NR Minion Error: Minion won't be able to run

Hi Support,

Just got a linux machine with the latest docker installed and pulled down the latest minion docker image but the container wont run as it returns the error below:

Minion won’t be able to run: failed to fetch config for key ‘XXX’ from ‘https://synthetics-horde.nr-data.net’ ! java.net.UnknownHostException: synthetics-horde.nr-data.net.

I am able to ping and curl that address (synthetics-horde.nr-data.net) but I do get a 404 which doesn’t seem right. I am also able to telnet on port 443.

anyone able to give more context on how to troubleshoot this issue further?

Thanks,
Ryan

It appears that you have a key missing, possibly the account key.

Sorry for clarification XXX is a replacement of the actual key that i have been given.

That’s odd! failed to fetch config implies to me that there’s an error in the private location key, a copy/paste error perhaps?

If you go to the Private Location config page you can copy/paste the full command to spin up the container, including the minion key. Could you try that to confirm?

I just installed a Ubuntu VM & got docker installed & the minion is working fine here:

This is what I am getting. copying and pasting as I should from the same page you are doing it from:

I have also tried it with several different keys that I have created from fresh.

I have since installed docker on my macbook locally and ran the same command and the docker image ran fine and connected to new relic. So unsure why the remote machine can talk out to new relic but its not getting the same response as my local machine

Hi @Ryan.OGorman, this usually happens when there is an issue using Self-signed Certificates with a Proxy on your network. To test this would you be able to run the command again adding the following:
-e "MINION_JVM_OPTS=-Djavax.net.debug=all"

This will output more detailed SSL logging that will hopefully point to the issue :slight_smile:

2 Likes

I have sent you a private message with the log output in debug

I have now resolved this issue. I was able to exec bash on the container and discover that the network issue was within the docker container itself. I resolved this by changing the docker run to use the hosts network by adding --network=host. This then lead me to a new error coming from the container as it ran “Invalid Docker configuration (API: ‘v1.35’ / Endpoint: ‘unix:///var/run/docker.sock’) and/or unable to contact the service. Is Docker running?” This was resolved by creating a separate tmp folder on the host machine with more open permissions to allow the docker container the mount correctly. Thank you for your assistance. I would advise that you could improve the documentation in relation to trouble shooting to assist people with network issues within the container itself as I would have gotten to this quicker if it was suggested there. :slight_smile:

4 Likes

Thanks Ryan - Feedback taken on board! Glad to hear you got this working now though :smiley:

1 Like

Hi,

I am facing the same issue as @Ryan.OGorman. But when I Curl the New Relic End point, getting the following response
[root@XXXXXXXXX docker]# curl -X GET https: // synthetics-horde.nr-data . net (intentional breaks)
curl: (60) Peer’s Certificate issuer is not recognized.
More details here: https: // synthetics-horde.nr-data . net (intentional breaks)

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

Could please look into this as it Could be either certificate issue from the server side or CACert update issuse.

Also, it would be great if you can provide or point out a work around to access it in --insecure mode from docker run command

Thanks in advance

Hi @santhoshkumar1

I just replied to your other post:

1 Like