From d079b656b4719739b2247dcd9d46e9bec793095a Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Mon, 6 Feb 2023 17:11:34 +0100 Subject: Merging upstream version 1.38.0. Signed-off-by: Daniel Baumann --- packaging/docker/README.md | 93 ++++++++++++++++++++-------------------------- 1 file changed, 40 insertions(+), 53 deletions(-) (limited to 'packaging/docker/README.md') diff --git a/packaging/docker/README.md b/packaging/docker/README.md index d00262a1b..aec5723e3 100644 --- a/packaging/docker/README.md +++ b/packaging/docker/README.md @@ -1,7 +1,11 @@ # Install the Netdata Agent with Docker @@ -12,7 +16,7 @@ you get set up quickly, and doesn't install anything permanent on the system, wh See our full list of Docker images at [Docker Hub](https://hub.docker.com/r/netdata/netdata). Starting with v1.30, Netdata collects anonymous usage information by default and sends it to a self-hosted PostHog instance within the Netdata infrastructure. Read -about the information collected, and learn how to-opt, on our [anonymous statistics](/docs/anonymous-statistics.md) +about the information collected, and learn how to-opt, on our [anonymous statistics](https://github.com/netdata/netdata/blob/master/docs/anonymous-statistics.md) page. The usage statistics are _vital_ for us, as we use them to discover bugs and prioritize new features. We thank you for @@ -37,6 +41,21 @@ and unfortunately not something we can realistically work around. ## Create a new Netdata Agent container +> **Notice**: all `docker run` commands and `docker-compose` configurations explicitly set the `nofile` limit. This is +> required on some distros until [14177](https://github.com/netdata/netdata/issues/14177) is resolved. Failure to do so +> may cause a task running in a container to hang and consume 100% of the CPU core. + +
+What are these "some distros"? + +If `LimitNOFILE=infinity` results in an open file limit of 1073741816: + +```bash +[fedora37 ~]$ docker run --rm busybox grep open /proc/self/limits +Max open files 1073741816 1073741816 files +``` +
+ You can create a new Agent container using either `docker run` or Docker Compose. After using either method, you can visit the Agent dashboard `http://NODE:19999`. @@ -61,6 +80,7 @@ docker run -d --name=netdata \ --restart unless-stopped \ --cap-add SYS_PTRACE \ --security-opt apparmor=unconfined \ + --ulimit nofile=4096 \ netdata/netdata ``` @@ -81,6 +101,9 @@ services: - SYS_PTRACE security_opt: - apparmor:unconfined + ulimits: + nofile: + soft: 4096 volumes: - netdataconfig:/etc/netdata - netdatalib:/var/lib/netdata @@ -153,7 +176,7 @@ to restart the container: `docker restart netdata`. ### Host-editable configuration -> **Warning**: [edit-config](/docs/configure/nodes.md#the-netdata-config-directory) script doesn't work when executed on +> **Warning**: [edit-config](https://github.com/netdata/netdata/blob/master/docs/configure/nodes.md#the-netdata-config-directory) script doesn't work when executed on > the host system. If you want to make your container's configuration directory accessible from the host system, you need to use a @@ -169,12 +192,12 @@ docker rm -f netdata_tmp ``` **`docker run`**: Use the `docker run` command, along with the following options, to start a new container. Note the -changed `-v $(pwd)/netdataconfig/netdata:/etc/netdata:ro \` line from the recommended example above. +changed `-v $(pwd)/netdataconfig/netdata:/etc/netdata \` line from the recommended example above. ```bash docker run -d --name=netdata \ -p 19999:19999 \ - -v $(pwd)/netdataconfig/netdata:/etc/netdata:ro \ + -v $(pwd)/netdataconfig/netdata:/etc/netdata \ -v netdatalib:/var/lib/netdata \ -v netdatacache:/var/cache/netdata \ -v /etc/passwd:/host/etc/passwd:ro \ @@ -185,6 +208,7 @@ docker run -d --name=netdata \ --restart unless-stopped \ --cap-add SYS_PTRACE \ --security-opt apparmor=unconfined \ + --ulimit nofile=4096 \ netdata/netdata ``` @@ -206,6 +230,9 @@ services: - SYS_PTRACE security_opt: - apparmor:unconfined + ulimits: + nofile: + soft: 4096 volumes: - ./netdataconfig/netdata:/etc/netdata:ro - netdatalib:/var/lib/netdata @@ -295,7 +322,7 @@ your machine from within the container. Please read the following carefully. #### Docker socket proxy (safest option) Deploy a Docker socket proxy that accepts and filters out requests using something like -[HAProxy](/docs/Running-behind-haproxy.md) so that it restricts connections to read-only access to the CONTAINERS +[HAProxy](https://github.com/netdata/netdata/blob/master/docs/Running-behind-haproxy.md) so that it restricts connections to read-only access to the CONTAINERS endpoint. The reason it's safer to expose the socket to the proxy is because Netdata has a TCP port exposed outside the Docker @@ -414,13 +441,13 @@ services: ### Pass command line options to Netdata Since we use an [ENTRYPOINT](https://docs.docker.com/engine/reference/builder/#entrypoint) directive, you can provide -[Netdata daemon command line options](/daemon/README.md#command-line-options) such as the IP address Netdata will be +[Netdata daemon command line options](https://github.com/netdata/netdata/blob/master/daemon/README.md#command-line-options) such as the IP address Netdata will be running on, using the [command instruction](https://docs.docker.com/engine/reference/builder/#cmd). ## Install the Agent using Docker Compose with SSL/TLS enabled HTTP Proxy For a permanent installation on a public server, you should [secure the Netdata -instance](/docs/netdata-security.md). This section contains an example of how to install Netdata with an SSL +instance](https://github.com/netdata/netdata/blob/master/docs/netdata-security.md). This section contains an example of how to install Netdata with an SSL reverse proxy and basic authentication. You can use the following `docker-compose.yml` and Caddyfile files to run Netdata with Docker. Replace the domains and @@ -468,6 +495,9 @@ services: - SYS_PTRACE security_opt: - apparmor:unconfined + ulimits: + nofile: + soft: 4096 volumes: - netdatalib:/var/lib/netdata - netdatacache:/var/cache/netdata @@ -490,47 +520,4 @@ Caddyfile. ## Publish a test image to your own repository At Netdata, we provide multiple ways of testing your Docker images using your own repositories. -You may either use the command line tools available or take advantage of our Travis CI infrastructure. - -### Inside Netdata organization, using Travis CI - -To enable Travis CI integration on your own repositories (Docker and GitHub), you need to be part of the Netdata -organization. - -Once you have contacted the Netdata owners to setup you up on GitHub and Travis, execute the following steps - -- Preparation - - Have Netdata forked on your personal GitHub account - - Get a GitHub token: Go to **GitHub settings** -> **Developer Settings** -> **Personal access tokens**, and - generate a new token with full access to `repo_hook`, read-only access to `admin:org`, `public_repo`, - `repo_deployment`, `repo:status`, and `user:email` settings enabled. This will be your `GITHUB_TOKEN` that is - described later in the instructions, so keep it somewhere safe. - - Contact the Netdata team and seek for permissions on `https://scan.coverity.com` should you require Travis to be - able to push your forked code to coverity for analysis and report. Once you are setup, you should have your - email you used in coverity and a token from them. These will be your `COVERITY_SCAN_SUBMIT_EMAIL` and - `COVERITY_SCAN_TOKEN` that we will refer to later. - - Have a valid Docker hub account, the credentials from this account will be your `DOCKER_USERNAME` and - `DOCKER_PWD` mentioned later. - -- Setting up Travis CI for your own fork (Detailed instructions provided by Travis team [here](https://docs.travis-ci.com/user/tutorial/)) - - Login to travis with your own GITHUB credentials (There is Open Auth access) - - Go to your profile settings, under [repositories](https://travis-ci.com/account/repositories) section and setup - your Netdata fork to be built by Travis CI. - - Once the repository has been setup, go to repository settings within Travis CI (usually under - `https://travis-ci.com/NETDATA_DEVELOPER/netdata/settings`, where `NETDATA_DEVELOPER` is your GitHub handle), - and select your desired settings. - -- While in Travis settings, under Netdata repository settings in the Environment Variables section, you need to add - the following: - - `DOCKER_USERNAME` and `DOCKER_PWD` variables so that Travis can log in to your Docker Hub account and publish - Docker images there. - - `REPOSITORY` variable to `NETDATA_DEVELOPER/netdata`, where `NETDATA_DEVELOPER` is your GitHub handle again. - - `GITHUB_TOKEN` variable with the token generated on the preparation step, for Travis workflows to function - properly. - - `COVERITY_SCAN_SUBMIT_EMAIL` and `COVERITY_SCAN_TOKEN` variables to enable Travis to submit your code for - analysis to Coverity. - -Having followed these instructions, your forked repository should be all set up for integration with Travis CI. Happy -testing! - - +You may either use the command line tools available or take advantage of our GitHub Acions infrastructure. -- cgit v1.2.3