Error when starting Tentacle container

OctopusSchaff · 10 March 2023 20:10

I am seeing the following logs when I try to start a tentacle container (running in Kubernetes):

===============================================
Configuring Octopus Deploy Tentacle
 - server endpoint 'http://iiswebdeploy/'
 - api key '##########'
 - communication mode 'Polling' (Active)
 - server port 10943
 - worker pool 'KubernetesNonProdWorkerPool'
 - host 'ComputerName'
 - space 'IT Kubernetes'
===============================================
/scripts/configure-tentacle.sh: line 109:    11 Killed                  tentacle create-instance --instance "$instanceName" --config "$configurationDirectory/tentacle.config"
+ [[ N == \Y ]]
+ echo 'Starting Docker-in-Docker daemon. This requires that this container be run in privileged mode.'
Starting Docker-in-Docker daemon. This requires that this container be run in privileged mode.
+ tentacle agent --instance Tentacle --noninteractive
+ nohup /usr/local/bin/dockerd-entrypoint.sh dockerd
mount: /sys/kernel/security: permission denied.
Could not mount /sys/kernel/security.
AppArmor detection and --privileged mode might break.
mount: /tmp: permission denied.
/scripts/run-tentacle.sh: line 11:    39 Killed                  tentacle agent --instance Tentacle --noninteractive

It seems to be saying that I need to run in privileged mode. But that is confusing to me because I have run this container in my cluster just like this before, with no issues.

The only difference is that I am passing in the API Key as an environment variable parameter instead of having it be hard coded into the container.

But, as I understand it, that should not be any different. (The env vars should be set prior to the container being started.)

Any ideas on what I can do to troubleshoot this issue?

Justin_Walsh · 10 March 2023 20:38

Hi @OctopusSchaff!

Sorry to hear you’re having issues getting this container running in your cluster.

Privileged mode is only required when making use of Docker-in-docker functionality, which seems strange if the only change was your API key - is it possible that the Docker-In-Docker env var was changed as well for this deployment? This functionality is modified by the DISABLE_DIND environment variable.

OctopusSchaff · 10 March 2023 21:39

I don’t set that environment variable. These are the environment variables for the container:

  Space:                   IT Kubernetes
  ServerPort:              10943
  TargetWorkerPool:        KubernetesNonProdWorkerPool
  ACCEPT_EULA:             Y
  ServerUrl:               http://myoctoserver/
  ServerApiKey:            API-Redacted
  DT_DEPLOYMENT_METADATA:  orchestration_tech=Operator-application_monitoring;script_version=v0.7.2;orchestrator_id=827e43fb-d651-443d-ad74-516e4ec003f2
  LD_PRELOAD:              /opt/dynatrace/oneagent-paas/agent/lib64/liboneagentproc.so

Is it possible that this defaults to true?

Justin_Walsh · 10 March 2023 22:13

Yes, by default Docker-in-docker is enabled unless you specifically disable it with the DISABLE_DIND env var.

You can find more details of this in our docs here: Octopus Tentacle in a Container - Octopus Deploy

I hope this helps!

OctopusSchaff · 10 March 2023 22:30

Setting DISABLE_DIND caused the “privileged” error to go away, but it is still giving a “killed” message:

===============================================
Configuring Octopus Deploy Tentacle
 - server endpoint 'http://iiswebdeploy/'
 - api key '##########'
 - communication mode 'Polling' (Active)
 - server port 10943
 - worker pool 'KubernetesNonProdWorkerPool'
 - host 'ComputerName'
 - space 'IT Kubernetes'
===============================================
/scripts/configure-tentacle.sh: line 109:    11 Killed                  tentacle create-instance --instance "$instanceName" --config "$configurationDirectory/tentacle.config"
Docker-in-Docker is disabled.
+ [[ Y == \Y ]]
+ echo Docker-in-Docker is disabled.
+ tentacle agent --instance Tentacle --noninteractive
/scripts/run-tentacle.sh: line 11:    38 Killed                  tentacle agent --instance Tentacle --noninteractive

When I check the status, it says it is in a CrashLoopBackoff…

patrick.smergut · 10 March 2023 23:13

Hi @OctopusSchaff,

Thanks for trying that. I’m not sure what’s causing the script to be killed, but would you be willing to send through the docker logs for that container so we can see what might be causing the tentacle installation to fail?

You can use the following link to send this through to us securely:

OctopusSchaff | Octopus Support

Let us know once you’ve done that and we’ll review it.

Best,
Patrick

OctopusSchaff · 10 March 2023 23:16

Unfortunately what I have included are the docker logs… I get them by running kubectl logs -n octopus-tentacles my-container-name-here.

Is there output from another command you would like to see?

OctopusSchaff · 10 March 2023 23:32

Further delving showed that I was getting an OOMKILLED error.

Digging into this showed that I was running out of memory for the pod. Once I fixed that, it started up just fine.

Thank you for your help in fixing this issue!

patrick.smergut · 10 March 2023 23:36

Hey @OctopusSchaff,

That’s great news and I’m glad you were able to figure out what was causing it! Also, thank you for sharing the resolution details as they go a long way toward helping others in the community.

Let us know if you need anything else!

Best regards,
Patrick

system · 10 April 2023 23:36

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.