If you encounter issues with the Device Provisioning Service or Hub, follow these steps to enable debug logs in the configuration:
Update the YAML configuration file with the following content:
coapgateway:
log:
dumpBody: true
level: debug
deviceProvisioningService:
log:
dumpBody: true
level: debug
Apply the helm configuration by running the following commands:
helm upgrade -i -n plgd --create-namespace -f ./withUpdatedMock.yaml hub plgd/plgd-hub
Restart the pods by deleting them:
kubectl -n plgd delete $(kubectl -n plgd get pods -o name | grep "plgd-hub")
These steps will enable debug logging and restart the necessary components, providing more detailed information for troubleshooting the issues with the Device Provisioning Service or Hub.
If your device is unable to connect to DPS, follow these steps:
Check the DPS logs by running the following command:
kubectl -n plgd logs $(kubectl -n plgd get pods -o name | grep "plgd-hub-device-provisioning-service")
Check the device logs in the console.
In most cases, the issue lies in the certificate chain or resolving the domain name. If it’s a certificate chain problem, do the following:
deviceProvisioningService.enrollmentGroups[].attestationMechanism.x509.certificateChain field.$HOME/plgd_certs/device/pki_certs/mfgkey.pem, $HOME/plgd_certs/device/pki_certs/mfgkey.pem, $HOME/plgd_certs/device/pki_certs/dpsca.pem.If your device is unable to connect to the Hub, follow these steps:
Check the Hub logs by running the following command:
kubectl -n plgd logs $(kubectl -n plgd get pods -o name | grep "coap-gateway")
Check the device logs in the console.
In most cases, the issue is related to resolving the domain name or a misconfigured provider. If it’s a provider configuration problem, do the following:
deviceProvisioningService.enrollmentGroups[].hub.authorization.provider field.
kubectl -n plgd get $(kubectl -n plgd get configmap -o name | grep "coap-gateway") -o yaml | yq '.data["service.yaml"]' | yq '.apis.coap.authorization.providers'
If your device can connect to the DPS service but is unable to retrieve certificates from the certificate authority or obtain an authorization code due to lack of trust, follow these steps:
global.extraCAPool.authorization and set deviceProvisioningService.enrollmentGroups[].hub.certificateAuthority.grpc.tls.caPool to /certs/extra/ca.crt as described in the Customize client certificates for DPS section. Alternatively, you can create an extra volume, mount it, and set the deviceProvisioningService.enrollmentGroups[].hub.certificateAuthority.grpc.tls.caPool field to the CA in that volume.enrollmentGroups.[].hub.authorization.provider.http.tls.caPool.plgd makes it simpler to build a successful IoT initiative – to create a proof of concept, evaluate, optimize, and scale.
