Docker Image with Unhandled Exception causes authentication error at VM

Question

Docker Image with Unhandled Exception causes authentication error at VM

Omar Navarro 331

After updating a connected device's manifest JSON at IoT Central, authentication issues occur with the device. It is no longer possible to login to the Linux Server with the same username and password. The manifest JSON included a custom edge module which had a .NET unhandled exception. Is it possible to automatically prevent Custom Edge Modules (docker images) which have exceptions from being run inside the container? Where exactly would the Edge install process affect the original credentials for logging into the device?

The following error message is shown at the Ubuntu Login

Sander van de Velde | MVP 36,761 Reputation points MVP Volunteer Moderator

2022-02-04T22:32:07.613+00:00

Hello @Omar Navarro ,

Azure IoT Edge is based on deploying Docker containers.

If an application inside a docker container throws an unhandled exception and crashes, the container is just dropped and respawn.

This way, Docker has a good reputation in keeping applications running and the OS safe.

What is the reason you expect Docker (or Azure IoT Edge) affects the OS credentials?

1 answer

Your answer

Sander van de Velde | MVP 36,761 Reputation points MVP Volunteer Moderator

2022-02-04T22:32:07.613+00:00

Hello @Omar Navarro ,

Azure IoT Edge is based on deploying Docker containers.

If an application inside a docker container throws an unhandled exception and crashes, the container is just dropped and respawn.

This way, Docker has a good reputation in keeping applications running and the OS safe.

What is the reason you expect Docker (or Azure IoT Edge) affects the OS credentials?

Answer 1

The affected OS credentials was not expected behavior, but is the actual behavior.

I resolved the symptoms of this issue by specifying a directory Bind for Edge Hub in the deployment manifest

          "edgeHub": {
            "type": "docker",
            "status": "running",
            "restartPolicy": "always",
            "settings": {
              "image": "mcr.microsoft.com/azureiotedge-hub:1.2",
              "createOptions": "{\"HostConfig\": {\"PortBindings\": {\"5671/tcp\": [{\"HostPort\": \"5671\"}],\"8883/tcp\": [{\"HostPort\": \"8883\"}],\"443/tcp\": [{\"HostPort\": \"443\"}]},\"Binds\": [\"/etc/aziot/storage/:/iotedge/storage/\"]}}"
            }
          }

And also granting permissions to the users created by IoT Edge runtime:

sudo setfacl -R -m "u:aziotks:rwx" /etc/aziot/storage
sudo setfacl -R -m "u:aziottpm:rwx" /etc/aziot/storage
sudo setfacl -R -m "u:aziotcs:rwx" /etc/aziot/storage
sudo setfacl -R -m "u:aziotcs:rwx" /etc/aziot/storage
sudo setfacl -R -m "u:aziotid:rwx" /etc/aziot/storage

The OS credentials are now unaffected by Docker images which contain Unhandled Exceptions within a .NET Application

António Sérgio Azevedo 7,671 Reputation points Microsoft Employee Moderator

2022-02-07T10:03:33.517+00:00

Hi @Omar Navarro thank you so much for sharing your workaround with the rest of the community! If you believe this is a bug in IOT Edge can I kindly ask you to file a new bug report in iot edge github repo, providing the necessary information there: Issue: Bug report?

If you can share the "custom edge module which had a .NET unhandled exception" would help us reproduce it as well!

Appreciate your time. Thank you!

Share via

Docker Image with Unhandled Exception causes authentication error at VM

1 answer

Your answer