summaryrefslogtreecommitdiffstats
path: root/claim/README.md
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2022-04-14 18:12:14 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2022-04-14 18:12:14 +0000
commitbb50acdcb8073654ea667b8c0272e335bd43f844 (patch)
tree1e00c8a29871426f8182658928dcb62e42d57ce8 /claim/README.md
parentReleasing debian version 1.33.1-1. (diff)
downloadnetdata-bb50acdcb8073654ea667b8c0272e335bd43f844.tar.xz
netdata-bb50acdcb8073654ea667b8c0272e335bd43f844.zip
Merging upstream version 1.34.0.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'claim/README.md')
-rw-r--r--claim/README.md71
1 files changed, 66 insertions, 5 deletions
diff --git a/claim/README.md b/claim/README.md
index 30f5a85f1..d694990d3 100644
--- a/claim/README.md
+++ b/claim/README.md
@@ -116,6 +116,67 @@ For the connection process to work, the contents of `/var/lib/netdata` _must_ be
restarts using a persistent volume. See our [recommended `docker run` and Docker Compose
examples](/packaging/docker/README.md#create-a-new-netdata-agent-container) for details.
+#### Known issues on older hosts with seccomp enabled
+
+The nodes running on the following hosts **cannot be claimed**:
+
+- `libseccomp` version less than v2.3.3.
+- Docker version less than v18.04.0-ce.
+- The kernel is configured with CONFIG_SECCOMP enabled.
+
+To check if your kernel supports `seccomp`:
+
+```cmd
+# grep CONFIG_SECCOMP= /boot/config-$(uname -r) 2>/dev/null || zgrep CONFIG_SECCOMP /proc/config.gz 2>/dev/null
+CONFIG_SECCOMP=y
+```
+
+To resolve the issue, do one of the following actions:
+
+- Update to a newer version of Docker and `libseccomp` (recommended).
+- Create a custom profile and pass it for the container.
+- Run [without the default seccomp profile](https://docs.docker.com/engine/security/seccomp/#run-without-the-default-seccomp-profile) (unsafe, not recommended).
+
+<details>
+<summary>See how to create a custom profile</summary>
+
+1. Download the moby default seccomp profile and change `defaultAction` to `SCMP_ACT_TRACE` on line 2.
+
+ ```cmd
+ sudo wget https://raw.githubusercontent.com/moby/moby/master/profiles/seccomp/default.json -O /etc/docker/seccomp.json
+ sudo sed -i '2s/SCMP_ACT_ERRNO/SCMP_ACT_TRACE/' /etc/docker/seccomp.json
+ ```
+
+2. Specify the new policy for the container explicitly.
+
+ - When using `docker run`:
+
+ ```cmd
+ docker run -d --name=netdata \
+ --security-opt=seccomp=/etc/docker/seccomp.json \
+ ...
+ ```
+
+ - When using `docker-compose`:
+
+ > :warning: The security_opt option is ignored when deploying a stack in swarm mode.
+
+ ```yaml
+ version: '3'
+ services:
+ netdata:
+ security_opt:
+ - seccomp:/etc/docker/seccomp.json
+ ...
+ ```
+
+ - When using `docker stack deploy`:
+
+ Change the default profile globally by adding `--seccomp-profile=/etc/docker/seccomp.json` to the options passed to
+ dockerd on startup.
+
+</details>
+
#### Using environment variables
The Netdata Docker container looks for the following environment variables on startup:
@@ -308,7 +369,7 @@ If you run the kickstart script and get the following error `Existing install ap
If you are using an unsupported package, such as a third-party `.deb`/`.rpm` package provided by your distribution,
please remove that package and reinstall using our [recommended kickstart
-script](/docs/get-started.mdx#install-on-linux-with-one-line-installer-recommended).
+script](/docs/get-started.mdx#install-on-linux-with-one-line-installer).
#### kickstart: Failed to write new machine GUID
@@ -328,7 +389,7 @@ Netdata to `/opt/netdata`, use `/opt/netdata/bin/netdata-claim.sh` to run the cl
If you are using an unsupported package, such as a third-party `.deb`/`.rpm` package provided by your distribution,
please remove that package and reinstall using our [recommended kickstart
-script](/docs/get-started.mdx#install-on-linux-with-one-line-installer-recommended).
+script](/docs/get-started.mdx#install-on-linux-with-one-line-installer).
#### Connecting on older distributions (Ubuntu 14.04, Debian 8, CentOS 6)
@@ -460,8 +521,8 @@ using the [ACLK](/aclk/README.md).
The best way to install Netdata and connect your nodes to Netdata Cloud is with our automatic one-line installation script, [kickstart](/packaging/installer/README.md#automatic-one-line-installation-script). This script will install the Netdata Agent, in case it isn't already installed, and connect your node to Netdata Cloud.
-This works with:
-* all Linux distributions, see [Netdata distribution support matrix](https://learn.netdata.cloud/docs/agent/packaging/distributions)
+This works with:
+* most Linux distributions, see [Netdata's platform support policy](/packaging/PLATFORM_SUPPORT.md)
* macOS
For details on how to run this script please check [How to connect a node](#how-to-connect-a-node) and choose your environment.
@@ -548,4 +609,4 @@ Rooms you added that node to.
The user can also put the Cloud endpoint's full certificate chain in `cloud.d/cloud_fullchain.pem` so that the Agent
can trust the endpoint if necessary.
-[![analytics](https://www.google-analytics.com/collect?v=1&aip=1&t=pageview&_s=1&ds=github&dr=https%3A%2F%2Fgithub.com%2Fnetdata%2Fnetdata&dl=https%3A%2F%2Fmy-netdata.io%2Fgithub%2Fclaim%2FREADME&_u=MAC~&cid=5792dfd7-8dc4-476b-af31-da2fdb9f93d2&tid=UA-64295674-3)](<>)
+