cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Missing Read Permissions to Read/Copy Memory Dump

sv
Newcomer

Hi,
Background, we have a Dynatyrace SaaS instance which is linked to a Kubernetes cluster. We install Dynatrace Operator, OneAgent and ActiveGate via Dynakube. We want to take a memory dump of a workload in K8s and without have the DynatraceURL to download and have access by `kubectl exec` to the ActiveGate pod. So, I followed these steps:

1. I activated Memory Dump Feature in Dynakube:

```

customProperties:
     value: |
       [collector]
       DumpSupported = true
       [dump]
       dumpDir = "/var/lib/dynatrace/gateway/dump"
       maxSizeGb = 5


```
2. Increased the resource.limit.memory to way more than the limit of the process

3. Made sure pod and activegateway are on the same node, else it doesnt work

4. Selected the process and triggered a dump

Q1. The dump is not at the dumpDir specified, it goes to `/var/lib/dynatrace/oneagent/datastorage/memorydump`. Why?

5. Processes for which the heap dump was unsuccessful (size 0 bytes), I can `cat summary.json` as I have the permissions

For process it was a success (size ~1.5Gb), I can see the summary.json & dump.hprof, but I donot have read permissions for it
``` 
$ ls -lR

./20240826121202_7:
total 2
-rw-r--r-- 1 999 999 774 Aug 26 12:12 summary.json
 
./20240826142015_1:
total 1366564
-rw------- 1 9001 9001 1399355568 Aug 26 12:20 dump.hprof
-rw-r----- 1 9001 9001       1881 Aug 26 12:20 summary.json


$ whoami
whoami: cannot find name for user ID 1001

```

Q2. Can somebody help me find a way to access this?

I see that due to the hardening, the read access is not available. But either the dump process makes no sense if we cant read it or the dumpDir flag is not working. 

Thanks in advance!

0 REPLIES 0

Featured Posts