Deploy a pre-built image into balena using local mode

Im trying to Deploy a pre-built image in to balena using local mode. The image is inside the dockerhub. After pulling the image into my computer and using balena deploy command:
balena deploy MyApp MyImage
in the command line, I get the following errors. I have to mention that I am using the latest balena cli version (11.21.0)! There is a message indication Unauthorized and can not access application. Im assuming I don’t have the right to deploy to balena.

Appreciate any suggestion of how to fix this issue and to deploy my image into my app in balena.

Thanks for taking the time to provide enough information to get a handle on what might be happening. Unauthorized is either, the application doesn’t exist and we’re folding all 404’s into 403’s to prevent war-dialing (typo in app name? We can’t see the original deploy command in the screenshot).

I assume as a sanity check you have run balena login [1]?

[1] https://github.com/balena-io/balena-cli-masterclass#12-authentication

Balena Deploy problem

Thank you for sharing the additional details @gh_laylapezeshkmher. I’ve engaged the team to try and reproduce this issue and we will get back to you shortly.

Thank you! I think we know what the issue is. Currently, we are using not the updated BalenaOS. We are still using the 2.9 version. We need to upgrade the Balena OS. Also we need to change the app type from classic to another type. Once we make these changes, I will be able to execute the balena deploy command.

Layla

Hello Layla, thank you for the update. Please let us know how it goes with the application type change as well as OS upgrade.

I see that @pdcastro is actively looking into this. So he’d give further updates when he makes progress. Meanwhile, please ping us of any comments or questions.

@gh_laylapezeshkmher, the investigation so far suggests that the problem is that the application owner username needs to be prefixed to the application name in the format owner/appname. I assume you are not the owner of the Edge1CI application: I assume you have the Developer role as an application member. You can use the web dashboard to open the Members tab/panel for the application, where you will find the owner’s username. Then, instead of running the following command:

balena deploy Edge1CI skycatch/docker-edge1:arm

Run it with the owner prefix:

balena deploy owner/Edge1CI skycatch/docker-edge1:arm

where owner is the username you found for the application owner in the web dashboard. This is only required for ‘Classic’ and ‘Legacy’ application types and when the user running the command is not owner, which is why you would not have had the same problem with non-legacy apps like ‘Microservices’, ‘Essentials’ or ‘Starter’.

Let us know if this works! I have created a CLI issue for this to be better documented, for the error message to be improved and perhaps for the prefix requirement to be removed altogether:

Hello, thank you! I used the owner’s user name as a prefix and it worked! However, I have to get the image from a private repository in the dockerhub and I used the following command which failed:
balena deploy owner’susername/Edge1CI skycatch/docker-edge1:arm --registry-secrets registry-secrets.yml

Inside the registry-secrets I have the user and password for the dockerhub. Also registry-secrets.yml is defined in the same folder as I am executing the deploy command therefore, I am not including the path to registry-secrets.yml

can you please confirm.

thank you!

I have defined the registry-secrets.yml as follows:
’ ': # Use the empty string to refer to the Docker Hub

username: mydockeruser

password: mydockerpassword

Hi there. It looks like we lost some formatting there. According to the documentation I could find you need to set the registry URL explicitly. Can you try changing your registry-secrets.yml as below?

'https://index.docker.io/v2/':
  username: mydockeruser
  password: mydockerpassword

The empty string is supposed to work as well (balena help deploy), but note the difference between “empty string” and “a space character between quotes”, i.e. '' vs. ' '. It’s coded here: https://github.com/balena-io-modules/resin-multibuild/blob/v4.3.4/lib/registry-secrets.ts#L134-L136

Granted, the CLI could be a bit more flexible in that string matching. :slight_smile:

Hello, I just want to thank you for helping me out in deploying the pre built image to our local device. I have used an empty space and just for visibility I give it a space.

Adding the owners name as a prefix fixed the issue.

This is what I used as for the command:

Balena deploy owener’susername/appname name-of-the l-prebuilt-image —registry-secrets registry-secrets.yml

Thank you

Layla

Hi Layla,

It’s our pleasure. I’m glad you got it working.

Thanks,
James

:+1:t2:

Thank you! Until my next unsolved issue!

Layla

Hello and Good morning:
I have a question regarding the session key under Preference, Access Tokens, Session token. I can’t recall how it was generated and why it is needed. I have noticed that it expires every 7 days. Will please let me know

thank you,

  • Layla.

Hello! Good morning to you too.

Session tokens can be used for authentication in the balena API, CLI or the SDK’s. You can read more about it on our docs:
https://www.balena.io/docs/learn/manage/account/

Cheers!

They are automatically generated and are only needed if you want to create a script or an automated process that requires authentication with a balena service.

Thank you for the reply,
yes that is the page which I have read. My question is that I can’t recall how this key was generated. Is it automatically generated or was there a way to create that. I would appreciate if you let me know.

thank you,

  • Layla.

Hi @gh_laylapezeshkmher,
A session token is generated whenever a user logs-in using their credentials, and that’s how our backend can identify each user and verify whether a request is authenticated or not.
This is considered sensitive information, and should not be passed to others.
In case that somehow a third person gets hold of your session token, then they will be to act on your behalf (for example generate more API keys).
If there are such concerns, then you can use the “Log me out from other sessions” button in the “Account details” tab, which will invalidate the current session token and generate a new one.

Let me know in case you have further questions that you would like us to clarify.

Kind regards,
Thodoris

Thank you so much! I appreciate it