Hi,
I have an on-premise server running RHEL 8 OS. This VM has no internet connectivity and can only connect to cloud IoT Hub using port 443 and 5671 and Container registry using port 443 through site-to-site VPN connectivity.
I have followed this offline installation step - https://video2.skills-academy.com/en-us/azure/iot-edge/how-to-provision-single-device-linux-symmetric?view=iotedge-1.4&tabs=azure-portal%2Crhel#offline-or-specific-version-installation-optional, to install the IoT edge runtime and other dependencies. There is only a single device configured and there are no child devices.
I am aware that, if the iot-edge server has Internet connectivity then it pulls some container images from Microsoft like - mcr.microsoft.com/azureiotedge-agent and mcr.microsoft.com/azureiotedge-diagnostics. But since my server don't have internet connectivity these images are not automatically pulled in docker. I don't see any repository on running -. sudo docker images command.
REPOSITORY TAG IMAGE ID CREATED SIZE
On running sudo iotedge system status, this is the result.
System services:
aziot-edged Running
aziot-identityd Running
aziot-keyd Running
aziot-certd Running
aziot-tpmd Ready
On running the sudo iotedge check command following is the result:
Configuration checks (aziot-identity-service)
---------------------------------------------
√ keyd configuration is well-formed - OK
√ certd configuration is well-formed - OK
√ tpmd configuration is well-formed - OK
√ identityd configuration is well-formed - OK
√ daemon configurations up-to-date with config.toml - OK
√ identityd config toml file specifies a valid hostname - OK
× aziot-identity-service package is up-to-date - Error
could not query https://aka.ms/latest-aziot-identity-service for latest available version
‼ host time is close to reference time - Warning
Could not query NTP server
√ production readiness: identity certificates expiry - OK
√ preloaded certificates are valid - OK
√ keyd is running - OK
√ certd is running - OK
√ identityd is running - OK
√ read all preloaded certificates from the Certificates Service - OK
√ read all preloaded key pairs from the Keys Service - OK
√ check all EST server URLs utilize HTTPS - OK
√ ensure all preloaded certificates match preloaded private keys with the same ID - OK
Connectivity checks (aziot-identity-service)
--------------------------------------------
√ host can connect to and perform TLS handshake with iothub AMQP port - OK
√ host can connect to and perform TLS handshake with iothub HTTPS / WebSockets port - OK
× host can connect to and perform TLS handshake with iothub MQTT port - Error
Failed to do TLS Handshake, Connection Attempt Timed out in 70 Seconds
Configuration checks
--------------------
√ aziot-edged configuration is well-formed - OK
√ configuration up-to-date with config.toml - OK
√ container engine is installed and functional - OK
× configuration has correct URIs for daemon mgmt endpoint - Error
Unable to find image 'mcr.microsoft.com/azureiotedge-diagnostics:1.4.10' locally
docker: Error response from daemon: Get https://mcr.microsoft.com/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers).
See 'docker run --help'.
× aziot-edge package is up-to-date - Error
Error while fetching latest versions of edge components: could not send HTTP request
× container time is close to host time - Error
Could not query local time inside container
‼ DNS server - Warning
Container engine is not configured with DNS server setting, which may impact connectivity to IoT Hub.
Please see https://aka.ms/iotedge-prod-checklist-dns for best practices.
You can ignore this warning if you are setting DNS server per module in the Edge deployment.
‼ production readiness: logs policy - Warning
Container engine is not configured to rotate module logs which may cause it run out of disk space.
Please see https://aka.ms/iotedge-prod-checklist-logs for best practices.
You can ignore this warning if you are setting log policy per module in the Edge deployment.
× production readiness: Edge Agent's storage directory is persisted on the host filesystem - Error
Could not check current state of edgeAgent container
× production readiness: Edge Hub's storage directory is persisted on the host filesystem - Error
Could not check current state of edgeHub container
× Agent image is valid and can be pulled from upstream - Error
Failed to get edge Agent image
√ proxy settings are consistent in aziot-edged, aziot-identityd, moby daemon and config.toml - OK
Connectivity checks
-------------------
× container on the default network can connect to upstream AMQP port - Error
Container on the default network could not connect to <iot-hub hostname>:5671
× container on the default network can connect to upstream HTTPS / WebSockets port - Error
Container on the default network could not connect to <iot-hub hostname>:443
× container on the IoT Edge module network can connect to upstream AMQP port - Error
Container on the azure-iot-edge network could not connect to <iot-hub hostname>:5671
× container on the IoT Edge module network can connect to upstream HTTPS / WebSockets port - Error
Container on the azure-iot-edge network could not connect to <iot-hub hostname>:443
21 check(s) succeeded.
3 check(s) raised warnings. Re-run with --verbose for more details.
12 check(s) raised errors. Re-run with --verbose for more details.
2 check(s) were skipped due to errors from other checks. Re-run with --verbose for more details.
Please help me resolve this issue as the iot-edge server cannot have Internet connectivity and only has site-to-site connectivity.