Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IoT Edge - DPS reprovisioning does not work #7422

Open
fokkersim opened this issue Feb 17, 2025 · 0 comments
Open

IoT Edge - DPS reprovisioning does not work #7422

fokkersim opened this issue Feb 17, 2025 · 0 comments
Assignees
@vadim-kovalyov

Comments

@fokkersim
Copy link

Our fleet of Debian 11 based IoT Edge devices successfully runs through the initial provisioing run with the
DPS endpoint and gets assigned to the target IoT Hub as expected. There it initializes and starts operation
as intended.

DPS Endpoint configuration

  1. DPS -> Manage allocation policy -> Static configuration
  2. symmetric_key authentication to the DPS endpoint configured in /etc/aziot/config.toml
  3. DPS -> Manage enrollments -> Individual enrollments -> one entry per device

Individual enrollment configuration

  1. Reprovision policy -> Reprovision device and migrate state
  2. Symmetric key (according to the content of the config.toml) - this semms to work
  3. Provision status -> Enable this enrollment
  4. Target IoT hubs -> target selected (a single target hub)
  5. Allocation policy -> Static

Used software versions

aziot-keyd 1.5.5
aziot-edged 1.5.16
aziot-identityd 1.5.5

Device configuration

config.toml

hostname = ""
[provisioning]
source = "dps"
global_endpoint = "https://global.azure-devices-provisioning.net"
id_scope = "<id_scope>"
[provisioning.attestation]
method = "symmetric_key"
registration_id = "secret"
symmetric_key = { value = "evenMoreSecret" }
auto_reprovisioning_mode = "Dynamic"
[agent]
name = "edgeAgent"
type = "docker"
imagePullPolicy = "never"
[agent.config]
image = "ourRegistry/microsoft/azureiotedge-agent:1.5"
createOptions = { HostConfig = { Binds = ["/iotedge/storage:/iotedge/storage"] } }

With this the initial provisioning run after setting up a new device works.

Problem Description

Our workflow requires reprovisioning to different IoT Hubs during the device life cylce. This has to be a manual
assignment of the new IoT Hub. Therefore for reprovisioning the target IoT Hub (the new target hub) has to be selected
in the custom enrollment configuration according to our workflow.

Expected result

This is the expected result for reprovisioning of a device i.e. move it to a different IoT Hub in a different ressource group.

  1. Change the Target IoT hub in the Enrollemnt configuration (details) in the DPS endpoint for the selected device
  2. Save the enrollment configuration
  3. Device gets assigned a new IoT Hub
    a. Assigned IoT hub <Changes to the configured one in step 1.>
    b. Last assigned
  4. Device is deleted in the old IoT Hub
  5. Device appears at the new IoT Hub and starts operation

Observed result

  1. Change the Target IoT hub in the Enrollemnt configuration (details) in the DPS endpoint for the selected device
  2. Save the enrollment configuration
  3. Device stays at the old IoT Hub
    a. Assigned IoT hub
    b. Last assigned
  4. Device stays in the old IoT Hub

Further details

  • The same result (observed result) is obtained, when on the device in config.toml the provisioning mode is chagned to AlwaysOnStartup and the device is rebooted. The Observed result does not change.
  • If the command sudo iotedge system reprovision is executed from the device bash, the reprovisioning process runs and gives the Expected result.
  • sudo iotedge check does not give any relevant errors or warnings
  • if /var/lib/aziot/identityd/device_info is deleted and a reboot done, or a sudo iotedge system restart executed after deleting, mostly but not always the Expected result is observed.
  • Changes in the DPS enrollment configuration do not seem to trigger a reprovisioning of the device in "Dynamic" mode

Configuration issues

It seems that the intended configuration is not applied correctly

Configuration configured

The following configuraiton is set in config.toml

hostname = "example"
auto_reprovisioning_mode = "Dynamic"
[provisioning]
source = "dps"
global_endpoint = "https://global.azure-devices-provisioning.net"

Observed cofiguration

According to the iotedge agent log the configuration is not applied as intended

<6> 2025-02-17 09:50:26.199 +00:00 [INF] [Microsoft.Azure.Devices.Edge.Agent.Service.Program] - Set metadata metrics: 1.5.15.108089335 (feed5f931393f5f50ad721e89c40f79cbfe140fb), {"Enabled":false,"DisableCloudSubscriptions":false}, {"OperatingSystemType":"Linux","Architecture":"arm","Version":"1.5.16","Provisioning":{"Type":"ProvisioningType","DynamicReprovisioning":false,"AlwaysReprovisionOnStartup":false},"ServerVersion":"27.5.1-1","KernelVersion":"#1 SMP PREEMPT Fri Feb 14 11:02:20 CET 2025","OperatingSystem":"debian","NumCpus":2,"TotalMemory":443269120,"Virtualized":"no"}, True
@vadim-kovalyov vadim-kovalyov self-assigned this Feb 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vadim-kovalyov vadim-kovalyov

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vadim-kovalyov @fokkersim