Docker Image with Unhandled Exception causes authentication error at VM

Omar Navarro 326 Reputation points
2022-02-04T19:13:48.373+00:00

After updating a connected device's manifest JSON at IoT Central, authentication issues occur with the device. It is no longer possible to login to the Linux Server with the same username and password. The manifest JSON included a custom edge module which had a .NET unhandled exception. Is it possible to automatically prevent Custom Edge Modules (docker images) which have exceptions from being run inside the container? Where exactly would the Edge install process affect the original credentials for logging into the device?

The following error message is shown at the Ubuntu Login
171541-microsoftteams-image.png

Azure IoT
Azure IoT
A category of Azure services for internet of things devices.
377 questions
Azure IoT Edge
Azure IoT Edge
An Azure service that is used to deploy cloud workloads to run on internet of things (IoT) edge devices via standard containers.
531 questions
Azure IoT Central
Azure IoT Central
An Azure hosted internet of things (IoT) application platform.
342 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Omar Navarro 326 Reputation points
    2022-02-05T15:38:18.687+00:00

    The affected OS credentials was not expected behavior, but is the actual behavior.

    I resolved the symptoms of this issue by specifying a directory Bind for Edge Hub in the deployment manifest

              "edgeHub": {
                "type": "docker",
                "status": "running",
                "restartPolicy": "always",
                "settings": {
                  "image": "mcr.microsoft.com/azureiotedge-hub:1.2",
                  "createOptions": "{\"HostConfig\": {\"PortBindings\": {\"5671/tcp\": [{\"HostPort\": \"5671\"}],\"8883/tcp\": [{\"HostPort\": \"8883\"}],\"443/tcp\": [{\"HostPort\": \"443\"}]},\"Binds\": [\"/etc/aziot/storage/:/iotedge/storage/\"]}}"
                }
              }
    

    And also granting permissions to the users created by IoT Edge runtime:

    sudo setfacl -R -m "u:aziotks:rwx" /etc/aziot/storage
    sudo setfacl -R -m "u:aziottpm:rwx" /etc/aziot/storage
    sudo setfacl -R -m "u:aziotcs:rwx" /etc/aziot/storage
    sudo setfacl -R -m "u:aziotcs:rwx" /etc/aziot/storage
    sudo setfacl -R -m "u:aziotid:rwx" /etc/aziot/storage
    

    The OS credentials are now unaffected by Docker images which contain Unhandled Exceptions within a .NET Application