Iot Edge edgeHub module issue during start up

Question

----------  
<3> 2022-11-10 09:54:40.149 +00:00 [ERR] [EdgeHub] - Stopping with exception  
System.UnauthorizedAccessException: Access to the path '/tmp/edgeHub/DEVICE_IDENTITY.json' is denied.  
 ---> System.IO.IOException: Permission denied  
   --- End of inner exception stack trace ---  
   at Interop.ThrowExceptionForIoErrno(ErrorInfo errorInfo, String path, Boolean isDirectory, Func`2 errorRewriter)  
   at Microsoft.Win32.SafeHandles.SafeFileHandle.Open(String path, OpenFlags flags, Int32 mode)  
   at System.IO.FileStream.OpenHandle(FileMode mode, FileShare share, FileOptions options)  
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)  
   at System.IO.StreamWriter.ValidateArgsAndOpenPath(String path, Boolean append, Encoding encoding, Int32 bufferSize)  
   at System.IO.StreamWriter..ctor(String path)  
   at System.IO.File.WriteAllText(String path, String contents)  
   at Microsoft.Azure.Devices.Edge.Util.PersistentStorageValidation.ValidateStorageIdentity(String storagePath, String deviceId, String iotHubHostname, String moduleId, Option`1 moduleGenerationId, ILogger logger) in /mnt/vss/_work/1/s/edge-util/src/Microsoft.Azure.Devices.Edge.Util/PersistentStorageValidation.cs:line 20  
   at Microsoft.Azure.Devices.Edge.Hub.Service.DependencyManager.GetStoreAndForwardConfiguration() in /mnt/vss/_work/1/s/edge-hub/core/src/Microsoft.Azure.Devices.Edge.Hub.Service/DependencyManager.cs:line 353  
   at Microsoft.Azure.Devices.Edge.Hub.Service.DependencyManager.Register(ContainerBuilder builder) in /mnt/vss/_work/1/s/edge-hub/core/src/Microsoft.Azure.Devices.Edge.Hub.Service/DependencyManager.cs:line 127  
   at Microsoft.Azure.Devices.Edge.Hub.Service.Startup.BuildContainer(IServiceCollection services) in /mnt/vss/_work/1/s/edge-hub/core/src/Microsoft.Azure.Devices.Edge.Hub.Service/Startup.cs:line 93  
   at Microsoft.Azure.Devices.Edge.Hub.Service.Startup.ConfigureServices(IServiceCollection services) in /mnt/vss/_work/1/s/edge-hub/core/src/Microsoft.Azure.Devices.Edge.Hub.Service/Startup.cs:line 45  
   at Microsoft.AspNetCore.Hosting.WebHost.EnsureApplicationServices()  
   at Microsoft.AspNetCore.Hosting.WebHost.Initialize()  
   at Microsoft.AspNetCore.Hosting.WebHostBuilder.Build()  
   at Microsoft.Azure.Devices.Edge.Hub.Service.Hosting.Initialize(IConfigurationRoot configuration, X509Certificate2 serverCertificate, IDependencyManager dependencyManager, Boolean clientCertAuthEnabled, SslProtocols sslProtocols) in /mnt/vss/_work/1/s/edge-hub/core/src/Microsoft.Azure.Devices.Edge.Hub.Service/Hosting.cs:line 79  
   at Microsoft.Azure.Devices.Edge.Hub.Service.Program.MainAsync(IConfigurationRoot configuration) in /mnt/vss/_work/1/s/edge-hub/core/src/Microsoft.Azure.Devices.Edge.Hub.Service/Program.cs:line 67  
Unhandled exception. System.AggregateException: One or more errors occurred. (Access to the path '/tmp/edgeHub/DEVICE_IDENTITY.json' is denied.)  
 ---> System.UnauthorizedAccessException: Access to the path '/tmp/edgeHub/DEVICE_IDENTITY.json' is denied.  
 ---> System.IO.IOException: Permission denied  
   --- End of inner exception stack trace ---  
   at Interop.ThrowExceptionForIoErrno(ErrorInfo errorInfo, String path, Boolean isDirectory, Func`2 errorRewriter)  
   at Microsoft.Win32.SafeHandles.SafeFileHandle.Open(String path, OpenFlags flags, Int32 mode)  
   at System.IO.FileStream.OpenHandle(FileMode mode, FileShare share, FileOptions options)  
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)  
   at System.IO.StreamWriter.ValidateArgsAndOpenPath(String path, Boolean append, Encoding encoding, Int32 bufferSize)  
   at System.IO.StreamWriter..ctor(String path)  
   at System.IO.File.WriteAllText(String path, String contents)  
   at Microsoft.Azure.Devices.Edge.Util.PersistentStorageValidation.ValidateStorageIdentity(String storagePath, String deviceId, String iotHubHostname, String moduleId, Option`1 moduleGenerationId, ILogger logger) in /mnt/vss/_work/1/s/edge-util/src/Microsoft.Azure.Devices.Edge.Util/PersistentStorageValidation.cs:line 20  
   at Microsoft.Azure.Devices.Edge.Hub.Service.DependencyManager.GetStoreAndForwardConfiguration() in /mnt/vss/_work/1/s/edge-hub/core/src/Microsoft.Azure.Devices.Edge.Hub.Service/DependencyManager.cs:line 353  
   at Microsoft.Azure.Devices.Edge.Hub.Service.DependencyManager.Register(ContainerBuilder builder) in /mnt/vss/_work/1/s/edge-hub/core/src/Microsoft.Azure.Devices.Edge.Hub.Service/DependencyManager.cs:line 127  
   at Microsoft.Azure.Devices.Edge.Hub.Service.Startup.BuildContainer(IServiceCollection services) in /mnt/vss/_work/1/s/edge-hub/core/src/Microsoft.Azure.Devices.Edge.Hub.Service/Startup.cs:line 93  
   at Microsoft.Azure.Devices.Edge.Hub.Service.Startup.ConfigureServices(IServiceCollection services) in /mnt/vss/_work/1/s/edge-hub/core/src/Microsoft.Azure.Devices.Edge.Hub.Service/Startup.cs:line 45  
   at Microsoft.AspNetCore.Hosting.WebHost.EnsureApplicationServices()  
   at Microsoft.AspNetCore.Hosting.WebHost.Initialize()  
   at Microsoft.AspNetCore.Hosting.WebHostBuilder.Build()  
   at Microsoft.Azure.Devices.Edge.Hub.Service.Hosting.Initialize(IConfigurationRoot configuration, X509Certificate2 serverCertificate, IDependencyManager dependencyManager, Boolean clientCertAuthEnabled, SslProtocols sslProtocols) in /mnt/vss/_work/1/s/edge-hub/core/src/Microsoft.Azure.Devices.Edge.Hub.Service/Hosting.cs:line 79  
   at Microsoft.Azure.Devices.Edge.Hub.Service.Program.MainAsync(IConfigurationRoot configuration) in /mnt/vss/_work/1/s/edge-hub/core/src/Microsoft.Azure.Devices.Edge.Hub.Service/Program.cs:line 67  
   --- End of inner exception stack trace ---  
   at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)  
   at System.Threading.Tasks.Task`1.get_Result()  
   at Microsoft.Azure.Devices.Edge.Hub.Service.Program.Main() in /mnt/vss/_work/1/s/edge-hub/core/src/Microsoft.Azure.Devices.Edge.Hub.Service/Program.cs:line 36  
 [2mNov 10 09:54:41.294  [0m [32m INFO [0m watchdog::child: Edge Hub process has stopped  
  
----------  

in my azure iot edge vm, edgeHub module can not access mounted volume
/data/edgeHub/ directory in system is mounted to /tmp/edgeHub directory in contianer
/data/ directory in system is mounted with a separated azure disk
looks like edgeHub container has to permission to access mounted directory
any help?

Answer 1

Hi @Zehou Zhang ,

Thank you for posting this question. You can grant access to the directory by executing the following commands on the edge device terminal

sudo chown -R 11000:11000 <dir>  
sudo chmod -R 700 <dir>  

Please refer to the following section Granting directory access to container user on Linux for more information.

Please do not that if you are running the service as a user besides the admin, you can specify your custom user ID in createOptions under "User" property in your deployment manifest. In such case you need to use default or root group ID 0. You can do so by adding the following configuration in the deployment manifest.

"createOptions": {  
  "User": "<custom user ID>:0"  
}  

Please let us know if you have any further issues with the module start up after granting the access.

----------

Kindly accept answer or upvote if this response is helpful so that it would benefit other community members facing the same issue.