16. 09. 2025
DevOps, Kubernetes
This document describes the steps required to build, configure, and operate a Podman container based on php:8.2-cli, with the SNMP extension enabled, intended for executing monitoring plugins within a NetEye/Icinga environment.
- Pulling the base image
podman pull docker.io/php:8.2-cli- Containerfile for the custom image build
Create a Containerfile with the following contents:
FROM docker.io/php:8.2-cli
RUN apt-get update && \
apt-get install -y libsnmp-dev snmp && \
rm -rf /var/lib/apt/lists/* && \
docker-php-ext-install snmp && \
mkdir -p /var/lib/snmp/cert_indexes
WORKDIR /app
And build the image:
podman build -t php8-snmp .This configuration:
- installs the SNMP libraries required to compile the extension (
libsnmp-dev) - installs the SNMP tools for testing/debug (
snmp) - compiles and enables the PHP
snmpextension - creates the directory required by Net-SNMP for certificate index handling
To ensure persistence of the container and automatic startup on boot, systemd unit files can be generated
Generate the systemd unit file
podman generate systemd --name php8-snmp-persist --files --newThis generates a file similar to container-php8-snmp-persist.service
Install the unit file
cp container-php8-snmp-persist.service /etc/systemd/system/
systemctl daemon-reload
systemctl enable --now container-php8-snmp-persist.service
systemctl start container-php8-snmp-persist.serviceAt this point, the container is managed as a native systemd service and remains persistently available for plugin execution.
Configuring permissions for the Icinga user
Icinga requires the ability to invoke podman exec non-interactively.
Proceed as follows:
visudo -f /etc/sudoers.d/icinga-podman
Defaults:icinga !requiretty
icinga ALL=(root) NOPASSWD: /usr/bin/podman exec php8-snmp-persist *Example usage from Neteye
sudo -u icinga sudo podman exec php8-snmp-persist php /app/check_snmp.php --host 10.0.0.1Conclusion
By using this approach, you can run monitoring plugins based on PHP 8, or other languages, in a clean and isolated environment without modifying the NetEye master system. The container includes full SNMP support and is easily scalable.
The monitoring engine can execute commands inside the container seamlessly, without compromising security. This solution proves to be both flexible and reliable, especially in environments where it is important not to interfere with the system’s default languages.
Alessandro Paoli
My name is Alessandro Paoli and I've been a Technical Consultant at Wurth Phoenix since May 2024. I've always had a great passion for IT and since 2004 it has also become my job. In 2015 I found my role in the field, monitoring. I have had the opportunity to use various monitoring products, both open source and proprietary, I have worked on numerous projects from small businesses to global companies.
I am married and have 2 wonderful daughters. My passions are travel, cinema, games (video and board) and comics, and every now and then I manage to indulge in a few days of sport (Padel and gym).
Author
Latest posts by Alessandro Paoli
03. 07. 2025
NetEye, Unified Monitoring
Configuring Keycloak with LDAP and TLS Certificate (LDAPS) in NetEye
07. 04. 2025
Asset Management, GLPI, NetEye
Automating GLPI Migration from System OnPrem to NetEye Cloud
12. 11. 2024
NetEye
SAP HANA Monitoring