summaryrefslogtreecommitdiffstats
path: root/packaging/docker
diff options
context:
space:
mode:
Diffstat (limited to 'packaging/docker')
-rw-r--r--packaging/docker/README.md26
-rwxr-xr-xpackaging/docker/publish.sh6
-rwxr-xr-x[-rw-r--r--]packaging/docker/run.sh51
3 files changed, 71 insertions, 12 deletions
diff --git a/packaging/docker/README.md b/packaging/docker/README.md
index 6ae299f1..0bf416cd 100644
--- a/packaging/docker/README.md
+++ b/packaging/docker/README.md
@@ -54,10 +54,28 @@ services:
### Docker container names resolution
-If you want to have your container names resolved by netdata it needs to have access to docker group. To achive that just add environment variable `PGID=999` to netdata container, where `999` is a docker group id from your host. This number can be found by running:
-```bash
-grep docker /etc/group | cut -d ':' -f 3
-```
+If you want to have your container names resolved by netdata, you need to do two things:
+1) Make netdata user be part of the group that owns the socket.
+ To achieve that just add environment variable `PGID=[GROUP NUMBER]` to the netdata container,
+ where `[GROUP NUMBER]` is practically the group id of the group assigned to the docker socket, on your host.
+ This group number can be found by running the following (if socket group ownership is docker):
+ ```bash
+ grep docker /etc/group | cut -d ':' -f 3
+ ```
+
+2) Change docker socket access level to read/write like so:
+ from
+ ```
+ /var/run/docker.sock:/var/run/docker.sock:ro
+ ```
+
+ change to
+ ```
+ /var/run/docker.sock:/var/run/docker.sock:rw
+ ```
+
+**Important Note**: You should seriously consider the necessity of activating this option,
+as it grants to the netdata user access to the privileged socket connection of docker service
### Pass command line options to Netdata
diff --git a/packaging/docker/publish.sh b/packaging/docker/publish.sh
index 948787b0..fd1883af 100755
--- a/packaging/docker/publish.sh
+++ b/packaging/docker/publish.sh
@@ -21,6 +21,8 @@ ARCH_MAP=(["i386"]="386" ["amd64"]="amd64" ["armhf"]="arm" ["aarch64"]="arm64")
DEVEL_ARCHS=(amd64)
ARCHS="${!ARCH_MAP[@]}"
DOCKER_CMD="docker --config ${WORKDIR}"
+GIT_MAIL=${GIT_MAIL:-"bot@netdata.cloud"}
+GIT_USER=${GIT_USER:-"netdatabot"}
if [ -z ${REPOSITORY} ]; then
REPOSITORY="${TRAVIS_REPO_SLUG}"
@@ -37,6 +39,10 @@ if [ ! -z ${DEVEL+x} ]; then
declare -a ARCHS=(${DEVEL_ARCHS[@]})
fi
+echo "Syncing repository with latest changes (We may have updated with package versions)"
+git checkout master
+git pull
+
# Ensure there is a version, the most appropriate one
if [ "${VERSION}" == "" ]; then
VERSION=$(git tag --points-at)
diff --git a/packaging/docker/run.sh b/packaging/docker/run.sh
index 243cae8a..2b5047cd 100644..100755
--- a/packaging/docker/run.sh
+++ b/packaging/docker/run.sh
@@ -1,16 +1,51 @@
-#!/bin/sh
-
-#set -e
+#!/usr/bin/env bash
+#
+# Entry point script for netdata
+#
+# Copyright: SPDX-License-Identifier: GPL-3.0-or-later
+#
+# Author : Pavlos Emm. Katsoulakis <paul@netdata.cloud>
+set -e
+echo "Netdata entrypoint script starting"
if [ ${RESCRAMBLE+x} ]; then
echo "Reinstalling all packages to get the latest Polymorphic Linux scramble"
apk upgrade --update-cache --available
fi
-if [ ${PGID+x} ]; then
- echo "Adding user netdata to group with id ${PGID}"
- addgroup -g "${PGID}" -S hostgroup 2>/dev/null
- sed -i "s/${PGID}:$/${PGID}:netdata/g" /etc/group
+create_group_and_assign_to_user() {
+ local local_DOCKER_GROUP="$1"
+ local local_DOCKER_GID="$2"
+ local local_DOCKER_USR="$3"
+
+ echo >&2 "Adding group with ID ${local_DOCKER_GID} and name '${local_DOCKER_GROUP}'"
+ addgroup -g "${local_DOCKER_GID}" "${local_DOCKER_GROUP}" || echo >&2 "Could not add group ${local_DOCKER_GROUP} with ID ${local_DOCKER_GID}, its already there probably"
+
+ echo >&2 "Adding user '${local_DOCKER_USR}' to group '${local_DOCKER_GROUP}/${local_DOCKER_GID}'"
+ sed -i "s/:${local_DOCKER_GID}:$/:${local_DOCKER_GID}:${local_DOCKER_USR}/g" /etc/group
+
+ # Make sure we use the right docker group
+ GRP_TO_ASSIGN="$(grep ":x:${local_DOCKER_GID}:" /etc/group | cut -d':' -f1)"
+ if [ -z "${GRP_TO_ASSIGN}" ]; then
+ echo >&2 "Could not find group ID ${local_DOCKER_GID} in /etc/group. Check your logs and report it if this is an unrecovereable error"
+ else
+ echo >&2 "Group creation and assignment completed, netdata was assigned to group ${GRP_TO_ASSIGN}/${local_DOCKER_GID}"
+ echo "${GRP_TO_ASSIGN}"
+ fi
+}
+
+DOCKER_USR="netdata"
+DOCKER_SOCKET="/var/run/docker.sock"
+DOCKER_GROUP="docker"
+
+if [ -S "${DOCKER_SOCKET}" ] && [ -n "${PGID}" ]; then
+ GRP=$(create_group_and_assign_to_user "${DOCKER_GROUP}" "${PGID}" "${DOCKER_USR}")
+ if [ -n "${GRP}" ]; then
+ echo "Adjusting ownership of mapped docker socket '${DOCKER_SOCKET}' to root:${GRP}"
+ chown "root:${GRP}" "${DOCKER_SOCKET}" || echo "Failed to change ownership on docker socket, container name resolution might not work"
+ fi
fi
-exec /usr/sbin/netdata -u netdata -D -s /host -p "${NETDATA_PORT}" "$@"
+exec /usr/sbin/netdata -u "${DOCKER_USR}" -D -s /host -p "${NETDATA_PORT}" "$@"
+
+echo "Netdata entrypoint script, completed!"