Add docker support clarification

Author: PatAltimore

articles/iot-edge/development-environment.md

@@ -4,7 +4,7 @@ description: Learn about the supported systems and first-party development tools
 author: PatAltimore
 
 ms.author: patricka
-ms.date: 07/10/2023
+ms.date: 06/14/2024
 ms.topic: conceptual
 ms.service: iot-edge
 services: iot-edge
@@ -30,7 +30,7 @@ The operating systems of the development machine and IoT Edge devices don't need
 
 The central concept of IoT Edge is that you can remotely deploy your business and cloud logic to devices by packaging it into containers. To build containers, you need a container engine on your development machine.
 
-The only supported container engine for IoT Edge devices in production is Moby. However, any container engine compatible with the Open Container Initiative, like Docker, is capable of building IoT Edge module images.
+Any container engine compatible with the Open Container Initiative, like Docker, is capable of building IoT Edge module images. Moby is the supported container engine for IoT Edge devices in production. If you are using Ubuntu Core snaps, the Docker snap is serviced by Canonical and supported for production scenarios.
 
 ## Development tools
 

articles/iot-edge/how-to-provision-devices-at-scale-linux-x509.md

@@ -4,7 +4,7 @@ titleSuffix: Azure IoT Edge
 description: Use X.509 certificates to test provisioning devices at scale for Azure IoT Edge with device provisioning service
 author: PatAltimore
 ms.author: patricka
-ms.date: 02/27/2024
+ms.date: 06/13/2024
 ms.topic: how-to
 ms.service: iot-edge
 ms.custom: linux-related-content
@@ -92,6 +92,28 @@ Open the configuration file on the IoT Edge device.
 sudo nano /etc/aziot/config.toml
 ```
 
+Find the **Provisioning** section of the file. Uncomment the lines for DPS provisioning with X.509 certificate, and make sure any other provisioning lines are commented out.
+
+```toml
+# DPS provisioning with X.509 certificate
+[provisioning]
+source = "dps"
+global_endpoint = "https://global.azure-devices-provisioning.net"
+id_scope = "SCOPE_ID_HERE"
+
+# Uncomment to send a custom payload during DPS registration
+# payload = { uri = "PATH_TO_JSON_FILE" }
+
+[provisioning.attestation]
+method = "x509"
+registration_id = "REGISTRATION_ID_HERE"
+
+identity_cert = "DEVICE_IDENTITY_CERTIFICATE_HERE" # For example, "file:///var/aziot/device-id.pem"
+identity_pk = "DEVICE_IDENTITY_PRIVATE_KEY_HERE"   # For example, "file:///var/aziot/device-id.key"
+
+# auto_reprovisioning_mode = Dynamic
+```
+
 # [Ubuntu Core snaps](#tab/snaps)
 
 If using a snap installation of IoT Edge, the template file is located at `/snap/azure-iot-edge/current/etc/aziot/config.toml.edge.template`. Create a copy of the template file in your home directory and name it config.toml. For example:
@@ -106,30 +128,30 @@ Open the configuration file in your home directory on the IoT Edge device.
 nano ~/config.toml
 ```
 
----
+Find the **Provisioning** section of the file. Uncomment the lines for DPS provisioning with X.509 certificate, and make sure any other provisioning lines are commented out. The path used for the certificate files should be the path to the shared directory accessible to both *azure-iot-edge* and *azure-iot-identity* snaps. For example, `/var/snap/azure-iot-identity/current/shared/`.
 
-1. Find the **Provisioning** section of the file. Uncomment the lines for DPS provisioning with X.509 certificate, and make sure any other provisioning lines are commented out.
+```toml
+# DPS provisioning with X.509 certificate
+[provisioning]
+source = "dps"
+global_endpoint = "https://global.azure-devices-provisioning.net"
+id_scope = "SCOPE_ID_HERE"
 
-   ```toml
-   # DPS provisioning with X.509 certificate
-   [provisioning]
-   source = "dps"
-   global_endpoint = "https://global.azure-devices-provisioning.net"
-   id_scope = "SCOPE_ID_HERE"
+# Uncomment to send a custom payload during DPS registration
+# payload = { uri = "PATH_TO_JSON_FILE" }
 
-   # Uncomment to send a custom payload during DPS registration
-   # payload = { uri = "PATH_TO_JSON_FILE" }
-   
-   [provisioning.attestation]
-   method = "x509"
-   registration_id = "REGISTRATION_ID_HERE"
+[provisioning.attestation]
+method = "x509"
+registration_id = "REGISTRATION_ID_HERE"
 
-   identity_cert = "DEVICE_IDENTITY_CERTIFICATE_HERE"
+identity_cert = "DEVICE_IDENTITY_CERTIFICATE_HERE" # For example, "file:///var/snap/azure-iot-identity/current/shared/device-id.pem"
+identity_pk = "DEVICE_IDENTITY_PRIVATE_KEY_HERE"   # For example, "file:///var/snap/azure-iot-identity/current/shared/device-id.key"
 
-   identity_pk = "DEVICE_IDENTITY_PRIVATE_KEY_HERE"
 
-   # auto_reprovisioning_mode = Dynamic
-   ```
+# auto_reprovisioning_mode = Dynamic
+```
+
+---
 
 1. Update the value of `id_scope` with the scope ID you copied from your instance of DPS.
 

articles/iot-edge/how-to-provision-single-device-linux-x509.md

@@ -7,7 +7,7 @@ ms.service: iot-edge
 ms.custom: linux-related-content
 services: iot-edge
 ms.topic: how-to
-ms.date: 02/27/2024
+ms.date: 06/13/2024
 ms.author: patricka
 ---
 
@@ -115,7 +115,7 @@ After entering the provisioning information in the configuration file, apply you
 
 # [Ubuntu Core snaps](#tab/snaps)
 
-1. Copy your identity keyfile and certificate in the `/var/snap/azure-iot-identity/common/provisioning` directory. Create the directory if it doesn't exist.
+1. Copy your identity keyfile and certificate in the `/var/snap/azure-iot-identity/current/shared` directory. Create the directory if it doesn't exist.
 
 1. Create a **config.toml** file in your home directory and configure your IoT Edge device for manual provisioning using an X.509 identity certificate.
 
@@ -134,16 +134,16 @@ After entering the provisioning information in the configuration file, apply you
     [provisioning.authentication]
     
     method = "x509"
-    identity_cert = "file:///var/snap/azure-iot-identity/common/provisioning/IDENTITY_CERT_FILENAME"
-    identity_pk = "file:///var/snap/azure-iot-identity/common/provisioning/IDENTITY_PK_FILENAME"
+    identity_cert = "file:///var/snap/azure-iot-identity/current/shared/IDENTITY_CERT_FILENAME"
+    identity_pk = "file:///var/snap/azure-iot-identity/current/shared/IDENTITY_PK_FILENAME"
     ```
 
     Update the following fields:
 
     * **iothub_hostname**: Hostname of the IoT Hub where the device connects. For example, `example.azure-devices.net`.
     * **device_id**: The ID that you provided when you registered the device.
-    * **identity_cert**: URI to an identity certificate on the device, for example: `file:///var/snap/azure-iot-identity/common/provisioning/identity_certificate.pem`.
-    * **identity_pk**: URI to the private key file for the provided identity certificate, for example: `file:///var/snap/azure-iot-identity/common/provisioning/identity_key.pem`.
+    * **identity_cert**: URI to an identity certificate on the device, for example: `file:///var/snap/azure-iot-identity/current/shared/identity_certificate.pem`.
+    * **identity_pk**: URI to the private key file for the provided identity certificate, for example: `file:///var/snap/azure-iot-identity/current/shared/identity_key.pem`.
 
     For more information about provisioning configuration settings, see [Configure IoT Edge device settings](configure-device.md#provisioning).
 

articles/iot-edge/includes/iot-edge-install-linux.md

@@ -1,6 +1,6 @@
 ---
 ms.topic: include
-ms.date: 03/11/2024
+ms.date: 06/14/2024
 author: PatAltimore
 ms.author: patricka
 ms.service: iot-edge
@@ -84,7 +84,7 @@ For more information about operating system versions, see [Azure IoT Edge suppor
 
 ### Install a container engine
 
-Azure IoT Edge relies on an [OCI](https://opencontainers.org/)-compatible container runtime. For production scenarios, we recommend that you use the Moby engine. The Moby engine is the only container engine officially supported with IoT Edge. Docker CE/EE container images are compatible with the Moby runtime.
+Azure IoT Edge relies on an [OCI](https://opencontainers.org/)-compatible container runtime. For production scenarios, we recommend that you use the Moby engine. The Moby engine is the container engine officially supported with IoT Edge. Docker CE/EE container images are compatible with the Moby runtime. If you are using Ubuntu Core snaps, the Docker snap is serviced by Canonical and supported for production scenarios.
 
 # [Ubuntu](#tab/ubuntu)
 
@@ -132,6 +132,8 @@ sudo snap install docker
 sudo snap install azure-iot-identity
 ```
 
+The Docker snap is serviced by Canonical and supported for production scenarios.
+
 ---
 
 By default, the container engine doesn't set container log size limits. Over time, this can lead to the device filling up with logs and running out of disk space. However, you can configure your log to show locally, though it's optional. To learn more about logging configuration, see [Production Deployment Checklist](../production-checklist.md#set-up-default-logging-driver).

articles/iot-edge/production-checklist.md

@@ -4,8 +4,8 @@ description: Ready your Azure IoT Edge solution for production. Learn how to set
 author: PatAltimore
 
 ms.author: patricka
-ms.date: 06/06/2024
-ms.topic: conceptual
+ms.date: 06/13/2024
+ms.topic: concept-article
 ms.service: iot-edge
 services: iot-edge
 ms.custom:  [amqp, mqtt]
@@ -26,7 +26,7 @@ IoT Edge devices can be anything from a Raspberry Pi to a laptop to a virtual ma
 * **Important**
   * Install production certificates
   * Have a device management plan
-  * Use Moby as the container engine
+  * Use Moby as the container engine. If you are using Ubuntu Core snaps, the Docker snap is serviced by Canonical and supported for production scenarios.
 
 * **Helpful**
   * Choose upstream protocol
@@ -53,9 +53,9 @@ Before you put any device in production you should know how you're going to mana
 
 Alternative methods for updating IoT Edge require physical or SSH access to the IoT Edge device. For more information, see [Update the IoT Edge runtime](how-to-update-iot-edge.md). To update multiple devices, consider adding the update steps to a script or use an automation tool like Ansible.
 
-### Use Moby as the container engine
+### Container engine
 
-A container engine is a prerequisite for any IoT Edge device. Only moby-engine is supported in production. Other container engines, like Docker, do work with IoT Edge and it's ok to use these engines for development. The moby-engine can be redistributed when used with Azure IoT Edge, and Microsoft provides servicing for this engine.
+A container engine is a prerequisite for any IoT Edge device. The moby-engine is supported in production. If you are using Ubuntu Core snaps, the Docker snap is serviced by Canonical and supported for production scenarios. Other container engines, like Docker, do work with IoT Edge and it's ok to use these engines for development. The moby-engine can be redistributed when used with Azure IoT Edge, and Microsoft provides servicing for this engine. 
 
 ### Choose upstream protocol
 

articles/iot-edge/support.md

@@ -32,7 +32,7 @@ If you experience problems while using the Azure IoT Edge service, there are sev
 
 ## Container engines
 
-Azure IoT Edge modules are implemented as containers, so IoT Edge needs a container engine to launch them. Microsoft provides a container engine, moby-engine, to fulfill this requirement. This container engine is based on the Moby open-source project. Docker CE and Docker EE are other popular container engines. They're also based on the Moby open-source project and are compatible with Azure IoT Edge. Microsoft provides best effort support for systems using those container engines; however, Microsoft can't ship fixes for issues in them. For this reason, Microsoft recommends using moby-engine on production systems.
+Azure IoT Edge modules are implemented as containers, so IoT Edge needs a container engine to launch them. Microsoft provides a container engine, moby-engine, to fulfill this requirement. This container engine is based on the Moby open-source project. Docker CE and Docker EE are other popular container engines. They're also based on the Moby open-source project and are compatible with Azure IoT Edge. Microsoft provides best effort support for systems using those container engines; however, Microsoft can't ship fixes for issues in them. For this reason, Microsoft recommends using moby-engine on production systems. If you are using Ubuntu Core snaps, the Docker snap is serviced by Canonical and supported for production scenarios.
 
 :::image type="content" source="./media/support/only-moby-for-production.png" alt-text="Screenshot of the Moby engine as a container runtime.":::