Closed Metal-Mighty closed 3 months ago
Hello, iotedge-lorawan-starterkit is not supported as part of the core IoT Edge runtime. Please open an issue in the lorawan repo.
Hi, I thought the connections to the IoT Hub would be handled by the edgeHub module directly. I'll move my issue there, thanks
Expected Behavior
I am using the LoRaNetworkSrvModule (LNS) from the iotedge-lorawan-starterkit project. When the LNS receives payloads from IoT devices, the edgeHub connects to the IoT Hub and, from my understanding, updates metadata regarding the device that communicated with the LNS module.
Current Behavior
When the LNS receives a payload, the
edgeHub
tries to contact our IoT Hub to refresh the device's "service identity", but the query fails with aDeviceScopeApiException
:This does not block our ability to receive payloads and handle them: Our LNS module is able to redirect the payload according to the IoT device's configuration set in its Azure IoT Hub Device Twin, so that means that the connection is properly authenticated somehow.
The Edge Device is authenticated with a symmetric key provided in
/etc/aziot/config.toml
However since it spams the edgeHub logs, it makes it tough to troubleshoot other issues we are encountering and provide support to our end users.
Steps to Reproduce
Provide a detailed set of steps to reproduce the bug.
Context (Environment)
Output of
iotedge check
iotedge check --diagnostics-image-name/azureiotedge-diagnostics:1.4.33 --iothub-hostname .azure-devices.net --expected-aziot-edged-version 1.4.33 --expected-aziot-version 1.4.8
``` Configuration checks (aziot-identity-service) --------------------------------------------- √ keyd configuration is well-formed - OK √ certd configuration is well-formed - OK √ tpmd configuration is well-formed - OK √ identityd configuration is well-formed - OK √ daemon configurations up-to-date with config.toml - OK √ identityd config toml file specifies a valid hostname - OK √ aziot-identity-service package is up-to-date - OK ‼ host time is close to reference time - Warning Could not query NTP server √ preloaded certificates are valid - OK √ keyd is running - OK √ certd is running - OK √ identityd is running - OK √ read all preloaded certificates from the Certificates Service - OK √ read all preloaded key pairs from the Keys Service - OK √ check all EST server URLs utilize HTTPS - OK √ ensure all preloaded certificates match preloaded private keys with the same ID - OK Connectivity checks (aziot-identity-service) -------------------------------------------- × host can connect to and perform TLS handshake with iothub AMQP port - Error Failed to do TLS Handshake, Connection Attempt Timed out in 70 Seconds √ host can connect to and perform TLS handshake with iothub HTTPS / WebSockets port - OK × host can connect to and perform TLS handshake with iothub MQTT port - Error Failed to do TLS Handshake, Connection Attempt Timed out in 70 Seconds √ host can connect to and perform TLS handshake with DPS endpoint - OK Configuration checks -------------------- √ aziot-edged configuration is well-formed - OK √ configuration up-to-date with config.toml - OK √ container engine is installed and functional - OK √ configuration has correct URIs for daemon mgmt endpoint - OK √ aziot-edge package is up-to-date - OK √ container time is close to host time - OK √ DNS server - OK √ production readiness: logs policy - OK ‼ production readiness: Edge Agent's storage directory is persisted on the host filesystem - Warning The edgeAgent module is not configured to persist its /tmp/edgeAgent directory on the host filesystem. Data might be lost if the module is deleted or updated. Please see https://aka.ms/iotedge-storage-host for best practices. ‼ production readiness: Edge Hub's storage directory is persisted on the host filesystem - Warning The edgeHub module is not configured to persist its /tmp/edgeHub directory on the host filesystem. Data might be lost if the module is deleted or updated. Please see https://aka.ms/iotedge-storage-host for best practices. √ Agent image is valid and can be pulled from upstream - OK √ proxy settings are consistent in aziot-edged, aziot-identityd, moby daemon and config.toml - OK Connectivity checks ------------------- × container on the default network can connect to upstream AMQP port - Error Container on the default network could not connect toDevice Information
Runtime Versions
iotedge version
]: iotedge 1.4.33docker version
]: 24.0.9-1Daemon configuration
/etc/aziot/config.toml
``` [provisioning] iothub_hostname = "Logs
Abstract of the logs when the error above occurs.
aziot-edged logs
``` [...] Mar 21 12:54:47Abstract of the edgeAgent container on startup until it starts the modules from our deployment manifest hosted on the Azure IoT Hub. Some repetitive parts and names have been redacted.
edge-agent logs
``` 2024-03-21 10:10:31 Starting Edge Agent 2024-03-21 10:10:31 Creating UID 13622 as edgeagentuser 2024-03-21 10:10:31 Creating storage folder: /tmp/edgeAgent 2024-03-21 10:10:31 Creating backup folder: /tmp/edgeAgent_backup 2024-03-21 10:10:31 Changing ownership of management socket: /var/run/iotedge/mgmt.sock 2024-03-21 10:10:31 Completed necessary setup. Starting Edge Agent. 2024-03-21 10:10:31.546 +00:00 Edge Agent Main() <6> 2024-03-21 10:10:31.852 +00:00 [INF] - Initializing Edge Agent. <6> 2024-03-21 10:10:32.101 +00:00 [INF] - Version - 1.4.33.89334537 (71f4974213cfab7447117af13a30319ba2c40357) <6> 2024-03-21 10:10:32.102 +00:00 [INF] - █████╗ ███████╗██╗ ██╗██████╗ ███████╗ ██╔══██╗╚══███╔╝██║ ██║██╔══██╗██╔════╝ ███████║ ███╔╝ ██║ ██║██████╔╝█████╗ ██╔══██║ ███╔╝ ██║ ██║██╔══██╗██╔══╝ ██║ ██║███████╗╚██████╔╝██║ ██║███████╗ ╚═╝ ╚═╝╚══════╝ ╚═════╝ ╚═╝ ╚═╝╚══════╝ ██╗ ██████╗ ████████╗ ███████╗██████╗ ██████╗ ███████╗ ██║██╔═══██╗╚══██╔══╝ ██╔════╝██╔══██╗██╔════╝ ██╔════╝ ██║██║ ██║ ██║ █████╗ ██║ ██║██║ ███╗█████╗ ██║██║ ██║ ██║ ██╔══╝ ██║ ██║██║ ██║██╔══╝ ██║╚██████╔╝ ██║ ███████╗██████╔╝╚██████╔╝███████╗ ╚═╝ ╚═════╝ ╚═╝ ╚══════╝╚═════╝ ╚═════╝ ╚══════╝ <6> 2024-03-21 10:10:32.107 +00:00 [INF] - ModuleUpdateMode: NonBlocking <6> 2024-03-21 10:10:32.214 +00:00 [INF] - Experimental features configuration: {"Enabled":false,"DisableCloudSubscriptions":false} <6> 2024-03-21 10:10:32.481 +00:00 [INF] - Installing certificates [CN=aziot-edge CAAbstract of the edgeHub logs before to after the error in debug mode. Some repetitive lines have been removed to fit in Github's comment size limit.
edge-hub logs
``` <6> 2024-03-21 12:57:05.877 +00:00 [INF] [Microsoft.Azure.Devices.Edge.Hub.Core.ConnectionReauthenticator] - Entering periodic task to reauthenticate connected clients <7> 2024-03-21 12:57:05.878 +00:00 [DBG] [Microsoft.Azure.Devices.Edge.Hub.Core.IDeviceScopeIdentitiesCache] - Getting service identity forAdditional Information
We are in a strictly controlled network environment, which means we only have the necessary ports and target hosts allowed. Our server is only able to communicate with the Azure IoT Hub and DPS on port HTTPS TCP/443. We communicate with Azure in Amqp_Ws This issue is a follow-up to #6936, I preferred opening a new ticket with up to date information and releases of the whole stack. I am working with @adcoly on that topic.