Overview

This page provides the details for building the Yocto image which supports docker and docker-compose, to run services in containers on the jetson-nano-2gb-devkit. We will use tegra-demo-distro Yocto project distribution and build demo-image-full using bitbake. Specifically, we will use the kirkstone-l4t-32.7.x branch which is the most recent branch that supports jetson-nano-2gb-devkit. You can fork a copy of this repository to track your local customizations.

Implementation

Adding Docker Compose

By default, the demo-image-full image built using the kirkstone-l4t-32.7.x branch does not include docker-compose. However, it provides the necessary recipe under layers/meta-virtualization. To install docker-compose, we need add IMAGE_INSTALL:append to your build/conf/local.conf file for test purposes, or to the demo-image-full branch of your forked repo.

For local.conf customization, add these lines:

IMAGE_INSTALL:append = " python3-docker-compose"
IMAGE_INSTALL:append = " python3-distutils"

In demo-image-full, add these recipes to CORE_IMAGE_BASE_INSTALL.

Supporting Port Passthrough

There are two methods to expose ports for services running in the containers.

Using the host network driver

This method uses the host's network stack, which effectively forwards all the host ports to the container.

To achieve this, we need to add network_mode = host in the docker-compose.yml (code)

Using iptables

This method allows docker to use iptables for setting up port forwarding rules, to expose specific container ports. This helps keep the docker container network isolated from the host network.

By default, the included iptables version in demo-image-full provided by the kirkstone-l4t-32.7.x branch does not support docker port forwarding. To update iptables to a docker compatible version, we need to add " kernel-modules"inbuild/conf/local.conffile or your demo-image-full.bb custoimized file and specify the ports in thedocker-compose.yml` (code) as shown below.

  ports:
    - "5500:5500"

After the above changes, we need to rebuild the image by running bitbake demo-image-full, which will allow us to successfully forward the docker container ports.

Troubleshooting

When using the default iptables (v1.8.7) included in the demo-image-full, an error occurs when docker tries to add port forwarding rules, as shown below. This is due to the --to-destination option missing in iptables (v1.8.7), which only supports the --destination option. Simply updating the recipe to install a more recent iptables version such as v1.8.10 did not help. To fix this, the steps provided under Using iptables section were used.

Creating webapp webapp_1 ... error

ERROR: for webapp_webapp_1 Cannot start service webapp: driver failed programming external connectivity on endpoint webapp_webapp_1 (c016c5bflobe22ds15ea72bf931dab9F544269de60085de5334fae2949621f3f): (iptables failed: iptables -wait -t nat -A DOCKER -p tcp -d 0/0 --dport 5500 -j DNAT --to-destination 172.18.0.3:5500 | -i br-3a24b8dbe785: iptables v1.8.7 (legacy): unknown option "--to-destination"
ensor
Try 'iptables -h' or 'iptables --help' for more information. 
(exit status 2))

ERROR: Encountered errors while bringing up the project.