I am working on Azure edge module where I created a custom module that actually received a message from another module within edge runtime.
My requirement is to send data to an external gateway(example thingsboard) over the HTTP post method. In docker file, expose 80 port and bind with local machine 80 port.
The problem is whenever I tried to send message from a custom module to external gateway(thingsboards) using the HTTP post method, getting an error of HTTP 500.
If I run the container directly(not under the edge runtime) is working fine.
As my code in container want to send message to external world(external device or gateway) over internet. I am sending message to thingsboard (http://demo.thingsboard.io/api/v1/camera/telemetry).
Edge deployment manifest:
{
"modulesContent": {
"$edgeAgent": {
"properties.desired": {
"schemaVersion": "1.0",
"runtime": {
"type": "docker",
"settings": {
"minDockerVersion": "v1.25",
"loggingOptions": "",
"registryCredentials": {
"cameraedgedev": {
"username": "username",
"password": "password",
"address": "cameraedgedev.azurecr.io"
}
}
}
},
"systemModules": {
"edgeAgent": {
"type": "docker",
"settings": {
"image": "mcr.microsoft.com/azureiotedge-agent:1.0",
"createOptions": "{}"
}
},
"edgeHub": {
"type": "docker",
"status": "running",
"restartPolicy": "always",
"settings": {
"image": "mcr.microsoft.com/azureiotedge-hub:1.0",
"createOptions": "{\"HostConfig\":{\"PortBindings\":{\"5671/tcp\":[{\"HostPort\":\"5671\"}],\"8883/tcp\":[{\"HostPort\":\"8883\"}],\"443/tcp\":[{\"HostPort\":\"443\"}],\"8082/tcp\":[{\"HostPort\":\"8082\"}]}}}"
}
}
},
"modules": {
"lvaEdge": {
"version": "1.0",
"type": "docker",
"status": "running",
"restartPolicy": "always",
"settings": {
"image": "mcr.microsoft.com/media/live-video-analytics:2",
"createOptions": "{\"HostConfig\":{\"PortBindings\":{\"8082/tcp\":[{\"HostPort\":\"8082\"}]},\"LogConfig\":{\"Type\":\"\",\"Config\":{\"max-size\":\"10m\",\"max-file\":\"10\"}},\"Binds\":[\"/var/media:/var/media/\",\"/var/lib/azuremediaservices:/var/lib/azuremediaservices\"]}}"
}
},
"rtspsim": {
"version": "1.0",
"type": "docker",
"status": "running",
"restartPolicy": "always",
"settings": {
"image": "mcr.microsoft.com/lva-utilities/rtspsim-live555:1.2",
"createOptions": "{\"HostConfig\":{\"Binds\":[\"/home/cameraedgevm_user/samples/input:/live/mediaServer/media\"]}}"
}
},
"lvaSupport": {
"version": "1.0",
"type": "docker",
"status": "running",
"restartPolicy": "always",
"settings": {
"image": "cameraedgedev.azurecr.io/lvasupport:1.2",
"createOptions": "{\"HostConfig\":{\"PortBindings\":{\"80/tcp\":[{\"HostPort\":\"80\"}]}}}"
}
},
"ai_module": {
"version": "1.0",
"type": "docker",
"status": "running",
"restartPolicy": "always",
"env": {
"PYTHONUNBUFFERED": {
"value": "1"
},
"NVIDIA_VISIBLE_DEVICES": {
"value": "all"
}
},
"settings": {
"image": "cameraedgedev.azurecr.io/ai_module:1.2",
"createOptions": "{\"HostConfig\":{\"Runtime\":\"nvidia\",\"PortBindings\":{\"8082/tcp\":[{\"HostPort\":\"8082\"}]},\"Binds\":[\"/home/cameraedgevm_user/ai_module/data:/ai_module/data/\"]}}"
}
}
}
}
},
"$edgeHub": {
"properties.desired": {
"schemaVersion": "1.0",
"routes": {
"LVAToHub": "FROM /messages/modules/lvaEdge/outputs/* INTO $upstream",
"LVATolvaSupportModule": "FROM /messages/modules/lvaEdge/outputs/* INTO BrokeredEndpoint(\"/modules/lvaSupport/inputs/input1\")"
},
"storeAndForwardConfiguration": {
"timeToLiveSecs": 7200
}
}
},
"lvaEdge": {
"properties.desired": {
some properties
}
},
"lvaSupport": {
"properties.desired": {
"Gateway": "http://demo.thingsboard.io/api/v1/camera/telemetry",
"gatewayMethod": "POST"
}
}
}
}
How should I resolve this problem?
How can i send message to external gateway
Thanks.
By default, your modules in Azure IoT Edge will be able to access the internet, unless the configuration was changed, or a firewall is in place that restricts you from reaching thingsboards.io To verify if your module can reach that URL, you can try the following:
docker run -i --rm -p 80:80 --network="azure-iot-edge" alpine ping thingsboard.io
This will run a container on the same Docker network as your modules and see if you can resolve the URL.
You mentioned the HTTP status code 500, which indicates that a server (from Thingsboard) is having an issue with your request. Because you mentioned that this works if you just run the container manually, this could be because your payload is different when you run your module in the Azure IoT Edge runtime. An easy way to find out is to use logging to check what you're sending to Thingsboard in each scenario.
Note: in your question, you said
In docker file, expose 80 port and bind with local machine 80 port
This is only needed if you want your module to accept incoming requests over port 80. For outgoing requests (such as messages to Thingsboard) this is not needed.
Related
I currently have a set of nodejs modules (containers) that connect to a local mongodb (also a container).
All modules works perfectly but with one of the I have the following problem:
https://i.stack.imgur.com/xuFqw.png
The connection seems to be accepted by mongo but the client doesn't receive the response and keeps waiting until it times out after 30 second (watch timestamps in the log)
The code of the client is the following:
async function connectToMongo() {
try {
const mongoUrl = 'mongodb://mongo:27017/LocalDB'
let result = await MongoClient.connect(mongoUrl, { useUnifiedTopology: true })
logger.info("Connected to Mongo DB")
return result
} catch (err) {
logger.error("Cannot connect to Mongo - " + err)
throw err
}
}
And is exactly the same as the other modules (that works).
Mongo is started without any settings or authentication.
I have tried using the following hostnames:
mongo : name of the container in which mongo is running
host.docker.internal : to address the host since the 27017 port of the container is binded to the host port
I honestly don't know what to try anymore...does anybody have an idea about what could be the problem?
UPDATE: as requested i'm adding info about how i'm starting the containers. Anyway I have omitted this part because they are started as Azure IoT Edge Modules. Anyway here is the infos from the deployment template:
"modules": {
"mongo": {
"settings": {
"image": "mongodb:0.0.1-replset-noauth",
"createOptions": "{\"HostConfig\":
{\"PortBindings\":{\"27017/tcp\":[{\"HostPort\":\"27017\"}]}}}"
},
"type": "docker",
"version": "1.0",
"status": "running",
"restartPolicy": "always"
},
"healthcheck": {
"settings": {
"image": "${MODULES.HealthCheck.debug}",
"createOptions": {
"HostConfig": {
"PortBindings": {
"9229/tcp": [
{
"HostPort": "9233"
}
]
}
}
}
},
"type": "docker",
"version": "1.0",
"env": {
"MONGO_CONTAINER_NAME": {
"value": "mongo"
},
"MONGO_SERVER_PORT": {
"value": "27017"
},
"DB_NAME": {
"value": "LocalDB"
}
},
"status": "running",
"restartPolicy": "always"
}
},
While this is the configuration of another module that perfectly works:
"shovel": {
"settings": {
"image": "${MODULES.Shovel.debug}",
"createOptions": {
"HostConfig": {
"PortBindings": {
"9229/tcp": [
{
"HostPort": "9229"
}
]
}
}
}
},
"type": "docker",
"version": "1.0",
"env": {
"MONGO_CONTAINER_NAME": {
"value": "mongo"
},
"MONGO_SERVER_PORT": {
"value": "27017"
},
"DB_NAME": {
"value": "LocalDB"
}
},
"status": "running",
"restartPolicy": "always"
},
(it's basically the same)
The modules are currently being launched using the IoT Simulator or on an IoT Edge device as Single Device deployments.
I am trying to create my own security scanner which will check dependencies. To test the functionality, I created a "mock scanner" which downloads a file from webhook, and saves it as an artifact ought to be uploaded to the server.
The artifact is uploaded successfully and in the CI output I can see the 201 code, but for some reason it is not presented in the security dashboard.
What am I doing wrong?
Thank you!
The CI job looks as following:
mysec_dependency_scanning:
stage: test
script:
- curl https://webhook.site/XXXX -o gl-dependency-scanning-report.json
- sleep 3
allow_failure: true
artifacts:
reports:
dependency_scanning: gl-dependency-scanning-report.json
The content of the json file is from the example provided by gitlab and it as following:
{
"version": "2.0",
"vulnerabilities": [
{
"id": "51e83874-0ff6-4677-a4c5-249060554eae",
"category": "dependency_scanning",
"name": "alik alik",
"message": "Regular Expression Denial of Service in debug",
"description": "alik to regular expression denial of service when untrusted user input is passed into the `o` formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.",
"severity": "Unknown",
"solution": "Upgrade to latest versions.",
"scanner": {
"id": "dadada",
"name": "dadada"
},
"location": {
"file": "yarn.lock",
"dependency": {
"package": {
"name": "debug"
},
"version": "1.0.5"
}
},
"identifiers": [
{
"type": "gemnasium",
"name": "Gemnasium-37283ed4-0380-40d7-ada7-2d994afcc62a",
"value": "37283ed4-0380-40d7-ada7-2d994afcc62a",
"url": "https://deps.sec.gitlab.com/packages/npm/debug/versions/1.0.5/advisories"
}
],
"links": [
{
"url": "https://nodesecurity.io/advisories/534"
},
{
"url": "https://github.com/visionmedia/debug/issues/501"
},
{
"url": "https://github.com/visionmedia/debug/pull/504"
}
]
},
{
"id": "5d681b13-e8fa-4668-957e-8d88f932ddc7",
"category": "dependency_scanning",
"name": "Authentication bypass via incorrect DOM traversal and canonicalization",
"message": "Authentication bypass via incorrect DOM traversal and canonicalization in saml2-js",
"description": "Some XML DOM traversal and canonicalization APIs may be inconsistent in handling of comments within XML nodes. Incorrect use of these APIs by some SAML libraries results in incorrect parsing of the inner text of XML nodes such that any inner text after the comment is lost prior to cryptographically signing the SAML message. Text after the comment, therefore, has no impact on the signature on the SAML message.\r\n\r\nA remote attacker can modify SAML content for a SAML service provider without invalidating the cryptographic signature, which may allow attackers to bypass primary authentication for the affected SAML service provider.",
"severity": "Unknown",
"solution": "Upgrade to fixed version.\r\n",
"scanner": {
"id": "dadada",
"name": "dadada"
},
"location": {
"file": "yarn.lock",
"dependency": {
"package": {
"name": "saml2-js"
},
"version": "1.5.0"
}
},
"identifiers": [
{
"type": "gemnasium",
"name": "Gemnasium-9952e574-7b5b-46fa-a270-aeb694198a98",
"value": "9952e574-7b5b-46fa-a270-aeb694198a98",
"url": "https://deps.sec.gitlab.com/packages/npm/saml2-js/versions/1.5.0/advisories"
},
{
"type": "cve",
"name": "CVE-2017-11429",
"value": "CVE-2017-11429",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11429"
}
],
"links": [
{
"url": "https://github.com/Clever/saml2/commit/3546cb61fd541f219abda364c5b919633609ef3d#diff-af730f9f738de1c9ad87596df3f6de84R279"
},
{
"url": "https://github.com/Clever/saml2/issues/127"
},
{
"url": "https://www.kb.cert.org/vuls/id/475445"
}
]
}
],
"remediations": [
{
"fixes": [
{
"id": "5d681b13-e8fa-4668-957e-8d88f932ddc7",
}
],
"summary": "Upgrade saml2-js",
"diff": "ZGlmZiAtLWdpdCBhL...OR0d1ZUc2THh3UT09Cg==" // some content is omitted for brevity
}
]
}
I was able to fix the problem, the issue was an invalid json format.
Had to do alot of trial and error but I was able to create a working template for a dependency scanning report.
{
"version": "3.0.0",
"vulnerabilities": [
{
"id": "dfa1f7f3d56db6e1c3451a232de42f153e0335611de6f0344443d84e448ee2cf",
"category": "dddda",
"name": "dddda",
"message": "ddda",
"description": "dddda lack of validation in `index.js`.",
"cve": "dada",
"severity": "Critical",
"solution": "Upgrade to version 2.0.5 or above.",
"scanner": {
"id": "lalal",
"name": "Code_Analyzer"
},
"location": {
"file": "yarn.lock",
"dependency": {
"iid": 447,
"package": {
"name": "copy-props"
},
"version": "2.0.4"
}
},
"identifiers": [
{
"type": "dada",
"name": "dada-e9e12690-2e4d-4251-bef0-7357ddc05881",
"value": "e9e57890-5e4d-4832-bef2-7337ddc05889",
"url": "https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/blob/master/npm/copy-props/CVE-2219-28503.yml"
},
{
"type": "cve",
"name": "CVE-2237-28503",
"value": "CVE-2237-28503",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2237-28503"
}
],
"links": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2237-28503"
}
]
}
],
"remediations": [],
"dependency_files": [
{
"path": "yarn.lock",
"package_manager": "yarn",
"dependencies": [
{
"iid": 447,
"dependency_path": [
{
"iid": 708
},
{
"iid": 707
}
],
"package": {
"name": "copy-props"
},
"version": "2.0.4"
}
]
}
],
"scan": {
"scanner": {
"id": "lalal",
"name": "Code_Analyzer",
"url": "https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium",
"vendor": {
"name": "lalal"
},
"version": "2.29.5"
},
"type": "dependency_scanning",
"start_time": "2021-05-03T06:47:29",
"end_time": "2021-05-03T06:47:30",
"status": "success"
}
}
Context:
Azure REST - Modules - Get Modules On Device
By using this API call, I can get information about connectionState(connected/disconnected) & status(enalbled/disabled) of modules. We can check the runtime status of the modules deployed on the device by visiting the Azure Iot Hub web portal
portal.azure.com -> iot hub -> iot edge section -> select the device you wish to find the details for
Question:
How can I get this RUNTIME STATUS via the Azure API?(please refer to the picture).
If you check the module twin of edgeAgent it is like below:-
{
"deviceId": "edgeDevice",
"moduleId": "$edgeAgent",
"etag": "AAAAAAAAAEA=",
"deviceEtag": "NDU1OTY3MjA=",
"status": "enabled",
"statusUpdateTime": "0001-01-01T00:00:00Z",
"connectionState": "Disconnected",
"lastActivityTime": "0001-01-01T00:00:00Z",
"cloudToDeviceMessageCount": 0,
"authenticationType": "sas",
"x509Thumbprint": {
"primaryThumbprint": null,
"secondaryThumbprint": null
},
"version": 501,
"properties": {
"desired": {
"schemaVersion": "1.0",
"runtime": {
"type": "docker",
"settings": {
"minDockerVersion": "v1.25",
"loggingOptions": "",
"registryCredentials": {
}
}
},
"systemModules": {
"edgeAgent": {
"type": "docker",
"settings": {
"image": "mcr.microsoft.com/azureiotedge-agent:1.0",
"createOptions": "{}"
}
},
"edgeHub": {
"type": "docker",
"status": "running",
"restartPolicy": "always",
"settings": {
"image": "mcr.microsoft.com/azureiotedge-hub:1.0",
"createOptions": "{\"HostConfig\":{\"PortBindings\":{\"5671/tcp\":[{\"HostPort\":\"5671\"}],\"8883/tcp\":[{\"HostPort\":\"8883\"}],\"443/tcp\":[{\"HostPort\":\"443\"}]}}}"
}
}
},
"modules": {
"CustomModuleName": {
"version": "1.0",
"type": "docker",
"status": "running",
"restartPolicy": "always",
"settings": {
"image": "iotregdev300.azurecr.io/customModuleName:0.0.2-amd64",
"createOptions": "{\"HostConfig\":{\"PortBindings\":{\"8080/tcp\":[{\"HostPort\":\"8080\"}]}}}"
}
}
}
},
"reported": {
"schemaVersion": "1.0",
"version": {
"version": "1.0.9.4",
"build": "32971639",
"commit": "12d55e582cc7ce95c8abfe11eddfbbc938ed6001"
},
"lastDesiredStatus": {
"code": 200,
"description": ""
},
"runtime": {
"platform": {
"os": "linux",
"architecture": "x86_64",
"version": "1.0.9.4"
},
"type": "docker",
"settings": {
"minDockerVersion": "v1.25",
"loggingOptions": "",
"registryCredentials": {
}
}
},
"systemModules": {
"edgeAgent": {
"type": "docker",
"exitCode": 0,
"statusDescription": "running",
"lastStartTimeUtc": "2020-09-09T07:34:34.4585643Z",
"lastExitTimeUtc": "2020-09-09T07:34:26.9869915Z",
"runtimeStatus": "running",
"imagePullPolicy": "on-create",
"settings": {
"image": "mcr.microsoft.com/azureiotedge-agent:1.0",
"imageHash": "sha256:1a2fffc3c74a2b2510a3149bb2295b68a553e4c9aca90698879902f36fd6d163",
"createOptions": "{}"
}
},
"edgeHub": {
"type": "docker",
"status": "running",
"restartPolicy": "always",
"imagePullPolicy": "on-create",
"env": {},
"exitCode": 0,
"statusDescription": "running",
"lastStartTimeUtc": "2020-09-09T07:34:50.8012461Z",
"lastExitTimeUtc": "2020-09-09T07:34:26.9845717Z",
"restartCount": 0,
"lastRestartTimeUtc": "2020-09-09T07:34:26.9845717Z",
"runtimeStatus": "running",
"settings": {
"image": "mcr.microsoft.com/azureiotedge-hub:1.0",
"imageHash": "sha256:f531eb6c23f347c37ea8c90204e9cb12024aec77d8b2e68e93b14c38ec066520",
"createOptions": "{\"HostConfig\":{\"PortBindings\":{\"5671/tcp\":[{\"HostPort\":\"5671\"}],\"8883/tcp\":[{\"HostPort\":\"8883\"}],\"443/tcp\":[{\"HostPort\":\"443\"}]}}}"
}
}
},
"lastDesiredVersion": 64,
"modules": {
"CustomModuleName": {
"exitCode": 0,
"statusDescription": "running",
"lastStartTimeUtc": "2020-09-09T07:34:49.3923079Z",
"lastExitTimeUtc": "2020-09-09T07:34:26.9606688Z",
"restartCount": 0,
"lastRestartTimeUtc": "2020-09-09T07:34:26.9606688Z",
"runtimeStatus": "running",
"version": "1.0",
"status": "running",
"restartPolicy": "always",
"imagePullPolicy": "on-create",
"type": "docker",
"settings": {
"image": "iotregdev300.azurecr.io/custommodulename:0.0.2-amd64",
"imageHash": "sha256:e728d4b8804d2114beab7c1903f706d8152e404be3f5601ee5e7371e8ac32ecf",
"createOptions": "{\"HostConfig\":{\"PortBindings\":{\"8080/tcp\":[{\"HostPort\":\"8080\"}]}}}"
},
"env": {}
}
}
}
}
}
In the above json, CustomModuleName is the custom module and it has the field called runtimeStatus: "running". Same field exists in the edgeHub and edgeAgent modules too. So you need to just fetch the edgeAgentTwin through REST API or Azure Device/Service sdk.
I followed the tutorial found at
https://learn.microsoft.com/en-us/azure/devops/extend/develop/service-endpoints?view=azure-devops
The api call is right because if I don't authenticate it shows the correct path in the error message. Entering the url that it shows in the message in a browser gives the correct json.
The picklist object will act like it is trying to load but will end up showing no results found.
Can you use a personal company api to load a picklist using server endpoint?
How do you debug this. All I see in the network tab on debugging tools is the 200 from azure making the post.
This is the JSON
{
"meta": {
"record_count": 5,
"source": "mongodb",
"searchParams": {
"versions.start_date": {
"$gte": "2019-08-30T00:11:55.329Z"
}
},
"paging": {
"num": 10,
"start": 0
}
},
"screenshots": [
{
"screenshot_test_id": 3946619,
"url": "https://www.google.com",
"test_name": null,
"created_date": "2019-10-27T21:26:32.0 ```
This is the datasources from the vss.extension
"dataSources": [
{
"name": "CBTAPIReturn",
"endpointUrl": "{{endpoint.url}}",
"resultSelector": "jsonpath:$[*].screenshots"
}
]
inputs and bindings from the task
"inputs": [
{
"name": "CBTService",
"type": "connectedService:CBTServiceEndpoint",
"label": "CBT service/server end point",
"defaultValue": "",
"required": true,
"helpMarkDown": "Select the CBT end point to use. If needed,selecton 'manage', and add a new service endpoint of type 'CBT server connection'"
},
{
"name": "CBT API Response",
"type": "pickList",
"label": "CBT API Response",
"required": true,
"helpMarkDown": "Select the name combination that you want to use.",
"properties": {
"EditableOptions": "True"
}
}
],
"dataSourceBindings": [
{
"target": "CBT API Response",
"endpointId": "$(CBTService)",
"dataSourceName": "CBTAPIReturn"
```
I am following Microsoft documentation and trying to set the logs for edge Agent through the container options. My deployment.template.json file is as follows:
{
"$schema-template": "2.0.0",
"modulesContent": {
"$edgeAgent": {
"properties.desired": {
"schemaVersion": "1.0",
"runtime": {
"type": "docker",
"settings": {
"minDockerVersion": "v1.25",
"loggingOptions": "",
"registryCredentials": {
"myRegistryName": {
"username": "$CONTAINER_REGISTRY_USERNAME",
"password": "$CONTAINER_REGISTRY_PASSWORD",
"address": "myRegistryAddress.azurecr.io"
}
}
}
},
"systemModules": {
"edgeAgent": {
"type": "docker",
"settings": {
"image": "mcr.microsoft.com/azureiotedge-agent:1.0",
"createOptions": {
"HostConfig": {
"LogConfig": {
"Type": "json-file",
"Config": {
"max-size": "10m",
"max-file": "3"
}
}
}
}
}
},
"edgeHub": {
"type": "docker",
"status": "running",
"restartPolicy": "always",
"settings": {
"image": "mcr.microsoft.com/azureiotedge-hub:1.0",
"createOptions": {
"HostConfig": {
"PortBindings": {
"5671/tcp": [
{
"HostPort": "5671"
}
],
"8883/tcp": [
{
"HostPort": "8883"
}
],
"443/tcp": [
{
"HostPort": "443"
}
]
},
"LogConfig": {
"Type": "json-file",
"Config": {
"max-size": "10m",
"max-file": "3"
}
}
}
}
}
}
},
"modules": {
"Module_Name": {
"version": "1.0",
"type": "docker",
"status": "running",
"restartPolicy": "always",
"settings": {
"image": "${MODULES.Module_Name}",
"createOptions": {
"HostConfig": {
"LogConfig": {
"Type": "json-file",
"Config": {
"max-size": "10m",
"max-file": "3"
}
}
}
}
}
}
}
}
},
"$edgeHub": {
"properties.desired": {
"schemaVersion": "1.0",
"routes": {
"route": "FROM /messages/* INTO $upstream"
},
"storeAndForwardConfiguration": {
"timeToLiveSecs": 7200
}
}
}
}
}
When I build and deploy it on my device, edge Hub and my module log rotation are applied but edgeAgent log rotation is not applied. I check the log rotation settings in the
/var/lib/docker/containers/{container_id}/hostconfig.json file.
What I have done so far:
Removed the image through sudo docker rmi sudo docker rmi mcr.microsoft.com/azureiotedge-agent:1.0 and removed all the containers including the edgeAgent container and restarted the edge environment by sudo systemctl restart iotedge. The log rotation is still not applied to the new container created by the edge run time. I am not sure, what am I missing ? Any help is appreciated. Please note, I don't want to apply log rotation by creating a daemon.json file and placing it in the edge run time folder. I need to do it through the container options specified in the deployment.template.json file.
This is a known bug where edge agent deployment does not apply if version number is identical to the one in config.yaml; please help to create a github issue for it. To workaround, please set the options in config.yaml.