Unable to see application data after deployment of Docker Agent

book

Article ID: 142330

calendar_today

Updated On:

Products

CA Application Performance Management Agent (APM / Wily / Introscope) CA Application Performance Management (APM / Wily / Introscope) INTROSCOPE DX Application Performance Management

Issue/Introduction

Application teams were unable to see the application data after deployment. 
Consistently see the following messages in the logs for the caagent pod.
Errors below -
nsenter: cannot open /proc/6705/ns/net: Permission denied
nsenter: cannot open /proc/6705/ns/net: Permission denied
nsenter: cannot open /proc/6705/ns/net: Permission denied
nsenter: cannot open /proc/6650/ns/net: Permission denied
nsenter: cannot open /proc/6650/ns/net: Permission denied
nsenter: cannot open /proc/6650/ns/net: Permission denied
nsenter: reassociate to namespace 'ns/net' failed: Operation not permitted
nsenter: reassociate to namespace 'ns/net' failed: Operation not permitted
nsenter: reassociate to namespace 'ns/net' failed: Operation not permitted
nsenter: reassociate to namespace 'ns/net' failed: Operation not permitted
nsenter: reassociate to namespace 'ns/net' failed: Operation not permitted
nsenter: reassociate to namespace 'ns/net' failed: Operation not permitted

Cause

1. A docker permission issue

 

2. Because the application is running inside of the container and is not managed by a supervisor, that handles the graceful exit/SIGHUP  of containers.

 

 

Environment

Release : All Supported Releases.

Component : APM Agents

Resolution

1. To resolve the Permission issue, please add the user to the Docker Admin group.

https://github.com/jpetazzo/nsenter/issues/44
https://github.com/jpetazzo/nsenter/issues/95
https://stackoverflow.com/questions/46714547/providing-shell-access-to-particular-docker-container-to-user-which-is-not-added

 

2. Best practice would be to use the supervisor inside of a container, make sure that all running applications are 'handled" by it.