cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

This product reached the end of support date on March 31, 2021.

Docker appMon

amitkumar
Inactive

Hi, I am trying to install Appmon for Docker. After providing the license file to .env file while i ran the docker-compose up i am seeing the following error :-

dtcollector | 2020-03-12 00:45:47 SEVERE [ImportCertificateStrategy] certificate is expired and not already accepted for [collector_client]: NotAfter: Thu Mar 07 10:37:35 GMT 2019

dtcollector | 2020-03-12 00:45:47 SEVERE [ImportCertificateStrategy] client did not accepted ssl client certificates. will not establish trust for [collector_client]: NotAfter: Thu Mar 07 10:37:35 GMT 2019

dtcollector | 2020-03-12 00:45:47 SEVERE [MessageBroker] Failed to send CLUSTER_TIME message (target-type=SERVER, target-id=0), uri=null - CommunicationException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExpiredException: client did not accepted ssl client certificates. will not establish trust for [collector_client]

dtcollector | 2020-03-12 00:45:47 SEVERE [ImportCertificateStrategy] certificate is expired and not already accepted for [collector_client]: NotAfter: Thu Mar 07 10:37:35 GMT 2019

dtcollector | 2020-03-12 00:45:47 SEVERE [ImportCertificateStrategy] client did not accepted ssl client certificates. will not establish trust for [collector_client]: NotAfter: Thu Mar 07 10:37:35 GMT 2019

dtcollector | 2020-03-12 00:45:47 SEVERE [MessageBroker] Failed to send CLUSTER_TIME message (target-type=SERVER, target-id=0), uri=null - CommunicationException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExpiredException: client did not accepted ssl client certificates. will not establish trust for [collector_client]

dtcollector | 2020-03-12 00:45:47 WARNING [ClusterTimeProvider] Exception synchronizing cluster time: COMMUNICATION_ERROR [log message will be suppressed for 1 hours]

dtcollector | 2020-03-12 00:45:47 INFO [DtangAdapter] dtang adapter started on collector dtcollector@dtcollector.dynatracedocker_appmon

dtcollector | 2020-03-12 00:45:47 INFO [Collector] Collector started.

dtcollector | 2020-03-12 00:45:49 INFO [WatchDog] Connected successfully to native watchdog on 127.0.0.1:50000

dtcollector | 2020-03-12 00:45:49 [c8e9188e] info [native] New connection on port 50000 received

dtcollector | 2020-03-12 00:45:49 [c8e9188e] info [native] Dynatrace Collector started successfully

dtcollector | 2020-03-12 00:45:57 SEVERE [ImportCertificateStrategy] certificate is expired and not already accepted for [collector_client]: NotAfter: Thu Mar 07 10:37:35 GMT 2019

dtcollector | 2020-03-12 00:45:57 SEVERE [ImportCertificateStrategy] client did not accepted ssl client certificates. will not establish trust for [collector_client]: NotAfter: Thu Mar 07 10:37:35 GMT 2019

dtcollector | 2020-03-12 00:45:57 SEVERE [MessageBroker] Failed to send CLUSTER_TIME message (target-type=SERVER, target-id=0), uri=null - CommunicationException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExpiredException: client did not accepted ssl client certificates. will not establish trust for [collector_client]

dtcollector | 2020-03-12 00:45:57 SEVERE [ImportCertificateStrategy] certificate is expired and not already accepted for [collector_client]: NotAfter: Thu Mar 07 10:37:35 GMT 2019

dtcollector | 2020-03-12 00:45:57 SEVERE [ImportCertificateStrategy] client did not accepted ssl client certificates. will not establish trust for [collector_client]: NotAfter: Thu Mar 07 10:37:35 GMT 2019

dtcollector | 2020-03-12 00:45:57 SEVERE [MessageBroker] Failed to send CLUSTER_TIME message (target-type=SERVER, target-id=0), uri=null - CommunicationException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExpiredException: client did not accepted ssl client certificates. will not establish trust for [collector_client]

dtcollector | 2020-03-12 00:45:57 SEVERE [ImportCertificateStrategy] certificate is expired and not already accepted for [dtserver:6699_client]: NotAfter: Thu Mar 07 10:37:35 GMT 2019

dtcollector | 2020-03-12 00:45:57 SEVERE [ImportCertificateStrategy] client did not accepted ssl client certificates. will not establish trust for [dtserver:6699_client]: NotAfter: Thu Mar 07 10:37:35 GMT 2019

dtcollector | 2020-03-12 00:45:57 WARNING [DynaTraceSSLSocketFactory] Unable to connect to dtserver:6699 probably untrusted certificate: java.security.cert.CertificateExpiredException: client did not accepted ssl client certificates. will not establish trust for [dtserver:6699_client]

dtcollector | 2020-03-12 00:45:57 WARNING [DefaultConnectionEstablisherJob] exception was thrown while connecting: unable to establish connection to dtserver:6699 due a java.io.EOFException: unable to establish connection to dtserver:6699

When i do docker ps i can see server,agent,collector running :-

45bb443573fb dynatrace/server:7.0 "sh -c '${DT_HOME}/p…" 10 hours ago Up 5 minutes 0.0.0.0:2021->2021/tcp, 0.0.0.0:6699->6699/tcp, 0.0.0.0:8020-8021->8020-8021/tcp, 0.0.0.0:8023->8023/tcp, 0.0.0.0:8040-8041->8040-8041/tcp, 0.0.0.0:9911->9911/tcp dtserver

b828efb86b93 dynatrace/agent:7.0 "/bin/sh -c 'while t…" 10 hours ago Up 5 minutes dtagent

5e776c97be4c dynatrace/collector:7.0 "sh -c ${DT_HOME}/ru…" 10 hours ago Up 5 minutes 0.0.0.0:8042-8043->8042-8043/tcp, 0.0.0.0:9998->9998/tcp dtcollector

However i am not able to connect DT client to the appmon.

Can i please get help with this?

11 REPLIES 11

sebastian_kryst
DynaMight Leader
DynaMight Leader

The problem isn't with docker itself but with expired certificate in appmon 7.0. Binaries you have are old so embedded ones are to old to allow appmon to work. I don't know how this is in Docker implementation but in regular one you can tell appmon to work without SSL, then you can run it, generate new ssl certificates via wizard in client and then start using SSL again.

Appmon documentation I suppose is now available only in PDF, you have to check configuration for server and collector. In both sections you will find option to switch components from SSL to non SSL connection. Than all should boot up properly.

Sebastian


amitkumar
Inactive

@Sebastian K. Do you have a link to share that i can go through to make it work on non SSL. At this point i am in a POC mode and don;t care about SSL. Just want the APPMon to monitor few docker containers. Any assistance would be of great help.

First of all you are using appmon 7.0 on POC which is really old and out of support. Appmon has end of life in year from now, so rather you should start POC on Dynatrace, not appmon 🙂

About config files:

https://www.dynatrace.com/support/doc/appmon/administration/server-administration/certificate-manage... -> how to recreate new certificates

About disabling SSL you have to check dtserver.ini and dtcollector.ini in installation directory.

Dynatrace\Dynatrace 7.0\server\conf\ Go here you will find here server.config.xml frontendServer.config.xml

Dynatrace\Dynatrace 7.0\collector\conf\collector.config.xml

In all those files you can find settings related to disabling SSL / changing ports. After that you can start serwer again and it should work. But rather I suggest using appmon 7.2, not 7.0. It should work out of the box.

You don't have to put whole Appmon Server into docker, you can keep it outside. You have to instrument only containers:

https://www.dynatrace.com/support/doc/appmon/application-monitoring/monitor-specific-applications/mo...

Sebastian

amitkumar
Inactive

Just an update. I was able to disable the SSL by changing the collector port tp 6698 and don't see the error anymore. However i am not able to connect my DT client on localhost:2021 it says connection is erroneous.

You have to disable SSL as well in frontendserver for Client connection. Server has to boot as well. There will be certificate issues as well

Docker ps returns me following appmon containers :-


dynatrace/collector:7.0

dynatrace/server:7.0

dynatrace/agent:7.0


There is no frontend server. The package from where i am executing the docker-compose up has the following folders :-


Dynatrace-Agent

Dynatrace-Collector

README.md

docker-compose-withoutCollector.yml

Dynatrace-Agent-Examples

Dynatrace-Server

docker-compose-debian-withoutCollector.yml docker-compose.yml

Dynatrace-Agent-Win

LICENSE

docker-compose-debian.yml

run-as-nonroot.sh

server will contains both, server (backend server) and frontend server in this scenario

@Sebastian K. following is what i have under the docker/DTserver directory :-


#if your url doesn't end with license filename, you should adjust pull-license-key-file.sh script

DT_SERVER_LICENSE_KEY_FILE_URL=

COMPOSE_PROJECT_NAME=dynatracedocker

DT_HOME=/opt/dynatrace

DT_SERVER_LOG_PATH_ON_HOST=/tmp/log/dynatrace/servers/dtserver

DT_SERVER_NAME=dtserver

APPMON_WEB_CLIENT_NONSSL_PORT=8020

APPMON_WEB_CLIENT_SSL_PORT=8021

APPMON_ONEAGENT_NONSSL_SERVER_PORT=8040

APPMON_ONEAGENT_SSL_SERVER_PORT=8041

APPMON_CLIENT_NONSSL_PORT=2021

APPMON_CLIENT_SSL_PORT=8023

APPMON_COLLECTOR_PORT=9998

APPMON_COLLECTOR_SERVER_SSL_PORT=6699

VERSION=7.0

BUILD_VERSION=7.0.0.2469

CUID=0

CGID=0


I tried to disable/comment out all SSL related ports but still no luck.

amitkumar
Inactive

@Sebastian K. to provide few more insights. I am following the following GitHub page and trying to setup Appmon to monitor few microservices running on docker container. I have been struggling to make this work for quite some time with no luck. I want to use appmon for my troubleshooting etc and can not afford the One agent license.


GitHub page i am following:-

https://github.com/Dynatrace/Dynatrace-AppMon-Docker


Any guidance on how to monitor few single host docker containers would be of create help.

You can use free 15 days trial for OneAgent

Sebastian

sebastian_kryst
DynaMight Leader
DynaMight Leader

Don’t use Appmon 7.0 in docker, use 7.2 without docket and instrument only your docket applications. Why you are trying to fire up Appmon in docker with old and unsupported version?