X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=netdata-installer.sh;h=fa69de196d1076dd2a48551639685b4431e334a4;hb=378f476df2ea7c4da7087199dcea337bd98afb51;hp=aae4e6281143a5214abe1df430f333364fef5062;hpb=77a85c91865359185007bda3f4f99069cb5abb81;p=netdata.git diff --git a/netdata-installer.sh b/netdata-installer.sh index aae4e628..fa69de19 100755 --- a/netdata-installer.sh +++ b/netdata-installer.sh @@ -22,7 +22,8 @@ processors=$(cat /proc/cpuinfo | grep ^processor | wc -l) [ $(( processors )) -lt 1 ] && processors=1 # you can set CFLAGS before running installer -CFLAGS="${CFLAGS--O3}" +CFLAGS="${CFLAGS--O2}" +[ "z${CFLAGS}" = "z-O3" ] && CFLAGS="-O2" # keep a log of this command printf "\n# " >>netdata-installer.log @@ -112,7 +113,7 @@ Valid are: Use this option to allow it continue without checking pkg-config. -Netdata will by default be compiled with gcc optimization -O3 +Netdata will by default be compiled with gcc optimization -O2 If you need to pass different CFLAGS, use something like this: CFLAGS="" ${ME} @@ -657,22 +658,63 @@ portable_add_user_to_group() { fi } -run find ./system/ -type f -a \! -name \*.in -a \! -name Makefile\* -a \! -name \*.conf -a \! -name \*.service -exec chmod 755 {} \; +iscontainer() { + # man systemd-detect-virt + local cmd=$(which systemd-detect-virt 2>/dev/null || command -v systemd-detect-virt 2>/dev/null) + if [ ! -z "${cmd}" -a -x "${cmd}" ] + then + "${cmd}" --container >/dev/null 2>&1 && return 0 + fi + + # /proc/1/sched exposes the host's pid of our init ! + # http://stackoverflow.com/a/37016302 + local pid=$( cat /proc/1/sched | head -n 1 | { IFS='(),#:' read name pid th threads; echo $pid; } ) + local p=$(( pid + 0 )) + [ ${pid} -ne 1 ] && return 0 + + # lxc sets environment variable 'container' + [ ! -z "${container}" ] && return 0 + + # docker creates /.dockerenv + # http://stackoverflow.com/a/25518345 + [ -f "/.dockerenv" ] && return 0 + + # ubuntu and debian supply /bin/running-in-container + # https://www.apt-browse.org/browse/ubuntu/trusty/main/i386/upstart/1.12.1-0ubuntu4/file/bin/running-in-container + if [ -x "/bin/running-in-container" ] + then + "/bin/running-in-container" >/dev/null 2>&1 && return 0 + fi + + return 1 +} + +run find ./system/ -type f -a \! -name \*.in -a \! -name Makefile\* -a \! -name \*.conf -a \! -name \*.service -a \! -name \*.logrotate -exec chmod 755 {} \; NETDATA_ADDED_TO_DOCKER=0 NETDATA_ADDED_TO_NGINX=0 +NETDATA_ADDED_TO_VARNISH=0 +NETDATA_ADDED_TO_HAPROXY=0 if [ ${UID} -eq 0 ] then portable_add_group netdata portable_add_user netdata portable_add_user_to_group docker netdata && NETDATA_ADDED_TO_DOCKER=1 portable_add_user_to_group nginx netdata && NETDATA_ADDED_TO_NGINX=1 + portable_add_user_to_group varnish netdata && NETDATA_ADDED_TO_VARNISH=1 + portable_add_user_to_group haproxy netdata && NETDATA_ADDED_TO_HAPROXY=1 if [ -d /etc/logrotate.d -a ! -f /etc/logrotate.d/netdata ] then echo >&2 "Adding netdata logrotate configuration ..." run cp system/netdata.logrotate /etc/logrotate.d/netdata fi + + if [ -f /etc/logrotate.d/netdata ] + then + echo >&2 "Fixing netdata logrotate permissions ..." + run chmod 644 /etc/logrotate.d/netdata + fi fi @@ -784,24 +826,43 @@ do #run find "${x}" -type d -exec chmod 0770 {} \; done +run chmod 755 "${NETDATA_LOG_DIR}" + # --- plugins ---- if [ ${UID} -eq 0 ] then + run chown "${NETDATA_USER}:root" "${NETDATA_LOG_DIR}" run chown -R root "${NETDATA_PREFIX}/usr/libexec/netdata" run find "${NETDATA_PREFIX}/usr/libexec/netdata" -type d -exec chmod 0755 {} \; run find "${NETDATA_PREFIX}/usr/libexec/netdata" -type f -exec chmod 0644 {} \; run find "${NETDATA_PREFIX}/usr/libexec/netdata" -type f -a -name \*.plugin -exec chmod 0755 {} \; run find "${NETDATA_PREFIX}/usr/libexec/netdata" -type f -a -name \*.sh -exec chmod 0755 {} \; - run setcap cap_dac_read_search,cap_sys_ptrace+ep "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/apps.plugin" - if [ $? -ne 0 ] + setcap_ret=1 + if ! iscontainer + then + run setcap cap_dac_read_search,cap_sys_ptrace+ep "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/apps.plugin" + setcap_ret=$? + + if [ ${setcap_ret} -eq 0 ] + then + # if we managed to setcap + # but we fail to execute apps.plugin + # trigger setuid to root + "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/apps.plugin" -v >/dev/null 2>&1 + setcap_ret=$? + fi + fi + + if [ ${setcap_ret} -ne 0 ] then # fix apps.plugin to be setuid to root run chown root "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/apps.plugin" run chmod 4755 "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/apps.plugin" fi else + run chown "${NETDATA_USER}:${NETDATA_USER}" "${NETDATA_LOG_DIR}" run chown -R "${NETDATA_USER}:${NETDATA_USER}" "${NETDATA_PREFIX}/usr/libexec/netdata" run find "${NETDATA_PREFIX}/usr/libexec/netdata" -type f -exec chmod 0755 {} \; run find "${NETDATA_PREFIX}/usr/libexec/netdata" -type d -exec chmod 0755 {} \; @@ -1287,6 +1348,25 @@ if [ $? -eq 0 -a "${NETDATA_ADDED_TO_NGINX}" = "1" ] echo " gpasswd -d netdata nginx" fi +getent group varnish > /dev/null +if [ $? -eq 0 -a "${NETDATA_ADDED_TO_VARNISH}" = "1" ] + then + echo + echo "You may also want to remove the netdata user from the varnish group" + echo "by running:" + echo " gpasswd -d netdata varnish" +fi + +getent group haproxy > /dev/null +if [ $? -eq 0 -a "${NETDATA_ADDED_TO_HAPROXY}" = "1" ] + then + echo + echo "You may also want to remove the netdata user from the haproxy group" + echo "by running:" + echo " gpasswd -d netdata haproxy" +fi + + UNINSTALL chmod 750 netdata-uninstaller.sh