Docker Image with Unhandled Exception causes authentication error at VM

Question

After updating a connected device's manifest JSON at IoT Central, authentication issues occur with the device. It is no longer possible to login to the Linux Server with the same username and password. The manifest JSON included a custom edge module which had a .NET unhandled exception. Is it possible to automatically prevent Custom Edge Modules (docker images) which have exceptions from being run inside the container? Where exactly would the Edge install process affect the original credentials for logging into the device?

The following error message is shown at the Ubuntu Login

Answer 1

The affected OS credentials was not expected behavior, but is the actual behavior.

I resolved the symptoms of this issue by specifying a directory Bind for Edge Hub in the deployment manifest

          "edgeHub": {
            "type": "docker",
            "status": "running",
            "restartPolicy": "always",
            "settings": {
              "image": "mcr.microsoft.com/azureiotedge-hub:1.2",
              "createOptions": "{\"HostConfig\": {\"PortBindings\": {\"5671/tcp\": [{\"HostPort\": \"5671\"}],\"8883/tcp\": [{\"HostPort\": \"8883\"}],\"443/tcp\": [{\"HostPort\": \"443\"}]},\"Binds\": [\"/etc/aziot/storage/:/iotedge/storage/\"]}}"
            }
          }

And also granting permissions to the users created by IoT Edge runtime:

sudo setfacl -R -m "u:aziotks:rwx" /etc/aziot/storage
sudo setfacl -R -m "u:aziottpm:rwx" /etc/aziot/storage
sudo setfacl -R -m "u:aziotcs:rwx" /etc/aziot/storage
sudo setfacl -R -m "u:aziotcs:rwx" /etc/aziot/storage
sudo setfacl -R -m "u:aziotid:rwx" /etc/aziot/storage

The OS credentials are now unaffected by Docker images which contain Unhandled Exceptions within a .NET Application