IoTedge installation failed with error "OCI runtime create failed"

Question

Hi team, I am installing iotedge 1.2 on ubuntu Ubuntu 18.04.5 and facing below error. I tried to uninstall and reinstall the iotedge but still facing the same issue

iotadmin@tsunoshima-edge-dev:~$ iotedge version
iotedge 1.2.5

iotedge check:

Configuration checks
--------------------
√ aziot-edged configuration is well-formed - OK
√ configuration up-to-date with config.toml - OK
√ container engine is installed and functional - OK
× configuration has correct URIs for daemon mgmt endpoint - Error
    docker: Error response from daemon: OCI runtime create failed: container_linux.go:367: starting container process caused: error adding seccomp filter rule for syscall clone3: permission denied: unknown.
        caused by: docker returned exit code: 126, stderr = docker: Error response from daemon: OCI runtime create failed: container_linux.go:367: starting container process caused: error adding seccomp filter rule for syscall clone3: permission denied: unknown.
√ aziot-edge package is up-to-date - OK
× container time is close to host time - Error
    Could not query local time inside container
        caused by: docker returned exit code: 126, stderr = docker: Error response from daemon: OCI runtime create failed: container_linux.go:367: starting container process caused: error adding seccomp filter rule for syscall clone3: permission denied: unknown.
‼ DNS server - Warning
    Container engine is not configured with DNS server setting, which may impact connectivity to IoT Hub.
    Please see https://aka.ms/iotedge-prod-checklist-dns for best practices.
    You can ignore this warning if you are setting DNS server per module in the Edge deployment.
‼ production readiness: container engine - Warning
    Device is not using a production-supported container engine (moby-engine).
    Please see https://aka.ms/iotedge-prod-checklist-moby for details.
‼ production readiness: logs policy - Warning
    Container engine is not configured to rotate module logs which may cause it run out of disk space.
    Please see https://aka.ms/iotedge-prod-checklist-logs for best practices.
    You can ignore this warning if you are setting log policy per module in the Edge deployment.
‼ production readiness: Edge Agent's storage directory is persisted on the host filesystem - Warning
    The edgeAgent module is not configured to persist its /tmp/edgeAgent directory on the host filesystem.
    Data might be lost if the module is deleted or updated.
    Please see https://aka.ms/iotedge-storage-host for best practices.
× production readiness: Edge Hub's storage directory is persisted on the host filesystem - Error
    Could not check current state of edgeHub container
        caused by: docker returned exit code: 1, stderr = Error: No such object: edgeHub
√ Agent image is valid and can be pulled from upstream - OK

Connectivity checks
-------------------
× container on the default network can connect to upstream  AMQP port - Error
    Container on the default network could not connect to tsunoshima-iothub-dev.azure-devices.net:5671
        caused by: docker returned exit code: 126, stderr = docker: Error response from daemon: OCI runtime create failed: container_linux.go:367: starting container process caused: error adding seccomp filter rule for syscall clone3: permission denied: unknown.
× container on the default network can connect to upstream HTTPS / WebSockets port - Error
    Container on the default network could not connect to tsunoshima-iothub-dev.azure-devices.net:443
        caused by: docker returned exit code: 126, stderr = docker: Error response from daemon: OCI runtime create failed: container_linux.go:367: starting container process caused: error adding seccomp filter rule for syscall clone3: permission denied: unknown.
× container on the default network can connect to upstream MQTT port - Error
    Container on the default network could not connect to tsunoshima-iothub-dev.azure-devices.net:8883
        caused by: docker returned exit code: 126, stderr = docker: Error response from daemon: OCI runtime create failed: container_linux.go:367: starting container process caused: error adding seccomp filter rule for syscall clone3: permission denied: unknown.
× container on the IoT Edge module network can connect to upstream AMQP port - Error
    Container on the azure-iot-edge network could not connect to tsunoshima-iothub-dev.azure-devices.net:5671
        caused by: docker returned exit code: 126, stderr = docker: Error response from daemon: OCI runtime create failed: container_linux.go:367: starting container process caused: error adding seccomp filter rule for syscall clone3: permission denied: unknown.
× container on the IoT Edge module network can connect to upstream HTTPS / WebSockets port - Error
    Container on the azure-iot-edge network could not connect to tsunoshima-iothub-dev.azure-devices.net:443
        caused by: docker returned exit code: 126, stderr = docker: Error response from daemon: OCI runtime create failed: container_linux.go:367: starting container process caused: error adding seccomp filter rule for syscall clone3: permission denied: unknown.
× container on the IoT Edge module network can connect to upstream MQTT port - Error
    Container on the azure-iot-edge network could not connect to tsunoshima-iothub-dev.azure-devices.net:8883
        caused by: docker returned exit code: 126, stderr = docker: Error response from daemon: OCI runtime create failed: container_linux.go:367: starting container process caused: error adding seccomp filter rule for syscall clone3: permission denied: unknown.

Answer 1

Hello @Somiya ,

Azure IoT Edge relies on an OCI-compatible container runtime.

If you follow this tutorial, you see that Azure IoT Edge supports Moby, the open-source container runtime.

Please confirm this manual is working for you.