This post demonstrates how to get Azure IoT Edge to work on Red Hat Enterprise Linux (RHEL)
Hi all. Sorry for the lack of content lately. Between some (minor) personal stuff and the coronavirus stuff with both myself and my customers, it’s been a bit of a goat-rodeo around Busby Manor lately.
Recently I needed to help a customer get IoT Edge installed on a box running Red Hat Enterprise Linux (RHEL). In this case, it was version 7.5, but this should work for other 7.x based versions too.. I think . I’m about as far away from a RHEL expert as you can get.
NOTE: credit for most of this info goes to Justin Dyer, a peer of mine on the Azure IoT pre-sales team!
First off, if you look at the “platform support” documentation for IoT Edge, you’ll notice that RHEL is a “Tier 2” supported platform. That’s a fancy way of saying that either MSFT or someone we know has gotten it working on that platform and it generally works. However, it also means that it is not a “gating” platform for us, meaning it’s not a platform that we test extensively every release on before we release it. In other words, not working on RHEL will not block or gate a release. That’s not because we don’t like it, or don’t want to “tier 1” support it, but rather it’s just one that we haven’t gotten around (yet) to doing all the necessary work to get it fully integrated into our extensive testing platform. We love all Linux! We’ve just prioritized based on how often we run into various platforms in the field with our customers.
Now, with all the caveating out of the way, IoT Edge on RHEL DOES work, and seems to work fine, and we DO provide RPM packages for it whenever we do a release.
Ok.. enough pre-amble, let’s jump in. For RHEL, we provide RPM packages that you can install with YUM… The actual IoT Edge install is reasonably straightforward, once you get through the big pre-req, which is container-selinux.
The big issue is that the moby engine (i.e. open source docker) underneath IoT Edge needs a newer version of container-selinux than was installed on RHEL 7.5. We need version 2:2.95 or greater. If you have it already, great – proceed.
If you don’t, you can manually download from here and update. Updating that package will be left as an exercise to the reader (remember: I’m not a RHEL expert, but hopefully you are )
If you are running your own RHEL install, you can skip this next section and jump down to the “Install IoT Edge” section
A note about RHEL on Azure VMs
Most of the testing I did here was on RHEL running in an Azure VM built with our ready-made RHEL images. If you are running it on your own, you can skip this section.
container-selinux is found in the “rhel-7-server-extras-rpms” repo, which our Azure RHEL VMs do not have access to. There are instructions on how to “remove the version lock and install the non-eus repos” in order to get access to it.
But, if you don’t want to read all that, these are the net instructions that you need to run:
sudo rm /etc/yum/vars/releasever
sudo yum --disablerepo='*' remove 'rhui-azure-rhel7-eus'
sudo yum --config='https://rhelimage.blob.core.windows.net/repositories/rhui-microsoft-azure-rhel7.config' install 'rhui-azure-rhel7'
sudo yum install container-selinux
Once those are complete, you can proceed with the “install IoT Edge” section below
Install IoT Edge
Finding the right packages
Before we install IoT Edge, a short note about how to release IOT Edge. For all of the “non-docker-based” parts of the runtime (i.e. ignoring edgeAgent and edgeHub for the moment), there are really four major components of the runtime:
- the moby engine: the open-source version of docker, basically
- the moby CLI: gives you the ‘docker’ commands
- libiothsm: MSFT provided library that implements the security abstraction layer that let’s the edge runtime talk to various security hardware (like TPMS)
- iotedged: the IoT Edge “Security Manager”, which is the daemon based part of IoT Edge and really the component that ‘bootstraps’ all the rest of IoT Edge
When we do a ‘release’ (in the github sense of ‘release’) of IoT Edge, we only provide new packages for those components that changed with that release. So, for example, in the 1.0.8 release, we had changes in all four components and you’ll see (under “assets”) new *.deb and *.rpm packages for all of them.
But in 1.0.9, only libiothsm and iotedged changed, so you only see new packages for those two components.
Unfortunately, that complicates the edge install for us, just a little bit. So, for a given IoT Edge release, you need to spelunk a little to get the latest versions. For the moby engine and CLI, you can usually find the latest version on the packages.microsoft.com site. That’s the easier one. For the iot edge components, unfortunately that requires a little more digging. For the release you want to install, say 1.0.9, you have to work backwards through the releases to find the latest one in which we updated the libiothsm and iotedge components, in this case 1.0.8. So, you need to go find those links, under ‘assets’ of each release, and capture the latest URL’s to the libiothsm and iotedge packages.
Sorry about that. The good news is, that’s the hard part.
finally, install iotedge
Ok, finally, we can install IoT Edge.
The first step is to download the packages. Make a folder on your device to hold them, CD into that folder, and then run
Those URL’s are valid as the ‘latest’ releases of each component as of the 1.0.9 version of IoT Edge. As future versions ship, you’ll need to see if the various components of them have updated, and replace the URI’s appropriately.
Next, we just install IoT Edge components with the following commands (run them one at a time, as they ask a y/n question in the middle):
sudo yum install moby-cli-3.0.10+azure-0.x86_64.rpm
sudo yum install moby-engine-3.0.10+azure-0.x86_64.rpm
sudo rpm -Uhv libiothsm-std_1.0.9-1.el7.x86_64.rpm
sudo rpm -Uhv iotedge-1.0.9-1.el7.x86_64.rpm
Obviously if you had to download newer package names, replace them.
Once those packages finish installing, all you need to do is open config.yaml and add in your connection string or DPS information and restart iotedge with:
sudo systemctl restart iotedge
There you go. Enjoy. As always, if you have issues, feel free to hit me up in the comments!