Directly connect to Azure IoT Edge via MQTT as transparent gateway to Azure IoT Central

800 views Asked by At

I am trying to setup Azure IoT Edge as transparent gateway to which I want to connect directly via MQTT (without any IoT SDKs).

###---Short Version---###
I want to connect directly to IoT Edge via MQTT like this to IoT Hub.
What is the host, username and password for connection via symmetric keys to connect to the IoT Edge Gateway?



###---Long Version---###

The communication should work like this: Device (MQTT) -> Azure IoT Edge -> Azure IoT Central.

I started with provisioning the Device to Azure IoT Central and was able to connect there directly. I used a .NET sample to provision the devices on Azure IoT Central and get the Iot-Hub name. Then I created the SAS Token to connect directly with a MQTT client to Azure IoT Central (assigned IoT-Hub)
I used the following credentials:

"ClientID": "plc2"
"Host": "mqtts://iotc-x-x-x-x-x.azure-devices.net"
"Port": "8883"
"Username": "iotc-x-x-x-x-x.azure-devices.net/plc2/?api-version=2021-04-12"
"Password": "SharedAccessSignature sr=iotc-x-x-x-x-x.azure-devices.net%2Fdevices%2Fplc2&sig=P......D&se=1652037456"

I created the SAS Token following this documentation for MQTT direct device connection: SAS Token structure
As ressourceUri for creating SAS Token I used the following: "iotc-x-x-x-x-x.azure-devices.net.azure-devices.net/devices/plc2"

For testing I used MQTTX windows client with the Azure Baltimore Root CA Certificate and the credentials explained and everything was fine.

The problem


Now I want the communication to run via the Azure IoT Edge as transparent gateway. I followed following documentation from Microsoft:

  1. Created the demo certificates from Microsoft
  2. Configured "config.toml" -> Set the hostname to: iotedge-prod1
  3. Provisioned the device in Azure IoT Central -> Set its gateway to the Edge device
  4. Used a sample Manifest file for edge where the ports are open and upstream is allowed
  5. On my windows pc created a host file entry with "192.168.0.100 iotedge-prod1"
  6. Ping is ok for the new hostname of the edge device
  7. Generated a .PKCS12 certificate from the .PEM certificate for the windows machine
  8. But now I cannot connect via my MQTT Client -> It says Username or Password wrong

My big question

What does the MQTT connection data to the Edge device look like?
The structure with Edge Hub I have not yet understood I think. I tried many combinations of credentials but I didn't get it

"ClientID": "plc2" --> Should be ok

"Host": "mqtts://iotedge-prod1" --> In my opinion the IP-Adress is important right?

"Port": "8883" --> Same like before for TLS

"Username": "iotedge-prod1.iotc-x-x-x-x-x.azure-devices.net/plc2/?api-version=2021-04-12" or just "iotedge-prod1/plc2/?api-version=2021-04-12" --> What must the username be like?

"Password": "SharedAccessSignature sr=iotc...." --> Same thing for the password. Which information is necessary in the SAS Token? Is the ressourceUri for creation: "iotedge-prod1.myHub.azure-devices.net/devices/plc2" or just "iotedge-prod1/devices/plc2" or anything different?

I hope I could explain halfway understandable what my problem is.

Additional information:
Edge-config_toml.jpg
Edge-IoTCentral.jpg
Edge-Manifest (MS Docs)

2

There are 2 answers

0
humblejay On BEST ANSWER

The username and password in case of direct connection to IoT Central or via IoT Edge as transparent gateway will be the same. This is because IoT Edge will pass through the token to IoTHub for attestation.

Only change required will be the Host, which should be mqtts://hostname or ip

Ensure in MQTTX client the Certificate is selected as Self signed and provide path of the Test Root CA, no need for client cert and key. The parent of the device also needs to be correctly set in IoT Central.

e.g. the deviceId here is mqttclient and iotedge gateway is raspi###

enter image description here

enter image description here

enter image description here

Check edgeHub log to see if you are getting connection attempt with "iotedge logs -f edgeHub' from MQTTX client

0
ricktauss On

One possible problem also was that the certificate hierachy was not ok. If Azure IoT Edge is installed there are some certificates installed. After using the demo certificates from Azure the hierarchy should be mainly the same like in the documentation from Microsoft - starting with "Azure ... Test Only"

Demo Azure Certificate Hierarchy