How to Add Docker to tdx-reference-minimal-image in Yocto

jonk4m · August 10, 2022, 5:24pm

Hello,

I’ve successfully built a tdx-reference-minimal-image on my BSP5.0 Apalis i.MX8 board. I’ve even added a few packages as I’ve gotten to learn Yocto more.

That being said, I can’t use Torizon, but would like to add similar docker functionality to my Yocto reference image. As far as I can tell, adding “docker-ce” as a package won’t work because I would need to add the meta-virtualization layer to the build, but I’m not sure if I should use devtool to accomplish that or if there’s a guide out there that best describes what I’m trying to do.

Any help would be appreciated, thanks!

hfranco.tx · August 10, 2022, 6:04pm

Hi @jonk4m,

You are right about the meta-virtualization, you will need to add this layer to your layers folder and then add it to your bblayers.conf file. Then, after adding the package to your local.conf file, you should be able to install Docker in your image.
Despite that, I recommend you go with TorizonCore, since it’s easier to work with Docker and develop containers. It’s also supported in Apalis iMX8.

Kind regards,
Hiago.

jonk4m · August 10, 2022, 6:27pm

Thanks Hiago!

When I ran

git clone git://git.yoctoproject.org/meta-virtualization

in my layers directory, then added meta-virtualization to my oe-core/build/conf/bblayers.conf file via:

BBLAYERS ?= " \
  ${TOPDIR}/../layers/meta-toradex-nxp \
  ${TOPDIR}/../layers/meta-freescale \
  ${TOPDIR}/../layers/meta-freescale-3rdparty \
  \
  ${TOPDIR}/../layers/meta-toradex-tegra \
  \
  ${TOPDIR}/../layers/meta-toradex-bsp-common \
  \
  ${TOPDIR}/../layers/meta-openembedded/meta-oe \
  ${TOPDIR}/../layers/meta-openembedded/meta-filesystems \
  ${TOPDIR}/../layers/meta-openembedded/meta-gnome \
  ${TOPDIR}/../layers/meta-openembedded/meta-xfce \
  ${TOPDIR}/../layers/meta-openembedded/meta-initramfs \
  ${TOPDIR}/../layers/meta-openembedded/meta-networking \
  ${TOPDIR}/../layers/meta-openembedded/meta-multimedia \
  ${TOPDIR}/../layers/meta-openembedded/meta-python \
  ${TOPDIR}/../layers/meta-freescale-distro \
  ${TOPDIR}/../layers/meta-toradex-demos \
  ${TOPDIR}/../layers/meta-qt5 \
  ${TOPDIR}/../layers/meta-virtualization \
  \
  \
  ${TOPDIR}/../layers/meta-toradex-distro \
  ${TOPDIR}/../layers/meta-yocto/meta-poky \
  ${TOPDIR}/../layers/openembedded-core/meta \
"

I then ran

bitbake-layers add-layer "~/Documents/Yocto/oe-core/layers/meta-virtualization"

But got the error:

ERROR: Layer virtualization-layer is not compatible with the core layer which only supports these series: dunfell (layer is compatible with kirkstone)

I currently have my u-boot and kernel on the i.MX8’s eMMC. Bundled into the kernel image is an initramfs. When it boots, the kernel unpacks the initramfs and looks for my SATA connected SSD to then switch_root to the real rootfs on the SSD. This tdx-reference-minimal-image is that real rootfs on the SSD.

As an aside:

I would like to use TorizonCore for this application, but when I generate a rootfs with Torizon (say torizon-core-docker-apalis-imx8.rootfs.tar.gz) and extract it to the SSD, my initramfs successfully switch_root’s to run Torizon’s /sbin/init and then gets tons of errors before crashing. The tdx-reference-minimal-image boots just fine on the SSD, I just need docker on it and I’d be good to go.

hfranco.tx · August 10, 2022, 7:45pm

Hi @jonk4m,

The error you’re seeing is because your meta-virtualization is in a different branch. Our current yocto build only supports dunfell, just go to your meta-virtualization and run:

git checkout dunfell

Then, build it again. This error will disappear.
From what I can see from here, this layers needs some extra dependence layers that you will need to add to your image as well.

Did you make any modifications to this image? You can also build TorizonCore from scratch with Yocto, since our OS is opensource. Check how you can do it here: Build Torizon OS from Source With Yocto Project/OpenEmbedded | Toradex Developer Center

Let me know if you need any help with that.

Kind regards,
Hiago.

jonk4m · August 11, 2022, 1:17pm

You were absolutely right about the branch. Thank you!

I do not change the Torizon build in any way, and I am building it from source in yocto to get the
torizon-core-docker-apalis-imx8.rootfs.tar.gz file I need to extract the real rootfs to the SSD.

With the TorizonCore rootfs extracted on the SSD, my initramfs manages to run sbin/init on the rootfs before the errors begin.

Attached is a log of the bootup with TorizonCore on the SSD.
putty_090929_Port0.log (137.5 KB)

And here is my local.conf for the initramfs that I create with

bitbake tdx-reference-minimal-image

#bitbake -k tdx-reference-minimal-image -------------- bitbake -c clean tdx-reference-minimal-image
MACHINE ?= "apalis-imx8"
ACCEPT_FSL_EULA = "1"
DISTRO ?= "tdx-xwayland"
IMAGE_FSTYPES_remove = "wic"
DISTRO_NAME = "kinnard_distro"
DISTRO_VERSION = "1.0-${DATE}"
INITRAMFS_IMAGE = "initramfs-debug-image"
#####initramfs-debug-image core-image-minimal-initramfs tdx-reference-minimal-image
INITRAMFS_IMAGE_BUNDLE = "1"
INITRAMFS_FSTYPES = "cpio.gz"
IMAGE_INSTALL_append = " \
        initramfs-module-debug \
        udev \
        bash \
        rsyslog \
"

PACKAGE_INSTALL_append = " \
        nano \
        i2c-tools \
        dosfstools \
        e2fsprogs-mke2fs \
        parted \
        udisks2 \
        run-postinsts \
        scsirastools \
        packagegroup-boot \
        packagegroup-basic \
        packagegroup-base-tdx-cli \
        packagegroup-machine-tdx-cli \
        udev-extraconf \
        busybox \
        initramfs-module-exec \
        initramfs-module-udev \
        initramfs-module-e2fs \
        initramfs-module-nfsrootfs \
        initramfs-module-rootfs \
        initramfs-module-lvm \
        initramfs-module-debug \
"

PACKAGE_INSTALL_remove = " \
        initramfs-module-install \
        initramfs-module-setup-live \
        initramfs-debug \
        util-linux \
"

CORE_IMAGE_EXTRA_INSTALL += " kernel-modules "
INITRAMFS_MAXSIZE = "301594"
INITRAMFS_KERNEL_IMAGE="Image.gz-initramfs-apalis-imx8.bin"
IMAGE_BOOT_FILES_append = " Image.gz-initramfs-apalis-imx8.bin;Image.gz"
CONFIG_INITRAMFS_SOURCE = "initramfs-debug-image-apalis.cpio.gz"

hfranco.tx · August 11, 2022, 5:16pm

Hi @jonk4m,

Happy to help! Every new meta layer you add needs to be in dunfell branch.

Ok, I can’t think of anything right now that could help you, I need to dive into this problem a little more, then I can reply to you if I have something.

Let me know if you need anything else!

Kind regards,
Hiago.

jonk4m · August 12, 2022, 2:38pm

@hfranco.tx I’ll make a separate post here to address this added question since you definitely answered my first question.