diff options
Diffstat (limited to '')
-rwxr-xr-x | netdata-installer.sh | 450 |
1 files changed, 375 insertions, 75 deletions
diff --git a/netdata-installer.sh b/netdata-installer.sh index c3b97243..fa69de19 100755 --- a/netdata-installer.sh +++ b/netdata-installer.sh @@ -13,10 +13,17 @@ then fi LC_ALL=C -umask 022 +umask 002 + +# Be nice on production environments +renice 19 $$ >/dev/null 2>/dev/null + +processors=$(cat /proc/cpuinfo | grep ^processor | wc -l) +[ $(( processors )) -lt 1 ] && processors=1 # you can set CFLAGS before running installer -CFLAGS="${CFLAGS--O3}" +CFLAGS="${CFLAGS--O2}" +[ "z${CFLAGS}" = "z-O3" ] && CFLAGS="-O2" # keep a log of this command printf "\n# " >>netdata-installer.log @@ -106,7 +113,7 @@ Valid <installer options> are: Use this option to allow it continue without checking pkg-config. -Netdata will by default be compiled with gcc optimization -O3 +Netdata will by default be compiled with gcc optimization -O2 If you need to pass different CFLAGS, use something like this: CFLAGS="<gcc options>" ${ME} <installer options> @@ -141,7 +148,7 @@ get_git_config_signatures() { do git checkout ${c} "conf.d/${x}" || continue s="$(cat "conf.d/${x}" | md5sum | cut -d ' ' -f 1)" - echo >>configs.signatures.tmp "${x}:${s}" + echo >>configs.signatures.tmp "${s}:${x}" echo " ${s}" done git checkout HEAD "conf.d/${x}" || break @@ -153,7 +160,7 @@ get_git_config_signatures() { { echo "declare -A configs_signatures=(" IFS=":" - while read file md5 + while read md5 file do echo " ['${md5}']='${file}'" done @@ -427,7 +434,7 @@ if [ -f src/netdata ] fi echo >&2 "Compiling netdata ..." -run make || exit 1 +run make -j${processors} || exit 1 if [ "${BASH_VERSINFO[0]}" -ge "4" ] then @@ -541,46 +548,173 @@ do fi done -NETDATA_ADDED_TO_DOCKER=0 -if [ ${UID} -eq 0 ] +echo >&2 "Fixing permissions ..." + +check_cmd() { + which "${1}" >/dev/null 2>&1 && return 0 + command -v "${1}" >/dev/null 2>&1 && return 0 + return 1 +} + +portable_add_user() { + local username="${1}" + + getent passwd "${username}" > /dev/null 2>&1 + [ $? -eq 0 ] && return 0 + + echo >&2 "Adding ${username} user account ..." + + local nologin="$(which nologin 2>/dev/null || command -v nologin 2>/dev/null || echo '/bin/false')" + + # Linux + if check_cmd useradd then - getent group netdata > /dev/null - if [ $? -ne 0 ] + run useradd -r -g "${username}" -c "${username}" -s "${nologin}" -d / "${username}" && return 0 + fi + + # FreeBSD + if check_cmd pw + then + run pw useradd "${username}" -d / -g "${username}" -s "${nologin}" && return 0 + fi + + # BusyBox + if check_cmd adduser + then + run adduser -D -G "${username}" "${username}" && return 0 + fi + + echo >&2 "Failed to add ${username} user account !" + + return 1 +} + +portable_add_group() { + local groupname="${1}" + + getent group "${groupname}" > /dev/null 2>&1 + [ $? -eq 0 ] && return 0 + + echo >&2 "Adding ${groupname} user group ..." + + # Linux + if check_cmd groupadd + then + run groupadd -r "${groupname}" && return 0 + fi + + # FreeBSD + if check_cmd pw + then + run pw groupadd "${groupname}" && return 0 + fi + + # BusyBox + if check_cmd addgroup + then + run addgroup "${groupname}" && return 0 + fi + + echo >&2 "Failed to add ${groupname} user group !" + return 1 +} + +portable_add_user_to_group() { + local groupname="${1}" username="${2}" + + getent group "${groupname}" > /dev/null 2>&1 + [ $? -ne 0 ] && return 1 + + # find the user is already in the group + local users=$(getent group "${groupname}" | cut -d ':' -f 4) + if [[ ",${users}," =~ ,${username}, ]] + then + # username is already there + return 0 + else + # username is not in group + echo >&2 "Adding ${username} user to the ${groupname} group ..." + + # Linux + if check_cmd usermod + then + run usermod -a -G "${groupname}" "${username}" && return 0 + fi + + # FreeBSD + if check_cmd pw + then + run pw groupmod "${groupname}" -m "${username}" && return 0 + fi + + # BusyBox + if check_cmd addgroup then - echo >&2 "Adding netdata user group ..." - run groupadd -r netdata + run addgroup "${username}" "${groupname}" && return 0 + fi + + echo >&2 "Failed to add user ${username} to group ${groupname} !" + return 1 fi +} - getent passwd netdata > /dev/null - if [ $? -ne 0 ] +iscontainer() { + # man systemd-detect-virt + local cmd=$(which systemd-detect-virt 2>/dev/null || command -v systemd-detect-virt 2>/dev/null) + if [ ! -z "${cmd}" -a -x "${cmd}" ] then - echo >&2 "Adding netdata user account ..." - run useradd -r -g netdata -c netdata -s $(which nologin || echo '/bin/false') -d / netdata + "${cmd}" --container >/dev/null 2>&1 && return 0 fi - getent group docker > /dev/null - if [ $? -eq 0 ] + # /proc/1/sched exposes the host's pid of our init ! + # http://stackoverflow.com/a/37016302 + local pid=$( cat /proc/1/sched | head -n 1 | { IFS='(),#:' read name pid th threads; echo $pid; } ) + local p=$(( pid + 0 )) + [ ${pid} -ne 1 ] && return 0 + + # lxc sets environment variable 'container' + [ ! -z "${container}" ] && return 0 + + # docker creates /.dockerenv + # http://stackoverflow.com/a/25518345 + [ -f "/.dockerenv" ] && return 0 + + # ubuntu and debian supply /bin/running-in-container + # https://www.apt-browse.org/browse/ubuntu/trusty/main/i386/upstart/1.12.1-0ubuntu4/file/bin/running-in-container + if [ -x "/bin/running-in-container" ] then - # find the users in the docker group - docker=$(getent group docker | cut -d ':' -f 4) - if [[ ",${docker}," =~ ,netdata, ]] - then - # netdata is already there - : - else - # netdata is not in docker group - echo >&2 "Adding netdata user to the docker group (needed to get container names) ..." - run usermod -a -G docker netdata - fi - # let the uninstall script know - NETDATA_ADDED_TO_DOCKER=1 + "/bin/running-in-container" >/dev/null 2>&1 && return 0 fi + return 1 +} + +run find ./system/ -type f -a \! -name \*.in -a \! -name Makefile\* -a \! -name \*.conf -a \! -name \*.service -a \! -name \*.logrotate -exec chmod 755 {} \; + +NETDATA_ADDED_TO_DOCKER=0 +NETDATA_ADDED_TO_NGINX=0 +NETDATA_ADDED_TO_VARNISH=0 +NETDATA_ADDED_TO_HAPROXY=0 +if [ ${UID} -eq 0 ] + then + portable_add_group netdata + portable_add_user netdata + portable_add_user_to_group docker netdata && NETDATA_ADDED_TO_DOCKER=1 + portable_add_user_to_group nginx netdata && NETDATA_ADDED_TO_NGINX=1 + portable_add_user_to_group varnish netdata && NETDATA_ADDED_TO_VARNISH=1 + portable_add_user_to_group haproxy netdata && NETDATA_ADDED_TO_HAPROXY=1 + if [ -d /etc/logrotate.d -a ! -f /etc/logrotate.d/netdata ] then echo >&2 "Adding netdata logrotate configuration ..." run cp system/netdata.logrotate /etc/logrotate.d/netdata fi + + if [ -f /etc/logrotate.d/netdata ] + then + echo >&2 "Fixing netdata logrotate permissions ..." + run chmod 644 /etc/logrotate.d/netdata + fi fi @@ -603,17 +737,20 @@ config_option() { echo "${value}" } -# user -defuser="netdata" -[ ! "${UID}" = "0" ] && defuser="${USER}" -NETDATA_USER="$( config_option "run as user" "${defuser}" )" +# the user netdata will run as +if [ "${UID}" = "0" ] + then + NETDATA_USER="$( config_option "run as user" "netdata" )" +else + NETDATA_USER="${USER}" +fi -NETDATA_WEB_USER="$( config_option "web files owner" "${defuser}" )" +# the owners of the web files +NETDATA_WEB_USER="$( config_option "web files owner" "${NETDATA_USER}" )" NETDATA_WEB_GROUP="$( config_option "web files group" "${NETDATA_WEB_USER}" )" # debug flags -defdebug=0 -NETDATA_DEBUG="$( config_option "debug flags" ${defdebug} )" +NETDATA_DEBUG="$( config_option "debug flags" 0 )" # port defport=19999 @@ -648,7 +785,35 @@ fi echo >&2 echo >&2 "Fixing directories (user: ${NETDATA_USER})..." -for x in "${NETDATA_WEB_DIR}" "${NETDATA_CONF_DIR}" "${NETDATA_CACHE_DIR}" "${NETDATA_LOG_DIR}" "${NETDATA_LIB_DIR}" "${NETDATA_CONF_DIR}/python.d" "${NETDATA_CONF_DIR}/charts.d" "${NETDATA_CONF_DIR}/node.d" + +# --- conf dir ---- + +for x in "python.d" "charts.d" "node.d" +do + if [ ! -d "${NETDATA_CONF_DIR}/${x}" ] + then + echo >&2 "Creating directory '${NETDATA_CONF_DIR}/${x}'" + run mkdir -p "${NETDATA_CONF_DIR}/${x}" || exit 1 + fi +done +run chown -R "${NETDATA_USER}:${NETDATA_USER}" "${NETDATA_CONF_DIR}" +run find "${NETDATA_CONF_DIR}" -type f -exec chmod 0660 {} \; +run find "${NETDATA_CONF_DIR}" -type d -exec chmod 0775 {} \; + +# --- web dir ---- + +if [ ! -d "${NETDATA_WEB_DIR}" ] + then + echo >&2 "Creating directory '${NETDATA_WEB_DIR}'" + run mkdir -p "${NETDATA_WEB_DIR}" || exit 1 +fi +run chown -R "${NETDATA_WEB_USER}:${NETDATA_WEB_GROUP}" "${NETDATA_WEB_DIR}" +run find "${NETDATA_WEB_DIR}" -type f -exec chmod 0664 {} \; +run find "${NETDATA_WEB_DIR}" -type d -exec chmod 0775 {} \; + +# --- data dirs ---- + +for x in "${NETDATA_LIB_DIR}" "${NETDATA_CACHE_DIR}" "${NETDATA_LOG_DIR}" do if [ ! -d "${x}" ] then @@ -656,32 +821,59 @@ do run mkdir -p "${x}" || exit 1 fi - if [ ${UID} -eq 0 ] + run chown -R "${NETDATA_USER}:${NETDATA_USER}" "${x}" + #run find "${x}" -type f -exec chmod 0660 {} \; + #run find "${x}" -type d -exec chmod 0770 {} \; +done + +run chmod 755 "${NETDATA_LOG_DIR}" + +# --- plugins ---- + +if [ ${UID} -eq 0 ] + then + run chown "${NETDATA_USER}:root" "${NETDATA_LOG_DIR}" + run chown -R root "${NETDATA_PREFIX}/usr/libexec/netdata" + run find "${NETDATA_PREFIX}/usr/libexec/netdata" -type d -exec chmod 0755 {} \; + run find "${NETDATA_PREFIX}/usr/libexec/netdata" -type f -exec chmod 0644 {} \; + run find "${NETDATA_PREFIX}/usr/libexec/netdata" -type f -a -name \*.plugin -exec chmod 0755 {} \; + run find "${NETDATA_PREFIX}/usr/libexec/netdata" -type f -a -name \*.sh -exec chmod 0755 {} \; + + setcap_ret=1 + if ! iscontainer then - if [ "${x}" = "${NETDATA_WEB_DIR}" ] + run setcap cap_dac_read_search,cap_sys_ptrace+ep "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/apps.plugin" + setcap_ret=$? + + if [ ${setcap_ret} -eq 0 ] then - run chown -R "${NETDATA_WEB_USER}:${NETDATA_WEB_GROUP}" "${x}" || echo >&2 "WARNING: Cannot change the ownership of the files in directory ${x} to ${NETDATA_WEB_USER}:${NETDATA_WEB_GROUP}..." - else - run chown -R "${NETDATA_USER}:${NETDATA_USER}" "${x}" || echo >&2 "WARNING: Cannot change the ownership of the files in directory ${x} to ${NETDATA_USER}..." + # if we managed to setcap + # but we fail to execute apps.plugin + # trigger setuid to root + "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/apps.plugin" -v >/dev/null 2>&1 + setcap_ret=$? fi fi - run chmod 0755 "${x}" || echo >&2 "WARNING: Cannot change the permissions of the directory ${x} to 0755..." -done - -if [ ${UID} -eq 0 ] - then - run chown root "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/apps.plugin" - run chmod 0755 "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/apps.plugin" - run setcap cap_dac_read_search,cap_sys_ptrace+ep "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/apps.plugin" - if [ $? -ne 0 ] + if [ ${setcap_ret} -ne 0 ] then # fix apps.plugin to be setuid to root run chown root "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/apps.plugin" run chmod 4755 "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/apps.plugin" fi +else + run chown "${NETDATA_USER}:${NETDATA_USER}" "${NETDATA_LOG_DIR}" + run chown -R "${NETDATA_USER}:${NETDATA_USER}" "${NETDATA_PREFIX}/usr/libexec/netdata" + run find "${NETDATA_PREFIX}/usr/libexec/netdata" -type f -exec chmod 0755 {} \; + run find "${NETDATA_PREFIX}/usr/libexec/netdata" -type d -exec chmod 0755 {} \; fi +# --- fix #1292 bug --- + +[ -d "${NETDATA_PREFIX}/usr/libexec" ] && run chmod a+rX "${NETDATA_PREFIX}/usr/libexec" +[ -d "${NETDATA_PREFIX}/usr/share/netdata" ] && run chmod a+rX "${NETDATA_PREFIX}/usr/share/netdata" + + # ----------------------------------------------------------------------------- # check if we can re-start netdata @@ -696,7 +888,7 @@ if [ ${DONOTSTART} -eq 1 ] then chown "${NETDATA_USER}" "${NETDATA_PREFIX}/etc/netdata/netdata.conf" fi - chmod 0664 "${NETDATA_PREFIX}/etc/netdata/netdata.conf" + chmod 0644 "${NETDATA_PREFIX}/etc/netdata/netdata.conf" fi banner "is installed now!" echo >&2 " enjoy real-time performance and health monitoring..." @@ -707,46 +899,52 @@ fi # stop a running netdata isnetdata() { - [ -z "$1" -o ! -f "/proc/$1/stat" ] && return 1 - [ "$(cat "/proc/$1/stat" | cut -d '(' -f 2 | cut -d ')' -f 1)" = "netdata" ] && return 0 - return 1 + if [ -d /proc/self ] + then + [ -z "$1" -o ! -f "/proc/$1/stat" ] && return 1 + [ "$(cat "/proc/$1/stat" | cut -d '(' -f 2 | cut -d ')' -f 1)" = "netdata" ] && return 0 + return 1 + fi + return 0 } stop_netdata_on_pid() { - local pid="$1" ret=0 count=0 + local pid="${1}" ret=0 count=0 - isnetdata $pid || return 0 + isnetdata ${pid} || return 0 - printf >&2 "Stopping netdata on pid $pid ..." - while [ ! -z "$pid" -a $ret -eq 0 ] + printf >&2 "Stopping netdata on pid ${pid} ..." + while [ ! -z "$pid" -a ${ret} -eq 0 ] do - if [ $count -gt 45 ] + if [ ${count} -gt 45 ] then - echo >&2 "Cannot stop the running netdata on pid $pid." + echo >&2 "Cannot stop the running netdata on pid ${pid}." return 1 fi count=$(( count + 1 )) - run kill $pid 2>/dev/null + run kill ${pid} 2>/dev/null ret=$? - test $ret -eq 0 && printf >&2 "." && sleep 2 + test ${ret} -eq 0 && printf >&2 "." && sleep 2 done echo >&2 - if [ $ret -eq 0 ] + if [ ${ret} -eq 0 ] then - echo >&2 "SORRY! CANNOT STOP netdata ON PID $pid !" + echo >&2 "SORRY! CANNOT STOP netdata ON PID ${pid} !" return 1 fi - echo >&2 "netdata on pid $pid stopped." + echo >&2 "netdata on pid ${pid} stopped." return 0 } stop_all_netdata() { - local p + local p myns ns + + myns="$(readlink /proc/self/ns/pid 2>/dev/null)" echo >&2 "Stopping a (possibly) running netdata..." @@ -755,27 +953,93 @@ stop_all_netdata() { $(cat /var/run/netdata/netdata.pid 2>/dev/null) \ $(pidof netdata 2>/dev/null) do - stop_netdata_on_pid $p + ns="$(readlink /proc/${p}/ns/pid 2>/dev/null)" + + if [ -z "${myns}" -o -z "${ns}" -o "${myns}" = "${ns}" ] + then + stop_netdata_on_pid ${p} + fi done } # ----------------------------------------------------------------------------- -# check netdata for systemd +# check for systemd issystemd() { + local pids p myns ns systemctl + # if the directory /etc/systemd/system does not exit, it is not systemd [ ! -d /etc/systemd/system ] && return 1 + # if there is no systemctl command, it is not systemd + systemctl=$(which systemctl 2>/dev/null || command -v systemctl 2>/dev/null) + [ -z "${systemctl}" -o ! -x "${systemctl}" ] && return 1 + # if pid 1 is systemd, it is systemd [ "$(basename $(readlink /proc/1/exe) 2>/dev/null)" = "systemd" ] && return 0 - # if systemd is running, it is systemd - pidof systemd >/dev/null 2>&1 && return 0 + # if systemd is not running, it is not systemd + pids=$(pidof systemd 2>/dev/null) + [ -z "${pids}" ] && return 1 + + # check if the running systemd processes are not in our namespace + myns="$(readlink /proc/self/ns/pid 2>/dev/null)" + for p in ${pids} + do + ns="$(readlink /proc/${p}/ns/pid 2>/dev/null)" + + # if pid of systemd is in our namespace, it is systemd + [ ! -z "${myns}" && "${myns}" = "${ns}" ] && return 0 + done # else, it is not systemd return 1 } +installed_init_d=0 +install_non_systemd_init() { + [ "${UID}" != 0 ] && return 1 + + local key="unknown" + if [ -f /etc/os-release ] + then + source /etc/os-release || return 1 + key="${ID}-${VERSION_ID}" + + elif [ -f /etc/centos-release ] + then + key=$(</etc/centos-release) + fi + + if [ -d /etc/init.d -a ! -f /etc/init.d/netdata ] + then + if [ "${key}" = "gentoo" ] + then + run cp system/netdata-openrc /etc/init.d/netdata && \ + run chmod 755 /etc/init.d/netdata && \ + run rc-update add netdata default && \ + installed_init_d=1 + + elif [ "${key}" = "ubuntu-12.04" -o "${key}" = "ubuntu-14.04" -o "${key}" = "debian-7" ] + then + run cp system/netdata-lsb /etc/init.d/netdata && \ + run chmod 755 /etc/init.d/netdata && \ + run update-rc.d netdata defaults && \ + run update-rc.d netdata enable && \ + installed_init_d=1 + + elif [ "${key}" = "CentOS release 6.8 (Final)" -o "${key}" = "amzn-2016.09" ] + then + run cp system/netdata-init-d /etc/init.d/netdata && \ + run chmod 755 /etc/init.d/netdata && \ + run chkconfig netdata on && \ + installed_init_d=1 + fi + fi + + return 0 +} + started=0 if [ "${UID}" -eq 0 ] then @@ -796,6 +1060,8 @@ if [ "${UID}" -eq 0 ] stop_all_netdata service netdata restart && started=1 + else + install_non_systemd_init fi if [ ${started} -eq 0 ] @@ -854,13 +1120,13 @@ if [ ! -s "${NETDATA_PREFIX}/etc/netdata/netdata.conf" ] ret=$? # try curl - if [ $ret -ne 0 -o ! -s "${NETDATA_PREFIX}/etc/netdata/netdata.conf.new" ] + if [ ${ret} -ne 0 -o ! -s "${NETDATA_PREFIX}/etc/netdata/netdata.conf.new" ] then curl -s -o "${NETDATA_PREFIX}/etc/netdata/netdata.conf.new" "http://localhost:${NETDATA_PORT}/netdata.conf" ret=$? fi - if [ $ret -eq 0 -a -s "${NETDATA_PREFIX}/etc/netdata/netdata.conf.new" ] + if [ ${ret} -eq 0 -a -s "${NETDATA_PREFIX}/etc/netdata/netdata.conf.new" ] then mv "${NETDATA_PREFIX}/etc/netdata/netdata.conf.new" "${NETDATA_PREFIX}/etc/netdata/netdata.conf" echo >&2 "New configuration saved for you to edit at ${NETDATA_PREFIX}/etc/netdata/netdata.conf" @@ -1040,6 +1306,12 @@ if [ -f /etc/systemd/system/netdata.service ] rm -i /etc/systemd/system/netdata.service fi +if [ -f /etc/init.d/netdata ] + then + echo "Deleting /etc/init.d/netdata ..." + rm -i /etc/init.d/netdata +fi + getent passwd netdata > /dev/null if [ $? -eq 0 ] then @@ -1067,6 +1339,34 @@ if [ $? -eq 0 -a "${NETDATA_ADDED_TO_DOCKER}" = "1" ] echo " gpasswd -d netdata docker" fi +getent group nginx > /dev/null +if [ $? -eq 0 -a "${NETDATA_ADDED_TO_NGINX}" = "1" ] + then + echo + echo "You may also want to remove the netdata user from the nginx group" + echo "by running:" + echo " gpasswd -d netdata nginx" +fi + +getent group varnish > /dev/null +if [ $? -eq 0 -a "${NETDATA_ADDED_TO_VARNISH}" = "1" ] + then + echo + echo "You may also want to remove the netdata user from the varnish group" + echo "by running:" + echo " gpasswd -d netdata varnish" +fi + +getent group haproxy > /dev/null +if [ $? -eq 0 -a "${NETDATA_ADDED_TO_HAPROXY}" = "1" ] + then + echo + echo "You may also want to remove the netdata user from the haproxy group" + echo "by running:" + echo " gpasswd -d netdata haproxy" +fi + + UNINSTALL chmod 750 netdata-uninstaller.sh |