IoT Edge 1.4 install fails if system has users with UID 13622 / 13623

[MattCosturos]

Expected Behavior

The install should work

Current Behavior

The install fails

Steps to Reproduce

Have a system linked to our domain / privileged identity management system that has 1000s of users.

Run sudo apt install -y aziot-edge

Are the useradd errors related to the No such file or directory error?

output

Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  aziot-identity-service
The following NEW packages will be installed:
  aziot-edge aziot-identity-service
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/8,564 kB of archives.
After this operation, 38.4 MB of additional disk space will be used.
Selecting previously unselected package aziot-identity-service.
(Reading database ... 112040 files and directories currently installed.)
Preparing to unpack .../aziot-identity-service_1.4.7-1_amd64.deb ...
Unpacking aziot-identity-service (1.4.7-1) ...
Selecting previously unselected package aziot-edge.
Preparing to unpack .../aziot-edge_1.4.27-1_amd64.deb ...
useradd: UID 13622 is not unique
useradd: UID 13623 is not unique
Unpacking aziot-edge (1.4.27-1) ...
Setting up aziot-identity-service (1.4.7-1) ...
chown: cannot access '/etc/aziot/certd/config.toml.default': No such file or directory
dpkg: error processing package aziot-identity-service (--configure):
 installed aziot-identity-service package post-installation script subprocess returned error exit status 1
dpkg: dependency problems prevent configuration of aziot-edge:
 aziot-edge depends on aziot-identity-service (= 1.4.7-1); however:
  Package aziot-identity-service is not configured yet.

dpkg: error processing package aziot-edge (--configure):
 dependency problems - leaving unconfigured
Processing triggers for man-db (2.9.1-1) ...No apport report written because the error message indicates its a followup error from a previous failure.

Errors were encountered while processing:
 aziot-identity-service
 aziot-edge
E: Sub-process /usr/bin/dpkg returned an error code (1)

Context (Environment)

Output of iotedge check

N/ A

Device Information

Ubuntu 20.04, amd64

[MattCosturos]

User add error was not related to the chown error.

I had to sudo apt-get autoremove --purge aziot-edge several time, and reboot, and I'm not exactly sure what else. But traces of a previous install caused the chown error.

Then I did sudo apt install -y aziot-identity-service which worked then I did sudo apt install -y aziot-edge which "worked" even tho the user add still had a conflict

[MattCosturos]

Is there any documentation on manually adding edgeagentuser to the system?

I assume I will need to manually create 2 users.

useradd -r -g iotedge -c "edgeAgent user" -s /sbin/nologin edgeagentuser useradd -r -c "edgeHub user" -s /sbin/nologin edgehubuser

But then how do I use those userIds? I saw something about the EDGEAGENTUSER_ID env var, but not exactly sure what process needs to know this uid.

[bilalsellak]

I believe being able to set the EDGEAGENTUSER_ID env var was added as backwards compatibility with previous iotedge versions. You should be able to add it in your deployment manifest in the env section: https://learn.microsoft.com/en-us/azure/iot-edge/module-edgeagent-edgehub?view=iotedge-1.4#edgeagent-desired-properties

[konichi3]

@MattCosturos Can you give it a try with the deployment manifest change per Bilal above?

[david-emakenemi]

@MattCosturos any updates?

[MattCosturos]

I might be missing it, I don't see any mention of EDGEAGENTUSER_ID in that linked article.

I will go ahead and add an env var called EDGEAGENTUSER_ID to the creation options and test that today and report back

[MattCosturos]

Yes. setting the env vars EDGEAGENTUSER_ID AND EDGEHUBUSER_ID in a deployment manifests allows one to specify which user Id should be used for the modules.