Centreon is a network, system and application monitoring tool.
This repository will guide you through the installation of a Centreon Central server using Docker.
See below the top level parts of this README:
- Requirements
- Getting Started
- Logs
- Docker, cgroups v2 and SystemD
- Contributing
- Support
- Licence
- References
Only Docker and Compose are required, the following versions are the minimal requirements:
| Tool | Version |
|---|---|
| Docker | 20.10 |
| Compose | 1.29 |
The container requires a kernel that supports cgroups v2, to ensure they are supported you can run and check the result of the following command: grep cgroup2 /proc/filesystems.
More information about this in the dedicated section.
Fetch the code from the repository and enter the folder.
git clone https://github.com/noxPHX/docker-centreon.git && cd docker-centreonThe stack comes with a nginx container which needs a certificate and its private key as well as Diffie-Hellman parameters.
If needed, you can quickly generate a self-signed certificate as shown below:
openssl req -x509 -newkey rsa:4096 -nodes -keyout nginx/ssl/privkey.pem -out nginx/ssl/fullchain.pem -days 365 -subj '/CN=localhost' -addext "subjectAltName=IP:127.0.0.1,IP:0.0.0.0"Regarding the D-H parameters you can generate them as follows:
openssl dhparam -out nginx/ssl/dhparams.pem 4096Depending on your machine, you might have time to grab a coffee ☕
Finally, apply correct ownership (www-data has id 33)
chown -R $USER:33 nginx/ssl/
chmod 640 nginx/ssl/*.pemCompose does not support assigning ownership when mounting secrets.
There are two more things to configure.
First, you can customize the timezone passed as a build argument in the Compose file (l.7).
Default value: Europe/Amsterdam.
Then, you must create a file containing a UUID to be fed to the container, you can proceed as follows:
dbus-uuidgen > machine-idTo build the images, this simple Compose command will suffice:
docker-compose buildIf you run Centreon for the first time, some additional setup is required, the following script will guide you through the installation of MariaDB.
./setup.shPlease set a secure root password and answer 'yes' to all questions, see the according Centreon's documentation page.
You will then be required to complete the web installation, this is pretty straightforward, the documentation page may also help you.
When asked to restart some services (step 9) you can simply run the following command:
docker exec centreon-central systemctl restart cbd centengine gorgonedTo start the services, a convenient script is available, it helps setting up the cgroups filesystem in the container.
./start.shSystemD's logs of the container are forwarded to the host thanks to journald and the UUID defined previously.
To access the logs you can use the following command:
journalctl -fD "/var/log/journal/$(cat ./machine-id)"One inconvenience of Centreon is that it's not really container-friendly as it requires SystemD as an init system.
Although it's possible to install the latter in a container, it's at the moment quite a journey to get it working due to an incompatibility with cgroups v2.
Without getting too technical, SystemD expects the cgroup filesystem to be writable but this not the case using the default docker driver for cgroups v2. Thus, on recent systems with an up-to-date kernel and Docker version, this problem arises.
The challenge was to run the container without having to mount the host's cgroup filesystem or to give additional privileges to the container.
After some research the solution is to remount the filesystem from within the container with the correct permissions. This is why a convenient script replaces a simple Compose command.
You can find some references on this matter in the last section.
Pull requests are welcome. For major changes, please open a discussion first to talk about what you would like to change.
Give a ⭐️ if you like this project and want to support it!
GNU General Public Licence v3.0
https://serverfault.com/questions/1053187/systemd-fails-to-run-in-a-docker-container-when-using-cgroupv2-cgroupns-priva
https://systemd.io/CONTAINER_INTERFACE/
mviereck/x11docker#349