Hi,
I use the docker image of CEE 1.6.0p20 (sind 1.6.0p14 arlready) but always after I updated to latest version all my hosts are shown as DOWN.
but they are not down, they are UP and all service checks work fine.
I use the docker image on my Synology NAS within the same network as the host.
i have no idea why all the hosts are shown as DOWN
pls help me to find a solution on this
kr
Mike
Is only the ping failing or also the check_mk services?
Hi Andreas,
thanks for your kind response:
in CheckMK is shows this:
and if I log into the docker image and try to ping I get:
OMD[cmk]:~$ ping 192.168.192.222
ping: socket: Operation not permitted
CheckMK service work fine
This looks like that problem
Podman (non root) Checkmk check_icmp operation not permitted
Is it possible that your container is running without root?
the link give me no help - I do not have podman
btw, what do you mean - âŚwithout root? the docker images is directly from checkMK
I did not remove anything
podman is nearly the same as what you do with your docker command.
Or what container environment do you use?
Many of the container problems are side effects from the used container environment.
Hi,
looks more a Linux issue. There are some hints that this behaviour belongs to a permission problem.
When you google âping: socket: Operation not permittedâ you will find a lot of hints.
Cheers,
Christian
Hi ChristianM,
thanks for your kind reply.
I understand that there is a âsuidâ problem , B U T
this is a pure DOCKER IMANGE directly from CheckMK - so if there is a problem with this and all the last DOCKER IMAGES, who can I ask to investigate and find a solution?
because I have no idea where to search and find âpingâ or âcheck_icmpâ to whatever the reason is, and because I am not sure whether this is a bug or a wanted behavior, I intend to ask the checkMK community (with hope that a checkMK related person might also read it 
).
best regards
Mike
what could be the temp. fix?
The problem is not the image. The problem is your docker host. You need to setup the container in a way that the container is allowed to do what he wantâs.
Inside the container you need root rights to access these sockets. Some container host platforms donât allow this.
You can check with different capability settings on your host.
The command line switches are like ââset-cap=SYS_ADMINâ in the GUI you should find options like âExecute container using high privilegeâ.
Does these settings solve the problem?
hi,
I just tried 3 diff. waysâŚ
1st i set the âExecute container using high privilege" within Synology Docker settings.
2nd I tried with ââcap-add=SYS_ADMINâ
and 3rd I tired with ââprivilegedâ
but none of these give success
when I check the cmc.log.
tail -f /omd/sites/cmk/var/log/cmc.log
i see:
2021-02-03 20:21:52 [5] [icmpsender 1701] started, commandline: /omd/sites/cmk/lib/cmc/icmpsender 8 0 1000
2021-02-03 20:21:52 [4] [icmpsender 1701] Cannot create raw socket (missing SUID root?): Operation not permitted
2021-02-03 20:22:22 [4] [icmpsender 1701] Cannot send IP addresses to icmpsender: Broken pipe
2021-02-03 20:22:22 [3] [icmpsender 1701] exited with status 1
2021-02-03 20:22:22 [5] [icmpsender 1850] started, commandline: /omd/sites/cmk/lib/cmc/icmpsender 8 0 1000
2021-02-03 20:22:22 [4] [icmpsender 1850] Cannot send IP addresses to icmpsender: Broken pipe
2021-02-03 20:22:22 [3] [icmpsender 1850] exited with status 1
2021-02-03 20:22:22 [5] [icmpsender 1851] started, commandline: /omd/sites/cmk/lib/cmc/icmpsender 8 0 1000
2021-02-03 20:22:22 [4] [icmpsender 1851] Cannot create raw socket (missing SUID root?): Operation not permitted
2021-02-03 20:22:52 [4] [icmpsender 1851] Cannot send IP addresses to icmpsender: Broken pipe
2021-02-03 20:22:52 [3] [icmpsender 1851] exited with status 1
2021-02-03 20:22:52 [5] [icmpsender 2037] started, commandline: /omd/sites/cmk/lib/cmc/icmpsender 8 0 1000
2021-02-03 20:22:52 [4] [icmpsender 2037] Cannot send IP addresses to icmpsender: Broken pipe
2021-02-03 20:22:52 [3] [icmpsender 2037] exited with status 1
so i did:
chmod u+s ./opt/omd/sites/cmk/lib/cmc/icmpsender
but now the error is gone within the cmc.log - BUT still all hosts are down
best regards
For network things you can also test the capability CAP_NET_RAW
Hi
hmm I tried to setup but:
unable to set CAP_SETFCAP effective capability: Operation not permitted
then I tried with sudo, but:
bash: sudo: command not found
(all within the docker checkMK image)
kr
Mike
I think inside the container it will not work.
It is important how the docker runtime starts the container.
The following article shows the problem also with docker containers and capabilities.
Hmm I guess it is not possible with Synology (old) docker version - or I didnât get itâŚ
is there a recommendation for Synology docker from checkMK?
Did anyone manage it working?
helpâŚ
kr
Mike
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact @fayepal if you think this should be re-opened.
