Torizoncore-builder bundle with private docker registry

Technical Support
, , , ,
1

Hi

I’m trying to create my own torizoncore image according this article. Now I want get my Docker containers onto my image according this article. I uploaded all my docker images to my private docker registry (gitlab.com) and created a corresponding docker-compose file. If I compose locally on the device, it works. But if I execute this command (on my notebook/Ubuntu 20.04LTS):

torizoncore-builder bundle --host-workdir=$(pwd) --platform=linux/arm64 --file docker-compose.yml --docker-username my@login.com --docker-password mYpAssword

I get this error:

torizoncore-builder bundle --host-workdir=$(pwd) --platform=linux/arm64 --file docker-compose.yml --docker-username my@emaillogin.com --docker-password mypw
An unexpected Exception occured. Please provide the following stack trace to
the Toradex TorizonCore support team:


Traceback (most recent call last):
  File "/usr/local/lib/python3.9/dist-packages/docker/api/client.py", line 268, in _raise_for_status
    response.raise_for_status()
  File "/usr/local/lib/python3.9/dist-packages/requests/models.py", line 943, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 401 Client Error: Unauthorized for url: https://127.0.0.1:22376/v1.40/auth

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/builder/torizoncore-builder", line 172, in <module>
    mainargs.func(mainargs)
  File "/builder/tcbuilder/cli/bundle.py", line 22, in bundle_containers
    dockerbundle.download_containers_by_compose_file(
  File "/builder/dockerbundle.py", line 273, in download_containers_by_compose_file
    dind_client.login(docker_username, docker_password)
  File "/usr/local/lib/python3.9/dist-packages/docker/client.py", line 199, in login
    return self.api.login(*args, **kwargs)
  File "/usr/local/lib/python3.9/dist-packages/docker/api/daemon.py", line 152, in login
    return self._result(response, json=True)
  File "/usr/local/lib/python3.9/dist-packages/docker/api/client.py", line 274, in _result
    self._raise_for_status(response)
  File "/usr/local/lib/python3.9/dist-packages/docker/api/client.py", line 270, in _raise_for_status
    raise create_api_error_from_http_exception(e)
  File "/usr/local/lib/python3.9/dist-packages/docker/errors.py", line 31, in create_api_error_from_http_exception
    raise cls(e, response=response, explanation=explanation)
docker.errors.APIError: 401 Client Error for https://127.0.0.1:22376/v1.40/auth: Unauthorized ("Get https://registry-1.docker.io/v2/: unauthorized: incorrect username or password")

The login credentials are correct, for that I tested the script on different devices. I’m using torizoncore-builder on a Ubuntu 20.04LTS machine, the other commands worked well till now. I already checked the help:

torizoncore-builder bundle --help
2

Hi @syntom does this link give you what you need?

3

Hi @syntom,

Could you also share the docker-compose file itself you’re trying to bundle.

Furthermore I think this might be a bug in our tooling. You said you’re using a registry via Gitlab, not dockerhub, correct?

I believe currently our tool when it performs a login only does so via the dockerhub registry. Which is probably why the tool is saying your credentials are incorrect. Since they are incorrect for dockerhub, because they’re meant for your Gitlab registry.

Let me report this bug and see if we can get a fix going. Allow us some time to investigate and come up with a fix here. In the meantime maybe mirror your images on a local registry running on your host. It should be able to bundle from there as long as it’s not password protected.

Best Regards,
Jeremias

4 
version: "2.4"
services:
  weston:
    environment:
      - ACCEPT_FSL_EULA=1
    container_name: weston
    image: registry.gitlab.com/url/weston-vivante:2
    restart: always
    network_mode: host
    volumes:
      - type: bind
        source: /tmp
        target: /tmp
      - type: bind
        source: /dev
        target: /dev
      - type: bind
        source: /run/udev
        target: /run/udev
    cap_add:
      - CAP_SYS_TTY_CONFIG
    device_cgroup_rules:
      # ... for tty0
      - 'c 4:0 rmw'
      # ... for tty7
      - 'c 4:7 rmw'
      # ... for /dev/input devices
      - 'c 13:* rmw'
      - 'c 199:* rmw'
      # ... for /dev/dri devices
      - 'c 226:* rmw'
  ucp-qt:
    environment:
      - ACCEPT_FSL_EULA=1
    container_name: ucp-qt
    image: registry.gitlab.com/url/ucp-qt:0.8
    restart: always
    network_mode: host
    volumes:
      - type: bind
        source: /var/run/dbus
        target: /var/run/dbus
      - type: bind
        source: /tmp
        target: /tmp
      - type: bind
        source: /dev/dri
        target: /dev/dri
      - type: bind
        source: /dev/galcore
        target: /dev/galcore
    cap_add:
      - CAP_SYS_TTY_CONFIG
    device_cgroup_rules:
      - 'c 199:* rmw'
      # ... for /dev/dri devices
      - 'c 226:* rmw'
    ports:
      - "18080:18080"
  ucpbasis:
    container_name: ucp-basis
    image: registry.gitlab.com/url/ucp-basis:0.5
    restart: always
    network_mode: host
    privileged: true
    volumes:
      - type: bind
        source: /var/rootdirs/home/torizon/data/
        target: /data
      - type: bind
        source: /dev/ttyUSB0/
        target: /dev/ttyUSB0/
    ports:
      - "9090:9090"
      - "8001:8001"
5

Ok. I tried it already with local installed images but this didn’t work (docker login: denied). That’s the reason why I tried it with gitlab private registry.

7

Hi @jeremia. Any progress with your bug report?

8

Just to update, the bug was reported and we have a ticket to work on it internally. We believe we have an idea for a fix but it still needs some work and testing on our side.

9

@syntom

There should be a fix for this now available with the latest version of TorizonCore Builder.

There is now a --registry flag available with the bundle command: TorizonCore Builder Tool - Customizing TorizonCore Images | Toradex Developer Center

This will allow you to specify a specific container registry to login to when using the username and password flags. Omitting the --registry flag will just have you login to the default docker hub registry service.

Best Regards,
Jeremias