Error while deployment

Hi everyone, I did the ‘hello-world’ docker image deployment and it went fine for me. But with my own image hosted on AWS ECR I get the error shown below. I have the AWS login setup and can run ‘docker pull’ on the image URI without any issues but during the deployment I get the following error:

2021-08-11 13:50:36 +0000 UTC info: Running Mender client version: 2.3.0
2021-08-11 13:50:37 +0000 UTC info: State transition: update-fetch [Download_Enter] → update-store [Download_Enter]
2021-08-11 13:50:37 +0000 UTC info: No public key was provided for authenticating the artifact
2021-08-11 13:50:37 +0000 UTC error: Update module /usr/share/mender/modules/v3/docker.1 is not executable
2021-08-11 13:50:37 +0000 UTC info: State transition: update-store [Download_Enter] → update-after-store [Download_Leave]
2021-08-11 13:50:37 +0000 UTC info: State transition: update-after-store [Download_Leave] → update-install [ArtifactInstall]
2021-08-11 13:50:39 +0000 UTC info: Update module output: Error response from daemon: Get https://997289139828.dkr.ecr.eu-central-1.amazonaws.com/v2/test_mender/manifests/sha256:a5d7e0ec084fa6650d062c36456e1d70d44b622f137ba623de420e97d6d3e76b: no basic auth credentials
2021-08-11 13:50:39 +0000 UTC error: Update module terminated abnormally: exit status 1
2021-08-11 13:50:39 +0000 UTC error: transient error: Update module terminated abnormally: exit status 1
2021-08-11 13:50:39 +0000 UTC info: State transition: update-install [ArtifactInstall] → rollback [ArtifactRollback]
2021-08-11 13:50:39 +0000 UTC info: Performing rollback
2021-08-11 13:50:39 +0000 UTC info: State transition: rollback [ArtifactRollback] → update-error [ArtifactFailure]
2021-08-11 13:50:39 +0000 UTC info: State transition: update-error [ArtifactFailure] → cleanup [Error]
2021-08-11 13:50:39 +0000 UTC info: State transition: cleanup [Error] → update-status-report [none]

I also can’t seem to be able to generate artifacts from my local docker images. I get the following error:

Error response from daemon: pull access denied for docker_image1, repository does not exist or may require ‘docker login’: denied: requested access to the resource is denied

I can generate the artifact for ‘hello-world’ which is pulled from the official Docker repo and for my own images on AWS. Maybe the two issue are related ?

Hi @w.cheema,

I am curious on where you are storing the credentials. Don’t forget all the systemd services (like the Mender client) are executed by default by root. If you store credentials using a non-privileged user and root doesn’t have access to these credentials because of context probably it will fail to connect to a private docker registry.

If you take a look at the docker update module provided as example, it uses the “pull” command so it does need the images to be in a Docker Registry (public or private) and not locally. However, you can create your own update module using this one as a base, and instead of using “docker pull” you can use any other mechanism that makes sense for your use case.

Hope it answers your question.

Luis

@lramirez thanks for explanation, it was very helpful. Looking at the source code helped me understand how exactly it was working and it was indeed an issue with AWS credentials being not stored as a root user.