locally
docker: Error response from daemon: manifest for 192.168.178.77/azureiotedge-diagnostics:1.2.3 not found: manifest unknown: manifest unknown.
See 'docker run --help'.
I also get the same errors as @patrikSohlman for the iotedge system logs.
Error in watchdog when checking for edge runtime status: A module runtime error occurred.
caused by: HTTP response error:
[404 Not Found] {"message":"Hub client error\ncaused by: expected value at line 1 column 1"}
@nav671 The error you are seeing for IoTedge check is probably because the API proxy is listening on port 8000 (this is the default). Then you need to do: iotedge checks --diagnostics-image-name 192.168.178.77:8000/azureiotedge-diagnostics:1.2.3.
I am not sure about the "Can't use SSL_get_servername" but if it can connect successfully ( Verify return code: 0 (ok)) it is not a problem.
@patrikSohlman It seems that the issue happens when child edge is trying to connect edgeHub through port 443. I have looked at the API proxy logs, however I could not see any evidence in it.
Could you do:
Hopefully this will tell me where the message to create identity is getting blocked.
@huguesBouvier Sure, not a problem. 1.
2.
3.
4.
Thanks! I think I understand what is happening. You are using nested edge with an older edgeHub version. edge 1.1 doesn't support nested edge.
The iotedge check (response to 443) show edgeHub is not sending back the correct header. Additionally, the edgeHub logs shows that it is not understanding the request from the child edgeHub.
Try updating edgeHub 1.2, it should fix the issue.
Thanks @huguesBouvier, changing version to 1.2 did the trick. Maybe that should be added to the guide as that one is specific in what edgeAgent version to use, not the edgeHub. I am guessing that they mirror their versioning, but I think a mention would help in clarifiying that. Again thanks, you are a lifesaver.
You're welcome! I will close the issue. Let us know if you have more problems.
Following this guide, I am trying to create a deployment of nested IoT Edge devices following this guide. I have configured the parent-child relationship in the Azure portal and created certificates based on Create test certificates.
The parent device is working but the child device fails in starting the deamon as it can not fetch device information from the parent.
I am using IP addresses as hostnames as that is explicitly stated in the guide as a viable option, as long as you are consistent thorugh your nested structure.
Expected Behavior
Child device should be able to pull modules from $upstream and communicate to parent
Current Behavior
The child device fails with the error
The daemon could not start up successfully: Could not retrieve device information
Click here
``` Jul 08 13:55:25 iot-gate-imx8 systemd[1]: Started Azure IoT Identity Service. Jul 08 13:55:25 iot-gate-imx8 aziot-identityd[11471]: 2021-07-08T13:55:25Z [INFO] - Starting service... Jul 08 13:55:25 iot-gate-imx8 aziot-identityd[11471]: 2021-07-08T13:55:25Z [INFO] - Version - 1.2.2 Jul 08 13:55:25 iot-gate-imx8 aziot-identityd[11471]: 2021-07-08T13:55:25Z [INFO] - Provisioning starting. Reason: Startup Jul 08 13:55:25 iot-gate-imx8 aziot-identityd[11471]: 2021-07-08T13:55:25Z [INFO] - Updated device info for red-iot-layer2-edge. Jul 08 13:55:25 iot-gate-imx8 aziot-identityd[11471]: 2021-07-08T13:55:25Z [INFO] - Provisioning complete. Jul 08 13:55:25 iot-gate-imx8 aziot-identityd[11471]: 2021-07-08T13:55:25Z [INFO] - Identity reconciliation started. Reason: Startup Jul 08 13:55:25 iot-gate-imx8 aziot-keyd[11163]: 2021-07-08T13:55:25Z [INFO] - <-- GET /key/device-id?api-version=2020-09-01 {"host": "keyd.sock"} Jul 08 13:55:25 iot-gate-imx8 aziot-keyd[11163]: 2021-07-08T13:55:25Z [INFO] - --> 200 {"content-type": "application/json"} Jul 08 13:55:25 iot-gate-imx8 aziot-keyd[11163]: 2021-07-08T13:55:25Z [INFO] - <-- POST /sign?api-version=2020-09-01 {"content-type": "application/json", "host": "keyd.sock", "content-length": "398"} Jul 08 13:55:25 iot-gate-imx8 aziot-keyd[11163]: 2021-07-08T13:55:25Z [INFO] - --> 200 {"content-type": "application/json"} Jul 08 13:55:25 iot-gate-imx8 aziot-identityd[11471]: 2021-07-08T13:55:25Z [INFO] - Could not reconcile Identities with current device data. Reprovisioning. Jul 08 13:55:25 iot-gate-imx8 aziot-identityd[11471]: 2021-07-08T13:55:25Z [INFO] - Updated device info for red-iot-layer2-edge. Jul 08 13:55:25 iot-gate-imx8 aziot-keyd[11163]: 2021-07-08T13:55:25Z [INFO] - <-- GET /key/device-id?api-version=2020-09-01 {"host": "keyd.sock"} Jul 08 13:55:25 iot-gate-imx8 aziot-keyd[11163]: 2021-07-08T13:55:25Z [INFO] - --> 200 {"content-type": "application/json"} Jul 08 13:55:25 iot-gate-imx8 aziot-keyd[11163]: 2021-07-08T13:55:25Z [INFO] - <-- POST /sign?api-version=2020-09-01 {"content-type": "application/json", "host": "keyd.sock", "content-length": "398"} Jul 08 13:55:25 iot-gate-imx8 aziot-keyd[11163]: 2021-07-08T13:55:25Z [INFO] - --> 200 {"content-type": "application/json"} Jul 08 13:55:25 iot-gate-imx8 aziot-identityd[11471]: 2021-07-08T13:55:25Z [ERR!] - Failed to provision with IoT Hub, and no valid device backup was found: Hub client error Jul 08 13:55:25 iot-gate-imx8 aziot-identityd[11471]: 2021-07-08T13:55:25Z [ERR!] - service encountered an error Jul 08 13:55:25 iot-gate-imx8 aziot-identityd[11471]: 2021-07-08T13:55:25Z [ERR!] - caused by: Hub client error Jul 08 13:55:25 iot-gate-imx8 aziot-identityd[11471]: 2021-07-08T13:55:25Z [ERR!] - caused by: expected value at line 1 column 1 Jul 08 13:55:25 iot-gate-imx8 aziot-identityd[11471]: 2021-07-08T13:55:25Z [ERR!] - 0:Steps to Reproduce
Provide a detailed set of steps to reproduce the bug.
/etc/aziot/config.toml
config.toml
to "local-ip-address-of-parent"config.toml on child
Click here
```bash # ============================================================================== # Hostname # ============================================================================== # # Uncomment the next line to override the default hostname of this device. # hostname = "192.168.1.101" # ============================================================================== # Parent hostname # ============================================================================== # # If this is a Nested Edge device, uncomment the next line to set the # parent hostname of this device. # parent_hostname = "192.168.1.90" # ============================================================================== # Trust bundle cert # ============================================================================== # # If you have any trusted CA certificates required for Edge module communication, # uncomment the next line and set the value to a file URI for # the path of the file. # trust_bundle_cert = "file:///var/secrets/aziot/certs/red-iot-cert-test.root.ca.cert.pem" # ============================================================================== # Provisioning # ============================================================================== # Optional auto reprovisioning mode # ------------------------------------ # This property specifies the conditions under which the device attempts to # automatically reprovision with the cloud. It is ignored if the device has # been provisioned manually. One of the following values can be set: # Dynamic: Reprovision when the device detects that it may have # been moved from one IoT Hub to another. This is the default. # AlwaysOnStartup: Reprovision when the device is rebooted or a crash causes # the daemon(s) to restart. # OnErrorOnly: Never trigger device reprovisioning automatically. # Device reprovisioning only occurs as fallback, if the device # is unable to connect to IoT Hub during identity provisioning # due to connectivity errors. This fallback behavior is implicit # in Dynamic and AlwaysOnStartup modes as well. # # auto_reprovisioning_mode = Dynamic # # Provisioning configuration # -------------------------- # Uncomment one block and replace the stub values with yours. ## Manual provisioning with connection string # [provisioning] source = "manual" connection_string = "config.toml on parent
Click here
```bash # ============================================================================== # Hostname # ============================================================================== # # Uncomment the next line to override the default hostname of this device. # hostname = "192.168.1.90" # ============================================================================== # Parent hostname # ============================================================================== # # If this is a Nested Edge device, uncomment the next line to set the # parent hostname of this device. # # parent_hostname = "my-parent-device" # ============================================================================== # Trust bundle cert # ============================================================================== # # If you have any trusted CA certificates required for Edge module communication, # uncomment the next line and set the value to a file URI for # the path of the file. # trust_bundle_cert = "file:///var/secrets/aziot/certs/red-iot-cert-test.root.ca.cert.pem" # ============================================================================== # Provisioning # ============================================================================== # Optional auto reprovisioning mode # ------------------------------------ # This property specifies the conditions under which the device attempts to # automatically reprovision with the cloud. It is ignored if the device has # been provisioned manually. One of the following values can be set: # Dynamic: Reprovision when the device detects that it may have # been moved from one IoT Hub to another. This is the default. # AlwaysOnStartup: Reprovision when the device is rebooted or a crash causes # the daemon(s) to restart. # OnErrorOnly: Never trigger device reprovisioning automatically. # Device reprovisioning only occurs as fallback, if the device # is unable to connect to IoT Hub during identity provisioning # due to connectivity errors. This fallback behavior is implicit # in Dynamic and AlwaysOnStartup modes as well. # # auto_reprovisioning_mode = Dynamic # # Provisioning configuration # -------------------------- # Uncomment one block and replace the stub values with yours. # Manual provisioning with connection string [provisioning] source = "manual" connection_string = "Context (Environment)
Output of
iotedge check
Click here
``` Configuration checks (aziot-identity-service) --------------------------------------------- √ keyd configuration is well-formed - OK √ certd configuration is well-formed - OK √ tpmd configuration is well-formed - OK √ identityd configuration is well-formed - OK √ daemon configurations up-to-date with config.toml - OK √ identityd config toml file specifies a valid hostname - OK √ host time is close to reference time - OK √ preloaded certificates are valid - OK √ keyd is running - OK √ certd is running - OK √ identityd is running - OK √ read all preloaded certificates from the Certificates Service - OK √ read all preloaded key pairs from the Keys Service - OK √ ensure all preloaded certificates match preloaded private keys with the same ID - OK Connectivity checks (aziot-identity-service) -------------------------------------------- √ host can connect to and perform TLS handshake with iothub AMQP port - OK √ host can connect to and perform TLS handshake with iothub HTTPS / WebSockets port - OK √ host can connect to and perform TLS handshake with iothub MQTT port - OK Configuration checks -------------------- √ aziot-edged configuration is well-formed - OK √ configuration up-to-date with config.toml - OK √ container engine is installed and functional - OK √ configuration has correct parent_hostname - OK × configuration has correct URIs for daemon mgmt endpoint - Error Unable to find image '192.168.1.90/azureiotedge-diagnostics:1.2.3' locally 1.2.3: Pulling from azureiotedge-diagnostics ed6dc9c66f7c: Pulling fs layer 15c11899c85b: Pulling fs layer 86ebe93eb4a1: Pulling fs layer 3c82b9816bd4: Pulling fs layer fefaff19cc6b: Pulling fs layer 8583e3308d73: Pulling fs layer 2bdf6b22f628: Pulling fs layer 4e3c467c1b79: Pulling fs layer 5be81669f54b: Pulling fs layer 3c82b9816bd4: Waiting fefaff19cc6b: Waiting 8583e3308d73: Waiting 2bdf6b22f628: Waiting 4e3c467c1b79: Waiting 5be81669f54b: Waiting 86ebe93eb4a1: Verifying Checksum 86ebe93eb4a1: Download complete 15c11899c85b: Verifying Checksum 15c11899c85b: Download complete fefaff19cc6b: Verifying Checksum fefaff19cc6b: Download complete ed6dc9c66f7c: Verifying Checksum ed6dc9c66f7c: Download complete 2bdf6b22f628: Verifying Checksum 2bdf6b22f628: Download complete 3c82b9816bd4: Verifying Checksum 3c82b9816bd4: Download complete 4e3c467c1b79: Verifying Checksum 4e3c467c1b79: Download complete 5be81669f54b: Verifying Checksum 5be81669f54b: Download complete 8583e3308d73: Verifying Checksum 8583e3308d73: Download complete ed6dc9c66f7c: Pull complete 15c11899c85b: Pull complete 86ebe93eb4a1: Pull complete 3c82b9816bd4: Pull complete fefaff19cc6b: Pull complete 8583e3308d73: Pull complete 2bdf6b22f628: Pull complete 4e3c467c1b79: Pull complete 5be81669f54b: Pull complete Digest: sha256:7a03ca253dc3cef0767b0c13703e7c9b2b4c662c93133e5be1b22c4e15ecadf8 Status: Downloaded newer image for 192.168.1.90/azureiotedge-diagnostics:1.2.3 SocketError - SocketErrorCode (AccessDenied) : Permission denied /var/run/iotedge/mgmt.sock One or more errors occurred. (Got bad response: ) √ container time is close to host time - OK ‼ DNS server - Warning Container engine is not configured with DNS server setting, which may impact connectivity to IoT Hub. Please see https://aka.ms/iotedge-prod-checklist-dns for best practices. You can ignore this warning if you are setting DNS server per module in the Edge deployment. ‼ production readiness: container engine - Warning Device is not using a production-supported container engine (moby-engine). Please see https://aka.ms/iotedge-prod-checklist-moby for details. ‼ production readiness: logs policy - Warning Container engine is not configured to rotate module logs which may cause it run out of disk space. Please see https://aka.ms/iotedge-prod-checklist-logs for best practices. You can ignore this warning if you are setting log policy per module in the Edge deployment. × production readiness: Edge Agent's storage directory is persisted on the host filesystem - Error Could not check current state of edgeAgent container × production readiness: Edge Hub's storage directory is persisted on the host filesystem - Error Could not check current state of edgeHub container √ Agent image is valid and can be pulled from upstream - OK Connectivity checks ------------------- √ container on the default network can connect to upstream AMQP port - OK × container on the default network can connect to upstream HTTPS / WebSockets port - Error Container on the default network could not connect to 192.168.1.90:443 √ container on the default network can connect to upstream MQTT port - OK √ container on the IoT Edge module network can connect to upstream AMQP port - OK × container on the IoT Edge module network can connect to upstream HTTPS / WebSockets port - Error Container on the azure-iot-edge network could not connect to 192.168.1.90:443 √ container on the IoT Edge module network can connect to upstream MQTT port - OK 27 check(s) succeeded. 3 check(s) raised warnings. Re-run with --verbose for more details. 5 check(s) raised errors. Re-run with --verbose for more details. ```Device Information
Runtime Versions
Logs
aziot-edged logs
``` Jul 08 13:55:25 iot-gate-imx8 systemd[1]: Started Azure IoT Identity Service. Jul 08 13:55:25 iot-gate-imx8 aziot-identityd[11471]: 2021-07-08T13:55:25Z [INFO] - Starting service... Jul 08 13:55:25 iot-gate-imx8 aziot-identityd[11471]: 2021-07-08T13:55:25Z [INFO] - Version - 1.2.2 Jul 08 13:55:25 iot-gate-imx8 aziot-identityd[11471]: 2021-07-08T13:55:25Z [INFO] - Provisioning starting. Reason: Startup Jul 08 13:55:25 iot-gate-imx8 aziot-identityd[11471]: 2021-07-08T13:55:25Z [INFO] - Updated device info for red-iot-layer2-edge. Jul 08 13:55:25 iot-gate-imx8 aziot-identityd[11471]: 2021-07-08T13:55:25Z [INFO] - Provisioning complete. Jul 08 13:55:25 iot-gate-imx8 aziot-identityd[11471]: 2021-07-08T13:55:25Z [INFO] - Identity reconciliation started. Reason: Startup Jul 08 13:55:25 iot-gate-imx8 aziot-keyd[11163]: 2021-07-08T13:55:25Z [INFO] - <-- GET /key/device-id?api-version=2020-09-01 {"host": "keyd.sock"} Jul 08 13:55:25 iot-gate-imx8 aziot-keyd[11163]: 2021-07-08T13:55:25Z [INFO] - --> 200 {"content-type": "application/json"} Jul 08 13:55:25 iot-gate-imx8 aziot-keyd[11163]: 2021-07-08T13:55:25Z [INFO] - <-- POST /sign?api-version=2020-09-01 {"content-type": "application/json", "host": "keyd.sock", "content-length": "398"} Jul 08 13:55:25 iot-gate-imx8 aziot-keyd[11163]: 2021-07-08T13:55:25Z [INFO] - --> 200 {"content-type": "application/json"} Jul 08 13:55:25 iot-gate-imx8 aziot-identityd[11471]: 2021-07-08T13:55:25Z [INFO] - Could not reconcile Identities with current device data. Reprovisioning. Jul 08 13:55:25 iot-gate-imx8 aziot-identityd[11471]: 2021-07-08T13:55:25Z [INFO] - Updated device info for red-iot-layer2-edge. Jul 08 13:55:25 iot-gate-imx8 aziot-keyd[11163]: 2021-07-08T13:55:25Z [INFO] - <-- GET /key/device-id?api-version=2020-09-01 {"host": "keyd.sock"} Jul 08 13:55:25 iot-gate-imx8 aziot-keyd[11163]: 2021-07-08T13:55:25Z [INFO] - --> 200 {"content-type": "application/json"} Jul 08 13:55:25 iot-gate-imx8 aziot-keyd[11163]: 2021-07-08T13:55:25Z [INFO] - <-- POST /sign?api-version=2020-09-01 {"content-type": "application/json", "host": "keyd.sock", "content-length": "398"} Jul 08 13:55:25 iot-gate-imx8 aziot-keyd[11163]: 2021-07-08T13:55:25Z [INFO] - --> 200 {"content-type": "application/json"} Jul 08 13:55:25 iot-gate-imx8 aziot-identityd[11471]: 2021-07-08T13:55:25Z [ERR!] - Failed to provision with IoT Hub, and no valid device backup was found: Hub client error Jul 08 13:55:25 iot-gate-imx8 aziot-identityd[11471]: 2021-07-08T13:55:25Z [ERR!] - service encountered an error Jul 08 13:55:25 iot-gate-imx8 aziot-identityd[11471]: 2021-07-08T13:55:25Z [ERR!] - caused by: Hub client error Jul 08 13:55:25 iot-gate-imx8 aziot-identityd[11471]: 2021-07-08T13:55:25Z [ERR!] - caused by: expected value at line 1 column 1 Jul 08 13:55:25 iot-gate-imx8 aziot-identityd[11471]: 2021-07-08T13:55:25Z [ERR!] - 0:Additional Information
deployment.json on parent
Click here
```json { "modulesContent": { "$edgeAgent": { "properties.desired": { "modules": { "IoTEdgeAPIProxy": { "settings": { "image": "mcr.microsoft.com/azureiotedge-api-proxy", "createOptions": "{\"HostConfig\":{\"PortBindings\":{\"443/tcp\":[{\"HostPort\":\"443\"}]}}}" }, "type": "docker", "version": "1.0", "env": { "NGINX_DEFAULT_PORT": { "value": "443" }, "DOCKER_REQUEST_ROUTE_ADDRESS": { "value": "registry:5000" }, "BLOB_UPLOAD_ROUTE_ADDRESS": { "value": "AzureBlobStorageonIoTEdge:11002" } }, "status": "running", "restartPolicy": "always" }, "registry": { "settings": { "image": "registry:latest", "createOptions": "{\"HostConfig\":{\"PortBindings\":{\"5000/tcp\":[{\"HostPort\":\"5000\"}]}}}" }, "type": "docker", "version": "1.0", "env": { "REGISTRY_PROXY_REMOTEURL": { "value": "https://mcr.microsoft.com" } }, "status": "running", "restartPolicy": "always" }, "modbus": { "settings": { "image": "vfiotdevitem.azurecr.io/modbusmodule:0.0.2-arm64v8", "createOptions": "{\"HostConfig\":{\"Privileged\":true}}" }, "type": "docker", "version": "1.0", "status": "running", "restartPolicy": "always" } }, "runtime": { "settings": { "minDockerVersion": "v1.25", "registryCredentials": { "dev": { "address": "vfiotdevitem.azurecr.io", "password": "Output of IoTEdgeAPIProxyModule on parent
Click here
``` 192.168.1.101 - - [09/Jul/2021:08:27:58 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:27:58 [info] 582#582: *46901 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:28:04 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:28:04 [info] 582#582: *46903 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:28:04 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:28:04 [info] 582#582: *46905 client 192.168.1.101 closed keepalive connection [2021-07-09T08:28:05Z INFO api_proxy_module::monitors::token_manager] Generating new token [2021-07-09T08:28:06Z INFO api_proxy_module::monitors::token_client] Successfully generated new token [2021-07-09T08:28:06Z INFO api_proxy_module::monitors::config_monitor] New SAS token received, reloading the config [2021-07-09T08:28:06Z INFO api_proxy_module] Request to reload Nginx received 2021/07/09 08:28:06 [notice] 583#583: signal process started 192.168.1.101 - - [09/Jul/2021:08:28:09 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:28:09 [info] 584#584: *46907 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:28:09 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:28:09 [info] 584#584: *46910 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:28:14 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:28:14 [info] 584#584: *46912 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:28:14 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:28:14 [info] 584#584: *46914 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:28:19 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:28:19 [info] 584#584: *46916 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:28:19 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:28:19 [info] 584#584: *46918 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:28:25 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:28:25 [info] 584#584: *46921 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:28:25 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:28:25 [info] 584#584: *46923 client 192.168.1.101 closed keepalive connection 2021/07/09 08:28:25 [info] 584#584: *46920 client closed connection while waiting for request, client: 192.168.1.101, server: 0.0.0.0:443 192.168.1.101 - - [09/Jul/2021:08:28:30 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:28:30 [info] 584#584: *46925 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:28:30 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:28:30 [info] 584#584: *46927 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:28:35 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:28:35 [info] 584#584: *46929 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:28:35 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:28:35 [info] 584#584: *46931 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:28:40 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:28:40 [info] 584#584: *46933 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:28:40 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:28:40 [info] 584#584: *46935 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:28:46 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:28:46 [info] 584#584: *46937 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:28:46 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:28:46 [info] 584#584: *46939 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:28:51 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:28:51 [info] 584#584: *46941 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:28:51 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:28:51 [info] 584#584: *46943 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:28:56 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:28:56 [info] 584#584: *46945 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:28:56 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:28:56 [info] 584#584: *46947 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:29:01 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:29:01 [info] 584#584: *46949 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:29:01 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:29:01 [info] 584#584: *46951 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:29:07 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:29:07 [info] 584#584: *46953 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:29:07 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:29:07 [info] 584#584: *46955 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:29:12 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:29:12 [info] 584#584: *46957 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:29:12 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:29:12 [info] 584#584: *46959 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:29:17 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:29:17 [info] 584#584: *46961 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:29:17 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:29:17 [info] 584#584: *46963 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:29:22 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:29:22 [info] 584#584: *46965 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:29:22 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:29:22 [info] 584#584: *46967 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:29:28 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:29:28 [info] 584#584: *46969 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:29:28 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:29:28 [info] 584#584: *46971 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:29:33 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:29:33 [info] 584#584: *46973 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:29:33 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:29:33 [info] 584#584: *46975 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:29:38 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:29:38 [info] 584#584: *46977 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:29:38 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:29:38 [info] 584#584: *46979 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:29:43 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:29:43 [info] 584#584: *46981 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:29:43 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:29:43 [info] 584#584: *46983 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:29:49 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:29:49 [info] 584#584: *46985 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:29:49 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:29:49 [info] 584#584: *46987 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:29:54 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:29:54 [info] 584#584: *46989 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:29:54 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:29:54 [info] 584#584: *46991 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:29:59 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:29:59 [info] 584#584: *46993 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:29:59 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:29:59 [info] 584#584: *46995 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:30:04 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:30:04 [info] 584#584: *46997 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:30:04 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:30:04 [info] 584#584: *46999 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:30:10 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:30:10 [info] 584#584: *47001 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:30:10 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:30:10 [info] 584#584: *47003 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:30:15 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:30:15 [info] 584#584: *47005 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:30:15 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:30:15 [info] 584#584: *47007 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:30:20 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:30:20 [info] 584#584: *47009 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:30:20 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:30:20 [info] 584#584: *47011 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:30:25 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:30:25 [info] 584#584: *47013 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:30:25 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:30:25 [info] 584#584: *47015 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:30:31 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:30:31 [info] 584#584: *47017 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:30:31 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:30:31 [info] 584#584: *47019 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:30:36 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:30:36 [info] 584#584: *47021 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:30:36 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:30:36 [info] 584#584: *47023 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:30:41 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:30:41 [info] 584#584: *47025 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:30:41 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:30:41 [info] 584#584: *47027 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:30:46 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:30:46 [info] 584#584: *47029 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:30:46 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:30:46 [info] 584#584: *47031 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:30:52 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:30:52 [info] 584#584: *47033 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:30:52 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:30:52 [info] 584#584: *47035 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:30:57 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:30:57 [info] 584#584: *47037 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:30:57 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:30:57 [info] 584#584: *47039 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:31:02 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:31:02 [info] 584#584: *47041 client 192.168.1.101 closed keepalive connection 192.168.1.101 - - [09/Jul/2021:08:31:02 +0000] "GET /devices/red-iot-layer2-edge/modules?api-version=2017-11-08-preview HTTP/1.1" 401 51 "-" "-" 2021/07/09 08:31:02 [info] 584#584: *47043 client 192.168.1.101 closed keepalive connection ```