Merge pull request #265536 from PatAltimore/patricka-snaps

Add snaps to IoT Edge install

Author: v-dirichards

articles/iot-edge/how-to-access-host-storage-from-module.md

@@ -72,6 +72,9 @@ Your deployment manifest would be similar to the following:
 }
 ```
 
+> [!NOTE]
+> If you are using a snap installation, ensure you choose a host storage path that is accessible to the snaps. For example, `$HOME/snap/azure-iot-edge/current/modules/`.
+
 ### Automatic host system permissions management
 
 On version 1.4 and newer, there's no need for manually setting ownership or permissions for host storage backing the `StorageFolder`. Permissions and ownership are automatically managed by the system modules during startup.

articles/iot-edge/how-to-provision-devices-at-scale-linux-symmetric.md

@@ -3,7 +3,7 @@ title: Create and provision IoT Edge devices using symmetric keys on Linux - Azu
 description: Use symmetric key attestation to test provisioning Linux devices at scale for Azure IoT Edge with device provisioning service
 author: PatAltimore
 ms.author: patricka
-ms.date: 08/26/2022
+ms.date: 02/27/2024
 ms.topic: conceptual
 ms.service: iot-edge
 services: iot-edge
@@ -51,18 +51,36 @@ Have the following information ready:
 * The device **Registration ID** you created
 * Either the **Primary Key** from an individual enrollment, or a [derived key](#derive-a-device-key) for devices using a group enrollment.
 
-1. Create a configuration file for your device based on a template file that is provided as part of the IoT Edge installation.
+Create a configuration file for your device based on a template file that is provided as part of the IoT Edge installation.
 
-   ```bash
-   sudo cp /etc/aziot/config.toml.edge.template /etc/aziot/config.toml
-   ```
+# [Ubuntu / Debian / RHEL](#tab/ubuntu+debian+rhel)
+
+```bash
+sudo cp /etc/aziot/config.toml.edge.template /etc/aziot/config.toml
+```
 
-1. Open the configuration file on the IoT Edge device.
+Open the configuration file on the IoT Edge device.
 
    ```bash
    sudo nano /etc/aziot/config.toml
    ```
 
+# [Ubuntu Core snaps](#tab/snaps)
+
+If using a snap installation of IoT Edge, the template file is located at `/snap/azure-iot-edge/current/etc/aziot/config.toml.edge.template`. Create a copy of the template file in your home directory and name it config.toml. For example:
+
+```bash
+cp /snap/azure-iot-edge/current/etc/aziot/config.toml.edge.template ~/config.toml
+```
+
+Open the configuration file in your home directory on the IoT Edge device.
+
+```bash
+nano ~/config.toml
+```
+
+---
+
 1. Find the **Provisioning** section of the file. Uncomment the lines for DPS provisioning with symmetric key, and make sure any other provisioning lines are commented out.
 
     ```toml
@@ -90,18 +108,29 @@ Have the following information ready:
 
    If you use any PKCS#11 URIs, find the **PKCS#11** section in the config file and provide information about your PKCS#11 configuration.
 
-1. Optionally, find the auto reprovisioning mode section of the file. Use the `auto_reprovisioning_mode` parameter to configure your device's reprovisioning behavior. **Dynamic** - Reprovision when the device detects that it may have been moved from one IoT Hub to another. This is the default. **AlwaysOnStartup** - Reprovision when the device is rebooted or a crash causes the daemon(s) to restart. **OnErrorOnly** - Never trigger device reprovisioning automatically. Each mode has an implicit device reprovisioning fallback if the device is unable to connect to IoT Hub during identity provisioning due to connectivity errors. For more information, see [IoT Hub device reprovisioning concepts](../iot-dps/concepts-device-reprovision.md).
+    For more information about provisioning configuration settings, see [Configure IoT Edge device settings](configure-device.md#provisioning).
 
-1. Optionally, uncomment the `payload` parameter to specify the path to a local JSON file. The contents of the file will be [sent to DPS as additional data](../iot-dps/how-to-send-additional-data.md#iot-edge-support) when the device registers. This is useful for [custom allocation](../iot-dps/how-to-use-custom-allocation-policies.md). For example, if you want to allocate your devices based on an IoT Plug and Play model ID without human intervention.
+1. Optionally, find the auto reprovisioning mode section of the file. Use the `auto_reprovisioning_mode` parameter to configure your device's reprovisioning behavior. **Dynamic** - Reprovision when the device detects that it may have been moved from one IoT Hub to another. This is the default. **AlwaysOnStartup** - Reprovision when the device is rebooted or a crash causes the daemons to restart. **OnErrorOnly** - Never trigger device reprovisioning automatically. Each mode has an implicit device reprovisioning fallback if the device is unable to connect to IoT Hub during identity provisioning due to connectivity errors. For more information, see [IoT Hub device reprovisioning concepts](../iot-dps/concepts-device-reprovision.md).
 
-1. Save and close the file.
+1. Optionally, uncomment the `payload` parameter to specify the path to a local JSON file. The contents of the file is [sent to DPS as additional data](../iot-dps/how-to-send-additional-data.md#iot-edge-support) when the device registers. This is useful for [custom allocation](../iot-dps/how-to-use-custom-allocation-policies.md). For example, if you want to allocate your devices based on an IoT Plug and Play model ID without human intervention.
 
-1. Apply the configuration changes that you made to IoT Edge.
+1. Save and close the file.
 
-   ```bash
-   sudo iotedge config apply
-   ```
+1. Apply the configuration changes that you made on the device.
 
+    # [Ubuntu / Debian / RHEL](#tab/ubuntu+debian+rhel)
+    ```bash
+    sudo iotedge config apply
+    ```
+    
+    # [Ubuntu Core snaps](#tab/snaps)
+    
+    ```bash
+    sudo snap set azure-iot-edge raw-config="$(cat ~/config.toml)"
+    ```
+    
+    ---
+    
 ## Verify successful installation
 
 If the runtime started successfully, you can go into your IoT Hub and start deploying IoT Edge modules to your device.

articles/iot-edge/how-to-provision-devices-at-scale-linux-tpm.md

@@ -4,7 +4,7 @@ description: Use a simulated TPM on a Linux device to test the Azure IoT Hub dev
 author: PatAltimore
 manager: lizross
 ms.author: patricka
-ms.date: 05/13/2022
+ms.date: 02/27/2024
 ms.topic: conceptual
 ms.service: iot-edge
 services: iot-edge
@@ -52,7 +52,7 @@ The tasks are as follows:
 
 A physical Linux device to be the IoT Edge device.
 
-If you are a device manufacturer then refer to guidance on [integrating a TPM into the manufacturing process](../iot-dps/concepts-device-oem-security-practices.md#integrating-a-tpm-into-the-manufacturing-process).
+If you are a device manufacturer, then refer to guidance on [integrating a TPM into the manufacturing process](../iot-dps/concepts-device-oem-security-practices.md#integrating-a-tpm-into-the-manufacturing-process).
 
 # [Virtual machine](#tab/virtual-machine)
 
@@ -165,6 +165,11 @@ Sign in to your device, and install the `tpm2-tools` package.
    sudo yum install tpm2-tools
    ```
 
+# [Ubuntu Core snaps](#tab/snaps)
+
+   ```bash
+   sudo snap install tpm2-tools
+   ```
 ---
 
 Run the following script to read the endorsement key, creating one if it does not already exist.
@@ -212,19 +217,37 @@ After you have your registration ID and endorsement key, you're ready to continu
 
 After the runtime is installed on your device, configure the device with the information it uses to connect to the device provisioning service and IoT Hub.
 
-1. Know your device provisioning service **ID Scope** and device **Registration ID** that were gathered previously.
+Know your device provisioning service **ID Scope** and device **Registration ID** that were gathered previously.
 
-1. Create a configuration file for your device based on a template file that's provided as part of the IoT Edge installation.
+Create a configuration file for your device based on a template file that's provided as part of the IoT Edge installation.
 
-   ```bash
-   sudo cp /etc/aziot/config.toml.edge.template /etc/aziot/config.toml
-   ```
+# [Ubuntu / Debian / RHEL](#tab/ubuntu+debian+rhel)
 
-1. Open the configuration file on the IoT Edge device.
+```bash
+sudo cp /etc/aziot/config.toml.edge.template /etc/aziot/config.toml
+```
 
-   ```bash
-   sudo nano /etc/aziot/config.toml
-   ```
+Open the configuration file on the IoT Edge device.
+
+```bash
+sudo nano /etc/aziot/config.toml
+```
+
+# [Ubuntu Core snaps](#tab/snaps)
+
+If using a snap installation of IoT Edge, the template file is located at `/snap/azure-iot-edge/current/etc/aziot/config.toml.edge.template`. Create a copy of the template file in your home directory and name it config.toml. For example:
+
+```bash
+cp /snap/azure-iot-edge/current/etc/aziot/config.toml.edge.template ~/config.toml
+```
+
+Open the configuration file in your home directory on the IoT Edge device.
+
+```bash
+nano ~/config.toml
+```
+
+---
 
 1. Find the provisioning configurations section of the file. Uncomment the lines for TPM provisioning, and make sure any other provisioning lines are commented out.
 
@@ -247,9 +270,11 @@ After the runtime is installed on your device, configure the device with the inf
 
 1. Update the values of `id_scope` and `registration_id` with your device provisioning service and device information. The `scope_id` value is the **ID Scope** from your device provisioning service instance's overview page.
 
-1. Optionally, find the auto reprovisioning mode section of the file. Use the `auto_reprovisioning_mode` parameter to configure your device's reprovisioning behavior. **Dynamic** - Reprovision when the device detects that it may have been moved from one IoT Hub to another. This is the default. **AlwaysOnStartup** - Reprovision when the device is rebooted or a crash causes the daemon(s) to restart. **OnErrorOnly** - Never trigger device reprovisioning automatically. Each mode has an implicit device reprovisioning fallback if the device is unable to connect to IoT Hub during identity provisioning due to connectivity errors. For more information, see [IoT Hub device reprovisioning concepts](../iot-dps/concepts-device-reprovision.md).
+    For more information about provisioning configuration settings, see [Configure IoT Edge device settings](configure-device.md#provisioning).
 
-1. Optionally, uncomment the `payload` parameter to specify the path to a local JSON file. The contents of the file will be [sent to DPS as additional data](../iot-dps/how-to-send-additional-data.md#iot-edge-support) when the device registers. This is useful for [custom allocation](../iot-dps/how-to-use-custom-allocation-policies.md). For example, if you want to allocate your devices based on an IoT Plug and Play model ID without human intervention.
+1. Optionally, find the auto reprovisioning mode section of the file. Use the `auto_reprovisioning_mode` parameter to configure your device's reprovisioning behavior. **Dynamic** - Reprovision when the device detects that it may have been moved from one IoT Hub to another. This is the default. **AlwaysOnStartup** - Reprovision when the device is rebooted or a crash causes the daemons to restart. **OnErrorOnly** - Never trigger device reprovisioning automatically. Each mode has an implicit device reprovisioning fallback if the device is unable to connect to IoT Hub during identity provisioning due to connectivity errors. For more information, see [IoT Hub device reprovisioning concepts](../iot-dps/concepts-device-reprovision.md).
+
+1. Optionally, uncomment the `payload` parameter to specify the path to a local JSON file. The contents of the file is [sent to DPS as additional data](../iot-dps/how-to-send-additional-data.md#iot-edge-support) when the device registers. This is useful for [custom allocation](../iot-dps/how-to-use-custom-allocation-policies.md). For example, if you want to allocate your devices based on an IoT Plug and Play model ID without human intervention.
 
 1. Save and close the file.
 
@@ -259,7 +284,7 @@ The IoT Edge runtime relies on a TPM service that brokers access to a device's T
 
 You can give access to the TPM by overriding the systemd settings so that the `aziottpm` service has root privileges. If you don't want to elevate the service privileges, you can also use the following steps to manually provide TPM access.
 
-1. Create a new rule that will give the IoT Edge runtime access to `tpm0` and `tpmrm0`.
+1. Create a new rule that gives the IoT Edge runtime access to `tpm0` and `tpmrm0`.
 
    ```bash
    sudo touch /etc/udev/rules.d/tpmaccess.rules
@@ -300,39 +325,48 @@ You can give access to the TPM by overriding the systemd settings so that the `a
    crw-rw---- 1 root aziottpm 10, 224 Jul 20 16:27 /dev/tpmrm0
    ```
 
-   If you don't see that the correct permissions have been applied, try rebooting your machine to refresh `udev`.
+   If you don't see that the correct permissions applied, try rebooting your machine to refresh `udev`.
 
 1. Apply the configuration changes that you made on the device.
 
-   ```bash
-   sudo iotedge config apply
-   ```
+    # [Ubuntu / Debian / RHEL](#tab/ubuntu+debian+rhel)
+    ```bash
+    sudo iotedge config apply
+    ```
+    
+    # [Ubuntu Core snaps](#tab/snaps)
+    
+    ```bash
+    sudo snap set azure-iot-edge raw-config="$(cat ~/config.toml)"
+    ```
+    
+    ---
 
 ## Verify successful installation
 
 If you didn't already, apply the configuration changes that you made on the device.
 
-   ```bash
-   sudo iotedge config apply
-   ```
+```bash
+sudo iotedge config apply
+```
 
 Check to see that the IoT Edge runtime is running.
 
    ```bash
-   sudo iotedge system status
-   ```
+sudo iotedge system status
+```
 
 Examine daemon logs.
 
-   ```cmd/sh
-   sudo iotedge system logs
-   ```
+```cmd/sh
+sudo iotedge system logs
+```
 
 If you see provisioning errors, it might be that the configuration changes haven't taken effect yet. Try restarting the IoT Edge daemon.
 
-   ```bash
-   sudo systemctl daemon-reload
-   ```
+```bash
+sudo systemctl daemon-reload
+```
 
 Or, try restarting your VM to see if the changes take effect on a fresh start.