Ubuntu IoT Edge edgeHub 模块失败并出现错误 (139) 拒绝访问路径“/tmp/edgeHub/edgeHub”
Ubuntu IoT Edge edgeHub module fails with error (139) Access to the path '/tmp/edgeHub/edgeHub' is denied
我正在为 IoT Edge 部署工作 OPPCublisher 模块的生产版本,这意味着我在开发中有一个完整的工作解决方案。
然而,当我尝试在生产服务器中部署相同的东西时,我从 edgeHub 模块中收到错误消息。
服务器是UbuntuServer 18.04,我用官方文档安装edge:https://docs.microsoft.com/en-us/azure/iot-edge/how-to-install-iot-edge-linux#uninstall-iot-edge
现在由于互联网访问权限非常严格,安装过程中出现了很多问题,但所有这些都已解决,edge 安装成功,然后链接到 MS azure 中的 OPPCublisher 模块 运行ning物联网中心。
此时 Linux 上的边缘下载了 OPPCublisher、edgeAgent 和 edgeHub 的 docker 图像。 Publihser 和代理人顺利通过(在我为 docker 图像回购的更多访问权限而战之后)但 edgeHub 失败,代码为 139:
如果我查看集线器的日志,他们会说:
Unhandled Exception: System.AggregateException: One or more errors occurred. (Access to the path '/tmp/edgeHub/edgeHub' is denied.) ---> System.UnauthorizedAccessException: Access to the path '/tmp/edgeHub/edgeHub' is denied. ---> System.IO.IOException: Permission denied
--- End of inner exception stack trace ---
at System.IO.FileSystem.CreateDirectory(String fullPath)
at System.IO.Directory.CreateDirectory(String path)
at Microsoft.Azure.Devices.Edge.Hub.Service.DependencyManager.GetStoragePath() in /home/vsts/work/1/s/edge-hub/src/Microsoft.Azure.Devices.Edge.Hub.Service/DependencyManager.cs:line 282
at Microsoft.Azure.Devices.Edge.Hub.Service.DependencyManager.GetStoreAndForwardConfiguration() in /home/vsts/work/1/s/edge-hub/src/Microsoft.Azure.Devices.Edge.Hub.Service/DependencyManager.cs:line 245
at Microsoft.Azure.Devices.Edge.Hub.Service.DependencyManager.Register(ContainerBuilder builder) in /home/vsts/work/1/s/edge-hub/src/Microsoft.Azure.Devices.Edge.Hub.Service/DependencyManager.cs:line 79
at Microsoft.Azure.Devices.Edge.Hub.Service.Startup.BuildContainer(IServiceCollection services) in /home/vsts/work/1/s/edge-hub/src/Microsoft.Azure.Devices.Edge.Hub.Service/Startup.cs:line 85
at Microsoft.Azure.Devices.Edge.Hub.Service.Startup.ConfigureServices(IServiceCollection services) in /home/vsts/work/1/s/edge-hub/src/Microsoft.Azure.Devices.Edge.Hub.Service/Startup.cs:line 39
at Microsoft.AspNetCore.Hosting.Internal.WebHost.EnsureApplicationServices()
at Microsoft.AspNetCore.Hosting.Internal.WebHost.Initialize()
at Microsoft.AspNetCore.Hosting.WebHostBuilder.Build()
at Microsoft.Azure.Devices.Edge.Hub.Service.Hosting.Initialize(IConfigurationRoot configuration, X509Certificate2 serverCertificate, IDependencyManager dependencyManager, Boolean clientCertAuthEnabled) in /home/vsts/work/1/s/edge-hub/src/Microsoft.Azure.Devices.Edge.Hub.Service/Hosting.cs:line 34
at Microsoft.Azure.Devices.Edge.Hub.Service.Program.MainAsync(IConfigurationRoot configuration) in /home/vsts/work/1/s/edge-hub/src/Microsoft.Azure.Devices.Edge.Hub.Service/Program.cs:line 53
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
at Microsoft.Azure.Devices.Edge.Hub.Service.Program.Main() in /home/vsts/work/1/s/edge-hub/src/Microsoft.Azure.Devices.Edge.Hub.Service/Program.cs:line 30
2020-09-15 14:48:09 Starting Edge Hub
2020-09-15 14:48:09.764 +00:00 Edge Hub Main()
<7> 2020-09-15 14:48:10.014 +00:00 [DBG] [Microsoft.Azure.Devices.Edge.Util.Edged.WorkloadClient] - Making a Http call to unix:///var/run/iotedge/workload.sock to CreateServerCertificateAsync
<7> 2020-09-15 14:48:10.243 +00:00 [DBG] [Microsoft.Azure.Devices.Edge.Util.Uds.HttpUdsMessageHandler] - Connecting socket /var/run/iotedge/workload.sock
<7> 2020-09-15 14:48:10.247 +00:00 [DBG] [Microsoft.Azure.Devices.Edge.Util.Uds.HttpUdsMessageHandler] - Connected socket /var/run/iotedge/workload.sock
<7> 2020-09-15 14:48:10.252 +00:00 [DBG] [Microsoft.Azure.Devices.Edge.Util.Uds.HttpUdsMessageHandler] - Sending request http://workload.sock/modules/%24edgeHub/genid/637352543162943819/certificate/server?api-version=2019-01-30
<7> 2020-09-15 14:48:10.362 +00:00 [DBG] [Microsoft.Azure.Devices.Edge.Util.Uds.HttpUdsMessageHandler] - Response received Created
<7> 2020-09-15 14:48:10.444 +00:00 [DBG] [Microsoft.Azure.Devices.Edge.Util.Edged.WorkloadClient] - Received a valid Http response from unix:///var/run/iotedge/workload.sock for CreateServerCertificateAsync
<7> 2020-09-15 14:48:10.717 +00:00 [DBG] [Microsoft.Azure.Devices.Edge.Util.Edged.WorkloadClient] - Making a Http call to unix:///var/run/iotedge/workload.sock to TrustBundleAsync
<7> 2020-09-15 14:48:10.726 +00:00 [DBG] [Microsoft.Azure.Devices.Edge.Util.Uds.HttpUdsMessageHandler] - Connecting socket /var/run/iotedge/workload.sock
<7> 2020-09-15 14:48:10.726 +00:00 [DBG] [Microsoft.Azure.Devices.Edge.Util.Uds.HttpUdsMessageHandler] - Connected socket /var/run/iotedge/workload.sock
<7> 2020-09-15 14:48:10.726 +00:00 [DBG] [Microsoft.Azure.Devices.Edge.Util.Uds.HttpUdsMessageHandler] - Sending request http://workload.sock/trust-bundle?api-version=2019-01-30
<7> 2020-09-15 14:48:10.738 +00:00 [DBG] [Microsoft.Azure.Devices.Edge.Util.Uds.HttpUdsMessageHandler] - Response received OK
<7> 2020-09-15 14:48:10.741 +00:00 [DBG] [Microsoft.Azure.Devices.Edge.Util.Edged.WorkloadClient] - Received a valid Http response from unix:///var/run/iotedge/workload.sock for TrustBundleAsync
<6> 2020-09-15 14:48:10.750 +00:00 [INF] [EdgeHub] - Installing certificates [CN=iotedged workload ca:12/02/2020 11:35:15],[CN=Test Edge Device CA:12/02/2020 11:35:15],[CN=Test Edge Owner CA:12/02/2020 11:35:15] to Root
<6> 2020-09-15 14:48:10.764 +00:00 [INF] [EdgeHub] - Installing certificates [CN=Test Edge Owner CA:12/02/2020 11:35:15] to Root
我不太了解 linux/ubuntu,但显然 edgeHub 没有“开箱即用的写访问权限”,这可以解释为什么其他模块可以通过。我试图授予对 /tmp/ 文件夹的组级别访问权限 (chmod g+w /tmp/),但它没有帮助。错误中的实际文件夹 (/tmp/edgeHub/edgeHub) 不存在,我认为这是因为它只是一个临时安装文件夹或类似的东西,所以我尝试自己制作它并授予它相同的组级别访问权限,但这也无济于事。
我也尝试过卸载 edge 并重新安装(我认为之前安装过程中的所有问题都让事情变得“糟糕”),但这导致了同样的问题。
查看 edgeAgent 日志时,它只显示它一直在尝试启动 edgeHub。
我也 运行 iotEdge 检查,但没有显示任何错误(尽管有 8 个警告)。
*** 编辑 ***
我想我已经将范围缩小到 docker 无法写入边缘存储文件夹,但到目前为止,我授予 docker 访问权限的所有尝试都失败了。如果我正在制作自己的 docker 图片,我可以找到大量文章告诉我如何操作,但到目前为止还没有一篇文章告诉我如何处理现有文件访问。
原来MS的安装文档不是很全面。正如所怀疑的那样,问题出在 edgeHub 用户的访问权限上。安装说明根本没有提到这个,而是我在物联网边缘实验室找到的:https://microsoftlearning.github.io/AZ-220-Microsoft-Azure-IoT-Developer/Instructions/Labs/LAB_AK_14-iot-edge-device-in-restricted-network.html
但是该实验室中的命令不起作用(或者至少它们对我不起作用)
简而言之,安装和配置 IoT Edge 后,您必须运行 命令
sudo chown -R 1000:1000 [your local storageFolder]
sudo chmod -R 700 [your local storageFolder]
UID 1000 = edgeHub 用户和 storageFolder 可以在您的 azure IoTHub -> edge 模块清单中找到。这将授予 edgeHub docker 所需的访问权限,以访问已配置的存储文件夹,它将在其中保存任何离线数据。
我正在为 IoT Edge 部署工作 OPPCublisher 模块的生产版本,这意味着我在开发中有一个完整的工作解决方案。
然而,当我尝试在生产服务器中部署相同的东西时,我从 edgeHub 模块中收到错误消息。
服务器是UbuntuServer 18.04,我用官方文档安装edge:https://docs.microsoft.com/en-us/azure/iot-edge/how-to-install-iot-edge-linux#uninstall-iot-edge
现在由于互联网访问权限非常严格,安装过程中出现了很多问题,但所有这些都已解决,edge 安装成功,然后链接到 MS azure 中的 OPPCublisher 模块 运行ning物联网中心。
此时 Linux 上的边缘下载了 OPPCublisher、edgeAgent 和 edgeHub 的 docker 图像。 Publihser 和代理人顺利通过(在我为 docker 图像回购的更多访问权限而战之后)但 edgeHub 失败,代码为 139:
如果我查看集线器的日志,他们会说:
Unhandled Exception: System.AggregateException: One or more errors occurred. (Access to the path '/tmp/edgeHub/edgeHub' is denied.) ---> System.UnauthorizedAccessException: Access to the path '/tmp/edgeHub/edgeHub' is denied. ---> System.IO.IOException: Permission denied
--- End of inner exception stack trace ---
at System.IO.FileSystem.CreateDirectory(String fullPath)
at System.IO.Directory.CreateDirectory(String path)
at Microsoft.Azure.Devices.Edge.Hub.Service.DependencyManager.GetStoragePath() in /home/vsts/work/1/s/edge-hub/src/Microsoft.Azure.Devices.Edge.Hub.Service/DependencyManager.cs:line 282
at Microsoft.Azure.Devices.Edge.Hub.Service.DependencyManager.GetStoreAndForwardConfiguration() in /home/vsts/work/1/s/edge-hub/src/Microsoft.Azure.Devices.Edge.Hub.Service/DependencyManager.cs:line 245
at Microsoft.Azure.Devices.Edge.Hub.Service.DependencyManager.Register(ContainerBuilder builder) in /home/vsts/work/1/s/edge-hub/src/Microsoft.Azure.Devices.Edge.Hub.Service/DependencyManager.cs:line 79
at Microsoft.Azure.Devices.Edge.Hub.Service.Startup.BuildContainer(IServiceCollection services) in /home/vsts/work/1/s/edge-hub/src/Microsoft.Azure.Devices.Edge.Hub.Service/Startup.cs:line 85
at Microsoft.Azure.Devices.Edge.Hub.Service.Startup.ConfigureServices(IServiceCollection services) in /home/vsts/work/1/s/edge-hub/src/Microsoft.Azure.Devices.Edge.Hub.Service/Startup.cs:line 39
at Microsoft.AspNetCore.Hosting.Internal.WebHost.EnsureApplicationServices()
at Microsoft.AspNetCore.Hosting.Internal.WebHost.Initialize()
at Microsoft.AspNetCore.Hosting.WebHostBuilder.Build()
at Microsoft.Azure.Devices.Edge.Hub.Service.Hosting.Initialize(IConfigurationRoot configuration, X509Certificate2 serverCertificate, IDependencyManager dependencyManager, Boolean clientCertAuthEnabled) in /home/vsts/work/1/s/edge-hub/src/Microsoft.Azure.Devices.Edge.Hub.Service/Hosting.cs:line 34
at Microsoft.Azure.Devices.Edge.Hub.Service.Program.MainAsync(IConfigurationRoot configuration) in /home/vsts/work/1/s/edge-hub/src/Microsoft.Azure.Devices.Edge.Hub.Service/Program.cs:line 53
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
at Microsoft.Azure.Devices.Edge.Hub.Service.Program.Main() in /home/vsts/work/1/s/edge-hub/src/Microsoft.Azure.Devices.Edge.Hub.Service/Program.cs:line 30
2020-09-15 14:48:09 Starting Edge Hub
2020-09-15 14:48:09.764 +00:00 Edge Hub Main()
<7> 2020-09-15 14:48:10.014 +00:00 [DBG] [Microsoft.Azure.Devices.Edge.Util.Edged.WorkloadClient] - Making a Http call to unix:///var/run/iotedge/workload.sock to CreateServerCertificateAsync
<7> 2020-09-15 14:48:10.243 +00:00 [DBG] [Microsoft.Azure.Devices.Edge.Util.Uds.HttpUdsMessageHandler] - Connecting socket /var/run/iotedge/workload.sock
<7> 2020-09-15 14:48:10.247 +00:00 [DBG] [Microsoft.Azure.Devices.Edge.Util.Uds.HttpUdsMessageHandler] - Connected socket /var/run/iotedge/workload.sock
<7> 2020-09-15 14:48:10.252 +00:00 [DBG] [Microsoft.Azure.Devices.Edge.Util.Uds.HttpUdsMessageHandler] - Sending request http://workload.sock/modules/%24edgeHub/genid/637352543162943819/certificate/server?api-version=2019-01-30
<7> 2020-09-15 14:48:10.362 +00:00 [DBG] [Microsoft.Azure.Devices.Edge.Util.Uds.HttpUdsMessageHandler] - Response received Created
<7> 2020-09-15 14:48:10.444 +00:00 [DBG] [Microsoft.Azure.Devices.Edge.Util.Edged.WorkloadClient] - Received a valid Http response from unix:///var/run/iotedge/workload.sock for CreateServerCertificateAsync
<7> 2020-09-15 14:48:10.717 +00:00 [DBG] [Microsoft.Azure.Devices.Edge.Util.Edged.WorkloadClient] - Making a Http call to unix:///var/run/iotedge/workload.sock to TrustBundleAsync
<7> 2020-09-15 14:48:10.726 +00:00 [DBG] [Microsoft.Azure.Devices.Edge.Util.Uds.HttpUdsMessageHandler] - Connecting socket /var/run/iotedge/workload.sock
<7> 2020-09-15 14:48:10.726 +00:00 [DBG] [Microsoft.Azure.Devices.Edge.Util.Uds.HttpUdsMessageHandler] - Connected socket /var/run/iotedge/workload.sock
<7> 2020-09-15 14:48:10.726 +00:00 [DBG] [Microsoft.Azure.Devices.Edge.Util.Uds.HttpUdsMessageHandler] - Sending request http://workload.sock/trust-bundle?api-version=2019-01-30
<7> 2020-09-15 14:48:10.738 +00:00 [DBG] [Microsoft.Azure.Devices.Edge.Util.Uds.HttpUdsMessageHandler] - Response received OK
<7> 2020-09-15 14:48:10.741 +00:00 [DBG] [Microsoft.Azure.Devices.Edge.Util.Edged.WorkloadClient] - Received a valid Http response from unix:///var/run/iotedge/workload.sock for TrustBundleAsync
<6> 2020-09-15 14:48:10.750 +00:00 [INF] [EdgeHub] - Installing certificates [CN=iotedged workload ca:12/02/2020 11:35:15],[CN=Test Edge Device CA:12/02/2020 11:35:15],[CN=Test Edge Owner CA:12/02/2020 11:35:15] to Root
<6> 2020-09-15 14:48:10.764 +00:00 [INF] [EdgeHub] - Installing certificates [CN=Test Edge Owner CA:12/02/2020 11:35:15] to Root
我不太了解 linux/ubuntu,但显然 edgeHub 没有“开箱即用的写访问权限”,这可以解释为什么其他模块可以通过。我试图授予对 /tmp/ 文件夹的组级别访问权限 (chmod g+w /tmp/),但它没有帮助。错误中的实际文件夹 (/tmp/edgeHub/edgeHub) 不存在,我认为这是因为它只是一个临时安装文件夹或类似的东西,所以我尝试自己制作它并授予它相同的组级别访问权限,但这也无济于事。
我也尝试过卸载 edge 并重新安装(我认为之前安装过程中的所有问题都让事情变得“糟糕”),但这导致了同样的问题。
查看 edgeAgent 日志时,它只显示它一直在尝试启动 edgeHub。
我也 运行 iotEdge 检查,但没有显示任何错误(尽管有 8 个警告)。
*** 编辑 *** 我想我已经将范围缩小到 docker 无法写入边缘存储文件夹,但到目前为止,我授予 docker 访问权限的所有尝试都失败了。如果我正在制作自己的 docker 图片,我可以找到大量文章告诉我如何操作,但到目前为止还没有一篇文章告诉我如何处理现有文件访问。
原来MS的安装文档不是很全面。正如所怀疑的那样,问题出在 edgeHub 用户的访问权限上。安装说明根本没有提到这个,而是我在物联网边缘实验室找到的:https://microsoftlearning.github.io/AZ-220-Microsoft-Azure-IoT-Developer/Instructions/Labs/LAB_AK_14-iot-edge-device-in-restricted-network.html
但是该实验室中的命令不起作用(或者至少它们对我不起作用)
简而言之,安装和配置 IoT Edge 后,您必须运行 命令
sudo chown -R 1000:1000 [your local storageFolder]
sudo chmod -R 700 [your local storageFolder]
UID 1000 = edgeHub 用户和 storageFolder 可以在您的 azure IoTHub -> edge 模块清单中找到。这将授予 edgeHub docker 所需的访问权限,以访问已配置的存储文件夹,它将在其中保存任何离线数据。