diff options
Diffstat (limited to 'packaging/docker')
-rw-r--r-- | packaging/docker/README.md | 26 | ||||
-rwxr-xr-x | packaging/docker/publish.sh | 6 | ||||
-rwxr-xr-x[-rw-r--r--] | packaging/docker/run.sh | 51 |
3 files changed, 71 insertions, 12 deletions
diff --git a/packaging/docker/README.md b/packaging/docker/README.md index 6ae299f1..0bf416cd 100644 --- a/packaging/docker/README.md +++ b/packaging/docker/README.md @@ -54,10 +54,28 @@ services: ### Docker container names resolution -If you want to have your container names resolved by netdata it needs to have access to docker group. To achive that just add environment variable `PGID=999` to netdata container, where `999` is a docker group id from your host. This number can be found by running: -```bash -grep docker /etc/group | cut -d ':' -f 3 -``` +If you want to have your container names resolved by netdata, you need to do two things: +1) Make netdata user be part of the group that owns the socket. + To achieve that just add environment variable `PGID=[GROUP NUMBER]` to the netdata container, + where `[GROUP NUMBER]` is practically the group id of the group assigned to the docker socket, on your host. + This group number can be found by running the following (if socket group ownership is docker): + ```bash + grep docker /etc/group | cut -d ':' -f 3 + ``` + +2) Change docker socket access level to read/write like so: + from + ``` + /var/run/docker.sock:/var/run/docker.sock:ro + ``` + + change to + ``` + /var/run/docker.sock:/var/run/docker.sock:rw + ``` + +**Important Note**: You should seriously consider the necessity of activating this option, +as it grants to the netdata user access to the privileged socket connection of docker service ### Pass command line options to Netdata diff --git a/packaging/docker/publish.sh b/packaging/docker/publish.sh index 948787b0..fd1883af 100755 --- a/packaging/docker/publish.sh +++ b/packaging/docker/publish.sh @@ -21,6 +21,8 @@ ARCH_MAP=(["i386"]="386" ["amd64"]="amd64" ["armhf"]="arm" ["aarch64"]="arm64") DEVEL_ARCHS=(amd64) ARCHS="${!ARCH_MAP[@]}" DOCKER_CMD="docker --config ${WORKDIR}" +GIT_MAIL=${GIT_MAIL:-"bot@netdata.cloud"} +GIT_USER=${GIT_USER:-"netdatabot"} if [ -z ${REPOSITORY} ]; then REPOSITORY="${TRAVIS_REPO_SLUG}" @@ -37,6 +39,10 @@ if [ ! -z ${DEVEL+x} ]; then declare -a ARCHS=(${DEVEL_ARCHS[@]}) fi +echo "Syncing repository with latest changes (We may have updated with package versions)" +git checkout master +git pull + # Ensure there is a version, the most appropriate one if [ "${VERSION}" == "" ]; then VERSION=$(git tag --points-at) diff --git a/packaging/docker/run.sh b/packaging/docker/run.sh index 243cae8a..2b5047cd 100644..100755 --- a/packaging/docker/run.sh +++ b/packaging/docker/run.sh @@ -1,16 +1,51 @@ -#!/bin/sh - -#set -e +#!/usr/bin/env bash +# +# Entry point script for netdata +# +# Copyright: SPDX-License-Identifier: GPL-3.0-or-later +# +# Author : Pavlos Emm. Katsoulakis <paul@netdata.cloud> +set -e +echo "Netdata entrypoint script starting" if [ ${RESCRAMBLE+x} ]; then echo "Reinstalling all packages to get the latest Polymorphic Linux scramble" apk upgrade --update-cache --available fi -if [ ${PGID+x} ]; then - echo "Adding user netdata to group with id ${PGID}" - addgroup -g "${PGID}" -S hostgroup 2>/dev/null - sed -i "s/${PGID}:$/${PGID}:netdata/g" /etc/group +create_group_and_assign_to_user() { + local local_DOCKER_GROUP="$1" + local local_DOCKER_GID="$2" + local local_DOCKER_USR="$3" + + echo >&2 "Adding group with ID ${local_DOCKER_GID} and name '${local_DOCKER_GROUP}'" + addgroup -g "${local_DOCKER_GID}" "${local_DOCKER_GROUP}" || echo >&2 "Could not add group ${local_DOCKER_GROUP} with ID ${local_DOCKER_GID}, its already there probably" + + echo >&2 "Adding user '${local_DOCKER_USR}' to group '${local_DOCKER_GROUP}/${local_DOCKER_GID}'" + sed -i "s/:${local_DOCKER_GID}:$/:${local_DOCKER_GID}:${local_DOCKER_USR}/g" /etc/group + + # Make sure we use the right docker group + GRP_TO_ASSIGN="$(grep ":x:${local_DOCKER_GID}:" /etc/group | cut -d':' -f1)" + if [ -z "${GRP_TO_ASSIGN}" ]; then + echo >&2 "Could not find group ID ${local_DOCKER_GID} in /etc/group. Check your logs and report it if this is an unrecovereable error" + else + echo >&2 "Group creation and assignment completed, netdata was assigned to group ${GRP_TO_ASSIGN}/${local_DOCKER_GID}" + echo "${GRP_TO_ASSIGN}" + fi +} + +DOCKER_USR="netdata" +DOCKER_SOCKET="/var/run/docker.sock" +DOCKER_GROUP="docker" + +if [ -S "${DOCKER_SOCKET}" ] && [ -n "${PGID}" ]; then + GRP=$(create_group_and_assign_to_user "${DOCKER_GROUP}" "${PGID}" "${DOCKER_USR}") + if [ -n "${GRP}" ]; then + echo "Adjusting ownership of mapped docker socket '${DOCKER_SOCKET}' to root:${GRP}" + chown "root:${GRP}" "${DOCKER_SOCKET}" || echo "Failed to change ownership on docker socket, container name resolution might not work" + fi fi -exec /usr/sbin/netdata -u netdata -D -s /host -p "${NETDATA_PORT}" "$@" +exec /usr/sbin/netdata -u "${DOCKER_USR}" -D -s /host -p "${NETDATA_PORT}" "$@" + +echo "Netdata entrypoint script, completed!" |