iot-edge-install-linux.md

ms.topic	include
ms.date	02/19/2026
author	sethmanheim
ms.author	sethm
ms.service	azure-iot-edge
ms.custom	linux-related-content
services	iot-edge

Install IoT Edge

In this section, you prepare your Linux virtual machine or physical device for IoT Edge. Then, you install IoT Edge.

Run the following commands to add the package repository and then add the Microsoft package signing key to your list of trusted keys.

Important

On June 30, 2022, Raspberry Pi OS Stretch was retired from the Tier 1 OS support list. To avoid potential security vulnerabilities, update your host OS to Bullseye.

For tier 2 supported platform operating systems, installation packages are available at Azure IoT Edge releases. See the installation steps in Offline or specific version installation (optional).

Ubuntu

You can install IoT Edge by using a few commands. Open a terminal and run the following commands:

• 24.04:

  wget https://packages.microsoft.com/config/ubuntu/24.04/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
  sudo dpkg -i packages-microsoft-prod.deb
  rm packages-microsoft-prod.deb

• 22.04:

  wget https://packages.microsoft.com/config/ubuntu/22.04/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
  sudo dpkg -i packages-microsoft-prod.deb
  rm packages-microsoft-prod.deb

• 20.04:

  wget https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
  sudo dpkg -i packages-microsoft-prod.deb
  rm packages-microsoft-prod.deb

Debian

You can install it by using APT and running a few commands. Open a terminal and run the following commands:

• 12 - Bookworm (arm32v7):

  curl https://packages.microsoft.com/config/debian/12/packages-microsoft-prod.deb > ./packages-microsoft-prod.deb
  sudo apt install ./packages-microsoft-prod.deb

• 11 - Bullseye (arm32v7):

  curl https://packages.microsoft.com/config/debian/11/packages-microsoft-prod.deb > ./packages-microsoft-prod.deb
  sudo apt install ./packages-microsoft-prod.deb

Tip

If you set a password for the "root" account during the OS installation, you don't need sudo. You can run the previous command by starting with apt.

Red Hat Enterprise Linux

You can install IoT Edge by using a few commands. Open a terminal and run the following commands:

• 9.x (amd64):

   wget https://packages.microsoft.com/config/rhel/9.0/packages-microsoft-prod.rpm -O packages-microsoft-prod.rpm
   sudo yum localinstall packages-microsoft-prod.rpm
   rm packages-microsoft-prod.rpm

• 8.x (amd64):

   wget https://packages.microsoft.com/config/rhel/8/packages-microsoft-prod.rpm -O packages-microsoft-prod.rpm
   sudo yum localinstall packages-microsoft-prod.rpm
   rm packages-microsoft-prod.rpm

Ubuntu Core snaps

You install the IoT Edge runtime from the snap store in a later step. Continue to the next section.

---

For more information about operating system versions, see Azure IoT Edge supported platforms.

Note

Azure IoT Edge software packages are subject to the license terms located in each package (usr/share/doc/{package-name} or the LICENSE directory). Read the license terms before using a package. Your installation and use of a package constitutes your acceptance of these terms. If you don't agree with the license terms, don't use that package.

Install a container engine

Azure IoT Edge relies on an OCI-compatible container runtime. For production scenarios, use the Moby engine. The Moby engine is the container engine officially supported with IoT Edge. Docker CE and Docker EE container images work with the Moby runtime. If you're using Ubuntu Core snaps, Canonical services the Docker snap and supports it for production scenarios.

Ubuntu

Install the Moby engine.

sudo apt-get update; \
  sudo apt-get install moby-engine

Debian

Install the Moby engine.

sudo apt-get update; \
  sudo apt-get install moby-engine

Red Hat Enterprise Linux

Install the Moby engine and CLI.

sudo yum install moby-engine moby-cli

Tip

If you get errors when you install the Moby container engine, verify your Linux kernel for Moby compatibility. Some embedded device manufacturers ship device images that contain custom Linux kernels without the features required for container engine compatibility. Run the following command, which uses the check-config script provided by Moby, to check your kernel configuration:

curl -ssl https://raw.githubusercontent.com/moby/moby/master/contrib/check-config.sh -o check-config.sh
chmod +x check-config.sh
./check-config.sh

In the output of the script, check that all items under Generally Necessary and Network Drivers are enabled. If you're missing features, enable them by rebuilding your kernel from source and selecting the associated modules for inclusion in the appropriate kernel .config. Similarly, if you're using a kernel configuration generator like defconfig or menuconfig, find and enable the respective features and rebuild your kernel accordingly. After you deploy your newly modified kernel, run the check-config script again to verify that all the required features are successfully enabled.

Ubuntu Core snaps

IoT Edge has dependencies on Docker and IoT Identity Service. Install the dependencies by using the following commands:

sudo snap install docker
sudo snap install azure-iot-identity

The Docker snap is serviced by Canonical and supported for production scenarios.

---

By default, the container engine doesn't set container log size limits. Over time, this situation can lead to the device filling up with logs and running out of disk space. However, you can configure your log to show locally, though it's optional. For more information about logging configuration, see Prepare to deploy your IoT Edge solution in production.

The following steps show you how to configure your container to use the local logging driver as the logging mechanism.

Ubuntu / Debian / RHEL

1. Create or edit the existing Docker daemon's config file:

   sudo nano /etc/docker/daemon.json

2. Set the default logging driver to the local logging driver as shown in the example:

      {
         "log-driver": "local"
      }

3. Restart the container engine for the changes to take effect.

   sudo systemctl restart docker

Ubuntu Core snaps

Currently, the Docker snap doesn't support the local logging driver setting.

---

Install the IoT Edge runtime

The IoT Edge service provides and maintains security standards on the IoT Edge device. The service starts on every boot and bootstraps the device by starting the rest of the IoT Edge runtime.

Note

Beginning with version 1.2, the Azure IoT identity service handles identity provisioning and management for IoT Edge and for other device components that need to communicate with IoT Hub.

The steps in this section represent the typical process to install the latest IoT Edge version on a device that has internet connection. If you need to install a specific version, like a prerelease version, or need to install while offline, follow the Offline or specific version installation steps later in this article.

Tip

If you already have an IoT Edge device running an older version and want to upgrade to the latest release, use the steps in Update IoT Edge. Later versions are sufficiently different from previous versions of IoT Edge that specific steps are necessary to upgrade.

Ubuntu

Install the latest version of IoT Edge and the IoT identity service package (if you're not already up-to-date):

• 22.04:

  sudo apt-get update; \
    sudo apt-get install aziot-edge

• 20.04:

  sudo apt-get update; \
    sudo apt-get install aziot-edge

Debian

Install the latest version of IoT Edge and the IoT identity service package (if you're not already up-to-date):

sudo apt-get update; \
  sudo apt-get install aziot-edge

Red Hat Enterprise Linux

Install the latest version of IoT Edge and the IoT identity service package (if you're not already up-to-date):

sudo yum install aziot-edge

Ubuntu Core snaps

Install IoT Edge from the snap store:

sudo snap install azure-iot-edge

Connect snaps

By default, snaps are dependency-free, untrusted, and strictly confined. Hence, you must connect snaps to other snaps and system resources after installation. Use the following commands to connect the IoT Identity Service and IoT Edge snaps to each other and to system resources. To get started, manually connect the snaps. For production deployments, you can configure them to automatically connect to reduce the provisioning workload.

#------------------------
#  IoT Identity Service
#------------------------

# Connect the Identity Service snap to the logging system
# and grant permission to query system info

sudo snap connect azure-iot-identity:log-observe
sudo snap connect azure-iot-identity:mount-observe
sudo snap connect azure-iot-identity:system-observe
sudo snap connect azure-iot-identity:hostname-control

# If using a TPM, enable TPM access

sudo snap connect azure-iot-identity:tpm

#------------
#  IoT Edge
#------------

# Connect to your /home directory to enable writing support bundles

sudo snap connect azure-iot-edge:home

# Connect to logging and grant permission to query system info

sudo snap connect azure-iot-edge:log-observe
sudo snap connect azure-iot-edge:mount-observe
sudo snap connect azure-iot-edge:system-observe
sudo snap connect azure-iot-edge:hostname-control
# Allow IoT Edge to connect to the /var/run/iotedge folder and use sockets

sudo snap connect azure-iot-edge:run-iotedge

# Connect IoT Edge to Docker

sudo snap connect azure-iot-edge:docker docker:docker-daemon

---