In some circumstances you may get errors when running the tracerouteUDP tool. We have found that using an outdated storage driver as the backing storage for a Docker install can cause this. This isn’t related to Catchpoint's Docker solution; it is the storage used for all containers running on the system.
Running our container with an older storage driver is possible, but you may have to turn off some security features.
If your docker installation installation uses the aufs storage driver, this causes our container to not run traceroute tests (& maybe some other test). Most of the operating system's latest versions support the new overlay2 driver; and Docker recommends NOT using the aufs driver any more.
From Docker Documentation
AUFSis a union filesystem. Theaufs storage driverwas previously > the default storage driver used for managing images and layers on > Docker for Ubuntu, and for Debian versions prior to Stretch. If your > Linux kernel is version 4.0 or higher, and you use Docker Engine - > Community, consider using the newer overlay2, which has potential > performance advantages over the aufs storage driver.
Root cause & implications:
We need the overlay2 driver because it supports setcap. This is needed to set capabilities on specific files in the container, rather than enabling the whole container to have the same permissions. By setting capabilities on specific files, we’re able to secure the container and not run everything as root.
Solution
- Log into the container
# docker exec -it {{container name}} /usr/local/bin/ - Switch Node software to run as
root. - We propose two file changes instead of reinstalling a new image:
# vipw
Find the line forserveruserand change the IDs to 0:serveruser:x:0:0:Catchpoint Service User:/home/serveruser:/bin/sh# vigr
Find the line forcpand change the ID to 0:cp:x:0:
- Restart the container.