1. The basics
From version 1.5.0p5 you can also operate Checkmk in a docker environment. To make it as easy as possible, we provide every Checkmk-Edition as an own image. These images are based on the distribution Debian 9 (Stretch). You can download them as follows:
There are numerous reasons why many users would want to operate software in a docking container. Also monitoring software such as Checkmk from version 1.5.0p5 can officially be used in a docker environment. One application case may be to monitor a dynamically created container group and to make Checkmk a part of this group. Should the container group no longer be needed the instance of Checkmk can also be removed.
Important: On the one hand, every virtualization will entail a reduction in performance. On the other hand, the monitoring should always be independent of the remaining physical infrastructure – which is why the Checkmk container is not suitable for monitoring the infrastructure as a whole.
In order to make the setting-up as easy as possible for you, we supply each Checkmk-Edition inclusive of its own specific image. In addition to Checkmk as the Linux operating system, Debian 9 (Stretch) is also included. These you get as follows:
|Checkmk download page|
|Checkmk download page|
We will guide you in this article through the installation of Checkmk in Docker and show some details and tricks that will make life with Checkmk in Docker easier.
Further detailed information to running Checkmk in a Docker container can be found in the article Checkmk as a Docker container.
2. Installation of the RAW edition
Getting started with Docker for the first time is pretty easy. You can get proper image directly through Dockerhub. This is done with just a one liner on the command line. With this command you do not only download and start a docker container with Checkmk but also create an instance with the name cmk. This instance is directly started and available for log in with the user name cmkadmin:
root@linux# docker container run -dit -p 8080:5000 --ulimit nofile=1024 -v/omd/sites --name monitoring -v/etc/localtime:/etc/localtime:ro --restart always checkmk/check-mk-raw:1.5.0-latest Unable to find image 'checkmk/check-mk-raw:1.5.0p5' locally 1.5.0p5:Pulling from checkmk/check-mk-raw 802b00ed6f79:Pull complete 79057211cef4:Pull complete 81c661525dd4:Pull complete 4d4fdd41d09a:Pull complete d229ac9815b1:Pull complete d29a86db4594:Pull complete Digest:sha256:afcf4a9f843809598ccb9ddd11a6c415ef465e31969141304e9be57c3e53b438 Status: Downloaded newer image for checkmk/check-mk-raw:1.5.0p5 c395cfe2d50dd7d342ba7c6d672caf80028058c41d2cba2b5c26145f5256f497
Some more information to the used options:
|-p 8080:5000||By default the container's web server listens on port 5000. In this example port 8080 of the dockernode will be bound to the port of the container so that it is accessible from outside. If you do not have another container or process using the standard HTTP port 80, you can also tie the container to it. In such a case the option will look like this: -p 80:5000. The use of HTTPS will be explained in more detail later below.|
|--ulimit nofile=1024||By setting the user limit (ulimit) for nofile, you are able to reduce the amount of file descriptors a process is able to open. That's especially in this case useful as Checkmk still uses Python 2 which uses a very high default. This would slow down the process significantly.|
|--tmpfs /opt/omd/sites/cmk/tmp:uid=1000,gid=1000||Beginning with 1.6.0 you can use for optimal performance a temporary file system directly in the RAM of the Dockernode. The path of this file system is specified with this option. If you change the ID of the instance this path must be adjusted accordingly.|
|-v /omd/sites||This option binds the data from the instance in this container to a persistent location in the dockernode's file system. The data is not lost if the container is destroyed. If you do not use this option all configuration and monitoring data are bound to the container and will also be deleted when the container is deleted.|
|--name monitoring||This defines the name of the container. This name must be unique and may not be used again on the dockernode.|
|-v /etc/localtime:/etc/localtime:ro||This option allows you to use the same time zone in the container as that used in the dockernode and make this usage read only (ro).|
|--restart always||A container does not normally restart when it is stopped. With this option you can ensure that it always starts again.|
After all needed files have been loaded and the container has been started, you should access the GUI in Checkmk via http://localhost:8080/cmk/check_mk/:
You can now log in for the first time and try Checkmk. You will find the initial password for the cmkadmin account in the logs that are written for this container (the output is abreviated to the essential information here):
root@linux# docker container logs monitoring Created new site cmk with version 1.5.0p5.cre. The site can be started with omd start cmk. The default web UI is available at http://c395cfe2d50d/cmk/ The admin user for the web applications is cmkadmin with password: erYJR0IT (It can be changed with 'htpasswd -m ~/etc/htpasswd cmkadmin' as site user.)
3. Installation of the Enterprise-Edition
You can run Checkmk as a docker container also with
root@linux# docker load -i check-mk-enterprise-docker-1.5.0p5.tar.gz 8b15606a9e3e: Loading layer [=====================================>] 58.44MB/58.44MB a710e8ce658e: Loading layer [=====================================>] 2.048kB/2.048kB 87e4835e12d0: Loading layer [=====================================>] 263.5MB/263.5MB 6b003c5cba06: Loading layer [=====================================>] 138.9MB/138.9MB 2789307956c0: Loading layer [=====================================>] 524.4MB/524.4MB 85e714d514e1: Loading layer [=====================================>] 4.608kB/4.608kB Loaded image: checkmk/check-mk-enterprise:1.5.0p5
After the download you can start the container with a very similar command as
described above. Just take care to specify the
root@linux# docker container run -dit -p 8080:5000 -v /omd/sites --name monitoring -v /etc/localtime:/etc/localtime --restart always checkmk/check-mk-enterprise:1.5.0p5 5bcf761ab056dd0466874bc110c9356f6763d3f275b565277bafac9233bc2a9a
You will find the password can also in the Logs.