Several logs reporting "Cannot connect to the Docker daemon at unix"
search cancel

Several logs reporting "Cannot connect to the Docker daemon at unix"

book

Article ID: 411288

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Several services in CA PAM such as grafana, syslog (logstash) and k8/k8v2 cluster orchestrator fail to work in CA PAM, and when viewing the k8v2 cluster orchestratror log which can be downloaded from the Diagnostics page in CA PAM, there is the following error:

Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

This error message may be subsequently detected by Broadcom support if a Support case is raised and different logs are examined

Cause

There are several components in PAM which are being provided as a container service. Among them lies the grafana, logstash and cluster orchestrator services. These containers run in their own network which- by default- runs in the 172.17.0.1/16 (IPv4) and ffb1:a:b:c::/64 (IPv6) internal subnet. Such settings may be found under the Networking --> Container Network Settings section under Configuration in CA PAM

That same section will show whether the container network is working seamlessly or not.

There may be different things that may affect the container network, like for instance overlapping with a production network in CA PAM with different endpoints defined, but one of the issues that will cause this problem to appear is if the container network settings have disappeared.

In this situation checking the above configuration will show the following

 

Generally if this problem occurs is because the network definition file for the container network has disappeared or may have become corrupt

Resolution

One quick solution may consist in filling up the missing information, that is in the Local PAM Container IPv4 Network Bridge option specify 172.17.0.1/16, and ffb1:a:b:c::/64 in the IPv6 one (or any other valid ranges if you suspect overlap with the production network), and then hit the update button

Sometimes this does not work, as not having a container network definition file causes the save process to fail. In such cases please open a case with BroadCom support for assistance

Powered by Wolken Software