无法通过 MQTT 将叶设备连接到 Azure Edge 设备答案

【问题标题】：Unable to connect leaf device over MQTT to Azure Edge device无法通过 MQTT 将叶设备连接到 Azure Edge 设备
【发布时间】：2019-10-29 00:35:06
【问题描述】：

我有一个 azure IoT Edge 设备在 vmware 上设置为 ubuntu linux VM。它连接到我的物联网中心没有任何问题。我正在尝试注册一个叶设备（树莓派 - 我已成功直接连接到 IoT 集线器 - 我已从集线器中删除了该设备）。 Edge 设备设置为透明网关。当我尝试通过 Edge 注册设备时，连接被拒绝。边缘设备上的 iptables 设置为将 MQTT 转发到 azure-iot-edge docker 网络上的 edgeHub 容器。这是来自 python sdk 的设备注册示例。我得到的确切错误是

MQTTTransportStage: _on_mqtt_connection_failure called: Connection Refused: not authorised.
MQTTTransportStage(ConnectOperation): completing with error Connection Refused: not authorised.
SerializeConnectOpsStage(ConnectOperation): op failed.  Unblocking queue with error: Connection Refused: not authorised.
EnsureConnectionStage(MQTTSubscribeOperation): Connection failed.  Completing with failure because of connection failure: Connection Refused: not authorised.
EnsureConnectionStage(MQTTSubscribeOperation): completing with error Connection Refused: not authorised.
ProvisioningMQTTConverterStage(EnableFeatureOperation): completing with error Connection Refused: not authorised.
MQTTTransportStage: _on_mqtt_disconnect called: The connection was refused.
Unhandled exception in background thread
MQTTTransportStage: disconnection was unexpected
This may cause the background thread to abort and may result in system instability.
Exception caught in background thread.  Unable to handle.
azure.iot.device.common.transport_exceptions.ConnectionFailedError: The connection was refused.

看来转发没有发生。这是我的 iptables

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy DROP)
target     prot opt source               destination
DOCKER-USER  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain DOCKER (2 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             172.18.0.2           tcp dpt:8883
ACCEPT     tcp  --  anywhere             172.18.0.2           tcp dpt:amqps
ACCEPT     tcp  --  anywhere             172.18.0.2           tcp dpt:https

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain DOCKER-USER (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

【问题讨论】：

我发现这不是网络连接。问题似乎是边缘设备不接受识别设备本身的证书。
您说“我已从集线器中删除了设备”。通过 IoT Edge 连接的设备仍需要向中心注册。

标签： iot azure-iot-hub azure-iot-edge

【解决方案1】：

我的建议是在 IoT 中心的设备设置中，确保 IoTEdge 设备和叶设备之间存在关系。 IoT Edge 设备必须设置为叶设备的父设备：

使用 DeviceClient 时，您的叶设备必须指定 GatewayHostName 并且必须是您的 Edge 设备，即在 IoT 中心设置为父设备。没有这个你会得到连接被拒绝的错误。

【讨论】：