Error while deployment

w.cheema · August 11, 2021, 2:23pm

Hi everyone, I did the ‘hello-world’ docker image deployment and it went fine for me. But with my own image hosted on AWS ECR I get the error shown below. I have the AWS login setup and can run ‘docker pull’ on the image URI without any issues but during the deployment I get the following error:

2021-08-11 13:50:36 +0000 UTC info: Running Mender client version: 2.3.0
2021-08-11 13:50:37 +0000 UTC info: State transition: update-fetch [Download_Enter] → update-store [Download_Enter]
2021-08-11 13:50:37 +0000 UTC info: No public key was provided for authenticating the artifact
2021-08-11 13:50:37 +0000 UTC error: Update module /usr/share/mender/modules/v3/docker.1 is not executable
2021-08-11 13:50:37 +0000 UTC info: State transition: update-store [Download_Enter] → update-after-store [Download_Leave]
2021-08-11 13:50:37 +0000 UTC info: State transition: update-after-store [Download_Leave] → update-install [ArtifactInstall]
2021-08-11 13:50:39 +0000 UTC info: Update module output: Error response from daemon: Get https://997289139828.dkr.ecr.eu-central-1.amazonaws.com/v2/test_mender/manifests/sha256:a5d7e0ec084fa6650d062c36456e1d70d44b622f137ba623de420e97d6d3e76b: no basic auth credentials
2021-08-11 13:50:39 +0000 UTC error: Update module terminated abnormally: exit status 1
2021-08-11 13:50:39 +0000 UTC error: transient error: Update module terminated abnormally: exit status 1
2021-08-11 13:50:39 +0000 UTC info: State transition: update-install [ArtifactInstall] → rollback [ArtifactRollback]
2021-08-11 13:50:39 +0000 UTC info: Performing rollback
2021-08-11 13:50:39 +0000 UTC info: State transition: rollback [ArtifactRollback] → update-error [ArtifactFailure]
2021-08-11 13:50:39 +0000 UTC info: State transition: update-error [ArtifactFailure] → cleanup [Error]
2021-08-11 13:50:39 +0000 UTC info: State transition: cleanup [Error] → update-status-report [none]

w.cheema · August 11, 2021, 3:03pm

I also can’t seem to be able to generate artifacts from my local docker images. I get the following error:

Error response from daemon: pull access denied for docker_image1, repository does not exist or may require ‘docker login’: denied: requested access to the resource is denied

I can generate the artifact for ‘hello-world’ which is pulled from the official Docker repo and for my own images on AWS. Maybe the two issue are related ?

lramirez · August 11, 2021, 7:11pm

Hi @w.cheema,

I am curious on where you are storing the credentials. Don’t forget all the systemd services (like the Mender client) are executed by default by root. If you store credentials using a non-privileged user and root doesn’t have access to these credentials because of context probably it will fail to connect to a private docker registry.

If you take a look at the docker update module provided as example, it uses the “pull” command so it does need the images to be in a Docker Registry (public or private) and not locally. However, you can create your own update module using this one as a base, and instead of using “docker pull” you can use any other mechanism that makes sense for your use case.

Hope it answers your question.

Luis

w.cheema · August 13, 2021, 2:29pm

@lramirez thanks for explanation, it was very helpful. Looking at the source code helped me understand how exactly it was working and it was indeed an issue with AWS credentials being not stored as a root user.

Topic		Replies	Views
Issue with Docker update module and AWS ECR credential helper General Discussions docker , aws	5	926	July 6, 2021
Can not fetch update image on deployent General Discussions	7	155	December 1, 2023
Working with S3 instead of Minio - no artifacts found and blank releases page General Discussions	10	3007	August 19, 2019
Host validation error on deployment step General Discussions	27	1620	May 8, 2021
"Can not fetch update image" error General Discussions	2	684	June 9, 2019

Error while deployment

Related Topics