summaryrefslogtreecommitdiffstats
path: root/packaging/docker
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2023-02-06 16:11:34 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2023-02-06 16:11:34 +0000
commitd079b656b4719739b2247dcd9d46e9bec793095a (patch)
treed2c950c70a776bcf697c963151c5bd959f8a9f03 /packaging/docker
parentReleasing debian version 1.37.1-2. (diff)
downloadnetdata-d079b656b4719739b2247dcd9d46e9bec793095a.tar.xz
netdata-d079b656b4719739b2247dcd9d46e9bec793095a.zip
Merging upstream version 1.38.0.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'packaging/docker')
-rw-r--r--packaging/docker/Dockerfile15
-rw-r--r--packaging/docker/README.md93
-rwxr-xr-xpackaging/docker/run.sh8
3 files changed, 57 insertions, 59 deletions
diff --git a/packaging/docker/Dockerfile b/packaging/docker/Dockerfile
index 287c592bb..ce5a0b932 100644
--- a/packaging/docker/Dockerfile
+++ b/packaging/docker/Dockerfile
@@ -76,16 +76,13 @@ RUN mkdir -p /opt/src /var/log/netdata && \
ln -sf /dev/stdout /var/log/netdata/access.log && \
ln -sf /dev/stdout /var/log/netdata/debug.log && \
ln -sf /dev/stderr /var/log/netdata/error.log && \
- # fping from alpine apk is on a different location. Moving it.
- ln -snf /usr/sbin/fping /usr/local/bin/fping && \
- chmod 4755 /usr/local/bin/fping && \
+ ln -sf /dev/stdout /var/log/netdata/collector.log && \
# Add netdata user
addgroup -g ${NETDATA_GID} -S "${DOCKER_GRP}" && \
adduser -S -H -s /usr/sbin/nologin -u ${NETDATA_GID} -h /etc/netdata -G "${DOCKER_GRP}" "${DOCKER_USR}"
# Fix handling of config directory
# Long-term this should leverage BuildKit’s mount option.
-COPY --from=builder /wheels /wheels
COPY --from=builder /app /
# Apply the permissions as described in
@@ -112,8 +109,6 @@ RUN chown -R root:root \
# Group write permissions due to: https://github.com/netdata/netdata/pull/6543
find /var/lib/netdata /var/cache/netdata -type d -exec chmod 0770 {} \; && \
find /var/lib/netdata /var/cache/netdata -type f -exec chmod 0660 {} \; && \
- pip --no-cache-dir install /wheels/* && \
- rm -rf /wheels && \
cp -va /etc/netdata /etc/netdata.stock
ENV NETDATA_LISTENER_PORT 19999
@@ -124,3 +119,11 @@ ENTRYPOINT ["/usr/sbin/run.sh"]
HEALTHCHECK --interval=60s --timeout=10s --retries=3 CMD /usr/sbin/health.sh
ONBUILD ENV NETDATA_OFFICIAL_IMAGE=false
+
+LABEL org.opencontainers.image.authors="Netdatabot <bot@netdata.cloud>"
+LABEL org.opencontainers.image.url="https://netdata.cloud"
+LABEL org.opencontainers.image.documentation="https://learn.netdata.cloud"
+LABEL org.opencontainers.image.source="https://github.com/netdata/netdata"
+LABEL org.opencontainers.image.title="Netdata Agent"
+LABEL org.opencontainers.image.description="Official Netdata Agent Docker Image"
+LABEL org.opencontainers.image.vendor="Netdata Inc."
diff --git a/packaging/docker/README.md b/packaging/docker/README.md
index d00262a1b..aec5723e3 100644
--- a/packaging/docker/README.md
+++ b/packaging/docker/README.md
@@ -1,7 +1,11 @@
<!--
title: "Install Netdata with Docker"
-date: 2020-04-23
-custom_edit_url: https://github.com/netdata/netdata/edit/master/packaging/docker/README.md
+date: "2020-04-23"
+custom_edit_url: "https://github.com/netdata/netdata/edit/master/packaging/docker/README.md"
+sidebar_label: "Install Netdata with Docker"
+learn_status: "Published"
+learn_topic_type: "Tasks"
+learn_rel_path: "Installation"
-->
# Install the Netdata Agent with Docker
@@ -12,7 +16,7 @@ you get set up quickly, and doesn't install anything permanent on the system, wh
See our full list of Docker images at [Docker Hub](https://hub.docker.com/r/netdata/netdata).
Starting with v1.30, Netdata collects anonymous usage information by default and sends it to a self-hosted PostHog instance within the Netdata infrastructure. Read
-about the information collected, and learn how to-opt, on our [anonymous statistics](/docs/anonymous-statistics.md)
+about the information collected, and learn how to-opt, on our [anonymous statistics](https://github.com/netdata/netdata/blob/master/docs/anonymous-statistics.md)
page.
The usage statistics are _vital_ for us, as we use them to discover bugs and prioritize new features. We thank you for
@@ -37,6 +41,21 @@ and unfortunately not something we can realistically work around.
## Create a new Netdata Agent container
+> **Notice**: all `docker run` commands and `docker-compose` configurations explicitly set the `nofile` limit. This is
+> required on some distros until [14177](https://github.com/netdata/netdata/issues/14177) is resolved. Failure to do so
+> may cause a task running in a container to hang and consume 100% of the CPU core.
+
+<details>
+<summary>What are these "some distros"?</summary>
+
+If `LimitNOFILE=infinity` results in an open file limit of 1073741816:
+
+```bash
+[fedora37 ~]$ docker run --rm busybox grep open /proc/self/limits
+Max open files 1073741816 1073741816 files
+```
+</details>
+
You can create a new Agent container using either `docker run` or Docker Compose. After using either method, you can
visit the Agent dashboard `http://NODE:19999`.
@@ -61,6 +80,7 @@ docker run -d --name=netdata \
--restart unless-stopped \
--cap-add SYS_PTRACE \
--security-opt apparmor=unconfined \
+ --ulimit nofile=4096 \
netdata/netdata
```
@@ -81,6 +101,9 @@ services:
- SYS_PTRACE
security_opt:
- apparmor:unconfined
+ ulimits:
+ nofile:
+ soft: 4096
volumes:
- netdataconfig:/etc/netdata
- netdatalib:/var/lib/netdata
@@ -153,7 +176,7 @@ to restart the container: `docker restart netdata`.
### Host-editable configuration
-> **Warning**: [edit-config](/docs/configure/nodes.md#the-netdata-config-directory) script doesn't work when executed on
+> **Warning**: [edit-config](https://github.com/netdata/netdata/blob/master/docs/configure/nodes.md#the-netdata-config-directory) script doesn't work when executed on
> the host system.
If you want to make your container's configuration directory accessible from the host system, you need to use a
@@ -169,12 +192,12 @@ docker rm -f netdata_tmp
```
**`docker run`**: Use the `docker run` command, along with the following options, to start a new container. Note the
-changed `-v $(pwd)/netdataconfig/netdata:/etc/netdata:ro \` line from the recommended example above.
+changed `-v $(pwd)/netdataconfig/netdata:/etc/netdata \` line from the recommended example above.
```bash
docker run -d --name=netdata \
-p 19999:19999 \
- -v $(pwd)/netdataconfig/netdata:/etc/netdata:ro \
+ -v $(pwd)/netdataconfig/netdata:/etc/netdata \
-v netdatalib:/var/lib/netdata \
-v netdatacache:/var/cache/netdata \
-v /etc/passwd:/host/etc/passwd:ro \
@@ -185,6 +208,7 @@ docker run -d --name=netdata \
--restart unless-stopped \
--cap-add SYS_PTRACE \
--security-opt apparmor=unconfined \
+ --ulimit nofile=4096 \
netdata/netdata
```
@@ -206,6 +230,9 @@ services:
- SYS_PTRACE
security_opt:
- apparmor:unconfined
+ ulimits:
+ nofile:
+ soft: 4096
volumes:
- ./netdataconfig/netdata:/etc/netdata:ro
- netdatalib:/var/lib/netdata
@@ -295,7 +322,7 @@ your machine from within the container. Please read the following carefully.
#### Docker socket proxy (safest option)
Deploy a Docker socket proxy that accepts and filters out requests using something like
-[HAProxy](/docs/Running-behind-haproxy.md) so that it restricts connections to read-only access to the CONTAINERS
+[HAProxy](https://github.com/netdata/netdata/blob/master/docs/Running-behind-haproxy.md) so that it restricts connections to read-only access to the CONTAINERS
endpoint.
The reason it's safer to expose the socket to the proxy is because Netdata has a TCP port exposed outside the Docker
@@ -414,13 +441,13 @@ services:
### Pass command line options to Netdata
Since we use an [ENTRYPOINT](https://docs.docker.com/engine/reference/builder/#entrypoint) directive, you can provide
-[Netdata daemon command line options](/daemon/README.md#command-line-options) such as the IP address Netdata will be
+[Netdata daemon command line options](https://github.com/netdata/netdata/blob/master/daemon/README.md#command-line-options) such as the IP address Netdata will be
running on, using the [command instruction](https://docs.docker.com/engine/reference/builder/#cmd).
## Install the Agent using Docker Compose with SSL/TLS enabled HTTP Proxy
For a permanent installation on a public server, you should [secure the Netdata
-instance](/docs/netdata-security.md). This section contains an example of how to install Netdata with an SSL
+instance](https://github.com/netdata/netdata/blob/master/docs/netdata-security.md). This section contains an example of how to install Netdata with an SSL
reverse proxy and basic authentication.
You can use the following `docker-compose.yml` and Caddyfile files to run Netdata with Docker. Replace the domains and
@@ -468,6 +495,9 @@ services:
- SYS_PTRACE
security_opt:
- apparmor:unconfined
+ ulimits:
+ nofile:
+ soft: 4096
volumes:
- netdatalib:/var/lib/netdata
- netdatacache:/var/cache/netdata
@@ -490,47 +520,4 @@ Caddyfile.
## Publish a test image to your own repository
At Netdata, we provide multiple ways of testing your Docker images using your own repositories.
-You may either use the command line tools available or take advantage of our Travis CI infrastructure.
-
-### Inside Netdata organization, using Travis CI
-
-To enable Travis CI integration on your own repositories (Docker and GitHub), you need to be part of the Netdata
-organization.
-
-Once you have contacted the Netdata owners to setup you up on GitHub and Travis, execute the following steps
-
-- Preparation
- - Have Netdata forked on your personal GitHub account
- - Get a GitHub token: Go to **GitHub settings** -> **Developer Settings** -> **Personal access tokens**, and
- generate a new token with full access to `repo_hook`, read-only access to `admin:org`, `public_repo`,
- `repo_deployment`, `repo:status`, and `user:email` settings enabled. This will be your `GITHUB_TOKEN` that is
- described later in the instructions, so keep it somewhere safe.
- - Contact the Netdata team and seek for permissions on `https://scan.coverity.com` should you require Travis to be
- able to push your forked code to coverity for analysis and report. Once you are setup, you should have your
- email you used in coverity and a token from them. These will be your `COVERITY_SCAN_SUBMIT_EMAIL` and
- `COVERITY_SCAN_TOKEN` that we will refer to later.
- - Have a valid Docker hub account, the credentials from this account will be your `DOCKER_USERNAME` and
- `DOCKER_PWD` mentioned later.
-
-- Setting up Travis CI for your own fork (Detailed instructions provided by Travis team [here](https://docs.travis-ci.com/user/tutorial/))
- - Login to travis with your own GITHUB credentials (There is Open Auth access)
- - Go to your profile settings, under [repositories](https://travis-ci.com/account/repositories) section and setup
- your Netdata fork to be built by Travis CI.
- - Once the repository has been setup, go to repository settings within Travis CI (usually under
- `https://travis-ci.com/NETDATA_DEVELOPER/netdata/settings`, where `NETDATA_DEVELOPER` is your GitHub handle),
- and select your desired settings.
-
-- While in Travis settings, under Netdata repository settings in the Environment Variables section, you need to add
- the following:
- - `DOCKER_USERNAME` and `DOCKER_PWD` variables so that Travis can log in to your Docker Hub account and publish
- Docker images there.
- - `REPOSITORY` variable to `NETDATA_DEVELOPER/netdata`, where `NETDATA_DEVELOPER` is your GitHub handle again.
- - `GITHUB_TOKEN` variable with the token generated on the preparation step, for Travis workflows to function
- properly.
- - `COVERITY_SCAN_SUBMIT_EMAIL` and `COVERITY_SCAN_TOKEN` variables to enable Travis to submit your code for
- analysis to Coverity.
-
-Having followed these instructions, your forked repository should be all set up for integration with Travis CI. Happy
-testing!
-
-
+You may either use the command line tools available or take advantage of our GitHub Acions infrastructure.
diff --git a/packaging/docker/run.sh b/packaging/docker/run.sh
index 1e001256c..9029e22b6 100755
--- a/packaging/docker/run.sh
+++ b/packaging/docker/run.sh
@@ -49,6 +49,14 @@ if mountpoint -q /etc/netdata && [ -z "$(ls -A /etc/netdata)" ]; then
cp -a /etc/netdata.stock/. /etc/netdata
fi
+if [ -w "/etc/netdata" ]; then
+ if mountpoint -q /etc/netdata; then
+ hostname >/etc/netdata/.container-hostname
+ else
+ rm -f /etc/netdata/.container-hostname
+ fi
+fi
+
if [ -n "${NETDATA_CLAIM_URL}" ] && [ -n "${NETDATA_CLAIM_TOKEN}" ] && [ ! -f /var/lib/netdata/cloud.d/claimed_id ]; then
# shellcheck disable=SC2086
/usr/sbin/netdata-claim.sh -token="${NETDATA_CLAIM_TOKEN}" \