From cd4377fab21e0f500bef7f06543fa848a039c1e0 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Thu, 20 Jul 2023 06:50:01 +0200 Subject: Merging upstream version 1.41.0. Signed-off-by: Daniel Baumann --- packaging/PLATFORM_SUPPORT.md | 17 +- packaging/current_libbpf.checksums | 2 +- packaging/current_libbpf.version | 2 +- packaging/docker/Dockerfile | 5 +- packaging/docker/README.md | 625 ++++++++++------------ packaging/docker/gen-cflags.sh | 4 +- packaging/go.d.checksums | 34 +- packaging/go.d.version | 2 +- packaging/installer/README.md | 2 + packaging/installer/UPDATE.md | 18 +- packaging/installer/install-required-packages.sh | 11 +- packaging/installer/kickstart.sh | 53 +- packaging/installer/methods/macos.md | 2 +- packaging/installer/methods/pfsense.md | 31 +- packaging/installer/netdata-updater.sh | 52 +- packaging/makeself/install-or-update.sh | 4 +- packaging/makeself/jobs/70-netdata-git.install.sh | 9 +- packaging/version | 2 +- 18 files changed, 433 insertions(+), 442 deletions(-) (limited to 'packaging') diff --git a/packaging/PLATFORM_SUPPORT.md b/packaging/PLATFORM_SUPPORT.md index 2236ae846..62a6a4051 100644 --- a/packaging/PLATFORM_SUPPORT.md +++ b/packaging/PLATFORM_SUPPORT.md @@ -90,14 +90,15 @@ platforms that we officially support ourselves to the intermediate tier. Our [st expected to work on these platforms if available. Source-based installs are expected to work on these platforms with minimal user effort. -| Platform | Version | Official Native Packages | Notes | -|---------------|---------|--------------------------|------------------------------------------------------------------------------------------------------| -| Alpine Linux | 3.16 | No | | -| Alpine Linux | 3.15 | No | | -| Amazon Linux | 2023 | x86\_64, AArch64 | Scheduled for promotion to Core tier at some point after the release of v1.39.0 of the Netdata Agent | -| Amazon Linux | 2 | x86\_64, AArch64 | Scheduled for promotion to Core tier at some point after the release of v1.39.0 of the Netdata Agent | -| Arch Linux | Latest | No | We officially recommend the community packages available for Arch Linux | -| Manjaro Linux | Latest | No | We officially recommend the community packages available for Arch Linux | +| Platform | Version | Official Native Packages | Notes | +|---------------|------------|--------------------------|------------------------------------------------------------------------------------------------------| +| Alpine Linux | 3.16 | No | | +| Alpine Linux | 3.15 | No | | +| Amazon Linux | 2023 | x86\_64, AArch64 | Scheduled for promotion to Core tier at some point after the release of v1.39.0 of the Netdata Agent | +| Amazon Linux | 2 | x86\_64, AArch64 | Scheduled for promotion to Core tier at some point after the release of v1.39.0 of the Netdata Agent | +| Arch Linux | Latest | No | We officially recommend the community packages available for Arch Linux | +| Manjaro Linux | Latest | No | We officially recommend the community packages available for Arch Linux | +| openSUSE | Tumbleweed | x86\_64, AArch64 | Scheduled for promotion to Core tier at some point after the release of v1.41.0 of the Netdata Agent | ### Community diff --git a/packaging/current_libbpf.checksums b/packaging/current_libbpf.checksums index 2f0d8a9b8..8279c1dd3 100644 --- a/packaging/current_libbpf.checksums +++ b/packaging/current_libbpf.checksums @@ -1 +1 @@ -97d0b6d5b86ae473883aadcba4fcecf47f608f5d0eb3dbb75eb2dbde271f0046 v1.2_netdata.tar.gz +05e4ccdd3bc8532290eebc37b37455b253071244d30e42412a7071d89221f1c8 v1.2.2p_netdata.tar.gz diff --git a/packaging/current_libbpf.version b/packaging/current_libbpf.version index eff71eefb..b5dc2d8bd 100644 --- a/packaging/current_libbpf.version +++ b/packaging/current_libbpf.version @@ -1 +1 @@ -1.2_netdata +1.2.2p_netdata diff --git a/packaging/docker/Dockerfile b/packaging/docker/Dockerfile index 3a4b9025a..4cbba913e 100644 --- a/packaging/docker/Dockerfile +++ b/packaging/docker/Dockerfile @@ -28,8 +28,8 @@ WORKDIR /opt/netdata.git RUN chmod +x netdata-installer.sh && \ cp -rp /deps/* /usr/local/ && \ /bin/echo -e "INSTALL_TYPE='oci'\nPREBUILT_ARCH='$(uname -m)'" > ./system/.install-type && \ - CFLAGS="$(packaging/docker/gen-cflags.sh)" ./netdata-installer.sh --dont-wait --dont-start-it --use-system-protobuf \ - ${EXTRA_INSTALL_OPTS} --one-time-build "$([ "$RELEASE_CHANNEL" = stable ] && echo --stable-channel)" + CFLAGS="$(packaging/docker/gen-cflags.sh)" LDFLAGS="-Wl,--gc-sections" ./netdata-installer.sh --dont-wait --dont-start-it --use-system-protobuf \ + ${EXTRA_INSTALL_OPTS} --one-time-build --enable-lto "$([ "$RELEASE_CHANNEL" = stable ] && echo --stable-channel)" # files to one directory RUN mkdir -p /app/usr/sbin/ \ @@ -104,6 +104,7 @@ RUN chown -R root:root \ chmod 0755 /usr/libexec/netdata/plugins.d/*.plugin && \ chmod 4755 \ /usr/libexec/netdata/plugins.d/cgroup-network \ + /usr/libexec/netdata/plugins.d/local-listeners \ /usr/libexec/netdata/plugins.d/apps.plugin \ /usr/libexec/netdata/plugins.d/debugfs.plugin && \ if [ -f /usr/libexec/netdata/plugins.d/freeipmi.plugin ]; then \ diff --git a/packaging/docker/README.md b/packaging/docker/README.md index ef7dd6de7..eb7deb203 100644 --- a/packaging/docker/README.md +++ b/packaging/docker/README.md @@ -12,43 +12,58 @@ import TabItem from '@theme/TabItem'; # Install Netdata with Docker -## Limitations running the Agent in Docker +## Create a new Netdata Agent container -For monitoring the whole host, running the Agent in a container can limit its capabilities. Some data, like the host OS -performance or status, is not accessible or not as detailed in a container as when running the Agent directly on the -host. +You can create a new Agent container using either `docker run` or `docker-compose`. After using any method, you can +visit the Agent dashboard `http://NODE:19999`. -A way around this is to provide special mounts to the Docker container so that the Agent can get visibility on host OS -information like `/sys` and `/proc` folders or even `/etc/group` and shadow files. +The Netdata container requires different privileges and mounts to provide functionality similar to that provided by +Netdata installed on the host. Below you can find a list of Netdata components that need these privileges and mounts, +along with their descriptions. -Also, we now ship Docker images using an [ENTRYPOINT](https://docs.docker.com/engine/reference/builder/#entrypoint) -directive, not a COMMAND directive. Please adapt your execution scripts accordingly. You can find more information about -ENTRYPOINT vs COMMAND in the [Docker -documentation](https://docs.docker.com/engine/reference/builder/#understand-how-cmd-and-entrypoint-interact). +
+Privileges -Our POWER8+ Docker images do not support our FreeIPMI collector. This is a technical limitation in FreeIPMI itself, -and unfortunately not something we can realistically work around. +| Component | Privileges | Description | +|:---------------:|:-----------------------------:|--------------------------------------------------------------------------------------------------------------------------| +| cgroups.plugin | host PID mode, SYS_ADMIN | Container network interfaces monitoring. Map virtual interfaces in the system namespace to interfaces inside containers. | +| proc.plugin | host network mode | Host system networking stack monitoring. | +| go.d.plugin | host network mode | Monitoring applications running on the host and inside containers. | +| local-listeners | host network mode, SYS_PTRACE | Discovering local services/applications. Map open (listening) ports to running services/applications. | -## Create a new Netdata Agent container +
-You can create a new Agent container using either `docker run` or `docker-compose`. After using either method, you can -visit the Agent dashboard `http://NODE:19999`. +
+Mounts + +| Component | Mounts | Description | +|:--------------:|:--------------------------:|-------------------------------------------------------------------------------------------------------------------------------------| +| netdata | /etc/os-release | Host info detection. | +| cgroups.plugin | /sys, /var/run/docker.sock | Docker containers monitoring and name resolution. | +| go.d.plugin | /var/run/docker.sock | Docker Engine and containers monitoring. See [docker](https://github.com/netdata/go.d.plugin/tree/master/modules/docker) collector. | +| apps.plugin | /etc/passwd, /etc/group | Monitoring of host system resource usage by each user and user group. | +| proc.plugin | /proc | Host system monitoring (CPU, memory, network interfaces, disks, etc.). | + +
-Both methods create a [bind mount](https://docs.docker.com/storage/bind-mounts/) for Netdata's configuration files -_within the container_ at `/etc/netdata`. See the [configuration section](#configure-agent-containers) for details. If -you want to access the configuration files from your _host_ machine, see [host-editable -configuration](#host-editable-configuration). +### Recommended way + +Both methods create a [volume](https://docs.docker.com/storage/volumes/) for Netdata's configuration files +_within the container_ at `/etc/netdata`. +See the [configure section](#configure-agent-containers) for details. If you want to access the configuration files from +your _host_ machine, see [host-editable configuration](#with-host-editable-configuration).

Using the docker run command

-Run the following command along with the following options on your terminal, to start a new container. +Run the following command in your terminal to start a new container. ```bash docker run -d --name=netdata \ - -p 19999:19999 \ + --pid=host \ + --network=host \ -v netdataconfig:/etc/netdata \ -v netdatalib:/var/lib/netdata \ -v netdatacache:/var/cache/netdata \ @@ -57,159 +72,82 @@ docker run -d --name=netdata \ -v /proc:/host/proc:ro \ -v /sys:/host/sys:ro \ -v /etc/os-release:/host/etc/os-release:ro \ + -v /var/run/docker.sock:/var/run/docker.sock:ro \ --restart unless-stopped \ --cap-add SYS_PTRACE \ + --cap-add SYS_ADMIN \ --security-opt apparmor=unconfined \ netdata/netdata ``` -> ### Note -> -> If you plan to Claim the node to Netdata Cloud, you can find the command with the right parameters by clicking the "Add Nodes" button in your Space's Nodes tab. -

Using the docker-compose command

-#### Steps - -1. Copy the following code and paste into a new file called `docker-compose.yml` - - ```yaml - version: '3' - services: - netdata: - image: netdata/netdata - container_name: netdata - hostname: example.com # set to fqdn of host - ports: - - 19999:19999 - restart: unless-stopped - cap_add: - - SYS_PTRACE - security_opt: - - apparmor:unconfined - volumes: - - netdataconfig:/etc/netdata - - netdatalib:/var/lib/netdata - - netdatacache:/var/cache/netdata - - /etc/passwd:/host/etc/passwd:ro - - /etc/group:/host/etc/group:ro - - /proc:/host/proc:ro - - /sys:/host/sys:ro - - /etc/os-release:/host/etc/os-release:ro - - volumes: - netdataconfig: - netdatalib: - netdatacache: - ``` - -2. Run `docker-compose up -d` in the same directory as the `docker-compose.yml` file to start the container. +Create a file named `docker-compose.yml` in your project directory and paste the code below. From your project +directory, start Netdata by running `docker-compose up -d`. -> :bookmark_tabs: Note -> -> If you plan to Claim the node to Netdata Cloud, you can find the command with the right parameters by clicking the "Add Nodes" button in your Space's "Nodes" view. +```yaml +version: '3' +services: + netdata: + image: netdata/netdata + container_name: netdata + pid: host + network_mode: host + restart: unless-stopped + cap_add: + - SYS_PTRACE + - SYS_ADMIN + security_opt: + - apparmor:unconfined + volumes: + - netdataconfig:/etc/netdata + - netdatalib:/var/lib/netdata + - netdatacache:/var/cache/netdata + - /etc/passwd:/host/etc/passwd:ro + - /etc/group:/host/etc/group:ro + - /proc:/host/proc:ro + - /sys:/host/sys:ro + - /etc/os-release:/host/etc/os-release:ro + - /var/run/docker.sock:/var/run/docker.sock:ro + +volumes: + netdataconfig: + netdatalib: + netdatacache: +```
-## Docker tags - -See our full list of Docker images at [Docker Hub](https://hub.docker.com/r/netdata/netdata). - -The official `netdata/netdata` Docker image provides the following named tags: - -* `stable`: The `stable` tag will always point to the most recently published stable build. -* `edge`: The `edge` tag will always point ot the most recently published nightly build. In most cases, this is - updated daily at around 01:00 UTC. -* `latest`: The `latest` tag will always point to the most recently published build, whether it’s a stable build - or a nightly build. This is what Docker will use by default if you do not specify a tag. - -Additionally, for each stable release, three tags are pushed, one with the full version of the release (for example, -`v1.30.0`), one with just the major and minor version (for example, `v1.30`), and one with just the major version -(for example, `v1`). The tags for the minor versions and major versions are updated whenever a release is published -that would match that tag (for example, if `v1.30.1` were to be published, the `v1.30` tag would be updated to -point to that instead of `v1.30.0`). - -## Adding extra packages at runtime - -By default, the official Netdata container images do not include a number of optional runtime dependencies. You -can add these dependencies, or any other APK packages, at runtime by listing them in the environment variable -`NETDATA_EXTRA_APK_PACKAGES`. - -Commonly useful packages include: - -- `apcupsd`: For monitoring APC UPS devices. -- `libvirt-daemon`: For resolving cgroup names for libvirt domains. -- `lm-sensors`: For monitoring hardware sensors. -- `msmtp`: For email alert support. -- `netcat-openbsd`: For IRC alert support. - -## Health Checks - -Our Docker image provides integrated support for health checks through the standard Docker interfaces. +> :bookmark_tabs: Note +> +> If you plan to Claim the node to Netdata Cloud, you can find the command with the right parameters by clicking the " +> Add Nodes" button in your Space's "Nodes" view. -You can control how the health checks run by using the environment variable `NETDATA_HEALTHCHECK_TARGET` as follows: +### With host-editable configuration -- If left unset, the health check will attempt to access the - `/api/v1/info` endpoint of the agent. -- If set to the exact value 'cli', the health check - script will use `netdatacli ping` to determine if the agent is running - correctly or not. This is sufficient to ensure that Netdata did not - hang during startup, but does not provide a rigorous verification - that the daemon is collecting data or is otherwise usable. -- If set to anything else, the health check will treat the value as a - URL to check for a 200 status code on. In most cases, this should - start with `http://localhost:19999/` to check the agent running in - the container. - -In most cases, the default behavior of checking the `/api/v1/info` -endpoint will be sufficient. If you are using a configuration which -disables the web server or restricts access to certain APIs, you will -need to use a non-default configuration for health checks to work. +Use a [bind mount](https://docs.docker.com/storage/bind-mounts/) for `/etc/netdata` rather than a volume. -## Configure Agent containers - -If you started an Agent container using one of the [recommended methods](#create-a-new-netdata-agent-container), and you -want to edit Netdata's configuration, you must first use `docker exec` to attach to the container. Replace `netdata` -with the name of your container. +This example assumes that you have created `netdataconfig/` in your home directory. ```bash -docker exec -it netdata bash -cd /etc/netdata -./edit-config netdata.conf +mkdir netdataconfig ``` -You need to restart the Agent to apply changes. Exit the container if you haven't already, then use the `docker` command -to restart the container: `docker restart netdata`. - -### Host-editable configuration - -> :warning: Warning -> -> The [edit-config](https://github.com/netdata/netdata/blob/master/docs/configure/nodes.md#the-netdata-config-directory) script doesn't work when executed on -> the host system. - -If you want to make your container's configuration directory accessible from the host system, you need to use a -[volume](https://docs.docker.com/storage/bind-mounts/) rather than a bind mount. The following commands create a -temporary `netdata_tmp` container, which is used to populate a `netdataconfig` directory, which is then mounted inside -the container at `/etc/netdata`. + + -```bash -mkdir netdataconfig -docker run -d --name netdata_tmp netdata/netdata -docker cp netdata_tmp:/etc/netdata netdataconfig/ -docker rm -f netdata_tmp -``` +

Using the docker run command

-**`docker run`**: Use the `docker run` command, along with the following options, to start a new container. Note the -changed `-v $(pwd)/netdataconfig/netdata:/etc/netdata \` line from the recommended example above. +Run the following command in your terminal to start a new container. ```bash docker run -d --name=netdata \ - -p 19999:19999 \ + --pid=host \ + --network=host \ -v $(pwd)/netdataconfig/netdata:/etc/netdata \ -v netdatalib:/var/lib/netdata \ -v netdatacache:/var/cache/netdata \ @@ -218,15 +156,21 @@ docker run -d --name=netdata \ -v /proc:/host/proc:ro \ -v /sys:/host/sys:ro \ -v /etc/os-release:/host/etc/os-release:ro \ + -v /var/run/docker.sock:/var/run/docker.sock:ro \ --restart unless-stopped \ --cap-add SYS_PTRACE \ + --cap-add SYS_ADMIN \ --security-opt apparmor=unconfined \ netdata/netdata ``` -**Docker Compose**: Copy the following code and paste into a new file called `docker-compose.yml`, then run -`docker-compose up -d` in the same directory as the `docker-compose.yml` file to start the container. Note the changed -`./netdataconfig/netdata:/etc/netdata:ro` line from the recommended example above. +
+ + +

Using the docker-compose command

+ +Create a file named `docker-compose.yml` in your project directory and paste the code below. From your project +directory, start Netdata by running `docker-compose up -d`. ```yaml version: '3' @@ -234,12 +178,12 @@ services: netdata: image: netdata/netdata container_name: netdata - hostname: example.com # set to fqdn of host - ports: - - 19999:19999 + pid: host + network_mode: host restart: unless-stopped cap_add: - SYS_PTRACE + - SYS_ADMIN security_opt: - apparmor:unconfined volumes: @@ -251,131 +195,172 @@ services: - /proc:/host/proc:ro - /sys:/host/sys:ro - /etc/os-release:/host/etc/os-release:ro + - /var/run/docker.sock:/var/run/docker.sock:ro volumes: netdatalib: netdatacache: ``` -### Change the default hostname +
+
-You can change the hostname of a Docker container, and thus the name that appears in the local dashboard and in Netdata -Cloud, when creating a new container. If you want to change the hostname of a Netdata container _after_ you started it, -you can safely stop and remove it. Your configuration and metrics data reside in persistent volumes and are reattached to -the recreated container. +### With SSL/TLS enabled HTTP Proxy -If you use `docker-run`, use the `--hostname` option with `docker run`. +For a permanent installation on a public server, you +should [secure the Netdata instance](https://github.com/netdata/netdata/blob/master/docs/netdata-security.md). This +section contains an example of how to install Netdata with an SSL reverse proxy and basic authentication. -```bash -docker run -d --name=netdata \ - --hostname=my_docker_netdata +You can use the following `docker-compose.yml` and Caddyfile files to run Netdata with Docker. Replace the domains and +email address for [Let's Encrypt](https://letsencrypt.org/) before starting. + +#### Caddyfile + +This file needs to be placed in `/opt` with name `Caddyfile`. Here you customize your domain, and you need to provide +your email address to obtain a Let's Encrypt certificate. Certificate renewal will happen automatically and will be +executed internally by the caddy server. + +```caddyfile +netdata.example.org { + reverse_proxy netdata:19999 + tls admin@example.org +} ``` -If you use `docker-compose`, add a `hostname:` key/value pair into your `docker-compose.yml` file, then create the -container again using `docker-compose up -d`. +#### docker-compose.yml + +After setting Caddyfile run this with `docker-compose up -d` to have a fully functioning Netdata setup behind an HTTP reverse +proxy. ```yaml version: '3' services: + caddy: + image: caddy:2 + ports: + - "80:80" + - "443:443" + volumes: + - /opt/Caddyfile:/etc/caddy/Caddyfile + - caddy_data:/data + - caddy_config:/config netdata: image: netdata/netdata container_name: netdata - hostname: my_docker_compose_netdata - ... -``` - -If you don't want to destroy and recreate your container, you can edit the Agent's `netdata.conf` file directly. See the -above section on [configuring Agent containers](#configure-agent-containers) to find the appropriate method based on -how you created the container. - -Alternatively, you can directly use the hostname from the node running the container by mounting -`/etc/hostname` from the host in the container. With `docker run`, this can be done by adding `--volume -/etc/hostname:/etc/hostname:ro` to the options. If you are using Docker Compose, you can add an entry to the -container's `volumes` section reading `- /etc/hostname:/etc/hostname:ro`. - -### Add or remove other volumes - -Some volumes are optional depending on how you use Netdata: - -- If you don't want to use the apps.plugin functionality, you can remove the mounts of `/etc/passwd` and `/etc/group` - (they are used to get proper user and group names for the monitored host) to get slightly better security. -- Most modern linux distros supply `/etc/os-release` although some older distros only supply `/etc/lsb-release`. If - this is the case you can change the line above that mounts the file inside the container to - `-v /etc/lsb-release:/host/etc/lsb-release:ro`. -- If your host is virtualized then Netdata cannot detect it from inside the container and will output the wrong - metadata (e.g. on `/api/v1/info` queries). You can fix this by setting a variable that overrides the detection - using, e.g. `--env VIRTUALIZATION=$(systemd-detect-virt -v)`. If you are using a `docker-compose.yml` then add: - -```yaml - environment: - - VIRTUALIZATION=${VIRTUALIZATION} -``` - -This allows the information to be passed into `docker-compose` using: - -```bash -VIRTUALIZATION=$(systemd-detect-virt -v) docker-compose up + hostname: example.com # set to fqdn of host + restart: always + pid: host + cap_add: + - SYS_PTRACE + - SYS_ADMIN + security_opt: + - apparmor:unconfined + volumes: + - netdataconfig:/etc/netdata + - netdatalib:/var/lib/netdata + - netdatacache:/var/cache/netdata + - /etc/passwd:/host/etc/passwd:ro + - /etc/group:/host/etc/group:ro + - /proc:/host/proc:ro + - /sys:/host/sys:ro + - /etc/os-release:/host/etc/os-release:ro + - /var/run/docker.sock:/var/run/docker.sock:ro +volumes: + caddy_data: + caddy_config: + netdatalib: + netdatacache: ``` -#### Files inside systemd volumes - -If a volume is used by systemd service, some files can be removed during -[reinitialization](https://github.com/netdata/netdata/issues/9916). To avoid this, you need to add -`RuntimeDirectoryPreserve=yes` to the service file. +#### Restrict access with basic auth -### Docker container names resolution +You can restrict access by +following the [official caddy guide](https://caddyserver.com/docs/caddyfile/directives/basicauth#basicauth) and adding lines +to Caddyfile. -There are a few options for resolving container names within Netdata. Some methods of doing so will allow root access to -your machine from within the container. Please read the following carefully. - -#### Docker socket proxy (safest option) +### With Docker socket proxy Deploy a Docker socket proxy that accepts and filters out requests using something like [HAProxy](https://github.com/netdata/netdata/blob/master/docs/Running-behind-haproxy.md) or -[CetusGuard](https://github.com/hectorm/cetusguard) so that it restricts connections to read-only access to the `/containers` -endpoint. +[CetusGuard](https://github.com/hectorm/cetusguard) so that it restricts connections to read-only access to +the `/containers` endpoint. The reason it's safer to expose the socket to the proxy is because Netdata has a TCP port exposed outside the Docker network. Access to the proxy container is limited to only within the network. -Here are two examples, the first using [a Docker image based on HAProxy](https://github.com/Tecnativa/docker-socket-proxy) -and the second using [CetusGuard](https://github.com/hectorm/cetusguard). - -##### Docker Socket Proxy (HAProxy) +#### HAProxy ```yaml version: '3' services: netdata: image: netdata/netdata - # ... rest of your config ... - ports: - - 19999:19999 + container_name: netdata + pid: host + network_mode: host + restart: unless-stopped + cap_add: + - SYS_PTRACE + - SYS_ADMIN + security_opt: + - apparmor:unconfined + volumes: + - netdataconfig:/etc/netdata + - netdatalib:/var/lib/netdata + - netdatacache:/var/cache/netdata + - /etc/passwd:/host/etc/passwd:ro + - /etc/group:/host/etc/group:ro + - /proc:/host/proc:ro + - /sys:/host/sys:ro + - /etc/os-release:/host/etc/os-release:ro environment: - - DOCKER_HOST=proxy:2375 + - DOCKER_HOST=localhost:2375 proxy: + network_mode: host image: tecnativa/docker-socket-proxy volumes: - /var/run/docker.sock:/var/run/docker.sock:ro environment: - CONTAINERS=1 + +volumes: + netdataconfig: + netdatalib: + netdatacache: ``` + **Note:** Replace `2375` with the port of your proxy. -##### CetusGuard +#### CetusGuard ```yaml version: '3' services: netdata: image: netdata/netdata - # ... rest of your config ... - ports: - - 19999:19999 + container_name: netdata + pid: host + network_mode: host + restart: unless-stopped + cap_add: + - SYS_PTRACE + - SYS_ADMIN + security_opt: + - apparmor:unconfined + volumes: + - netdataconfig:/etc/netdata + - netdatalib:/var/lib/netdata + - netdatacache:/var/cache/netdata + - /etc/passwd:/host/etc/passwd:ro + - /etc/group:/host/etc/group:ro + - /proc:/host/proc:ro + - /sys:/host/sys:ro + - /etc/os-release:/host/etc/os-release:ro environment: - - DOCKER_HOST=cetusguard:2375 + - DOCKER_HOST=localhost:2375 cetusguard: image: hectorm/cetusguard:v1 + network_mode: host read_only: true volumes: - /var/run/docker.sock:/var/run/docker.sock:ro @@ -385,86 +370,65 @@ services: CETUSGUARD_RULES: | ! Inspect a container GET %API_PREFIX_CONTAINERS%/%CONTAINER_ID_OR_NAME%/json + +volumes: + netdataconfig: + netdatalib: + netdatacache: ``` You can run the socket proxy in its own Docker Compose file and leave it on a private network that you can add to other services that require access. -#### Giving group access to the Docker socket (less safe) - -> :warning: Caution -> -> You should seriously consider the necessity of activating this option, as it grants to the `netdata` -> user access to the privileged socket connection of docker service and therefore your whole machine. - -If you want to have your container names resolved by Netdata, make the `netdata` user be part of the group that owns the -socket. +## Docker tags -```yaml -version: '3' -services: - netdata: - image: netdata/netdata - # ... rest of your config ... - volumes: - # ... other volumes ... - - /var/run/docker.sock:/var/run/docker.sock:ro - environment: - - PGID=[GROUP NUMBER] -``` +See our full list of Docker images at [Docker Hub](https://hub.docker.com/r/netdata/netdata). -To achieve that just add environment variable `PGID=[GROUP NUMBER]` to the Netdata container, where `[GROUP NUMBER]` is -practically the group id of the group assigned to the docker socket, on your host. +The official `netdata/netdata` Docker image provides the following named tags: -This group number can be found by running the following (if socket group ownership is docker): +| Tag | Description | +|:--------:|---------------------------------------------------------------------------------------------------------------------------------------------------------| +| `stable` | the most recently published stable build. | +| `edge` | the most recently published nightly build. In most cases, this is updated daily at around 01:00 UTC. | +| `latest` | the most recently published build, whether it’s a stable build or a nightly build. This is what Docker will use by default if you do not specify a tag. | +| `vX.Y.Z` | the full version of the release (for example, `v1.40.0`). | +| `vX.Y` | the major and minor version (for example, `v1.40`). | +| `vX` | just the major version (for example, `v1`). | -```bash -grep docker /etc/group | cut -d ':' -f 3 -``` +The tags for minor and major versions are updated whenever a release that matches this tag is published (for example, +if `v1.40.1` were to be published, the `v1.40` tag would be updated to it instead of pointing to `v1.40.0`). -#### Running as root (unsafe) +## Configure Agent containers -> :warning: Caution -> -> You should seriously consider the necessity of activating this option, as it grants to the `netdata` user access to -> the privileged socket connection of docker service, and therefore your whole machine. +If you started an Agent container using one of the [recommended methods](#create-a-new-netdata-agent-container), and you +want to edit Netdata's configuration, you must first use `docker exec` to attach to the container. Replace `netdata` +with the name of your container. -```yaml -version: '3' -services: - netdata: - image: netdata/netdata - # ... rest of your config ... - volumes: - # ... other volumes ... - - /var/run/docker.sock:/var/run/docker.sock:ro - environment: - - DOCKER_USR=root +```bash +docker exec -it netdata bash +cd /etc/netdata +./edit-config netdata.conf ``` -### Docker container network interfaces monitoring - -Netdata can map a virtual interface in the system namespace to an interface inside a Docker container -when using network [bridge](https://docs.docker.com/network/bridge/) driver. To do this, the Netdata container needs -additional privileges: +You need to restart the Agent to apply changes. Exit the container if you haven't already, then use the `docker` command +to restart the container: `docker restart netdata`. -- the host PID mode. This turns on sharing between container and the host operating system the PID - address space (needed to get list of PIDs from `cgroup.procs` file). +### Change the default hostname -- `SYS_ADMIN` capability (needed to execute `setns()`). +You can change the hostname of a Docker container, and thus the name that appears in the local dashboard and in Netdata +Cloud, when creating a new container. If you want to change the hostname of a Netdata container _after_ you started it, +you can safely stop and remove it. Your configuration and metrics data reside in persistent volumes and are reattached +to the recreated container. -**docker run**: +If you use `docker-run`, use the `--hostname` option with `docker run`. ```bash docker run -d --name=netdata \ - ... - --pid=host \ - --cap-add SYS_ADMIN \ - ... - netdata/netdata + --hostname=my_docker_netdata ``` -**docker compose**: +If you use `docker-compose`, add a `hostname:` key/value pair into your `docker-compose.yml` file, then create the +container again using `docker-compose up -d`. ```yaml version: '3' @@ -472,87 +436,48 @@ services: netdata: image: netdata/netdata container_name: netdata - pid: host - cap_add: - - SYS_ADMIN - ... + hostname: my_docker_compose_netdata ``` -### Pass command line options to Netdata - -Since we use an [ENTRYPOINT](https://docs.docker.com/engine/reference/builder/#entrypoint) directive, you can provide -[Netdata daemon command line options](https://github.com/netdata/netdata/blob/master/daemon/README.md#command-line-options) such as the IP address Netdata will be -running on, using the [command instruction](https://docs.docker.com/engine/reference/builder/#cmd). - -## Install the Agent using Docker Compose with SSL/TLS enabled HTTP Proxy - -For a permanent installation on a public server, you should [secure the Netdata -instance](https://github.com/netdata/netdata/blob/master/docs/netdata-security.md). This section contains an example of how to install Netdata with an SSL -reverse proxy and basic authentication. - -You can use the following `docker-compose.yml` and Caddyfile files to run Netdata with Docker. Replace the domains and -email address for [Let's Encrypt](https://letsencrypt.org/) before starting. +If you don't want to destroy and recreate your container, you can edit the Agent's `netdata.conf` file directly. See the +above section on [configuring Agent containers](#configure-agent-containers) to find the appropriate method based on +how you created the container. -### Caddyfile +Alternatively, you can directly use the hostname from the node running the container by mounting `/etc/hostname` from +the host in the container. With `docker run`, this can be done by adding `--volume /etc/hostname:/etc/hostname:ro` to +the options. If you are using Docker Compose, you can add an entry to the container's `volumes` section +reading `- /etc/hostname:/etc/hostname:ro`. -This file needs to be placed in `/opt` with name `Caddyfile`. Here you customize your domain, and you need to provide -your email address to obtain a Let's Encrypt certificate. Certificate renewal will happen automatically and will be -executed internally by the caddy server. +## Adding extra packages at runtime -```caddyfile -netdata.example.org { - reverse_proxy netdata:19999 - tls admin@example.org -} -``` +By default, the official Netdata container images do not include a number of optional runtime dependencies. You +can add these dependencies, or any other APK packages, at runtime by listing them in the environment variable +`NETDATA_EXTRA_APK_PACKAGES`. -### docker-compose.yml +Commonly useful packages include: -After setting Caddyfile run this with `docker-compose up -d` to have fully functioning Netdata setup behind HTTP reverse -proxy. +- `apcupsd`: For monitoring APC UPS devices. +- `libvirt-daemon`: For resolving cgroup names for libvirt domains. +- `lm-sensors`: For monitoring hardware sensors. +- `msmtp`: For email alert support. +- `netcat-openbsd`: For IRC alert support. -```yaml -version: '3' -volumes: - caddy_data: - caddy_config: +## Health Checks -services: - caddy: - image: caddy:2 - ports: - - "80:80" - - "443:443" - volumes: - - /opt/Caddyfile:/etc/caddy/Caddyfile - - caddy_data:/data - - caddy_config:/config - netdata: - restart: always - hostname: netdata.example.org - image: netdata/netdata - cap_add: - - SYS_PTRACE - security_opt: - - apparmor:unconfined - volumes: - - netdatalib:/var/lib/netdata - - netdatacache:/var/cache/netdata - - /etc/passwd:/host/etc/passwd:ro - - /etc/group:/host/etc/group:ro - - /proc:/host/proc:ro - - /sys:/host/sys:ro - - /var/run/docker.sock:/var/run/docker.sock:ro +Our Docker image provides integrated support for health checks through the standard Docker interfaces. -volumes: - netdatalib: - netdatacache: -``` +You can control how the health checks run by using the environment variable `NETDATA_HEALTHCHECK_TARGET` as follows: -### Restrict access with basic auth +- If left unset, the health check will attempt to access the `/api/v1/info` endpoint of the agent. +- If set to the exact value 'cli', the health check script will use `netdatacli ping` to determine if the agent is + running correctly or not. This is sufficient to ensure that Netdata did not hang during startup, but does not provide + a rigorous verification that the daemon is collecting data or is otherwise usable. +- If set to anything else, the health check will treat the value as a URL to check for a 200 status code on. In most + cases, this should start with `http://localhost:19999/` to check the agent running in the container. -You can restrict access by following [official caddy guide](https://caddyserver.com/docs/caddyfile/directives/basicauth#basicauth) and adding lines to -Caddyfile. +In most cases, the default behavior of checking the `/api/v1/info` endpoint will be sufficient. If you are using a +configuration which disables the web server or restricts access to certain APIs, you will need to use a non-default +configuration for health checks to work. ## Publish a test image to your own repository diff --git a/packaging/docker/gen-cflags.sh b/packaging/docker/gen-cflags.sh index 3a80b7358..f5ccab8a4 100755 --- a/packaging/docker/gen-cflags.sh +++ b/packaging/docker/gen-cflags.sh @@ -3,7 +3,7 @@ if [ -n "${CFLAGS}" ]; then echo "${CFLAGS}" elif [ -n "${DEBUG_BUILD}" ]; then - echo "-Og -ggdb -pipe" + echo "-ffunction-sections -fdata-sections -Og -ggdb -pipe" else - echo "-O2 -pipe" + echo "-ffunction-sections -fdata-sections -O2 -funroll-loops -pipe" fi diff --git a/packaging/go.d.checksums b/packaging/go.d.checksums index 09b86f661..068d46978 100644 --- a/packaging/go.d.checksums +++ b/packaging/go.d.checksums @@ -1,17 +1,17 @@ -5f35071de109b4f78fe0fa7b8e2e08a0107055ef4a98944d238a91bb79e6d685 *config.tar.gz -888819289f9342b19b33fcff5360b2624964d4e0659f7ffde22638e7c6bc291d *go.d.plugin-v0.53.2.darwin-amd64.tar.gz -1a8cb431cbd22264b573d6025e7907eb9189f353c242477fd61cff823653bf54 *go.d.plugin-v0.53.2.darwin-arm64.tar.gz -d0b7aaad5d914fa60488ad7226ba324bfdcd160577cb6df0cb383eb64fb63913 *go.d.plugin-v0.53.2.freebsd-386.tar.gz -b3da2b601fead7851db2416c06713a447b1c463f9ed918dfd7174ecc76de9dbb *go.d.plugin-v0.53.2.freebsd-amd64.tar.gz -bab327edc8d732594b04eb626adfad43e7580c1ad694ca3eba821daefe1bfde4 *go.d.plugin-v0.53.2.freebsd-arm.tar.gz -47b0df08fb91b321b0c982e2e4006adc2d8c084e1b2e2dd1742c0eb118cc913d *go.d.plugin-v0.53.2.freebsd-arm64.tar.gz -aa75b321de766046ec2ef95a21b67208a50c182077ba2f1a384a575b4080d540 *go.d.plugin-v0.53.2.linux-386.tar.gz -c3ad5df378d561c82766ff1ae95fe721e0be68621aa1ecc14140678c9558c0f3 *go.d.plugin-v0.53.2.linux-amd64.tar.gz -c7b2b45f9554bf2e2581b6eb1671b9206ae1123339feca42b442bdb7c9969b0f *go.d.plugin-v0.53.2.linux-arm.tar.gz -4dda349bb07b32509a080c9eab747161ef4490bd60c190cfae40872274c41e4c *go.d.plugin-v0.53.2.linux-arm64.tar.gz -7b8c7c61ccecf514aefd1424be650ad4f1b1026176b8ebfe3e876e60b362ccb7 *go.d.plugin-v0.53.2.linux-mips.tar.gz -325e65bebb944906debd73be7a3410dad6f4014ab66314f83462cd3c0dcf0987 *go.d.plugin-v0.53.2.linux-mips64.tar.gz -3c4e3cf67751bd10779fb42ebb34bc9f1649c5ea84a250735f90b1676c228789 *go.d.plugin-v0.53.2.linux-mips64le.tar.gz -210e8271da577189df98c0e397d3f02a305c2fce10f08c336291f5aa96bffba9 *go.d.plugin-v0.53.2.linux-mipsle.tar.gz -f6842408660c46cd8a65b1765ef3e3f13ff43a58a0f01765fffaf34b6ee5852c *go.d.plugin-v0.53.2.linux-ppc64.tar.gz -219e3d2406e9284a28f3a0ae4e5ea48b9f1cff5e389a562ca1a2c3842a44908a *go.d.plugin-v0.53.2.linux-ppc64le.tar.gz +aac36f9675e85e3da6f5d73f2b0ba430d3b97c447a25a81f3a41d35420e841d4 *config.tar.gz +a3ef29cab4def627c94ddd235c23b8bd173b1ae3496dd04137c00942313afaec *go.d.plugin-v0.54.0.darwin-amd64.tar.gz +30e4ff2a25fd59c7bc496ef9939031681a9d2528dafc55516e6564cd444bf127 *go.d.plugin-v0.54.0.darwin-arm64.tar.gz +e35ea578ab0a09acaef9903f243f7eb3b5c1df67ded28df642bd599672d5a41b *go.d.plugin-v0.54.0.freebsd-386.tar.gz +0eb175cd4304d74c1fdc49f86f9909ca6967b16d4a52a4a439bc879abff9daf7 *go.d.plugin-v0.54.0.freebsd-amd64.tar.gz +e1a2d0917c5953d015b4b76c3192d0035d8ef60e74856238be86a82ae2a8b3d4 *go.d.plugin-v0.54.0.freebsd-arm.tar.gz +90560658753e5fde40081dcfda0a4121a4eed3fbb20e37dc834755ab1fa4e0ee *go.d.plugin-v0.54.0.freebsd-arm64.tar.gz +9f46fdd7e047c767b9ef44d98e95f9b44af6ca0d252983d271052ed71a6663b3 *go.d.plugin-v0.54.0.linux-386.tar.gz +9130a3c61e7ba756ef6694764a809a0e473654f9791dbb29761d02e24cdb6b65 *go.d.plugin-v0.54.0.linux-amd64.tar.gz +a47973241ecc1dfed62eda7d7ed03ab2f4ead471119d1125e781f4823b915305 *go.d.plugin-v0.54.0.linux-arm.tar.gz +b3dce37ef34f8780adb9aecc114d9ee67ba84f1b9300bcc9bc4467bd9129e659 *go.d.plugin-v0.54.0.linux-arm64.tar.gz +f79cf85119b7a6e6b6ebfde0f09055ac690656e48e3e95b197a4349b9c809b3a *go.d.plugin-v0.54.0.linux-mips.tar.gz +e599a40c3901dd1824763728ef75170fd462a52c95c8e8115ca20b687da51d28 *go.d.plugin-v0.54.0.linux-mips64.tar.gz +b06f119dc0c971a59cae825487da959849b7e29f8a228367614be74e3f5e2f4e *go.d.plugin-v0.54.0.linux-mips64le.tar.gz +a87f48d08b6dcb9d5a47f48eb543ee9f3a7c007c9212c394788099feb60d3943 *go.d.plugin-v0.54.0.linux-mipsle.tar.gz +5da8a5dba19276eb0890d8cfe6f52b4d1ad006fb375ce27743ee24aa8875b739 *go.d.plugin-v0.54.0.linux-ppc64.tar.gz +d69b565e6bbcc4b48e7d338cca2aef27ef68a456f2e818af1423d8a054cc4848 *go.d.plugin-v0.54.0.linux-ppc64le.tar.gz diff --git a/packaging/go.d.version b/packaging/go.d.version index 57bc653ec..ec9d0044f 100644 --- a/packaging/go.d.version +++ b/packaging/go.d.version @@ -1 +1 @@ -v0.53.2 +v0.54.0 diff --git a/packaging/installer/README.md b/packaging/installer/README.md index 869684da3..9a9beb720 100644 --- a/packaging/installer/README.md +++ b/packaging/installer/README.md @@ -7,6 +7,8 @@ import TabItem from '@theme/TabItem'; This document will guide you through installing the open-source Netdata monitoring Agent on Linux, Docker, Kubernetes, and many others, often with one command. +Netdata is very flexible and can be used to monitor all kinds of infrastructure. Read more about possible [Deployment strategies](https://github.com/netdata/netdata/blob/master/docs/category-overview-pages/deployment-strategies.md) to understand what better suites your needs. + ## Get started Netdata is a free and open-source (FOSS) monitoring agent that collects thousands of hardware and software metrics from diff --git a/packaging/installer/UPDATE.md b/packaging/installer/UPDATE.md index 3df84023b..492f464e4 100644 --- a/packaging/installer/UPDATE.md +++ b/packaging/installer/UPDATE.md @@ -28,7 +28,7 @@ The exact update method to use depends on the install type: Starting with netdata v1.33.0, you can use Netdata itself to determine the installation type by running: ```bash -netdata -W buildinfo | grep 'Install type:' +netdata -W buildinfo | grep -E 'Installation Type|Install type:' ``` If you are using an older version of Netdata, or the above command produces no output, you can run our one-line @@ -166,3 +166,19 @@ and: ```bash /opt/netdata/usr/libexec/netdata/netdata-updater.sh --disable-auto-updates ``` + +## Control runtime behavior of the updater script. + +Starting with v1.40.0, the `netdata-updater.sh` script supports a config file called `netdata-updater.conf`, +located in the same directory as the main `netdata.conf` file. This file uses POSIX shell script syntax to define +variables that are used by the updater. + +This configuration file can be edited [using our `edit-config` +script](https://github.com/netdata/netdata/blob/master/docs/configure/nodes.md). + +The following configuration options are currently supported: + +- `NETDATA_UPDATER_JITTER`: Sets an upper limit in seconds on the random delay in the updater script when running + as a scheduled task. This random delay helps avoid issues resulting from too many nodes trying to reconnect to + the Cloud at the same time. The default value is 3600, which corresponds to one hour. Most users should not ever + need to change this. diff --git a/packaging/installer/install-required-packages.sh b/packaging/installer/install-required-packages.sh index ce5ab4044..a05d7440e 100755 --- a/packaging/installer/install-required-packages.sh +++ b/packaging/installer/install-required-packages.sh @@ -180,10 +180,15 @@ get_os_release() { eval "$(grep -E "^(NAME|ID|ID_LIKE|VERSION|VERSION_ID)=" "${os_release_file}")" for x in "${ID}" ${ID_LIKE}; do case "${x,,}" in - almalinux | alpine | arch | centos | clear-linux-os | debian | fedora | gentoo | manjaro | opensuse-leap | ol | rhel | rocky | sabayon | sles | suse | ubuntu) + almalinux | alpine | arch | centos | clear-linux-os | debian | fedora | gentoo | manjaro | opensuse-leap | opensuse-tumbleweed | ol | rhel | rocky | sabayon | sles | suse | ubuntu) distribution="${x}" - version="${VERSION_ID}" - codename="${VERSION}" + if [ "${ID}" = "opensuse-tumbleweed" ]; then + version="tumbleweed" + codename="tumbleweed" + else + version="${VERSION_ID}" + codename="${VERSION}" + fi detection="${os_release_file}" break ;; diff --git a/packaging/installer/kickstart.sh b/packaging/installer/kickstart.sh index 5c6e39cf7..31930f9d4 100755 --- a/packaging/installer/kickstart.sh +++ b/packaging/installer/kickstart.sh @@ -7,13 +7,7 @@ # ====================================================================== # Constants -AGENT_BUG_REPORT_URL="https://github.com/netdata/netdata/issues/new/choose" -CLOUD_BUG_REPORT_URL="https://github.com/netdata/netdata-cloud/issues/new/choose" DEFAULT_RELEASE_CHANNEL="nightly" -DISCORD_INVITE="https://discord.gg/5ygS846fR6" -DISCUSSIONS_URL="https://github.com/netdata/netdata/discussions" -DOCS_URL="https://learn.netdata.cloud/docs/" -FORUM_URL="https://community.netdata.cloud/" KICKSTART_OPTIONS="${*}" KICKSTART_SOURCE="$( self=${0} @@ -25,16 +19,27 @@ KICKSTART_SOURCE="$( cd "${self%/*}" || exit 1 echo "$(pwd -P)/${self##*/}" )" -PACKAGES_SCRIPT="https://raw.githubusercontent.com/netdata/netdata/master/packaging/installer/install-required-packages.sh" DEFAULT_PLUGIN_PACKAGES="" PATH="${PATH}:/usr/local/bin:/usr/local/sbin" -PUBLIC_CLOUD_URL="https://app.netdata.cloud" -REPOCONFIG_DEB_URL_PREFIX="https://repo.netdata.cloud/repos/repoconfig" REPOCONFIG_DEB_VERSION="2-1" -REPOCONFIG_RPM_URL_PREFIX="https://repo.netdata.cloud/repos/repoconfig" REPOCONFIG_RPM_VERSION="2-1" START_TIME="$(date +%s)" STATIC_INSTALL_ARCHES="x86_64 armv7l aarch64 ppc64le" + +# ====================================================================== +# URLs used throughout the script + +AGENT_BUG_REPORT_URL="https://github.com/netdata/netdata/issues/new/choose" +CLOUD_BUG_REPORT_URL="https://github.com/netdata/netdata-cloud/issues/new/choose" +DISCORD_INVITE="https://discord.gg/5ygS846fR6" +DISCUSSIONS_URL="https://github.com/netdata/netdata/discussions" +DOCS_URL="https://learn.netdata.cloud/docs/" +FORUM_URL="https://community.netdata.cloud/" +INSTALL_DOC_URL="https://learn.netdata.cloud/docs/install-the-netdata-agent/one-line-installer-for-all-linux-systems" +PACKAGES_SCRIPT="https://raw.githubusercontent.com/netdata/netdata/master/packaging/installer/install-required-packages.sh" +PUBLIC_CLOUD_URL="https://app.netdata.cloud" +REPOCONFIG_DEB_URL_PREFIX="https://repo.netdata.cloud/repos/repoconfig" +REPOCONFIG_RPM_URL_PREFIX="https://repo.netdata.cloud/repos/repoconfig" TELEMETRY_URL="https://us-east1-netdata-analytics-bi.cloudfunctions.net/ingest_agent_events" # ====================================================================== @@ -83,6 +88,7 @@ CURL="$(PATH="${PATH}:/opt/netdata/bin" command -v curl 2>/dev/null && true)" BADCACHE_MSG="Usually this is a result of an older copy of the file being cached somewhere upstream and can be resolved by retrying in an hour" BADNET_MSG="This is usually a result of a networking issue" ERROR_F0003="Could not find a usable HTTP client. Either curl or wget is required to proceed with installation." +BADOPT_MSG="If you are following a third-party guide online, please see ${INSTALL_DOC_URL} for current instructions for using this script. If you are using a local copy of this script instead of fetching it from our servers, consider updating it. If you intended to pass this option to the installer code, please use either --local-build-options or --static-install-options to specify it instead." # ====================================================================== # Core program logic @@ -668,10 +674,22 @@ get_system_info() { DISTRO_COMPAT_NAME="${DISTRO}" else case "${DISTRO}" in - opensuse-leap) DISTRO_COMPAT_NAME="opensuse" ;; - cloudlinux|almalinux|rocky|rhel) DISTRO_COMPAT_NAME="centos" ;; - artix|manjaro|obarun) DISTRO_COMPAT_NAME="arch" ;; - *) DISTRO_COMPAT_NAME="unknown" ;; + opensuse-leap) + DISTRO_COMPAT_NAME="opensuse" + ;; + opensuse-tumbleweed) + DISTRO_COMPAT_NAME="opensuse" + SYSVERSION="tumbleweed" + ;; + cloudlinux|almalinux|rocky|rhel) + DISTRO_COMPAT_NAME="centos" + ;; + artix|manjaro|obarun) + DISTRO_COMPAT_NAME="arch" + ;; + *) + DISTRO_COMPAT_NAME="unknown" + ;; esac fi @@ -896,7 +914,7 @@ handle_existing_install() { kickstart-*|legacy-*|binpkg-*|manual-static|unknown) if [ "${INSTALL_TYPE}" = "unknown" ]; then if [ "${EXISTING_INSTALL_IS_NATIVE}" -eq 1 ]; then - warning "Found an existing netdata install managed by the system package manager, but could not determine the install type. Usually this means you installed an unsupported third-party netdata package." + warning "Found an existing netdata install managed by the system package manager, but could not determine the install type. Usually this means you installed an unsupported third-party netdata package. This script supports claiming most such installs, but attempting to update or reinstall them using this script may be dangerous." else warning "Found an existing netdata install at ${ndprefix}, but could not determine the install type. Usually this means you installed Netdata through your distribution’s regular package repositories or some other unsupported method." fi @@ -940,7 +958,7 @@ handle_existing_install() { promptmsg="Attempting to update an installation managed by the system package manager is known to not work in most cases. If you are trying to install the latest version of Netdata, you will need to manually uninstall it through your system package manager. ${claimonly_notice} Are you sure you want to continue?" else failmsg="We do not support trying to update or claim installations when we cannot determine the install type. You will need to uninstall the existing install using the same method you used to install it to proceed. ${claimonly_notice}" - promptmsg="Attempting to update an existing install is not officially supported. It may work, but it also might break your system. ${claimonly_notice} Are you sure you want to continue?" + promptmsg="Attempting to update an existing install with an unknown installation type is not officially supported. It may work, but it also might break your system. ${claimonly_notice} Are you sure you want to continue?" fi if [ "${INTERACTIVE}" -eq 0 ] && [ "${ACTION}" != "claim" ]; then fatal "${failmsg}" F0106 @@ -2213,7 +2231,8 @@ parse_args() { fatal "A source directory must be specified with the --offline-install-source option." F0501 fi ;; - *) fatal "Unrecognized option '${1}'. If you intended to pass this option to the installer code, please use either --local-build-options or --static-install-options to specify it instead." F050E ;; + "--"|"all"|"--yes"|"-y"|"--force"|"--accept") warning "Option '${1}' is not recognized, ignoring it. ${BADOPT_MSG}" ;; + *) fatal "Unrecognized option '${1}'. ${BADOPT_MSG}" F050E ;; esac shift 1 done diff --git a/packaging/installer/methods/macos.md b/packaging/installer/methods/macos.md index 11884f7d7..b09632fa1 100644 --- a/packaging/installer/methods/macos.md +++ b/packaging/installer/methods/macos.md @@ -38,7 +38,7 @@ The Netdata Agent is installed under `/usr/local/netdata`. Dependencies are hand The `kickstart.sh` script accepts additional parameters to automatically [connect](https://github.com/netdata/netdata/blob/master/claim/README.md) your node to Netdata Cloud immediately after installation. Find the `token` and `rooms` strings by [signing in to Netdata Cloud](https://app.netdata.cloud/sign-in?cloudRoute=/spaces), then clicking on **Connect Nodes** in the [Spaces management -area](https://github.com/netdata/netdata/blob/master/docs/cloud/spaces.md). +area](https://github.com/netdata/netdata/blob/master/docs/cloud/manage/organize-your-infrastrucutre-invite-your-team.md#netdata-cloud-spaces). - `--claim-token`: Specify a unique claiming token associated with your Space in Netdata Cloud to be used to connect to the node after the install. diff --git a/packaging/installer/methods/pfsense.md b/packaging/installer/methods/pfsense.md index 1a03afb57..407127e93 100644 --- a/packaging/installer/methods/pfsense.md +++ b/packaging/installer/methods/pfsense.md @@ -18,7 +18,8 @@ learn_rel_path: "Installation/Install on specific environments" ## Install prerequisites/dependencies -To install Netdata on pfSense, first run the following command (within a shell or under the **Diagnostics/Command** +To install Netdata on pfSense, first enable the [FreeBSD package repo](https://docs.netgate.com/pfsense/en/latest/recipes/freebsd-pkg-repo.html) +Then run the following command (within a shell or under the **Diagnostics/Command** prompt within the pfSense web interface). ```bash @@ -28,22 +29,22 @@ pkg install -y pkgconf bash e2fsprogs-libuuid libuv nano Then run the following commands to download various dependencies from the FreeBSD repository. ```sh -pkg add http://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/json-c-0.15_1.txz -pkg add http://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/py38-certifi-2021.10.8.txz -pkg add http://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/py38-asn1crypto-1.4.0.txz -pkg add http://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/py38-pycparser-2.20.txz -pkg add http://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/py38-cffi-1.14.6.txz -pkg add http://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/py38-six-1.16.0.txz -pkg add http://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/py38-cryptography-3.3.2.txz -pkg add http://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/py38-idna-2.10.txz -pkg add http://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/py38-openssl-20.0.1.txz -pkg add http://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/py38-pysocks-1.7.1.txz -pkg add http://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/py38-urllib3-1.26.7,1.txz -pkg add http://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/py38-yaml-5.4.1.txz +pkg install json-c-0.15_1 +pkg install py39-certifi-2023.5.7 +pkg install py39-asn1crypto +pkg install py39-pycparser +pkg install py39-cffi +pkg install py39-six +pkg install py39-cryptography +pkg install py39-idna +pkg install py39-openssl +pkg install py39-pysocks +pkg install py39-urllib3 +pkg install py39-yaml ``` > ⚠️ If any of the above commands return a `Not Found` error, you need to manually search for the latest package in the -> [FreeBSD repository](https://www.freebsd.org/ports/). Search for the package's name, such as `py37-cffi`, find the +> [FreeBSD repository](https://www.freebsd.org/ports/) or by running `pkg search`. Search for the package's name, such as `py37-cffi`, find the > latest version number, and update the command accordingly. > ⚠️ On pfSense 2.4.5, Python version 3.7 may be installed by the system, in which case you should should not install @@ -58,7 +59,7 @@ pkg add http://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/py38-yaml-5.4.1.txz You can now install Netdata from the FreeBSD repository. ```bash -pkg add http://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/netdata-1.31.0_1.txz +pkg install netdata ``` > ⚠️ If the above command returns a `Not Found` error, you need to manually search for the latest version of Netdata in diff --git a/packaging/installer/netdata-updater.sh b/packaging/installer/netdata-updater.sh index f8edb6d71..8e06923e4 100755 --- a/packaging/installer/netdata-updater.sh +++ b/packaging/installer/netdata-updater.sh @@ -37,6 +37,8 @@ PACKAGES_SCRIPT="https://raw.githubusercontent.com/netdata/netdata/master/packag NETDATA_STABLE_BASE_URL="${NETDATA_BASE_URL:-https://github.com/netdata/netdata/releases}" NETDATA_NIGHTLY_BASE_URL="${NETDATA_BASE_URL:-https://github.com/netdata/netdata-nightlies/releases}" +NETDATA_UPDATER_JITTER=3600 + script_dir="$(CDPATH='' cd -- "$(dirname -- "$0")" && pwd -P)" if [ -x "${script_dir}/netdata-updater" ]; then @@ -103,6 +105,14 @@ exit_reason() { fi } +is_integer () { + case "${1#[+-]}" in + *[!0123456789]*) return 1 ;; + '') return 1 ;; + *) return 0 ;; + esac +} + issystemd() { # if the directory /lib/systemd/system OR /usr/lib/systemd/system (SLES 12.x) does not exit, it is not systemd if [ ! -d /lib/systemd/system ] && [ ! -d /usr/lib/systemd/system ]; then @@ -668,7 +678,8 @@ update_static() { cd "${ndtmpdir}" || fatal "Failed to change current working directory to ${ndtmpdir}" U0019 if update_available; then - sysarch="$(uname -m)" + sysarch="${PREBUILT_ARCH}" + [ -z "$sysarch" ] && sysarch="$(uname -m)" download "${NETDATA_TARBALL_CHECKSUM_URL}" "${ndtmpdir}/sha256sum.txt" download "${NETDATA_TARBALL_URL}" "${ndtmpdir}/netdata-${sysarch}-latest.gz.run" if ! grep "netdata-${sysarch}-latest.gz.run" "${ndtmpdir}/sha256sum.txt" | safe_sha256sum -c - > /dev/null 2>&1; then @@ -721,7 +732,7 @@ update_binpkg() { DISTRO_COMPAT_NAME="${DISTRO}" else case "${DISTRO}" in - opensuse-leap) + opensuse-leap|opensuse-tumbleweed) DISTRO_COMPAT_NAME="opensuse" ;; cloudlinux|almalinux|rocky|rhel) @@ -859,6 +870,11 @@ if [ -r "$(dirname "${ENVIRONMENT_FILE}")/.install-type" ]; then . "$(dirname "${ENVIRONMENT_FILE}")/.install-type" || fatal "Failed to source $(dirname "${ENVIRONMENT_FILE}")/.install-type" U0015 fi +if [ -r "$(dirname "${ENVIRONMENT_FILE}")/netdata-updater.conf" ]; then + # shellcheck source=/dev/null + . "$(dirname "${ENVIRONMENT_FILE}")/netdata-updater.conf" +fi + while [ -n "${1}" ]; do case "${1}" in --not-running-from-cron) NETDATA_NOT_RUNNING_FROM_CRON=1 ;; @@ -867,17 +883,17 @@ while [ -n "${1}" ]; do --non-interactive) INTERACTIVE=0 ;; --interactive) INTERACTIVE=1 ;; --tmpdir-path) - NETDATA_TMPDIR_PATH="${2}" - shift 1 - ;; + NETDATA_TMPDIR_PATH="${2}" + shift 1 + ;; --enable-auto-updates) - enable_netdata_updater "${2}" - exit $? - ;; + enable_netdata_updater "${2}" + exit $? + ;; --disable-auto-updates) - disable_netdata_updater - exit $? - ;; + disable_netdata_updater + exit $? + ;; *) fatal "Unrecognized option ${1}" U001A ;; esac @@ -888,12 +904,16 @@ done # and disconnecting/reconnecting at the same time (or near to). # But only we're not a controlling terminal (tty) # Randomly sleep between 1s and 60m -if [ ! -t 1 ] && [ -z "${NETDATA_NOT_RUNNING_FROM_CRON}" ]; then - rnd="$(awk ' +if [ ! -t 1 ] && \ + [ -z "${GITHUB_ACTIONS}" ] && \ + [ -z "${NETDATA_NOT_RUNNING_FROM_CRON}" ] && \ + is_integer "${NETDATA_UPDATER_JITTER}" && \ + [ "${NETDATA_UPDATER_JITTER}" -gt 1 ]; then + rnd="$(awk " BEGIN { srand() - printf("%d\n", 3600 * rand()) - }')" - sleep $(((rnd % 3600) + 1)) + printf(\"%d\\n\", ${NETDATA_UPDATER_JITTER} * rand()) + }")" + sleep $(((rnd % NETDATA_UPDATER_JITTER) + 1)) fi # We dont expect to find lib dir variable on older installations, so load this path if none found diff --git a/packaging/makeself/install-or-update.sh b/packaging/makeself/install-or-update.sh index f8b32ed74..e4c133459 100755 --- a/packaging/makeself/install-or-update.sh +++ b/packaging/makeself/install-or-update.sh @@ -172,7 +172,7 @@ fi progress "changing plugins ownership and permissions" -for x in apps.plugin perf.plugin slabinfo.plugin debugfs.plugin freeipmi.plugin ioping cgroup-network ebpf.plugin nfacct.plugin xenstat.plugin python.d.plugin charts.d.plugin go.d.plugin ioping.plugin cgroup-network-helper.sh; do +for x in apps.plugin perf.plugin slabinfo.plugin debugfs.plugin freeipmi.plugin ioping cgroup-network local-listeners ebpf.plugin nfacct.plugin xenstat.plugin python.d.plugin charts.d.plugin go.d.plugin ioping.plugin cgroup-network-helper.sh; do f="usr/libexec/netdata/plugins.d/${x}" if [ -f "${f}" ]; then run chown root:${NETDATA_GROUP} "${f}" @@ -198,7 +198,7 @@ else done fi -for x in freeipmi.plugin ioping cgroup-network ebpf.plugin nfacct.plugin xenstat.plugin; do +for x in freeipmi.plugin ioping cgroup-network local-listeners ebpf.plugin nfacct.plugin xenstat.plugin; do f="usr/libexec/netdata/plugins.d/${x}" if [ -f "${f}" ]; then diff --git a/packaging/makeself/jobs/70-netdata-git.install.sh b/packaging/makeself/jobs/70-netdata-git.install.sh index 2448a0c2b..c7dd98df2 100755 --- a/packaging/makeself/jobs/70-netdata-git.install.sh +++ b/packaging/makeself/jobs/70-netdata-git.install.sh @@ -7,12 +7,12 @@ cd "${NETDATA_SOURCE_PATH}" || exit 1 if [ "${NETDATA_BUILD_WITH_DEBUG}" -eq 0 ]; then - export CFLAGS="-static -O2 -I/openssl-static/include -I/libnetfilter-acct-static/include/libnetfilter_acct -I/usr/include/libmnl -pipe" + export CFLAGS="-ffunction-sections -fdata-sections -static -O2 -funroll-loops -I/openssl-static/include -I/libnetfilter-acct-static/include/libnetfilter_acct -I/usr/include/libmnl -pipe" else - export CFLAGS="-static -O1 -pipe -ggdb -Wall -Wextra -Wformat-signedness -fstack-protector-all -D_FORTIFY_SOURCE=2 -DNETDATA_INTERNAL_CHECKS=1 -I/openssl-static/include -I/libnetfilter-acct-static/include/libnetfilter_acct -I/usr/include/libmnl" + export CFLAGS="-static -O1 -pipe -ggdb -Wall -Wextra -Wformat-signedness -DNETDATA_INTERNAL_CHECKS=1 -I/openssl-static/include -I/libnetfilter-acct-static/include/libnetfilter_acct -I/usr/include/libmnl" fi -export LDFLAGS="-static -L/openssl-static/lib -L/libnetfilter-acct-static/lib -lnetfilter_acct -L/usr/lib -lmnl" +export LDFLAGS="-Wl,--gc-sections -static -L/openssl-static/lib -L/libnetfilter-acct-static/lib -lnetfilter_acct -L/usr/lib -lmnl" # We export this to 'yes', installer sets this to .environment. # The updater consumes this one, so that it can tell whether it should update a static install or a non-static one @@ -34,7 +34,8 @@ run ./netdata-installer.sh \ --require-cloud \ --use-system-protobuf \ --dont-scrub-cflags-even-though-it-may-break-things \ - --one-time-build + --one-time-build \ + --enable-lto # shellcheck disable=SC2015 [ "${GITHUB_ACTIONS}" = "true" ] && echo "::group::Finishing netdata install" || true diff --git a/packaging/version b/packaging/version index 9b8e395e5..067a092d5 100644 --- a/packaging/version +++ b/packaging/version @@ -1 +1 @@ -v1.40.1 +v1.41.0 -- cgit v1.2.3