Problem with check-mk-raw:2.0.0b6 - "Initializing Crontab.../var/spool/cron/: mkstemp: Permission denied"

qupfer · February 15, 2021, 10:31am

Hi,
I have trouble to start/update the docker image check-mk-raw:2.0.0b6 in my non-root podman environment. The previous beta5 works.

My starting-command is

podman container run --cap-add=CAP_NET_RAW -dit -p 8188:5000 --ulimit nofile=1024  -v /media/SSD/test:/omd/sites --name monitoring-test -v /etc/localtime:/etc/localtime:ro docker.io/checkmk/check-mk-raw:2.0.0b6

It results with:

### CREATING SITE 'cmk'
Adding /opt/omd/sites/cmk/tmp to /etc/fstab.
Going to set TMPFS to off.
Preparing tmp directory /omd/sites/cmk/tmp...Updating core configuration...
Generating configuration for core (type nagios)...Precompiling host checks...OK
OK
Created new site cmk with version 2.0.0b6.cre.

  The site can be started with omd start cmk.
  The default web UI is available at http://421bdb7e4ef9/cmk/

  The admin user for the web applications is cmkadmin with password: otCIgA1b
  For command line administration of the site, log in with 'omd su cmk'.
  After logging in, you can change the password for cmkadmin with 'htpasswd etc/htpasswd cmkadmin'.

### STARTING XINETD
[ ok ] Starting internet superserver: xinetd.
### STARTING SITE
Preparing tmp directory /omd/sites/cmk/tmp...Starting mkeventd...OK
Starting rrdcached...OK
Starting npcd...OK
Starting nagios...OK
Starting apache...OK
Starting redis...OK
Initializing Crontab.../var/spool/cron/: mkstemp: Permission denied
Exception ignored in: <_io.TextIOWrapper name='<stdout>' mode='w' encoding='utf-8'>
BrokenPipeError: [Errno 32] Broken pipe
ERROR

The same error occurs, if I update an beta5 variant.

Any Ideas if I make someting wrong (tmpfs…) or is it a bug in the acutal beta?

Thanks for any suggestions

Bieri · March 15, 2021, 11:42am

Hi qupfer

I just ran into the same issue this morning and was able to resolve it with “dpkg-reconfigure cron”.

Found here: Site partially running after appliance upgrade to v1.4.7 - Troubleshooting - Checkmk Community

Best

4Bob · August 3, 2021, 4:53pm

@ qupfer
Did you found a solution ?

qupfer · August 4, 2021, 9:09am

tl;dr
Nope, but did not try much more.

Long answer:
Its a long time ago, so maybe I miss some thing. The answer from @Bieri helped to get a step closer, but did not solve the problem at all and after a reboot, the problem occours again. Also, it “works” but still get permissions errors in the journal. So I doesn’t trust it works correctly.

I used the problem as a “reason” to play with systemd-nspawn and that works for me. Created with debootstrap a debian filesystem, “boot” it, install checkmk and create a service file to run it (the container, not checkmk) with user privileges and expose port 80 to 8088, which runs behind an nginx reverse proxy.
So, I have my non-root check-mk container and its still running.
Of course, updating is not just restart with a newer container. Its like on a real system. Install the new version and run omd update. But that is okay for me.

4Bob · August 5, 2021, 11:52am

Thanks for your feedback; I have exactly the same problem - if I use individual mount points instead of a single volume, create contrab folder and authorize it, I get the container up and running. This also survives a reboot, but I have a bad feeling about it and don’t want to use that.
Systemd-nspawn sounds very exciting, I’ll take a look at it when I get the chance. The solution now was a dedicated new VM.

system · August 5, 2022, 11:52am

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.