Checkmk Conference #6 is coming! Learn more about it here!
1. The basics
There are numerous reasons why many users would want to operate software in a docker container. Also monitoring software such as Checkmk from version 1.5.0p5 can officially be used in a docker environment. One application case may be to monitor a dynamically-created container group and to make Checkmk a part of this group. Should the container group no longer be needed the instance of Checkmk can also be removed.
Important: On the one hand, every virtualization will entail a reduction in performance. On the other hand, the monitoring should always be independent of the remaining physical infrastructure – which is why the Checkmk container is not suitable for monitoring the infrastructure as a whole.
In order to make the setting-up as easy as possible for you, we supply each Checkmk-Edition inclusive of its own specific image. In addition to Checkmk as the Linux operating system, Debian 9 (Stretch) is also included. These you receive as follows:
|Checkmk download page|
We will guide you in this article through the installation of Checkmk in Docker, and show a few tricks that will make life with Checkmk in Docker easier.
Further detailed information to running Checkmk in a Docker container can be found in the article Checkmk server in a Docker container.
2. Installation of the Raw Edition
Getting started with Docker in the
root@linux# docker container run -dit -p 8080:5000 --ulimit nofile=1024 --tmpfs /opt/omd/sites/cmk/tmp:uid=1000,gid=1000 -v monitoring:/omd/sites --name monitoring -v /etc/localtime:/etc/localtime:ro --restart always checkmk/check-mk-raw:1.6.0-latest Unable to find image 'checkmk/check-mk-raw:1.6.0-latest' locally 1.6.0-latest: Pulling from checkmk/check-mk-raw 8f91359f1fff: Pull complete 3d794619eec5: Pull complete 1468b0cb296b: Pull complete 787a36ef0a12: Pull complete 159fac9366a1: Pull complete fefc9fe50b26: Pull complete Digest: sha256:153b6a6b4002cc0e02c17e127f582fa54a539803960d36d265802426c0066aa8 Status: Downloaded newer image for checkmk/check-mk-raw:1.6.0-latest 511cd26bdc2847ee5b430a1c0c52ff4489b3556775d07878b0533df077b67a83
Some more information on the available options:
|-p 8080:5000||By default the container's web server listens on port 5000. In this example port 8080 of the dockernode will be bound to the port of the container so that it is accessible from outside. If you do not have another container or process using the standard HTTP port 80, you can also tie the container to it. In such a case the option will look like this: -p 80:5000. The use of HTTPS will be explained in more detail below.|
|--ulimit nofile=1024||By manually setting the user limit (ulimit) for nofile, you are able to reduce the amount of file descriptors a process is able to open. That is especially useful in this case as Checkmk still uses Python 2 which uses a very high default. This can significantly slow the process down.|
|--tmpfs /opt/omd/sites/cmk/tmp:uid=1000,gid=1000||From version 1.6.0 for optimal performance you can use a temporary file system directly in the RAM of the Dockernode. The path of this file system is specified with this option. If you change the instance ID this path must be adjusted accordingly.|
|-v monitoring:/omd/sites||This option binds the data from the instance in this container to a persistent location in the dockernode’s file system. The data is not lost if the container is deleted. The code before the colon determines the name – in this way you can clearly identify the storage location later, for example, with the docker volume ls command.|
|--name monitoring||This defines the name of the container. This name must be unique and may not be used again on the dockernode.|
|-v /etc/localtime:/etc/localtime:ro||This option allows you to use the same time zone in the container as that used in the dockernode – at the same time the file is integrated as read only (ro).|
|--restart always||A container does not normally restart when it is stopped. With this option you can ensure that it always starts again automatically.|
After all needed files have been loaded and the container has been started, you should access the GUI in Checkmk via http://localhost:8080/cmk/check_mk/:
You can now log in for the first time and try Checkmk. You will find the initial password for the cmkadmin account in the logs that are written for this container (the output is abreviated to the essential information in this example):
root@linux# docker container logs monitoring Created new site cmk with version 1.5.0p5.cre. The site can be started with omd start cmk. The default web UI is available at http://c395cfe2d50d/cmk/ The admin user for the web applications is cmkadmin with password: erYJR0IT (It can be changed with 'htpasswd -m ~/etc/htpasswd cmkadmin' as site user.)
If you are sure that the data in the Checkmk container instance should only be available in this special container, you can either refrain from assigning a persistent data store to the container, or you can automatically remove this storage when the container is stopped. To go without persistent storage, simply omit the -v /omd/sites option. To create a persistent memory and remove it automatically when the container stops, use the following command:
root@linux# docker container run --rm -dit -p 8080:5000 --tmpfs /opt/omd/sites/cmk/tmp:uid=1000,gid=1000 --ulimit nofile=1024 -v /omd/sites --name monitoring -v /etc/localtime:/etc/localtime:ro checkmk/check-mk-raw:1.6.0-latest 3d7f04bc7d0a1ded5fb5ab49e3c72894615a2058c5df2d7af11e20f4662b5c09
This command – unlike the one above – has only two other options:
- Use the --rm option at the start to pass the command that the data storage for the container should also be removed when the container stops. This saves you having to tidy-up manually if you have many short-lived Checkmk containers. Note: When stopping, the container itself is completely removed!
- The -v /omd/sites option is altered compared to the above. It no longer contains a self-assigned name, otherwise the data storage will not be deleted correctly.
3. Installation of the Enterprise Editions
You can also run the Enterprise Editions in a docker container. These are not freely-available through Docker Hub. You can currently download the desired version from our download page and load its image in Docker:
root@linux# docker load -i check-mk-enterprise-docker-1.5.0p5.tar.gz 8b15606a9e3e: Loading layer [=====================================>] 58.44MB/58.44MB a710e8ce658e: Loading layer [=====================================>] 2.048kB/2.048kB 87e4835e12d0: Loading layer [=====================================>] 263.5MB/263.5MB 6b003c5cba06: Loading layer [=====================================>] 138.9MB/138.9MB 2789307956c0: Loading layer [=====================================>] 524.4MB/524.4MB 85e714d514e1: Loading layer [=====================================>] 4.608kB/4.608kB Loaded image: checkmk/check-mk-enterprise:1.5.0p5
After the download you can start the container with a very similar command as described above. Just take care to specify the Standard Edition or Managed Services Edition image in this case (e.g. checkmk/check-mk-enterprise:1.5.0p5):
root@linux# docker container run -dit -p 8080:5000 -v /omd/sites --name monitoring -v /etc/localtime:/etc/localtime --restart always checkmk/check-mk-enterprise:1.5.0p5 5bcf761ab056dd0466874bc110c9356f6763d3f275b565277bafac9233bc2a9a
You can also find the password here in the logs.