From 34f488f41ee820371159111bf621f11d0f54f669 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 4 Aug 2019 10:56:44 +0200 Subject: Adding upstream version 1.16.1. Signed-off-by: Daniel Baumann --- packaging/DISTRIBUTIONS.md | 37 ++++++ packaging/docker/Dockerfile | 8 +- packaging/docker/README.md | 69 +++++++---- packaging/docker/build-test.sh | 20 ++-- packaging/docker/publish.sh | 4 - packaging/docker/run.sh | 40 ++----- packaging/installer/README.md | 138 +++++++++++++++------- packaging/installer/UNINSTALL.md | 2 +- packaging/installer/netdata-uninstaller.sh | 5 +- packaging/installer/netdata-updater.sh | 68 +++++++++-- packaging/makeself/jobs/70-netdata-git.install.sh | 4 + packaging/version | 2 +- 12 files changed, 270 insertions(+), 127 deletions(-) create mode 100644 packaging/DISTRIBUTIONS.md (limited to 'packaging') diff --git a/packaging/DISTRIBUTIONS.md b/packaging/DISTRIBUTIONS.md new file mode 100644 index 000000000..d180f25f6 --- /dev/null +++ b/packaging/DISTRIBUTIONS.md @@ -0,0 +1,37 @@ +# Netdata distribution support matrix +![](https://raw.githubusercontent.com/netdata/netdata/master/web/gui/images/packaging-beta-tag.svg?sanitize=true) + +In the following table we've listed Netdata's official supported operating systems. We detail the distributions, flavors, and the level of support Netdata is currently capable to provide. + +The following table is a work in progress. We have concluded on the list of distributions +that we currently supporting and we are working on documenting our current state so that our users +have complete visibility over the range of support. + +Distribution | Family | Architecture | Code health | Installer support | Kickstart support | Binary packaging support | Integrity testing (CI) | Functionality testing (CI) | Community support +:------------------: | :------------------: | :------------------: | :------------------: | :------------------: | :------------------: | :------------------: | :------------------: | :------------------: | :-------------------- +14.04.6 LTS (Trusty Tahr) | Ubuntu | | | | | | | | +16.04.6 LTS (Xenial Xerus) | Ubuntu | | | | | | | | +18.04.2 LTS (Bionic Beaver) | Ubuntu | | | | | | | | +19.04 (Disco Dingo) Latest | Ubuntu | | | | | | | | +Debian 7 (Wheezy) | Debian | | | | | | | | +Debian 8 (Jessie) | Debian | | | | | | | | +Debian 9 (Stretch) | Debian | | | | | | | | +Debian 10 (Buster) | Debian | | | | | | | | +Versions 6.* | RHEL | | | | | | | | +Versions 7.* | RHEL | | | | | | | | +Versions 8.* | RHEL | | | | | | | | +Fedora 28 | Fedora | | | | | | | | +Fedora 29 | Fedora | | | | | | | | +Fedora 30 | Fedora | | | | | | | | +Fedora 31 | Fedora | | | | | | | | +CentOS 6.* | Cent OS | | | | | | | | | +CentOS 7.* | Cent OS | | | | | | | | | +CentOS 8.* | Cent OS | | | | | | | | | +Open SuSE Leap 15.0 | Open SuSE | | | | | | | | +Open SuSE Leap 15.1 | Open SuSE | | | | | | | | +Open SuSE Tumbleweed (latest) | Open SuSE | | | | | | | | +SuSE Enterprise Linux Server 11 | SLES | | | | | | | | +SuSE Enterprise Linux Server 12 | SLES | | | | | | | | +SuSE Enterprise Linux Server 15 | SLES | | | | | | | | +Arch Linux (latest) | Arch | | | | | | | | +All other linux | Other | | | | | | | | diff --git a/packaging/docker/Dockerfile b/packaging/docker/Dockerfile index 98fdce5c9..4be2d93b2 100644 --- a/packaging/docker/Dockerfile +++ b/packaging/docker/Dockerfile @@ -58,9 +58,11 @@ COPY --from=builder /app / # Configure system ARG NETDATA_UID=201 ARG NETDATA_GID=201 +ENV DOCKER_GRP netdata +ENV DOCKER_USR netdata RUN \ # provide judy installation to base image - apk add make alpine-sdk && \ + apk add make alpine-sdk shadow && \ cd /judy-${JUDY_VER} && make install && cd / && \ # Clean the source stuff once judy is installed rm -rf /judy-${JUDY_VER} && apk del make alpine-sdk && \ @@ -69,8 +71,8 @@ RUN \ chmod 4755 /usr/local/bin/fping && \ mkdir -p /var/log/netdata && \ # Add netdata user - addgroup -g ${NETDATA_GID} -S netdata && \ - adduser -S -H -s /usr/sbin/nologin -u ${NETDATA_GID} -h /etc/netdata -G netdata netdata && \ + addgroup -g ${NETDATA_GID} -S "${DOCKER_GRP}" && \ + adduser -S -H -s /usr/sbin/nologin -u ${NETDATA_GID} -h /etc/netdata -G "${DOCKER_GRP}" "${DOCKER_USR}" && \ # Apply the permissions as described in # https://github.com/netdata/netdata/wiki/netdata-security#netdata-directories chown -R root:netdata /etc/netdata && \ diff --git a/packaging/docker/README.md b/packaging/docker/README.md index 0bf416cd4..4e21918ec 100644 --- a/packaging/docker/README.md +++ b/packaging/docker/README.md @@ -24,9 +24,10 @@ This is good for an internal network or to quickly analyse a host. ```bash docker run -d --name=netdata \ -p 19999:19999 \ + -v /etc/passwd:/host/etc/passwd:ro \ + -v /etc/group:/host/etc/group:ro \ -v /proc:/host/proc:ro \ -v /sys:/host/sys:ro \ - -v /var/run/docker.sock:/var/run/docker.sock:ro \ --cap-add SYS_PTRACE \ --security-opt apparmor=unconfined \ netdata/netdata @@ -47,35 +48,57 @@ services: security_opt: - apparmor:unconfined volumes: + - /etc/passwd:/host/etc/passwd:ro + - /etc/group:/host/etc/group:ro - /proc:/host/proc:ro - /sys:/host/sys:ro - - /var/run/docker.sock:/var/run/docker.sock:ro ``` +If you don't want to use the apps.plugin functionality, you can remove the mounts of `/etc/passwd` and `/etc/group` (they are used to get proper user and group names for the monitored host) to get slightly better security. + ### Docker container names resolution -If you want to have your container names resolved by netdata, you need to do two things: -1) Make netdata user be part of the group that owns the socket. - To achieve that just add environment variable `PGID=[GROUP NUMBER]` to the netdata container, - where `[GROUP NUMBER]` is practically the group id of the group assigned to the docker socket, on your host. - This group number can be found by running the following (if socket group ownership is docker): - ```bash - grep docker /etc/group | cut -d ':' -f 3 - ``` - -2) Change docker socket access level to read/write like so: - from - ``` - /var/run/docker.sock:/var/run/docker.sock:ro - ``` - - change to - ``` - /var/run/docker.sock:/var/run/docker.sock:rw - ``` +There are a few options for resolving container names within netdata. Some methods of doing so will allow root access to your machine from within the container. Please read the following carefully. + +#### Docker Socket Proxy (Safest Option) + +Deploy a Docker socket proxy that accepts and filter out requests using something like [HAProxy](https://docs.netdata.cloud/docs/running-behind-haproxy/) so that it restricts connections to read-only access to the CONTAINERS endpoint. + +The reason it's safer to expose the socket to the proxy is because netdata has a TCP port exposed outside the Docker network. Access to the proxy container is limited to only within the network. + +#### Giving group access to Docker Socket (Less safe) **Important Note**: You should seriously consider the necessity of activating this option, -as it grants to the netdata user access to the privileged socket connection of docker service +as it grants to the netdata user access to the privileged socket connection of docker service and therefore your whole machine. + +If you want to have your container names resolved by Netdata, make the `netdata` user be part of the group that owns the socket. + +To achieve that just add environment variable `PGID=[GROUP NUMBER]` to the Netdata container, +where `[GROUP NUMBER]` is practically the group id of the group assigned to the docker socket, on your host. + +This group number can be found by running the following (if socket group ownership is docker): + +```bash +grep docker /etc/group | cut -d ':' -f 3 +``` + +#### Running as root (Unsafe) + +**Important Note**: You should seriously consider the necessity of activating this option, +as it grants to the netdata user access to the privileged socket connection of docker service and therefore your whole machine. + +```yaml +version: '3' +services: + netdata: + image: netdata/netdata + # ... rest of your config ... + volumes: + # ... other volumes ... + - /var/run/docker.sock:/var/run/docker.sock:ro + environment: + - DOCKER_USR=root +``` ### Pass command line options to Netdata @@ -132,6 +155,8 @@ services: security_opt: - apparmor:unconfined volumes: + - /etc/passwd:/host/etc/passwd:ro + - /etc/group:/host/etc/group:ro - /proc:/host/proc:ro - /sys:/host/sys:ro - /var/run/docker.sock:/var/run/docker.sock:ro diff --git a/packaging/docker/build-test.sh b/packaging/docker/build-test.sh index a7e31d4f4..3c55e1736 100755 --- a/packaging/docker/build-test.sh +++ b/packaging/docker/build-test.sh @@ -46,27 +46,29 @@ do esac done -if [ -n "${REPOSITORY}" ] && [ -n "${VERSION}" ] && [ -n "${DOCKER_USERNAME}" ] && [ -n "${DOCKER_PWD}" ] ; then +if [ -n "${REPOSITORY}" ]; then if [ $DOBUILD -eq 1 ] ; then - echo "Building ${VERSION} of ${REPOSITORY} container" + echo "Building ${VERSION:-latest} of ${REPOSITORY} container" docker run --rm --privileged multiarch/qemu-user-static:register --reset # Build images using multi-arch Dockerfile. - eval docker build --build-arg ARCH="amd64" --tag "${REPOSITORY}:${VERSION}" --file packaging/docker/Dockerfile ./ + eval docker build --build-arg ARCH="amd64" --tag "${REPOSITORY}:${VERSION:-latest}" --file packaging/docker/Dockerfile ./ # Create temporary docker CLI config with experimental features enabled (manifests v2 need it) mkdir -p /tmp/docker #echo '{"experimental":"enabled"}' > /tmp/docker/config.json fi - # Login to docker hub to allow futher operations - echo "Logging into docker" - echo "$DOCKER_PWD" | docker --config /tmp/docker login -u "$DOCKER_USERNAME" --password-stdin + if [ -n "${DOCKER_USERNAME}" ] && [ -n "${DOCKER_PWD}" ] ; then + # Login to docker hub to allow futher operations + echo "Logging into docker" + echo "$DOCKER_PWD" | docker --config /tmp/docker login -u "$DOCKER_USERNAME" --password-stdin - echo "Pushing ${REPOSITORY}:${VERSION}" - docker --config /tmp/docker push "${REPOSITORY}:${VERSION}" + echo "Pushing ${REPOSITORY}:${VERSION}" + docker --config /tmp/docker push "${REPOSITORY}:${VERSION}" + fi else - echo "Missing parameter. REPOSITORY=${REPOSITORY} VERSION=${VERSION} DOCKER_USERNAME=${DOCKER_USERNAME} DOCKER_PWD=${DOCKER_PWD}" + echo "Missing parameter. REPOSITORY=${REPOSITORY}" printhelp exit 1 fi diff --git a/packaging/docker/publish.sh b/packaging/docker/publish.sh index fd1883afb..5a9e67ede 100755 --- a/packaging/docker/publish.sh +++ b/packaging/docker/publish.sh @@ -39,10 +39,6 @@ if [ ! -z ${DEVEL+x} ]; then declare -a ARCHS=(${DEVEL_ARCHS[@]}) fi -echo "Syncing repository with latest changes (We may have updated with package versions)" -git checkout master -git pull - # Ensure there is a version, the most appropriate one if [ "${VERSION}" == "" ]; then VERSION=$(git tag --points-at) diff --git a/packaging/docker/run.sh b/packaging/docker/run.sh index 2b5047cd0..f4377d458 100755 --- a/packaging/docker/run.sh +++ b/packaging/docker/run.sh @@ -9,41 +9,15 @@ set -e echo "Netdata entrypoint script starting" if [ ${RESCRAMBLE+x} ]; then - echo "Reinstalling all packages to get the latest Polymorphic Linux scramble" - apk upgrade --update-cache --available + echo "Reinstalling all packages to get the latest Polymorphic Linux scramble" + apk upgrade --update-cache --available fi -create_group_and_assign_to_user() { - local local_DOCKER_GROUP="$1" - local local_DOCKER_GID="$2" - local local_DOCKER_USR="$3" - - echo >&2 "Adding group with ID ${local_DOCKER_GID} and name '${local_DOCKER_GROUP}'" - addgroup -g "${local_DOCKER_GID}" "${local_DOCKER_GROUP}" || echo >&2 "Could not add group ${local_DOCKER_GROUP} with ID ${local_DOCKER_GID}, its already there probably" - - echo >&2 "Adding user '${local_DOCKER_USR}' to group '${local_DOCKER_GROUP}/${local_DOCKER_GID}'" - sed -i "s/:${local_DOCKER_GID}:$/:${local_DOCKER_GID}:${local_DOCKER_USR}/g" /etc/group - - # Make sure we use the right docker group - GRP_TO_ASSIGN="$(grep ":x:${local_DOCKER_GID}:" /etc/group | cut -d':' -f1)" - if [ -z "${GRP_TO_ASSIGN}" ]; then - echo >&2 "Could not find group ID ${local_DOCKER_GID} in /etc/group. Check your logs and report it if this is an unrecovereable error" - else - echo >&2 "Group creation and assignment completed, netdata was assigned to group ${GRP_TO_ASSIGN}/${local_DOCKER_GID}" - echo "${GRP_TO_ASSIGN}" - fi -} - -DOCKER_USR="netdata" -DOCKER_SOCKET="/var/run/docker.sock" -DOCKER_GROUP="docker" - -if [ -S "${DOCKER_SOCKET}" ] && [ -n "${PGID}" ]; then - GRP=$(create_group_and_assign_to_user "${DOCKER_GROUP}" "${PGID}" "${DOCKER_USR}") - if [ -n "${GRP}" ]; then - echo "Adjusting ownership of mapped docker socket '${DOCKER_SOCKET}' to root:${GRP}" - chown "root:${GRP}" "${DOCKER_SOCKET}" || echo "Failed to change ownership on docker socket, container name resolution might not work" - fi +if [ -n "${PGID}" ]; then + echo "Creating docker group ${PGID}" + addgroup -g "${PGID}" "docker" || echo >&2 "Could not add group docker with ID ${PGID}, its already there probably" + echo "Assign netdata user to docker group ${PGID}" + usermod -a -G ${PGID} ${DOCKER_USR} || echo >&2 "Could not add netdata user to group docker with ID ${PGID}" fi exec /usr/sbin/netdata -u "${DOCKER_USR}" -D -s /host -p "${NETDATA_PORT}" "$@" diff --git a/packaging/installer/README.md b/packaging/installer/README.md index b10ffa05a..67a7a9120 100644 --- a/packaging/installer/README.md +++ b/packaging/installer/README.md @@ -6,7 +6,6 @@ The best way to install Netdata is directly from source. Our **automatic install !!! warning You can find Netdata packages distributed by third parties. In many cases, these packages are either too old or broken. So, the suggested ways to install Netdata are the ones in this page. - **We are currently working to provide our binary packages for all Linux distros.** Stay tuned... 1. [Automatic one line installation](#one-line-installation), easy installation from source, **this is the default** 2. [Install pre-built static binary on any 64bit Linux](#linux-64bit-pre-built-static-binary) @@ -17,6 +16,7 @@ The best way to install Netdata is directly from source. Our **automatic install 7. [Enable on FreeNAS Corral](#freenas) 8. [Install on macOS (OS X)](#macos) 9. [Install on a Kubernetes cluster](https://github.com/netdata/helmchart#netdata-helm-chart-for-kubernetes-deployments) +10. [Install using binary packages](#binary-packages) See also the list of Netdata [package maintainers](../maintainers) for ASUSTOR NAS, OpenWRT, ReadyNAS, etc. @@ -24,26 +24,27 @@ Note: From Netdata v1.12 and above, anonymous usage information is collected by --- -## One line installation +## One-line installation +![](https://registry.my-netdata.io/api/v1/badge.svg?chart=web_log_nginx.requests_per_url&options=unaligned&dimensions=kickstart&group=sum&after=-3600&label=last+hour&units=installations&value_color=orange&precision=0) ![](https://registry.my-netdata.io/api/v1/badge.svg?chart=web_log_nginx.requests_per_url&options=unaligned&dimensions=kickstart&group=sum&after=-86400&label=today&units=installations&precision=0) -> This method is **fully automatic on all Linux** distributions. FreeBSD and MacOS systems need some preparations before installing Netdata for the first time. Check the [FreeBSD](#freebsd) and the [MacOS](#macos) sections for more information. +This method is **fully automatic on all Linux distributions**. FreeBSD and MacOS systems need some preparations before installing Netdata for the first time. Check the [FreeBSD](#freebsd) and the [MacOS](#macos) sections for more information. -To install Netdata from source and keep it up to date automatically, run the following: +To install Netdata from source, and keep it up to date with our **nightly releases** automatically, run the following: -```bash -bash <(curl -Ss https://my-netdata.io/kickstart.sh) +``` bash +$ bash <(curl -Ss https://my-netdata.io/kickstart.sh) ``` -*(do not `sudo` this command, it will do it by itself as needed)* +!!! note + Do not use `sudo` for the one-line installer—it will escalate privileges itself if needed. -![](https://registry.my-netdata.io/api/v1/badge.svg?chart=web_log_nginx.requests_per_url&options=unaligned&dimensions=kickstart&group=sum&after=-3600&label=last+hour&units=installations&value_color=orange&precision=0) ![](https://registry.my-netdata.io/api/v1/badge.svg?chart=web_log_nginx.requests_per_url&options=unaligned&dimensions=kickstart&group=sum&after=-86400&label=today&units=installations&precision=0) + To learn more about the pros and cons of using *nightly* vs. *stable* releases, see our [notice about the two options](#nightly-vs-stable-releases). -
Click here for more information and advanced use of this command. +
Click here for more information and advanced use of the one-line installation script.
Verify the integrity of the script with this: -```bash +``` bash [ "8a2b054081a108dff915994ce77f2f2d" = "$(curl -Ss https://my-netdata.io/kickstart.sh | md5sum | cut -d ' ' -f 1)" ] && echo "OK, VALID" || echo "FAILED, INVALID" ``` *It should print `OK, VALID` if the script is the one we ship.* @@ -56,48 +57,47 @@ The `kickstart.sh` script: - installs `netdata-updater.sh` to `cron.daily`, so your Netdata installation will be updated daily (you will get a message from cron only if the update fails). - For QA purposes, this installation method lets us know if it succeed or failed. -The `kickstart.sh` script passes all its parameters to `netdata-installer.sh`, so you can add more parameters to change the installation directory, enable/disable plugins, etc (check below). +The `kickstart.sh` script passes all its parameters to `netdata-installer.sh`, so you can add more parameters to customize your installation. Here are a few important parameters: -For automated installs, append a space + `--dont-wait` to the command line. You can also append `--dont-start-it` to prevent the installer from starting Netdata. -You can also append `--stable-channel` to fetch and install only the official releases from GitHub, instead of the nightly builds. +- `--dont-wait`: Enable automated installs by not prompting for permission to install any required packages. +- `--dont-start-it`: Prevent the installer from starting Netdata automatically. +- `--stable-channel`: Automatically update only on the release of new major versions. +- `--no-updates`: Prevent automatic updates of any kind. -Example: +Example using all the above parameters: ```bash - bash <(curl -Ss https://my-netdata.io/kickstart.sh) --dont-wait --dont-start-it --stable-channel +$ bash <(curl -Ss https://my-netdata.io/kickstart.sh) --dont-wait --dont-start-it --no-updates --stable-channel ``` -If you don't want to receive automatic updates, add `--no-updates` when executing `kickstart.sh` script. - -
 
+
Once Netdata is installed, see [Getting Started](../../docs/GettingStarted.md). --- ## Linux 64bit pre-built static binary +![](https://registry.my-netdata.io/api/v1/badge.svg?chart=web_log_nginx.requests_per_url&options=unaligned&dimensions=kickstart64&group=sum&after=-3600&label=last+hour&units=installations&value_color=orange&precision=0) ![](https://registry.my-netdata.io/api/v1/badge.svg?chart=web_log_nginx.requests_per_url&options=unaligned&dimensions=kickstart64&group=sum&after=-86400&label=today&units=installations&precision=0) -You can install a pre-compiled static binary of Netdata on any Intel/AMD 64bit Linux system -(even those that don't have a package manager, like CoreOS, CirrOS, busybox systems, etc). -You can also use these packages on systems with broken or unsupported package managers. +You can install a pre-compiled static binary of Netdata on any Intel/AMD 64bit Linux system (even those that don't have a package manager, like CoreOS, CirrOS, busybox systems, etc). You can also use these packages on systems with broken or unsupported package managers. -To install Netdata with a binary package on any Linux distro, any kernel version - for **Intel/AMD 64bit** hosts, run the following: +To install Netdata from a binary package on any Linux distro and any kernel version on **Intel/AMD 64bit** systems, and keep it up to date with our **nightly releases** automatically, run the following: ```bash - - bash <(curl -Ss https://my-netdata.io/kickstart-static64.sh) - +$ bash <(curl -Ss https://my-netdata.io/kickstart-static64.sh) ``` -*(do not `sudo` this command, it will do it by itself as needed; if the target system does not have `bash` installed, see below for instructions to run it without `bash`)* +!!! note + Do not use `sudo` for this installer—it will escalate privileges itself if needed. -![](https://registry.my-netdata.io/api/v1/badge.svg?chart=web_log_nginx.requests_per_url&options=unaligned&dimensions=kickstart64&group=sum&after=-3600&label=last+hour&units=installations&value_color=orange&precision=0) ![](https://registry.my-netdata.io/api/v1/badge.svg?chart=web_log_nginx.requests_per_url&options=unaligned&dimensions=kickstart64&group=sum&after=-86400&label=today&units=installations&precision=0) + To learn more about the pros and cons of using *nightly* vs. *stable* releases, see our [notice about the two options](README.md#nightly-vs-stable-releases). -> The static builds install Netdata at **`/opt/netdata`** + If your system does not have `bash` installed, open the `More information and advanced uses of the kickstart-static64.sh script` dropdown for instructions to run the installer without `bash`. + + This script installs Netdata at `/opt/netdata`.
Click here for more information and advanced use of this command.
Verify the integrity of the script with this: ```bash @@ -106,15 +106,17 @@ Verify the integrity of the script with this: *It should print `OK, VALID` if the script is the one we ship.* -For automated installs, append a space + `--dont-wait` to the command line. You can also append `--dont-start-it` to prevent the installer from starting Netdata. -You can also append `--stable-channel` to fetch and install only the official releases from GitHub, instead of the nightly builds. +The `kickstart-static64.sh` script passes all its parameters to `netdata-installer.sh`, so you can add more parameters to customize your installation. Here are a few important parameters: -Example: +- `--dont-wait`: Enable automated installs by not prompting for permission to install any required packages. +- `--dont-start-it`: Prevent the installer from starting Netdata automatically. +- `--stable-channel`: Automatically update only on the release of new major versions. +- `--no-updates`: Prevent automatic updates of any kind. -```bash - - bash <(curl -Ss https://my-netdata.io/kickstart-static64.sh) --dont-wait --dont-start-it --stable-channel +Example using all the above parameters: +```bash +$ bash <(curl -Ss https://my-netdata.io/kickstart-static64.sh) --dont-wait --dont-start-it --no-updates --stable-channel ``` If your shell fails to handle the above one liner, do this: @@ -135,7 +137,7 @@ sh /tmp/kickstart-static64.sh - The same files can be used for updates too. - For QA purposes, this installation method lets us know if it succeed or failed. -
 
+ Once Netdata is installed, see [Getting Started](../../docs/GettingStarted.md). @@ -205,16 +207,16 @@ This is how to do it by hand: ```sh # Debian / Ubuntu -apt-get install zlib1g-dev uuid-dev libuv1-dev liblz4-dev libjudy-dev libssl-dev libmnl-dev gcc make git autoconf autoconf-archive autogen automake pkg-config curl +apt-get install zlib1g-dev uuid-dev libuv1-dev liblz4-dev libjudy-dev libssl-dev libmnl-dev gcc make git autoconf autoconf-archive autogen automake pkg-config curl python # Fedora -dnf install zlib-devel libuuid-devel libuv-devel lz4-devel Judy-devel openssl-devel libmnl-devel gcc make git autoconf autoconf-archive autogen automake pkgconfig curl findutils +dnf install zlib-devel libuuid-devel libuv-devel lz4-devel Judy-devel openssl-devel libmnl-devel gcc make git autoconf autoconf-archive autogen automake pkgconfig curl findutils python # CentOS / Red Hat Enterprise Linux -yum install autoconf automake curl gcc git libmnl-devel libuuid-devel openssl-devel libuv-devel lz4-devel Judy-devel lm_sensors make MySQL-python nc pkgconfig python python-psycopg2 PyYAML zlib-devel +yum install autoconf automake curl gcc git libmnl-devel libuuid-devel openssl-devel libuv-devel lz4-devel Judy-devel make nc pkgconfig python zlib-devel # openSUSE -zypper install zlib-devel libuuid-devel libuv-devel liblz4-devel judy-devel libopenssl-devel libmnl-devel gcc make git autoconf autoconf-archive autogen automake pkgconfig curl findutils +zypper install zlib-devel libuuid-devel libuv-devel liblz4-devel judy-devel libopenssl-devel libmnl-devel gcc make git autoconf autoconf-archive autogen automake pkgconfig curl findutils python ``` @@ -293,6 +295,26 @@ To apply the changes you made, you have to restart Netdata. --- +### Binary Packages +![](https://raw.githubusercontent.com/netdata/netdata/master/web/gui/images/packaging-beta-tag.svg?sanitize=true) + +We provide our own flavour of binary packages for the most common operating systems that comply with .RPM and .DEB packaging formats. + +We have currently released packages following the .RPM format with version [1.16.0](https://github.com/netdata/netdata/releases/tag/v1.16.0). +We have planned to release packages following the .DEB format with version [1.17.0](https://github.com/netdata/netdata/releases/tag/v1.17.0). +Early adopters may experiment with our .DEB formatted packages using our nightly releases. Our current packaging infrastructure provider is [Package Cloud](https://packagecloud.io). + +Netdata is committed to support installation of our solution to all operating systems. This is a constant battle for Netdata, as we strive to automate and make things easier for our users. For the operating system support matrix, please visit our [distributions](../../packaging/DISTRIBUTIONS.md) support page. + +We provide two separate repositories, one for our stable releases and one for our nightly releases. + +1. Stable releases: Our stable production releases are hosted in [netdata/netdata](https://packagecloud.io/netdata/netdata) repository of package cloud +2. Nightly releases: Our latest releases are hosted in [netdata/netdata-edge](https://packagecloud.io/netdata/netdata-edge) repository of package cloud + +Visit the repository pages and follow the quick set-up instructions to get started. + +--- + ## Other Systems @@ -448,4 +470,38 @@ Additionally, as of 2018/06/24, the Netdata installer doesn't recognize DSM as a [ -x /etc/rc.netdata ] && /etc/rc.netdata start ``` + +## Nightly vs. stable releases + +The Netdata team maintains two releases of the Netdata agent: **nightly** and **stable**. By default, Netdata's installation scripts will give you **automatic, nightly** updates, as that is our recommended configuration. + +**Nightly**: We create nightly builds every 24 hours. They contain fully-tested code that fixes bugs or security flaws, or introduces new features to Netdata. Every nightly release is a candidate for then becoming a stable release—when we're ready, we simply change the release tags on GitHub. That means nightly releases are stable and proven to function correctly in the vast majority of Netdata use cases. That's why nightly is the *best choice for most Netdata users*. + +**Stable**: We create stable releases whenever we believe the code has reached a major milestone. Most often, stable releases correlate with the introduction of new, significant features. Stable releases might be a better choice for those who run Netdata in *mission-critical production systems*, as updates will come more infrequently, and only after the community helps fix any bugs that might have been introduced in previous releases. + +**Pros of using nightly releases:** + + - Get the latest features and bugfixes as soon as they're available + - Receive security-related fixes immediately + - Use stable, fully-tested code that's always improving + - Leverage the same Netdata experience our community is using + +**Pros of using stable releases:** + + - Protect yourself from the rare instance when major bugs slip through our testing and negatively affect a Netdata installation + - Retain more control over the Netdata version you use + + +## Automatic updates + +By default, Netdata's installation scripts enable automatic updates for both nightly and stable release channels. + +If you would prefer to manually update your Netdata agent, you can disable automatic updates by using the `--no-updates` option when you install or update Netdata using the [one-line installation script](#one-line-installation). + +```bash +bash <(curl -Ss https://my-netdata.io/kickstart.sh) --no-updates +``` + +With automatic updates disabled, you can choose exactly when and how you [update Netdata](UPDATE.md). + [![analytics](https://www.google-analytics.com/collect?v=1&aip=1&t=pageview&_s=1&ds=github&dr=https%3A%2F%2Fgithub.com%2Fnetdata%2Fnetdata&dl=https%3A%2F%2Fmy-netdata.io%2Fgithub%2Finstaller%2FREADME&_u=MAC~&cid=5792dfd7-8dc4-476b-af31-da2fdb9f93d2&tid=UA-64295674-3)]() diff --git a/packaging/installer/UNINSTALL.md b/packaging/installer/UNINSTALL.md index 765184d39..43d03b002 100644 --- a/packaging/installer/UNINSTALL.md +++ b/packaging/installer/UNINSTALL.md @@ -16,7 +16,7 @@ NETDATA_ADDED_TO_GROUPS="" # Additional groups for a user ru ``` 3. Run `netdata-uninstaller.sh` as follows ``` -${NETDATA_PREFIX}/usr/libexec/netdata-uninstaller.sh --yes --env +${NETDATA_PREFIX}/usr/libexec/netdata/netdata-uninstaller.sh --yes --env ``` Note: Existing installations may still need to download the file if it's not present. diff --git a/packaging/installer/netdata-uninstaller.sh b/packaging/installer/netdata-uninstaller.sh index 0bbdaac2c..41ada6234 100755 --- a/packaging/installer/netdata-uninstaller.sh +++ b/packaging/installer/netdata-uninstaller.sh @@ -2,14 +2,15 @@ #shellcheck disable=SC2181 # # This is the netdata uninstaller script +# # Variables needed by script and taken from '.environment' file: # - NETDATA_PREFIX # - NETDATA_ADDED_TO_GROUPS # # Copyright: SPDX-License-Identifier: GPL-3.0-or-later # -# Author: Paul Emm. Katsoulakis -# +# Author: Paweł Krupa +# Author: Pavlos Emm. Katsoulakis usage="$(basename "$0") [-h] [-f ] -- program to calculate the answer to life, the universe and everything diff --git a/packaging/installer/netdata-updater.sh b/packaging/installer/netdata-updater.sh index 83031f3aa..6609edd5a 100755 --- a/packaging/installer/netdata-updater.sh +++ b/packaging/installer/netdata-updater.sh @@ -1,8 +1,8 @@ #!/usr/bin/env bash #shellcheck disable=SC2164 - -# this script will uninstall netdata - +# +# Netdata updater utility +# # Variables needed by script: # - PATH # - CFLAGS @@ -11,6 +11,12 @@ # - NETDATA_TARBALL_URL # - NETDATA_TARBALL_CHECKSUM_URL # - NETDATA_TARBALL_CHECKSUM +# - NETDATA_PREFIX / NETDATA_LIB_DIR (After 1.16.1 we will only depend on lib dir) +# +# Copyright: SPDX-License-Identifier: GPL-3.0-or-later +# +# Author: Paweł Krupa +# Author: Pavlos Emm. Katsoulakis info() { echo >&3 "$(date) : INFO: " "${@}" @@ -67,21 +73,26 @@ download() { } set_tarball_urls() { + local extension="tar.gz" if [ ! -z "${NETDATA_LOCAL_TARBAL_OVERRIDE}" ]; then info "Not fetching remote tarballs, local override was given" return fi + if [ "$2" == "yes" ]; then + extension="gz.run" + fi + if [ "$1" = "stable" ]; then local latest # Simple version # latest="$(curl -sSL https://api.github.com/repos/netdata/netdata/releases/latest | grep tag_name | cut -d'"' -f4)" latest="$(download "https://api.github.com/repos/netdata/netdata/releases/latest" /dev/stdout | grep tag_name | cut -d'"' -f4)" - export NETDATA_TARBALL_URL="https://github.com/netdata/netdata/releases/download/$latest/netdata-$latest.tar.gz" + export NETDATA_TARBALL_URL="https://github.com/netdata/netdata/releases/download/$latest/netdata-$latest.${extension}" export NETDATA_TARBALL_CHECKSUM_URL="https://github.com/netdata/netdata/releases/download/$latest/sha256sums.txt" else - export NETDATA_TARBALL_URL="https://storage.googleapis.com/netdata-nightlies/netdata-latest.tar.gz" + export NETDATA_TARBALL_URL="https://storage.googleapis.com/netdata-nightlies/netdata-latest.${extension}" export NETDATA_TARBALL_CHECKSUM_URL="https://storage.googleapis.com/netdata-nightlies/sha256sums.txt" fi } @@ -131,10 +142,12 @@ update() { info "Re-installing netdata..." eval "${REINSTALL_COMMAND} --dont-wait ${do_not_start}" >&3 2>&3 || fatal "FAILED TO COMPILE/INSTALL NETDATA" + + # We no longer store checksum info here. but leave this so that we clean up all environment files upon next update. sed -i '/NETDATA_TARBALL/d' "${ENVIRONMENT_FILE}" - cat <>"${ENVIRONMENT_FILE}" -NETDATA_TARBALL_CHECKSUM="$NEW_CHECKSUM" -EOF + + info "Updating tarball checksum info" + echo "${NEW_CHECKSUM}" > "${NETDATA_LIB_DIR}/netdata.tarball.checksum" fi rm -rf "${tmpdir}" >&3 2>&3 @@ -148,6 +161,12 @@ EOF # shellcheck source=/dev/null source "${ENVIRONMENT_FILE}" || exit 1 +# We dont expect to find lib dir variable on older installations, so load this path if none found +export NETDATA_LIB_DIR="${NETDATA_LIB_DIR:-${NETDATA_PREFIX}/var/lib/netdata}" + +# Source the tarbal checksum, if not already available from environment (for existing installations with the old logic) +[[ -z "${NETDATA_TARBALL_CHECKSUM}" ]] && [[ -f ${NETDATA_LIB_DIR}/netdata.tarball.checksum ]] && NETDATA_TARBALL_CHECKSUM="$(cat "${NETDATA_LIB_DIR}/netdata.tarball.checksum")" + if [ "${INSTALL_UID}" != "$(id -u)" ]; then fatal "You are running this script as user with uid $(id -u). We recommend to run this script as root (user with uid 0)" fi @@ -165,7 +184,34 @@ else exec 3>"${logfile}" fi -set_tarball_urls "${RELEASE_CHANNEL}" +set_tarball_urls "${RELEASE_CHANNEL}" "${IS_NETDATA_STATIC_BINARY}" + +if [ "${IS_NETDATA_STATIC_BINARY}" == "yes" ]; then + TMPDIR="$(create_tmp_directory)" + PREVDIR="$(pwd)" + + echo >&2 "Entering ${TMPDIR}" + cd "${TMPDIR}" + + download "${NETDATA_TARBALL_CHECKSUM_URL}" "${TMPDIR}/sha256sum.txt" + download "${NETDATA_TARBALL_URL}" "${TMPDIR}/netdata-latest.gz.run" + if ! grep netdata-latest.gz.run "${TMPDIR}/sha256sum.txt" | safe_sha256sum -c - >/dev/null 2>&1; then + fatal "Static binary checksum validation failed. Stopping netdata installation and leaving binary in ${TMPDIR}" + fi + + # Do not pass any options other than the accept, for now + sh "${TMPDIR}/netdata-latest.gz.run" --accept + + #shellcheck disable=SC2181 + if [ $? -eq 0 ]; then + rm -r "${TMPDIR}" + else + echo >&2 "NOTE: did not remove: ${TMPDIR}" + fi + echo >&2 "Switching back to ${PREVDIR}" + cd "${PREVDIR}" +else + # the installer updates this script - so we run and exit in a single line + update && exit 0 +fi -# the installer updates this script - so we run and exit in a single line -update && exit 0 diff --git a/packaging/makeself/jobs/70-netdata-git.install.sh b/packaging/makeself/jobs/70-netdata-git.install.sh index 71ea0f63a..80fba3158 100755 --- a/packaging/makeself/jobs/70-netdata-git.install.sh +++ b/packaging/makeself/jobs/70-netdata-git.install.sh @@ -13,6 +13,10 @@ else # export CFLAGS="-static -O1 -ggdb -Wall -Wextra -Wformat-signedness" fi +# We export this to 'yes', installer sets this to .environment. +# The updater consumes this one, so that it can tell whether it should update a static install or a non-static one +export IS_NETDATA_STATIC_BINARY="yes" + run ./netdata-installer.sh --install "${NETDATA_INSTALL_PARENT}" \ --dont-wait \ --dont-start-it \ diff --git a/packaging/version b/packaging/version index a406138ee..e17963c5d 100644 --- a/packaging/version +++ b/packaging/version @@ -1 +1 @@ -v1.16.0 +v1.16.1 -- cgit v1.2.3