MQTT Connectivity Setup - IoT Edge

Question

Hi,

I am using the below deployment file for the IoT edge deployment. Replaced with the actual iot hub <iothub> before deployment. Deployment is successful. But in the Azure portal, when I see the modules, it is showing error "Unable to retrieve IoT Edge informationIoT Edge configuration uses an unsupported schema and cannot be displayed."

Please guide anything missing here.

{
"$schema-template": "2.0.0",
"modulesContent": {
"$edgeAgent": {
"properties.desired": {
"schemaVersion": "1.0",
"runtime": {
"type": "docker",
"settings": {
"minDockerVersion": "v1.25",
"loggingOptions": "",
"registryCredentials": {}
}
},
"systemModules": {
"edgeAgent": {
"type": "docker",
"settings": {
"image": "mcr.microsoft.com/azureiotedge-agent:1.2",
"createOptions": ""
}
},
"edgeHub": {
"type": "docker",
"status": "running",
"env": {
"experimentalFeatures__enabled": {
"value": "true"
},
"experimentalFeatures__mqttBrokerEnabled": {
"value": "true"
}
},
"restartPolicy": "always",
"settings": {
"image": "mcr.microsoft.com/azureiotedge-hub:1.2",
"createOptions": "{\"HostConfig\":{\"PortBindings\":{\"443/tcp\":[{\"HostPort\":\"443\"}],\"5671/tcp\":[{\"HostPort\":\"5671\"}],\"8883/tcp\":[{\"HostPort\":\"8883\"}]}}}"
}
}
},
"modules": {}
}
},
"$edgeHub":{
"properties.desired":{
"schemaVersion":"1.2",
"routes":{
"Route1":"FROM /messages/* INTO $upstream"
},
"storeAndForwardConfiguration":{
"timeToLiveSecs":7200
},
"mqttBroker":{
"authorizations":[
{
"identities": [
"{{iot:identity}}"
],
"allow":[
{
"operations":[
"mqtt:connect"
]
}
]
},
{
"identities": [
"<iothub>.azure-devices.net/sub_client"
],
"allow":[
{
"operations":[
"mqtt:subscribe"
],
"resources":[
"test_topic"
]
}
]
},
{
"identities": [
"<iothub>.azure-devices.net/pub_client"
],
"allow":[
{
"operations":[
"mqtt:publish"
],
"resources":[
"test_topic"
]
}
]
}
]
}
}
}
}
}

Answer 1

The problem you experience with schema 1.2 is the following:

• Edge 1.2 has an Mqtt broker in it. It needs policy information in order to work (otherwise it will not authorize any operation through the mqtt broker)
• The broker itself is for experimental feature and does not have full support. One of the consequence of this that the updated schema (which is needed to be able to describe the policy information) is not supported through azure portal.
• Now the two options with 1.2 are: a) not using the built in mqtt broker. In this case no need for policy information and the previous schemas can be used for deployment, which are supported by azure portal. b) use the mqtt broker which requires schema 1.2, but in this case azure portal will not be able to help maintaining it.

Sorry for the inconvenience.

Answer 2

I also encountered this issue (following documentation at https://learn.microsoft.com/en-us/azure/iot-edge/how-to-publish-subscribe?view=iotedge-2020-11)
It is because the
$edgeHub.properties.desired.schemaVersion can only be 1.0 or 1.1

In order to view it in IoTHub you need to set it to one of those values. e.g.:

   {  
   ...  
       "$edgeHub": {  
         "properties.desired": {  
           "schemaVersion": "1.1",  
   }  

HOWEVER, if you do this the local authentication will no longer work (tested using mosuitto_pub and mosquitto-sub)

With a sudo iotedge logs -f edgeHub you can see that it authenticates but does not authorize.

   <6> 2021-07-07 21:15:30.824 +00:00 [INF] [server{listener=0.0.0.0:1883}:connection{client_id=pub_client remote_addr=172.2.0.1:45110 connec  
   tion=e4867dfb-392e-4a3c-888b-64363d776003}: mqtt_edgehub::auth::authentication::edgehub] - authenticate client                               
   <6> 2021-07-07 21:15:30.970 +00:00 [INF] - Client pub_client in device scope authenticated locally.                                          
   <6> 2021-07-07 21:15:30.974 +00:00 [INF] - AUTH succeeded "my-iothub-here.azure-devices.net/pub_client"                                      
   <4> 2021-07-07 21:15:30.998 +00:00 [WRN] [broker{client_id=pub_client event="client"}: mqtt_broker::broker] - not authorized: client: pub_c  
   lient operation: CONNECT; reason: denied by policy                                                                                           
   <6> 2021-07-07 21:15:31.000 +00:00 [INF] [server{listen  

So, this appears to be a bug in their implementation. My working manifest is below. You can't see it in IoThub due to the Unable to retrieve IoT Edge informationIoT Edge configuration uses an unsupported schema and cannot be displayed. error. But I was able to get publishing and subscribing locally working on the device. There are probably some superfluous identities, but none of them work with a lower schema version (1.2 is required)

   json  
   {  
     "$schema-template": "2.0.0",  
     "modulesContent": {  
       "$edgeAgent": {  
         "properties.desired": {  
           "schemaVersion": "1.1",  
           "runtime": {  
             "type": "docker",  
             "settings": {  
               "minDockerVersion": "v1.25",  
               "loggingOptions": "",  
               "registryCredentials": {}  
             }  
           },  
           "systemModules": {  
             "edgeAgent": {  
               "type": "docker",  
               "settings": {  
                 "image": "mcr.microsoft.com/azureiotedge-agent:1.2",  
                 "createOptions": "{}"  
               }  
             },  
             "edgeHub": {  
               "type": "docker",  
               "status": "running",  
               "restartPolicy": "always",  
               "settings": {  
                 "image": "mcr.microsoft.com/azureiotedge-hub:1.2",  
                 "createOptions": "{\"HostConfig\":{\"PortBindings\":{\"5671/tcp\":[{\"HostPort\":\"5671\"}],\"8883/tcp\":[{\"HostPort\":\"8883\"}],\"443/tcp\":[{\"HostPort\":\"443\"}],\"1883/tcp\":[{\"HostPort\":\"1883\"}]}}}"  
               },  
               "env": {  
                 "experimentalFeatures__enabled": {  
                   "value": "true"  
                 },  
                 "experimentalFeatures__mqttBrokerEnabled": {  
                   "value": "true"  
                 }  
               }  
             }  
           },  
           "modules": {}  
         }  
       },  
       "$edgeHub": {  
         "properties.desired": {  
           "schemaVersion": "1.2",  
           "routes": {  
             "Upstream": "FROM /messages/* INTO $upstream"  
           },  
           "storeAndForwardConfiguration": {  
             "timeToLiveSecs": 7200  
           },  
           "mqttBroker": {  
             "authorizations": [  
               {  
                 "identities": [  
                   "{{iot:identity}}",  
                   "my-iothub.azure-devices.net/sub_client",  
                   "my-iothub.azure-devices.net/pub_client",  
                   "sub_client",  
                   "pub_client"  
                 ],  
                 "allow": [  
                   {  
                     "operations": ["mqtt:connect"]  
                   }  
                 ]  
               },  
               {  
                 "identities": ["my-iothub.azure-devices.net/sub_client", "sub_client"],  
                 "allow": [  
                   {  
                     "operations": ["mqtt:subscribe"],  
                     "resources": ["test_topic"]  
                   }  
                 ]  
               },  
               {  
                 "identities": ["my-iothub.azure-devices.net/pub_client", "pub_client"],  
                 "allow": [  
                   {  
                     "operations": ["mqtt:publish"],  
                     "resources": ["test_topic"]  
                   }  
                 ]  
               }  
             ]  
           }  
         }  
       }  
     }  
   }