Installing IoT Edge 1.2 on raspberry Pi-4

[kottoz]

Expected Behavior

Firstly, installation instructions said that the installation package available only for Raspberry Pi OS Stretch, then i was tried to download stretch from archive, but it seems that stretch is not suitable for Pi-4 discussion here said that Stretch will not work on a Pi 4 without a fair of hacking around.. Also i try to see that by my self and i confirm that stretch not working on Pi4. I download 2021-05-07-raspios-buster-armhf-lite and it works properlly, but when i follow instructions there was a problem with installing Moby engine sudo apt-get install moby-engine problem

Reading package lists... Done
Building dependency tree       
Reading state information... Done
E: Unable to locate package moby-engine

this problem is the similar as #84643. Then i follow these instructions Azure IoT Edge on Raspberry Pi Buster plus tips for Raspberry Pi 4.

I suppose this command is the workaround to set up Moby on Pi-4

curl -sSL get.docker.com | sh && sudo usermod pi -aG docker && sudo reboot

Here is the output

Client: Docker Engine - Community
 Version:           20.10.11
 API version:       1.41
 Go version:        go1.16.9
 Git commit:        dea9396
 Built:             Thu Nov 18 00:36:42 2021
 OS/Arch:           linux/arm
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          20.10.11
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.16.9
  Git commit:       847da18
  Built:            Thu Nov 18 00:34:59 2021
  OS/Arch:          linux/arm
  Experimental:     false
 containerd:
  Version:          1.4.12
  GitCommit:        7b11cfaabd73bb80907dd23182b9347b4245eb5d
 runc:
  Version:          1.0.2
  GitCommit:        v1.0.2-0-g52b36a2
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

================================================================================

To run Docker as a non-privileged user, consider setting up the
Docker daemon in rootless mode for your user:

    dockerd-rootless-setuptool.sh install

Visit https://docs.docker.com/go/rootless/ to learn about rootless mode.

To run the Docker daemon as a fully privileged service, but granting non-root
users access, refer to https://docs.docker.com/go/daemon-access/

WARNING: Access to the remote API on a privileged Docker daemon is equivalent
         to root access on the host. Refer to the 'Docker daemon attack surface'
         documentation for details: https://docs.docker.com/go/attack-surface/

================================================================================

Docker version

Client: Docker Engine - Community
 Version:           20.10.11
 API version:       1.41
 Go version:        go1.16.9
 Git commit:        dea9396
 Built:             Thu Nov 18 00:36:42 2021
 OS/Arch:           linux/arm
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          20.10.11
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.16.9
  Git commit:       847da18
  Built:            Thu Nov 18 00:34:59 2021
  OS/Arch:          linux/arm
  Experimental:     false
 containerd:
  Version:          1.4.12
  GitCommit:        7b11cfaabd73bb80907dd23182b9347b4245eb5d
 runc:
  Version:          1.0.2
  GitCommit:        v1.0.2-0-g52b36a2
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

after that, I installed libssl1.0.2

sudo apt-get install libssl1.0.2

Then, MS installation packages

curl https://packages.microsoft.com/config/debian/stretch/multiarch/prod.list > ./microsoft-prod.list && \
sudo cp ./microsoft-prod.list /etc/apt/sources.list.d/ && \
curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg && \
sudo cp ./microsoft.gpg /etc/apt/trusted.gpg.d/ && \
sudo apt-get update && \
sudo apt-get -y install iotedge

Here is the output

 % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   104  100   104    0     0    171      0 --:--:-- --:--:-- --:--:--   171
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   983  100   983    0     0   2546      0 --:--:-- --:--:-- --:--:--  2553
Hit:1 http://raspbian.raspberrypi.org/raspbian buster InRelease
Hit:2 http://archive.raspberrypi.org/debian buster InRelease                                                                   
Hit:3 https://download.docker.com/linux/raspbian buster InRelease                                                              
Get:4 https://packages.microsoft.com/debian/stretch/multiarch/prod stretch InRelease [29.8 kB]           
Get:5 https://packages.microsoft.com/debian/stretch/multiarch/prod stretch/main armhf Packages [16.0 kB]
Get:6 https://packages.microsoft.com/debian/stretch/multiarch/prod stretch/main arm64 Packages [3,904 B]
Get:7 https://packages.microsoft.com/debian/stretch/multiarch/prod stretch/main amd64 Packages [12.7 kB]
Get:8 https://packages.microsoft.com/debian/stretch/multiarch/prod stretch/main all Packages [546 B]
Fetched 62.9 kB in 2s (36.9 kB/s)                       
Reading package lists... Done
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  libiothsm-std
The following NEW packages will be installed:
  iotedge libiothsm-std
0 upgraded, 2 newly installed, 0 to remove and 77 not upgraded.
Need to get 4,832 kB of archives.
After this operation, 21.6 MB of additional disk space will be used.
Get:1 https://packages.microsoft.com/debian/stretch/multiarch/prod stretch/main armhf libiothsm-std armhf 1.1.8-1 [390 kB]
Get:2 https://packages.microsoft.com/debian/stretch/multiarch/prod stretch/main armhf iotedge armhf 1.1.8-1 [4,442 kB]
Fetched 4,832 kB in 2s (1,963 kB/s)  
Selecting previously unselected package libiothsm-std.
(Reading database ... 40558 files and directories currently installed.)
Preparing to unpack .../libiothsm-std_1.1.8-1_armhf.deb ...
Unpacking libiothsm-std (1.1.8-1) ...
Selecting previously unselected package iotedge.
Preparing to unpack .../iotedge_1.1.8-1_armhf.deb ...
Adding system user `iotedge' (UID 109) ...
Adding new user `iotedge' (UID 109) with group `nogroup' ...
Creating home directory `/var/lib/iotedge' ...
Adding group `iotedge' (GID 114) ...
Done.
Adding user `iotedge' to group `docker' ...
Adding user iotedge to group docker
Done.
Unpacking iotedge (1.1.8-1) ...
Setting up libiothsm-std (1.1.8-1) ...
Setting up iotedge (1.1.8-1) ...
===============================================================================

                              Azure IoT Edge

  IMPORTANT: Please update the configuration file located at:

    /etc/iotedge/config.yaml

  with your device's provisioning information. You will need to restart the
  'iotedge' service for these changes to take effect.

  To restart the 'iotedge' service, use:

    'systemctl restart iotedge'

    - OR -

    /etc/init.d/iotedge restart

  These commands may need to be run with sudo depending on your environment.

===============================================================================
Created symlink /etc/systemd/system/sockets.target.wants/iotedge.mgmt.socket → /lib/systemd/system/iotedge.mgmt.socket.
Created symlink /etc/systemd/system/multi-user.target.wants/iotedge.service → /lib/systemd/system/iotedge.service.
Created symlink /etc/systemd/system/sockets.target.wants/iotedge.socket → /lib/systemd/system/iotedge.socket.
Processing triggers for man-db (2.8.5-2) ...
Processing triggers for systemd (241-7~deb10u7+rpi1) ...

Then i tried to update the configuration file sudo nano /etc/iotedge/config.yaml as the following

###############################################################################
#                      IoT Edge Daemon configuration
###############################################################################
#
# This file configures the IoT Edge daemon. The daemon must be restarted to
# pick up any configuration changes.
#
# Note - this file is yaml. Learn more here: http://yaml.org/refcard.html
#
###############################################################################

###############################################################################
# Provisioning mode and settings
###############################################################################
#
# Configures the identity provisioning mode of the daemon.
#
# Supported modes:
#     manual   - Using an IoT Hub connection string or
#                an X.509 identity certificate
#     dps      - Using DPS for provisioning
#     external - The device has been provisioned externally.
#                Uses an external provisioning endpoint to get device specific information.
#
# Manual provisioning with an IoT Hub connection string (SharedAccessKey authentication only)
#     device_connection_string - The Edge device connection string.
#                                Eg "HostName=<hub-name>.azure-devices.net;DeviceId=<device-id>;SharedAccessKey=<key>
#
# Manual provisioning with X.509 identity certificate authentication
#     iothub_hostname - The Azure Iot Hub hostname.
#                       Eg <hub-name>.azure-devices.net
#     device_id       - The Edge device ID.
#     identity_cert   - Path of the file containing the Edge device identity certificate.
#                       The value must be specified as a "file" URI.
#                       Eg "file:///var/secrets/device-id.pem"
#     identity_pk     - Path of the file containing the private key of
#                       the Edge device identity certificate.
#                       The value must be specified as a "file" URI.
#                       Eg "file:///var/secrets/device-id.key.pem"
#
# DPS provisioning with TPM attestation
#     scope_id        - The DPS instance's ID scope
#     registration_id - The registration ID of this device in DPS.
#                       For more information regarding DPS registration IDs,
#                       please see https://docs.microsoft.com/en-us/azure/iot-dps/concepts-device#registration-id
#
# DPS provisioning with symmetric key attestation
#     scope_id        - The DPS instance's ID scope
#     registration_id - The registration ID of this device in DPS.
#                       For more information regarding DPS registration IDs,
#                       please see https://docs.microsoft.com/en-us/azure/iot-dps/concepts-device#registration-id
#     symmetric_key   - The device-specific symmetric key.
#
# DPS provisioning with X.509 identity certificate attestation
#     scope_id        - The DPS instance's ID scope
#     registration_id - The registration ID of this device in DPS.
#                       This value is optional. If not specified,
#                       the common name of the identity certificate will be used
#                       as the registration ID.
#                       For more information regarding DPS registration IDs,
#                       please see https://docs.microsoft.com/en-us/azure/iot-dps/concepts-device#registration-id
#     identity_cert   - Path of the file containing the Edge device identity certificate.
#                       The value must be specified as a "file" URI.
#                       Eg "file:///var/secrets/device-id.pem"
#     identity_pk     - Path of the file containing the private key of
#                       the Edge device identity certificate.
#                       The value must be specified as a "file" URI.
#                       Eg "file:///var/secrets/device-id.key.pem"
#
# External provisioning
#     endpoint - Required. Value of the endpoint used to retrieve device specific
#                information such as its IoT hub connection information.
#
# Miscellaneous settings
#     always_reprovision_on_startup
#                            - Optional, defaults to true.
#
#                              When true, the daemon attempts to reach out to Azure
#                              on every startup to reprovision this device and
#                              fetch its latest provisioning state.
#                              If the daemon is unable to reach Azure, it will attempt to
#                              restore the backup of a previous successful reprovisioning
#                              and use that. If this backup is also not available,
#                              the daemon will exit and retry provisioning when it's restarted.
#
#                              When set to false, the daemon prefers to use the provisioning backup
#                              first, and only reaches out to Azure if the backup does not exist.
#
#                              Note that some provisioning methods like DPS with TPM attestation
#                              are always considered to be "new" device registrations, and so will
#                              trigger all existing modules to be stopped, removed and recreated.
#                              If this is undesirable, consider setting this setting to false.
#                              The downside is that if the device *is* reprovisioned in Azure,
#                              the daemon will not notice it even if it's restarted.
#                              Consider also setting the `dynamic_reprovisioning` setting below
#                              to `true` to resolve this.
#
#                              This setting is only meaningful for DPS provisioning methods.
#                              For manual provisioning, the device registration is static,
#                              so there is no reprovisioning that would be disruptive to modules
#                              in the way described above.
#
#     dynamic_reprovisioning - Optional, defaults to false.
#
#                              Setting this flag to true opts in to
#                              the dynamic re-provisioning feature.
#                              IoT Edge will detect situations where the device
#                              appears to have been reprovisioned in the cloud
#                              (by monitoring its own IoT Hub connection for certain errors),
#                              and respond by shutting itself and all Edge modules down.
#                              The next time the daemon starts up, it will attempt
#                              to reprovision this device with Azure to receive
#                              the new IoT Hub provisioning information.
#
#                              When using external provisioning, the daemon
#                              will also notify the external provisioning endpoint
#                              about the re-provisioning event before shutting down.
#
###############################################################################

# Manual provisioning with an IoT Hub connection string (SharedAccessKey authentication only)
#provisioning:
#  source: "manual"
#  device_connection_string: "<ADD DEVICE CONNECTION STRING HERE>"
#  dynamic_reprovisioning: false

# Manual provisioning with X.509 identity certificate authentication
# provisioning:
#   source: "manual"
#   authentication:
#     method: "x509"
#     iothub_hostname: "<REQUIRED IOTHUB HOSTNAME>"
#     device_id: "<REQUIRED DEVICE ID PROVISIONED IN IOTHUB>"
#     identity_cert: "<REQUIRED URI TO DEVICE IDENTITY CERTIFICATE>"
#     identity_pk: "<REQUIRED URI TO DEVICE IDENTITY PRIVATE KEY>"
#   dynamic_reprovisioning: false

# DPS provisioning with TPM attestation
# provisioning:
#   source: "dps"
#   global_endpoint: "https://global.azure-devices-provisioning.net"
#   scope_id: "<SCOPE_ID>"
#   attestation:
#     method: "tpm"
#     registration_id: "<REGISTRATION_ID>"
#   always_reprovision_on_startup: true
#   dynamic_reprovisioning: false

# DPS provisioning with symmetric key attestation
 provisioning:
   source: "dps"
   global_endpoint: "https://global.azure-devices-provisioning.net"
   scope_id: "*******"
   attestation:
     method: "symmetric_key"
     registration_id: "**********"
     symmetric_key: "*******************************************"
#   always_reprovision_on_startup: true
#   dynamic_reprovisioning: false

# DPS provisioning with X.509 identity certificate attestation
# provisioning:
#   source: "dps"
#   global_endpoint: "https://global.azure-devices-provisioning.net"
#   scope_id: "<SCOPE_ID>"
#   attestation:
#     method: "x509"
#     registration_id: "<OPTIONAL REGISTRATION ID. LEAVE COMMENTED OUT TO REGISTER WITH CN OF identity_cert>"
#     identity_cert: "<REQUIRED URI TO DEVICE IDENTITY CERTIFICATE>"
#     identity_pk: "<REQUIRED URI TO DEVICE IDENTITY PRIVATE KEY>"
#   always_reprovision_on_startup: true
#   dynamic_reprovisioning: false

# External provisioning
# provisioning:
#   source: "external"
#   endpoint: "http://localhost:9999"
#   dynamic_reprovisioning: false

# ==============================================================================
# Elevated Docker Permissions Flag
# ==============================================================================
#
# Some docker capabilities can be used to gain root access. 
# By default, the --privileged flag and all capabilities listed in the CapAdd
# field of the docker HostConfig are allowed.
#
# If no modules require privileged or additional capabilities, uncomment the following
# line to improve the security of the device.
#
# allow_elevated_docker_permissions = false

###############################################################################
# Certificate settings
###############################################################################
#
# Configures the certificates required to operate the IoT Edge runtime
# as a gateway, which enables external leaf devices to securely
# communicate with the Edge Hub.
#
# If these values are not specified, the certificates
# will be auto generated by the daemon. This is useful for quickstart scenarios
# but is not intended for production environments.
#
# Settings:
#     device_ca_cert   - Path of the file containing the device CA certificate and its chain.
#                        The value must be specified as a "file" URI.
#                        Eg "file:///var/secrets/device-ca.pem"
#     device_ca_pk     - Path of the file containing the private key of the device CA certificate.
#                        The value must be specified as a "file" URI.
#                        Eg "file:///var/secrets/device-ca.key.pem"
#     trusted_ca_certs - Path of the file containing the containing
#                        all the trusted CA certificates required for Edge module communication.
#                        Edge modules and leaf devices use the certificates in this file to trust
#                        the server certificate of the Edge Hub, so this file must contain
#                        at least the device CA certificate specified in `device_ca_cert` above.
#                        The value must be specified as a "file" URI.
#                        Eg "file:///var/secrets/trusted-cas.pem"
#     auto_generated_ca_lifetime_days -
#                        The lifetime of the auto-generated workload CA certificate.
#                        If device_ca_cert and device_ca_pk have not been set (quickstart mode),
#                        then this is also used for the lifetime of
#                        the auto-generated device CA certificate.
#                        Defaults to 90 days.
#
###############################################################################

# certificates:
#   device_ca_cert: "<ADD URI TO DEVICE CA CERTIFICATE HERE>"
#   device_ca_pk: "<ADD URI TO DEVICE CA PRIVATE KEY HERE>"
#   trusted_ca_certs: "<ADD URI TO TRUSTED CA CERTIFICATES HERE>"
#   auto_generated_ca_lifetime_days: 90

###############################################################################
# Edge Agent module spec
###############################################################################
#
# Configures the initial Edge Agent module.
#
# The daemon uses this definition to bootstrap the system. The Edge Agent can
# then update itself based on the Edge Agent module definition present in the
# deployment in IoT Hub.
#
# Settings:
#     name     - name of the edge agent module. Expected to be "edgeAgent".
#     type     - type of module. Always "docker".
#     env      - Any environment variable that needs to be set for edge agent module.
#     config   - type specific configuration for edge agent module.
#       image  - (docker) Modules require a docker image tag.
#       auth   - (docker) Modules may need authoriation to connect to container registry.
#
# Adding environment variables:
# replace "env: {}" with
#  env:
#    key: "value"
#
# Adding container registry authorization:
# replace "auth: {}" with
#    auth:
#      username: "username"
#      password: "password"
#      serveraddress: "serveraddress"
#
###############################################################################

agent:
  name: "edgeAgent"
  type: "docker"
  env: {}
  config:
    image: "mcr.microsoft.com/azureiotedge-agent:1.1"
    auth: {}

###############################################################################
# Edge device hostname
###############################################################################
#
# Configures the environment variable 'IOTEDGE_GATEWAYHOSTNAME' injected into
# modules. Regardless of case the hostname is specified below, a lower case
# value is used to configure the Edge Hub server hostname as well as the
# environment variable specified above.
#
# It is important to note that when connecting downstream devices to the
# Edge Hub that the lower case value of this hostname be used in the
# 'GatewayHostName' field of the device's connection string URI.
###############################################################################

hostname: "device001"

###############################################################################
# Watchdog settings
###############################################################################
#
# The IoT edge daemon has a watchdog that periodically checks the health of the
# Edge Agent module and restarts it if it's down.
#
# max_retries - Configures the number of retry attempts that the IoT edge daemon
#               should make for failed operations before failing with a fatal error.
#
#               If this configuration is not specified, the daemon keeps retrying
#               on errors and doesn't fail fatally.
#
#               On a fatal failure, the daemon returns an exit code which
#               signifies the kind of error encountered. Currently, the following
#               error codes are returned by the daemon -
#
#               150 - Invalid Device ID specified.
#               151 - Invalid IoT hub configuration.
#               152 - Invalid SAS token used to call IoT hub.
#                     This could signal an invalid SAS key.
#               1 - All other errors.
###############################################################################

#watchdog:
#  max_retries: 2

###############################################################################
# Connect settings
###############################################################################
#
#
# Configures URIs used by clients of the management and workload APIs
#     management_uri - used by the Edge Agent and 'iotedge' CLI to start,
#                      stop, and manage modules
#     workload_uri   - used by modules to retrieve tokens and certificates
#
# The following uri schemes are supported:
#     http - connect over TCP
#     unix - connect over Unix domain socket
#
###############################################################################

connect:
  management_uri: "unix:///var/run/iotedge/mgmt.sock"
  workload_uri: "unix:///var/run/iotedge/workload.sock"

###############################################################################
# Listen settings
###############################################################################
#
# Configures the listen addresses for the daemon.
#     management_uri - used by the Edge Agent and 'iotedge' CLI to start,
#                      stop, and manage modules
#     workload_uri   - used by modules to retrieve tokens and certificates
#
# The following uri schemes are supported:
#     http - listen over TCP
#     unix - listen over Unix domain socket
#     fd   - listen using systemd socket activation
#
# These values can be different from the connect URIs. For instance, when
# using the fd:// scheme for systemd:
#     listen address is fd://iotedge.workload,
#     connect address is unix:///var/run/iotedge/workload.sock
#
###############################################################################

listen:
  management_uri: "fd://iotedge.mgmt.socket"
  workload_uri: "fd://iotedge.socket"

###############################################################################
# Home Directory
###############################################################################
#
# Configures the home directory for the daemon.
#
###############################################################################

homedir: "/var/lib/iotedge"

###############################################################################
# Moby Container Runtime settings
###############################################################################
#
# uri - configures the uri for the container runtime.
# network - configures the network on which the containers will be created.
#
# Additional container network configuration such as enabling IPv6 networking
# and providing the IPAM settings can be achieved by specifying the relevant
# configuration in the network settings.
#
# network:
#   name: "azure-iot-edge"
#   ipv6: true
#   ipam:
#     config:
#       -
#           gateway: '172.18.0.1'
#           subnet: '172.18.0.0/16'
#           ip_range: '172.18.0.0/16'
#       -
#           gateway: '2021:ffff:e0:3b1:1::1'
#           subnet: '2021:ffff:e0:3b1:1::/80'
#           ip_range: '2021:ffff:e0:3b1:1::/80'
###############################################################################

moby_runtime:
  uri: "unix:///var/run/docker.sock"
  # network: "azure-iot-edge"
  #
  # network:
  #   name: "azure-iot-edge"
  #   ipv6: true
  #   ipam:
  #     config:
  #       -
  #           gateway: '172.18.0.1'
  #           subnet: '172.18.0.0/16'
  #           ip_range: '172.18.0.0/16'
  #       -
  #           gateway: '2021:ffff:e0:3b1:1::1'
  #           subnet: '2021:ffff:e0:3b1:1::/80'
  #           ip_range: '2021:ffff:e0:3b1:1::/80'

and i have tried to run sudo systemctl restart iotedge then sudo iotedge check --verbose the following error appears.

Configuration checks
--------------------
× config.yaml is well-formed - Error
    The IoT Edge daemon's configuration file /etc/iotedge/config.yaml is not well-formed.
    Note: In case of syntax errors, the error may not be exactly at the reported line number and position.
        caused by: Could not load settings
        caused by: did not find expected <document start> at line 266 column 6
‼ config.yaml has well-formed connection string - Warning
    skipping because of previous failures
‼ container engine is installed and functional - Warning
    skipping because of previous failures
‼ config.yaml has correct hostname - Warning
    skipping because of previous failures
‼ config.yaml has correct URIs for daemon mgmt endpoint - Warning
    skipping because of previous failures
√ latest security daemon - OK
√ host time is close to real time - OK
‼ container time is close to host time - Warning
    skipping because of previous failures
‼ DNS server - Warning
    Container engine is not configured with DNS server setting, which may impact connectivity to IoT Hub.
    Please see https://aka.ms/iotedge-prod-checklist-dns for best practices.
    You can ignore this warning if you are setting DNS server per module in the Edge deployment.
        caused by: Could not open container engine config file /etc/docker/daemon.json
        caused by: No such file or directory (os error 2)
‼ production readiness: identity certificates expiry - Warning
    skipping because of previous failures
‼ production readiness: certificates - Warning
    skipping because of previous failures
‼ production readiness: container engine - Warning
    skipping because of previous failures
‼ production readiness: logs policy - Warning
    Container engine is not configured to rotate module logs which may cause it run out of disk space.
    Please see https://aka.ms/iotedge-prod-checklist-logs for best practices.
    You can ignore this warning if you are setting log policy per module in the Edge deployment.
        caused by: Could not open container engine config file /etc/docker/daemon.json
        caused by: No such file or directory (os error 2)
‼ production readiness: Edge Agent's storage directory is persisted on the host filesystem - Warning
    skipping because of previous failures
‼ production readiness: Edge Hub's storage directory is persisted on the host filesystem - Warning
    skipping because of previous failures

Connectivity checks
-------------------
‼ host can connect to and perform TLS handshake with DPS endpoint - Warning
    skipping because of previous failures
‼ host can connect to and perform TLS handshake with IoT Hub AMQP port - Warning
    skipping because of previous failures
‼ host can connect to and perform TLS handshake with IoT Hub HTTPS / WebSockets port - Warning
    skipping because of previous failures
‼ host can connect to and perform TLS handshake with IoT Hub MQTT port - Warning
    skipping because of previous failures
‼ container on the default network can connect to IoT Hub AMQP port - Warning
    skipping because of previous failures
‼ container on the default network can connect to IoT Hub HTTPS / WebSockets port - Warning
    skipping because of previous failures
‼ container on the default network can connect to IoT Hub MQTT port - Warning
    skipping because of previous failures
‼ container on the IoT Edge module network can connect to IoT Hub AMQP port - Warning
    skipping because of previous failures
‼ container on the IoT Edge module network can connect to IoT Hub HTTPS / WebSockets port - Warning
    skipping because of previous failures
‼ container on the IoT Edge module network can connect to IoT Hub MQTT port - Warning
    skipping because of previous failures

2 check(s) succeeded.
2 check(s) raised warnings.
1 check(s) raised errors.
20 check(s) were skipped due to errors from other checks.

I don't know why that, i just followed the last steps threee times before reproducing all the last steps, but this problem just appears.

Then i need to update iotedge version to 1.2, the current version is sudo iotedge version iotedge 1.1.8

Then i followed the updating instructions sudo apt-get install aziot-edge

Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  aziot-identity-service
The following packages will be REMOVED:
  iotedge libiothsm-std
The following NEW packages will be installed:
  aziot-edge aziot-identity-service
0 upgraded, 2 newly installed, 2 to remove and 77 not upgraded.
Need to get 7,984 kB of archives.
After this operation, 14.4 MB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 https://packages.microsoft.com/debian/stretch/multiarch/prod stretch/main armhf aziot-identity-service armhf 1.2.4-1 [3,093 kB]
Get:2 https://packages.microsoft.com/debian/stretch/multiarch/prod stretch/main armhf aziot-edge armhf 1.2.5-1 [4,891 kB]
Fetched 7,984 kB in 3s (2,496 kB/s)     
(Reading database ... 40581 files and directories currently installed.)
Removing iotedge (1.1.8-1) ...
Removing libiothsm-std (1.1.8-1) ...
Selecting previously unselected package aziot-identity-service.
(Reading database ... 40563 files and directories currently installed.)
Preparing to unpack .../aziot-identity-service_1.2.4-1_armhf.deb ...
Unpacking aziot-identity-service (1.2.4-1) ...
Selecting previously unselected package aziot-edge.
Preparing to unpack .../aziot-edge_1.2.5-1_armhf.deb ...
Unpacking aziot-edge (1.2.5-1) ...
Setting up aziot-identity-service (1.2.4-1) ...
Created symlink /etc/systemd/system/sockets.target.wants/aziot-certd.socket → /lib/systemd/system/aziot-certd.socket.
Created symlink /etc/systemd/system/sockets.target.wants/aziot-identityd.socket → /lib/systemd/system/aziot-identityd.socket.
Created symlink /etc/systemd/system/sockets.target.wants/aziot-keyd.socket → /lib/systemd/system/aziot-keyd.socket.
Created symlink /etc/systemd/system/sockets.target.wants/aziot-tpmd.socket → /lib/systemd/system/aziot-tpmd.socket.
Setting up aziot-edge (1.2.5-1) ...
===============================================================================

                              Azure IoT Edge

  IMPORTANT: Please configure the device with provisioning information.

  Detected /etc/iotedge/config.yaml from a previously installed version
  of IoT Edge. You can import its configuration using:

    sudo iotedge config import

  Otherwise, please create a new system configuration.

  You can quickly configure the device for manual provisioning with
   a connection string using:

    sudo iotedge config mp --connection-string '...'

  For other provisioning options, copy the template file 
  at /etc/aziot/config.toml.edge.template to /etc/aziot/config.toml,
  update it with your device information, then apply the configuration to
  the IoT Edge services with:

    sudo iotedge config apply

===============================================================================
Created symlink /etc/systemd/system/sockets.target.wants/aziot-edged.mgmt.socket → /lib/systemd/system/aziot-edged.mgmt.socket.
Created symlink /etc/systemd/system/multi-user.target.wants/aziot-edged.service → /lib/systemd/system/aziot-edged.service.
Created symlink /etc/systemd/system/sockets.target.wants/aziot-edged.workload.socket → /lib/systemd/system/aziot-edged.workload.socket.
Processing triggers for man-db (2.8.5-2) ...

Current version sudo iotedge version iotedge 1.2.5

then i tried to update DPS SAS, then restarting system control sudo systemctl restart iotedge, but the following issue appears.

Failed to restart iotedge.service: Unit iotedge.service is masked.

i wan't to setup 1.2 version.

Due to iotedge pacakging i tried to look for depencices and other stuff, the following depencices are installed properlly on my device.

• aziot-identity-service
• moby-engine
• openssl

then i run the following.

apt install aziot-edge

sudo cp /etc/aziot/config.toml.edge.template /etc/aziot/config.toml

sudo nano -w /etc/aziot/config.toml

iotedge config apply

then i have edited the configuration .toml file

## Manual provisioning with symmetric key
 [provisioning]
 source = "manual"
 iothub_hostname = "example.azure-devices.net"
 device_id = "device-001"
#
 [provisioning.authentication]
 method = "sas"
#
 device_id_pk = { value = "xTHyGS3RzTOXU9qfJSNa*************" }     # inline key (base64), or...
# device_id_pk = { uri = "file:///var/secrets/device-id.key" }                  # file URI, or...
# device_id_pk = { uri = "pkcs11:slot-id=0;object=device%20id?pin-value=1234" } # PKCS#11 URI

sudo iotedge config apply

Note: Symmetric key will be written to /var/secrets/aziot/keyd/device-id
Azure IoT Edge has been configured successfully!

Restarting service for configuration to take effect...
Stopping aziot-edged.service...Stopped!
Stopping aziot-identityd.service...Stopped!
Stopping aziot-keyd.service...Stopped!
Stopping aziot-certd.service...Stopped!
Stopping aziot-tpmd.service...Stopped!
Starting aziot-edged.mgmt.socket...Started!
Starting aziot-edged.workload.socket...Started!
Starting aziot-identityd.socket...Started!
Starting aziot-keyd.socket...Started!
Starting aziot-certd.socket...Started!
Starting aziot-tpmd.socket...Started!
Starting aziot-edged.service...Started!
Done.

then i tried to update iotedge to aziot-edge

apt install aziot-edge

sudo iotedge config import --force

the following error appears

thread 'main' panicked at 'config is not frozen: did not find expected <document start> at line 266 column 6', iotedge/src/config/import/mod.rs:137:14
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

i think these issues are related #5767 #5883

[bilalsellak]

@kottoz I believe this error thread 'main' panicked at 'config is not frozen: did not find expected <document start> at line 266 column 6', iotedge/src/config/import/mod.rs:137:14 as well as: × config.yaml is well-formed - Error The IoT Edge daemon's configuration file /etc/iotedge/config.yaml is not well-formed. Note: In case of syntax errors, the error may not be exactly at the reported line number and position. caused by: Could not load settings caused by: did not find expected <document start> at line 266 column 6

are due to you having a malformed config.yaml that arose from having an extra space before your provisioning section. Can you try removing that extra space before the section on line 150 in the yaml and seeing if it resolves the error you're seeing?

[kottoz]

I have used raspberry pi 4 with buster image, as well i subscribed to tier 1 which not supports the buster image, after upgrading every thing goes well.