Install checkmk Raw Edition

Troubleshooting
,
1

Hello,

I would like to install the Checkmk Raw Edition under Docker.
According to your instructions, this works great on my workstation. (Ubuntu 20.04)
https : / / docs . checkmk . com / latest / de / introduction_docker . html

docker run -it -d \
--restart=always \
--name checkmk \
--tmpfs /opt/omd/sites/cmk/tmp:uid=1000,gid=1000 \
--ulimit nofile=1024 \
-p 5002:5000 \
-v checkmk_data:/omd/sites \
-v /etc/localtime:/etc/localtime:ro \
checkmk/check-mk-raw:2.0.0-latest

However, it does not work on my server, which is also running Ubuntu 20.04. The container dosn’t start:

### STARTING XINETD
[....] Starting internet superserver: xinetd[ ok .
### STARTING SITE
Temporary filesystem already mounted
ERROR: Failed to run '/omd/sites/cmk/etc/rc.d/10-mkeventd': [Errno 13] Permission denied: '/omd/sites/cmk/etc/rc.d/10-mkeventd'
ERROR: Failed to run '/omd/sites/cmk/etc/rc.d/20-rrdcached': [Errno 13] Permission denied: '/omd/sites/cmk/etc/rc.d/20-rrdcached'
ERROR: Failed to run '/omd/sites/cmk/etc/rc.d/50-npcd': [Errno 13] Permission denied: '/omd/sites/cmk/etc/rc.d/50-npcd'
ERROR: Failed to run '/omd/sites/cmk/etc/rc.d/52-pnp_gearman_worker': [Errno 13] Permission denied: '/omd/sites/cmk/etc/rc.d/52-pnp_gearman_worker'
ERROR: Failed to run '/omd/sites/cmk/etc/rc.d/80-nagios': [Errno 13] Permission denied: '/omd/sites/cmk/etc/rc.d/80-nagios'
ERROR: Failed to run '/omd/sites/cmk/etc/rc.d/85-apache': [Errno 13] Permission denied: '/omd/sites/cmk/etc/rc.d/85-apache'
ERROR: Failed to run '/omd/sites/cmk/etc/rc.d/85-redis': [Errno 13] Permission denied: '/omd/sites/cmk/etc/rc.d/85-redis'
ERROR: Failed to run '/omd/sites/cmk/etc/rc.d/85-stunnel': [Errno 13] Permission denied: '/omd/sites/cmk/etc/rc.d/85-stunnel'
ERROR: Failed to run '/omd/sites/cmk/etc/rc.d/90-nsca': [Errno 13] Permission denied: '/omd/sites/cmk/etc/rc.d/90-nsca'
ERROR: Failed to run '/omd/sites/cmk/etc/rc.d/90-xinetd': [Errno 13] Permission denied: '/omd/sites/cmk/etc/rc.d/90-xinetd'

From the volume side permission looks good to me; everthing is ownd by GUI/UID 1000
Unfortunately, I do not understand this. Any recommendations?

2

I am now one step further…

### CREATING SITE 'cmk'
Adding /opt/omd/sites/cmk/tmp to /etc/fstab.
Going to set TMPFS to off.
Temporary filesystem already mounted
Updating core configuration...
Generating configuration for core (type nagios)...Precompiling host checks...OK
OK
Executing post-create script "01_create-sample-config.py"...OK
Created new site cmk with version 2.0.0p8.cre.

  The site can be started with omd start cmk.
  The default web UI is available at http://d263d224804f/cmk/

  The admin user for the web applications is cmkadmin with password: c5JXynPC
  For command line administration of the site, log in with 'omd su cmk'.
  After logging in, you can change the password for cmkadmin with 'htpasswd etc/htpasswd cmkadmin'.

### STARTING XINETD
[ ok ] Starting internet superserver: xinetd.
### STARTING SITE
Temporary filesystem already mounted
Starting mkeventd...OK
Starting rrdcached...OK
Starting npcd...OK
Starting nagios...OK
Starting apache...OK
Starting redis...OK
Initializing Crontab.../var/spool/cron/: mkstemp: Permission denied
Exception ignored in: <_io.TextIOWrapper name='<stdout>' mode='w' encoding='utf-8'>
BrokenPipeError: [Errno 32] Broken pipe
ERROR

Here I found the following recommendation for this problem: Problem with check-mk-raw:2.0.0b6 - "Initializing Crontab.../var/spool/cron/: mkstemp: Permission denied"
but it’s not applicable, any other tip’s ?

3

This seams to be an endless story; the container is up, but I guess the main problem exists on my docker host – There is still a permission issue.

root@740c245f6e84:/opt/omd/versions/2.0.0p8.cre/lib/nagios/plugins# ./check_icmp 192.168.7.254
OK - 192.168.7.254: rta 0.301ms, lost 0%|rta=0.301ms;200.000;500.000;0; pl=0%;40;80;; rtmax=0.492ms;;;; rtmin=0.241ms;;;;

root@740c245f6e84:/opt/omd/versions/2.0.0p8.cre/lib/nagios/plugins# sudo -u cmk ./check_icmp 192.168.7.254
check_icmp: Failed to obtain ICMP socket: Operation not permitted

Didn’t get it right now.

root@740c245f6e84:/opt/omd/versions/2.0.0p8.cre/lib/nagios/plugins# ls -la |grep check_icmp 
-rwxr-x--- 1 root omd   64648 Jul 20 10:15 check_icmp

root@740c245f6e84:/opt/omd/versions/2.0.0p8.cre/lib/nagios/plugins# getcap check_icmp
check_icmp = cap_net_raw+ep

root@740c245f6e84:/opt/omd/versions/2.0.0p8.cre/lib/nagios/plugins# attr -l check_icmp
Attribute "capability" has a 20 byte value for check_icmp

Maybe someone has an idea? just to clarify what this caused.
root yes - user no … :thinking:
Solution: A new deployment. Thanks for reading! :slightly_smiling_face:

4

Hey @4Bob, welcome to the forum!

To be honest, if I have a host, where I can install docker, personally I wouldn’t bother trying to run CMK in a container, I’d simply install the appropriate package for my distribution and be done with it, to not have to deal with any quirks coming from inside the container environment.

Be that as it may, I’m not sure why you want to run either “check_icmp” or anything as root for that matter. One is supposed to run everything with the siteuser, which in your case is apparently cmk. As it says in your site creation output: Switch to your siteuser with omd su and run whatever you want to run.

Perhaps this is not the answer you wanted to hear, but it may get you a step further, I hope.

Regards,
Thomas

5

Hello Thomas, thanks for your feedback.

I don’t want a native installation, because of the dependencies.
That’s for everyone to decide. The output of check_icmp should not tell you that I want to run it as root, but as site user I don’t get the permission!

Anyway, it’s already running under Docker :slight_smile:

6

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.