Skip to content

Commit a2148d6

Browse files
authored
Merge pull request #106209 from MicrosoftDocs/revert-106021-release-iotedge-109
Revert "Release iotedge 109"
2 parents e733b06 + 24c8af0 commit a2148d6

12 files changed

+72
-591
lines changed

.openpublishing.redirection.json

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -3258,11 +3258,6 @@
32583258
"redirect_url": "/azure/iot-edge/how-to-register-device",
32593259
"redirect_document_id": false
32603260
},
3261-
{
3262-
"source_path": "articles/iot-edge/how-to-install-production-certificates.md",
3263-
"redirect_url": "/azure/iot-edge/how-to-manage-device-certificates",
3264-
"redirect_document_id": true
3265-
},
32663261
{
32673262
"source_path": "articles/cognitive-services/cognitive-services-recommendations-quick-start.md",
32683263
"redirect_url": "/azure/cognitive-services/recommendations/overview",

articles/iot-edge/TOC.yml

Lines changed: 15 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -125,8 +125,8 @@
125125
href: how-to-install-iot-edge-ubuntuvm.md
126126
- name: Kubernetes
127127
href: how-to-install-iot-edge-kubernetes.md
128-
- name: Manage device certificates
129-
href: how-to-manage-device-certificates.md
128+
- name: Install production certificates
129+
href: how-to-install-production-certificates.md
130130
- name: Create test certificates
131131
href: how-to-create-test-certificates.md
132132
- name: Update the runtime version
@@ -139,8 +139,6 @@
139139
href: how-to-auto-provision-simulated-device-linux.md
140140
- name: Windows
141141
href: how-to-auto-provision-simulated-device-windows.md
142-
- name: X.509 certificate attestation
143-
href: how-to-auto-provision-x509-certs.md
144142
- name: Symmetric key attestation
145143
href: how-to-auto-provision-symmetric-keys.md
146144
- name: Develop and debug custom modules
@@ -151,26 +149,20 @@
151149
href: how-to-vs-code-develop-module.md
152150
- name: Deploy modules
153151
items:
154-
- name: Deploy to individual devices
155-
items:
156-
- name: Azure portal
157-
href: how-to-deploy-modules-portal.md
158-
- name: Azure CLI
159-
href: how-to-deploy-modules-cli.md
160-
- name: Visual Studio Code
161-
href: how-to-deploy-modules-vscode.md
162-
- name: Deploy at scale
163-
items:
164-
- name: Azure portal
165-
href: how-to-deploy-monitor.md
166-
- name: Azure CLI
167-
href: how-to-deploy-monitor-cli.md
168-
- name: Visual Studio Code
169-
href: how-to-deploy-monitor-vscode.md
170-
- name: Monitor and diagnose deployments
152+
- name: Azure portal
153+
href: how-to-deploy-modules-portal.md
154+
- name: Azure CLI
155+
href: how-to-deploy-modules-cli.md
156+
- name: Visual Studio Code
157+
href: how-to-deploy-modules-vscode.md
158+
- name: Deploy and monitor at scale
171159
items:
172-
- name: EdgeAgent direct methods
173-
href: how-to-edgeagent-direct-method.md
160+
- name: Azure portal
161+
href: how-to-deploy-monitor.md
162+
- name: Azure CLI
163+
href: how-to-deploy-monitor-cli.md
164+
- name: Visual Studio Code
165+
href: how-to-deploy-monitor-vscode.md
174166
- name: Use IoT Edge devices as gateways
175167
items:
176168
- name: Configure a transparent gateway

articles/iot-edge/how-to-auto-provision-x509-certs.md

Lines changed: 0 additions & 289 deletions
This file was deleted.

articles/iot-edge/how-to-create-test-certificates.md

Lines changed: 5 additions & 60 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ description: Create test certificates and learn how to install them on an Azure
44
author: kgremban
55
manager: philmea
66
ms.author: kgremban
7-
ms.date: 02/26/2020
7+
ms.date: 12/07/2019
88
ms.topic: conceptual
99
ms.service: iot-edge
1010
services: iot-edge
@@ -22,15 +22,6 @@ You can create certificates on any machine, and then copy them over to your IoT
2222
It's easier to use your primary machine to create the certificates rather than generating them on your IoT Edge device itself.
2323
By using your primary machine, you can set up the scripts once and then repeat the process to create certificates for multiple devices.
2424

25-
Follow these steps to create demo certificates for testing your IoT Edge scenario:
26-
27-
1. [Set up scripts](#set-up-scripts) for certificate generation on your device.
28-
2. [Create the root CA certificate](#create-root-ca-certificate) that you use to sign all the other certificates for your scenario.
29-
3. Generate the certificates you need for the scenario you want to test:
30-
* [Create IoT Edge device identity certificates](#create-iot-edge-device-identity-certificates) to test automatic provisioning with the IoT Hub Device Provisioning Service.
31-
* [Create IoT Edge device CA certificates](#create-iot-edge-device-ca-certificates) to test production scenarios or gateway scenarios.
32-
* [Create downstream device certificates](#create-downstream-device-certificates) to test authenticating downstream devices to IoT Hub in a gateway scenario.
33-
3425
## Prerequisites
3526

3627
A development machine with Git installed.
@@ -178,11 +169,7 @@ Before proceeding with the steps in this section, follow the steps in the [Set u
178169

179170
## Create IoT Edge device CA certificates
180171

181-
Every IoT Edge device going to production needs a device CA certificate that's referenced from the config.yaml file.
182-
The device CA certificate is responsible for creating certificates for modules running on the device.
183-
It's also how the IoT Edge device verifies its identity when connecting to downstream devices.
184-
185-
Device CA certificates go in the **Certificate** section of the config.yaml file on the IoT Edge device.
172+
Every IoT Edge device going to production needs a device CA certificate that's referenced from the config.yaml file. The device CA certificate is responsible for creating certificates for modules running on the device. It's also how the IoT Edge device verifies its identity when connecting to downstream devices.
186173

187174
Before proceeding with the steps in this section, follow the steps in the [Set up scripts](#set-up-scripts) and [Create root CA certificate](#create-root-ca-certificate) sections.
188175

@@ -201,9 +188,7 @@ Before proceeding with the steps in this section, follow the steps in the [Set u
201188
* `<WRKDIR>\certs\iot-edge-device-MyEdgeDeviceCA-full-chain.cert.pem`
202189
* `<WRKDIR>\private\iot-edge-device-MyEdgeDeviceCA.key.pem`
203190

204-
The gateway device name passed into those scripts should not be the same as the "hostname" parameter in config.yaml, or the device's ID in IoT Hub.
205-
The scripts help you avoid any issues by appending a ".ca" string to the gateway device name to prevent the name collision in case a user sets up IoT Edge using the same name in both places.
206-
However, it's good practice to avoid using the same name.
191+
The gateway device name passed into those scripts should not be the same as the "hostname" parameter in config.yaml. The scripts help you avoid any issues by appending a ".ca" string to the gateway device name to prevent the name collision in case a user sets up IoT Edge using the same name in both places. However, it's good practice to avoid using the same name.
207192

208193
### Linux
209194

@@ -220,49 +205,9 @@ However, it's good practice to avoid using the same name.
220205
* `<WRKDIR>/certs/iot-edge-device-MyEdgeDeviceCA-full-chain.cert.pem`
221206
* `<WRKDIR>/private/iot-edge-device-MyEdgeDeviceCA.key.pem`
222207

223-
The gateway device name passed into those scripts should not be the same as the "hostname" parameter in config.yaml, or the device's ID in IoT Hub.
224-
The scripts help you avoid any issues by appending a ".ca" string to the gateway device name to prevent the name collision in case a user sets up IoT Edge using the same name in both places.
225-
However, it's good practice to avoid using the same name.
226-
227-
## Create IoT Edge device identity certificates
228-
229-
Device identity certificates are used to provision IoT Edge devices through the [Azure IoT Hub Device Provisioning Service (DPS)](../iot-dps/index.yml).
230-
231-
Device identity certificates go in the **Provisioning** section of the config.yaml file on the IoT Edge device.
232-
233-
Before proceeding with the steps in this section, follow the steps in the [Set up scripts](#set-up-scripts) and [Create root CA certificate](#create-root-ca-certificate) sections.
234-
235-
### Windows
236-
237-
Create the IoT Edge device identity certificate and private key with the following command:
238-
239-
```powershell
240-
New-CACertsEdgeDeviceIdentity "<name>"
241-
```
242-
243-
The name that you pass in to this command will be the device ID for the IoT Edge device in IoT Hub.
244-
245-
The new device identity command creates several certificate and key files, including two that you'll use when creating an individual enrollment in DPS and installing the IoT Edge runtime:
246-
247-
* `<WRKDIR>\certs\iot-edge-device-identity-<name>.cert.pem`
248-
* `<WRKDIR>\private\iot-edge-device-identity-<name>.key.pem`
249-
250-
### Linux
251-
252-
Create the IoT Edge device identity certificate and private key with the following command:
253-
254-
```bash
255-
./certGen.sh create_edge_device_identity_certificate "<name>"
256-
```
257-
258-
The name that you pass in to this command will be the device ID for the IoT Edge device in IoT Hub.
259-
260-
The script creates several certificate and key files, including two that you'll use when creating an individual enrollment in DPS and installing the IoT Edge runtime:
261-
262-
* `<WRKDIR>/certs/iot-edge-device-identity-<name>.cert.pem`
263-
* `<WRKDIR>/private/iot-edge-device-identity-<name>.key.pem`
208+
The gateway device name passed into those scripts should not be the same as the "hostname" parameter in config.yaml. The scripts help you avoid any issues by appending a ".ca" string to the gateway device name to prevent the name collision in case a user sets up IoT Edge using the same name in both places. However, it's good practice to avoid using the same name.
264209

265-
## Create downstream device certificates
210+
## Create X.509 certs for downstream devices
266211

267212
If you're setting up a downstream IoT device for a gateway scenario, you can generate demo certificates for X.509 authentication.
268213
There are two ways to authenticate an IoT device using X.509 certificates: using self-signed certs or using certificate authority (CA) signed certs.

articles/iot-edge/how-to-create-transparent-gateway.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,7 @@ The following steps walk you through the process of creating the certificates an
4343

4444
## Prerequisites
4545

46-
An Azure IoT Edge device, configured with [production certificates](how-to-manage-device-certificates.md).
46+
An Azure IoT Edge device, configured with [production certificates](how-to-install-production-certificates.md).
4747

4848
## Deploy edgeHub to the gateway
4949

articles/iot-edge/how-to-edgeagent-direct-method.md

Lines changed: 0 additions & 74 deletions
This file was deleted.

articles/iot-edge/how-to-install-iot-edge-linux.md

Lines changed: 31 additions & 53 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ ms.reviewer: veyalla
88
ms.service: iot-edge
99
services: iot-edge
1010
ms.topic: conceptual
11-
ms.date: 02/21/2020
11+
ms.date: 07/22/2019
1212
ms.author: kgremban
1313
---
1414
# Install the Azure IoT Edge runtime on Debian-based Linux systems
@@ -174,12 +174,20 @@ sudo nano /etc/iotedge/config.yaml
174174
175175
Find the provisioning configurations of the file and uncomment the **Manual provisioning configuration** section. Update the value of **device_connection_string** with the connection string from your IoT Edge device. Make sure any other provisioning sections are commented out. Make sure the **provisioning:** line has no preceding whitespace and that nested items are indented by two spaces.
176176
177-
```yml
177+
```yaml
178178
# Manual provisioning configuration
179179
provisioning:
180180
source: "manual"
181181
device_connection_string: "<ADD DEVICE CONNECTION STRING HERE>"
182-
dyname_reprovisioning: false
182+
183+
# DPS TPM provisioning configuration
184+
# provisioning:
185+
# source: "dps"
186+
# global_endpoint: "https://global.azure-devices-provisioning.net"
187+
# scope_id: "{scope_id}"
188+
# attestation:
189+
# method: "tpm"
190+
# registration_id: "{registration_id}"
183191
```
184192
185193
To paste clipboard contents into Nano `Shift+Right Click` or press `Shift+Insert`.
@@ -196,67 +204,37 @@ sudo systemctl restart iotedge
196204
197205
### Option 2: Automatic provisioning
198206
199-
IoT Edge devices can be automatically provisioned using the [Azure IoT Hub Device Provisioning Service (DPS)](../iot-dps/index.yml). Currently, IoT Edge supports two attestation mechanisms when using automatic provisioning, but your hardware requirements may impact your choices. For example, Raspberry Pi devices do not come with a Trusted Platform Module (TPM) chip by default. For more information, refer to the following articles:
200-
201-
* [Create and provision an IoT Edge device with a virtual TPM on a Linux VM](how-to-auto-provision-simulated-device-linux.md)
202-
* [Create and provision an IoT Edge device using X.509 certificates](how-to-auto-provision-x509-certs.md)
203-
* [Create and provision an IoT Edge device using symmetric key attestation](how-to-auto-provision-symmetric-keys.md)
204-
205-
Those articles walk you through setting up enrollments in DPS, and generating the proper certificates or keys for attestation. Regardless of which attestation mechanism you choose, the provisioning information is added to the IoT Edge configuration file on your IoT Edge device.
207+
To automatically provision a device, [set up Device Provisioning Service and retrieve your device registration ID](how-to-auto-provision-simulated-device-linux.md). There are a number of attestation mechanisms supported by IoT Edge when using automatic provisioning but your hardware requirements also impact your choices. For example, Raspberry Pi devices do not come with a Trusted Platform Module (TPM) chip by default.
206208
207209
Open the configuration file.
208210
209211
```bash
210212
sudo nano /etc/iotedge/config.yaml
211213
```
212214
213-
Find the provisioning configurations of the file and uncomment the section appropriate for your attestation mechanism. Make sure any other provisioning sections are commented out. The **provisioning:** line should have no preceding whitespace, and nested items should be indented by two spaces. Update the value of **scope_id** with the value from your IoT Hub Device Provisioning Service instance, and provide the appropriate values for the attestation fields.
214-
215-
TPM attestation:
216-
217-
```yml
218-
# DPS TPM provisioning configuration
219-
provisioning:
220-
source: "dps"
221-
global_endpoint: "https://global.azure-devices-provisioning.net"
222-
scope_id: "{scope_id}"
223-
attestation:
224-
method: "tpm"
225-
registration_id: "{registration_id}"
226-
```
227-
228-
X.509 attestation:
229-
230-
```yml
231-
# DPS X.509 provisioning configuration
232-
provisioning:
233-
source: "dps"
234-
global_endpoint: "https://global.azure-devices-provisioning.net"
235-
scope_id: "{scope_id}"
236-
attestation:
237-
method: "x509"
238-
# registration_id: "<OPTIONAL REGISTRATION ID. IF UNSPECIFIED CAN BE OBTAINED FROM CN OF identity_cert"
239-
identity_cert: "<REQUIRED URI TO DEVICE IDENTITY CERTIFICATE>"
240-
identity_pk: "<REQUIRED URI TO DEVICE IDENTITY PRIVATE KEY>"
241-
```
215+
Find the provisioning configurations of the file and uncomment the section appropriate for your attestation mechanism. When using TPM attestation, for example, update the values of **scope_id** and **registration_id** with the values from your IoT Hub Device Provisioning service and your IoT Edge device with TPM, respectively. Make sure the **provisioning:** line has no preceding whitespace and that nested items are indented by two spaces.
242216
243-
Symmetric key attestation:
244-
245-
```yml
246-
# DPS symmetric key provisioning configuration
247-
provisioning:
248-
source: "dps"
249-
global_endpoint: "https://global.azure-devices-provisioning.net"
250-
scope_id: "{scope_id}"
251-
attestation:
252-
method: "symmetric_key"
253-
registration_id: "{registration_id}"
254-
symmetric_key: "{symmetric_key}"
255-
```
217+
```yaml
218+
# Manual provisioning configuration
219+
# provisioning:
220+
# source: "manual"
221+
# device_connection_string: "<ADD DEVICE CONNECTION STRING HERE>"
222+
223+
# DPS TPM provisioning configuration
224+
provisioning:
225+
source: "dps"
226+
global_endpoint: "https://global.azure-devices-provisioning.net"
227+
scope_id: "{scope_id}"
228+
attestation:
229+
method: "tpm"
230+
registration_id: "{registration_id}"
231+
```
256232
257233
To paste clipboard contents into Nano `Shift+Right Click` or press `Shift+Insert`.
258234
259-
Save and close the file. `CTRL + X`, `Y`, `Enter`
235+
Save and close the file.
236+
237+
`CTRL + X`, `Y`, `Enter`
260238
261239
After entering the provisioning information in the configuration file, restart the daemon:
262240

0 commit comments

Comments
 (0)