diff --git a/netdata-installer.sh b/netdata-installer.sh
index 3f533c31b9..fb061c09b8 100755
--- a/netdata-installer.sh
+++ b/netdata-installer.sh
@@ -1104,7 +1104,7 @@ else
NETDATA_USER="${USER}"
ROOT_USER="${USER}"
fi
-NETDATA_GROUP="$(id -g -n "${NETDATA_USER}")"
+NETDATA_GROUP="$(id -g -n "${NETDATA_USER}" 2> /dev/null)"
[ -z "${NETDATA_GROUP}" ] && NETDATA_GROUP="${NETDATA_USER}"
echo >&2 "Netdata user and group set to: ${NETDATA_USER}/${NETDATA_GROUP}"
@@ -1177,7 +1177,7 @@ if [ "$(id -u)" -eq 0 ]; then
# shellcheck disable=SC2086
portable_add_user_to_group ${g} netdata && NETDATA_ADDED_TO_GROUPS="${NETDATA_ADDED_TO_GROUPS} ${g}"
done
- # Netdata must be able to read /etc/pve/qemu-server/* and /etc/pve/lxc/*
+ # Netdata must be able to read /etc/pve/qemu-server/* and /etc/pve/lxc/*
# for reading VMs/containers names, CPU and memory limits on Proxmox.
if [ -d "/etc/pve" ]; then
portable_add_user_to_group "www-data" netdata && NETDATA_ADDED_TO_GROUPS="${NETDATA_ADDED_TO_GROUPS} www-data"
@@ -1344,7 +1344,7 @@ if [ "$(id -u)" -eq 0 ]; then
if ! iscontainer && command -v setcap 1> /dev/null 2>&1; then
run chmod 0750 "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/systemd-journal.plugin"
if run setcap cap_dac_read_search+ep "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/systemd-journal.plugin"; then
- capabilities=1
+ capabilities=1
fi
fi
diff --git a/packaging/docker/Dockerfile b/packaging/docker/Dockerfile
index fc0ba727ae..e2c5e6b50d 100644
--- a/packaging/docker/Dockerfile
+++ b/packaging/docker/Dockerfile
@@ -3,7 +3,7 @@
# This image contains preinstalled dependencies
# hadolint ignore=DL3007
-FROM netdata/builder:v1 as builder
+FROM netdata/builder:v2 as builder
# One of 'nightly' or 'stable'
ARG RELEASE_CHANNEL=nightly
@@ -29,7 +29,7 @@ RUN chmod +x netdata-installer.sh && \
cp -rp /deps/* /usr/local/ && \
/bin/echo -e "INSTALL_TYPE='oci'\nPREBUILT_ARCH='$(uname -m)'" > ./system/.install-type && \
CFLAGS="$(packaging/docker/gen-cflags.sh)" LDFLAGS="-Wl,--gc-sections" ./netdata-installer.sh --dont-wait --dont-start-it --use-system-protobuf \
- ${EXTRA_INSTALL_OPTS} --one-time-build --enable-lto "$([ "$RELEASE_CHANNEL" = stable ] && echo --stable-channel)"
+ ${EXTRA_INSTALL_OPTS} --disable-ebpf --one-time-build --enable-lto "$([ "$RELEASE_CHANNEL" = stable ] && echo --stable-channel)"
# files to one directory
RUN mkdir -p /app/usr/sbin/ \
@@ -49,6 +49,7 @@ RUN mkdir -p /app/usr/sbin/ \
mv /usr/sbin/netdata /app/usr/sbin/ && \
mv /usr/sbin/netdata-claim.sh /app/usr/sbin/ && \
mv /usr/sbin/netdatacli /app/usr/sbin/ && \
+ mv /usr/sbin/systemd-cat-native /app/usr/sbin/ && \
mv packaging/docker/run.sh /app/usr/sbin/ && \
mv packaging/docker/health.sh /app/usr/sbin/ && \
mkdir -p /deps/etc && \
@@ -59,7 +60,7 @@ RUN mkdir -p /app/usr/sbin/ \
#####################################################################
# This image contains preinstalled dependencies
# hadolint ignore=DL3007
-FROM netdata/base:v1 as base
+FROM netdata/base:v2 as base
LABEL org.opencontainers.image.authors="Netdatabot <bot@netdata.cloud>"
LABEL org.opencontainers.image.url="https://netdata.cloud"
@@ -83,7 +84,7 @@ ENV DOCKER_USR netdata
ENV NETDATA_LISTENER_PORT 19999
EXPOSE $NETDATA_LISTENER_PORT
-ENV NETDATA_EXTRA_APK_PACKAGES=""
+ENV NETDATA_EXTRA_DEB_PACKAGES=""
RUN mkdir -p /opt/src /var/log/netdata && \
ln -sf /dev/stdout /var/log/netdata/access.log && \
@@ -92,16 +93,16 @@ RUN mkdir -p /opt/src /var/log/netdata && \
ln -sf /dev/stderr /var/log/netdata/daemon.log && \
ln -sf /dev/stdout /var/log/netdata/collector.log && \
ln -sf /dev/stdout /var/log/netdata/fluentbit.log && \
- ln -sf /dev/stdout /var/log/netdata/health.log && \
- addgroup -g ${NETDATA_GID} -S "${DOCKER_GRP}" && \
- adduser -S -H -s /usr/sbin/nologin -u ${NETDATA_GID} -h /etc/netdata -G "${DOCKER_GRP}" "${DOCKER_USR}"
+ ln -sf /dev/stdout /var/log/netdata/health.log
COPY --from=builder /app /
-# Apply the permissions as described in
+# Create netdata user and apply the permissions as described in
# https://docs.netdata.cloud/docs/netdata-security/#netdata-directories, but own everything by root group due to https://github.com/netdata/netdata/pull/6543
# hadolint ignore=DL3013
-RUN chown -R root:root \
+RUN addgroup --gid ${NETDATA_GID} --system "${DOCKER_GRP}" && \
+ adduser --system --no-create-home --shell /usr/sbin/nologin --uid ${NETDATA_UID} --home /etc/netdata --group "${DOCKER_USR}" && \
+ chown -R root:root \
/etc/netdata \
/usr/share/netdata \
/usr/libexec/netdata && \
@@ -113,17 +114,17 @@ RUN chown -R root:root \
chown -R netdata:netdata /var/lib/netdata/cloud.d && \
chmod 0700 /var/lib/netdata/cloud.d && \
chmod 0755 /usr/libexec/netdata/plugins.d/*.plugin && \
- chmod 4755 \
- /usr/libexec/netdata/plugins.d/cgroup-network \
- /usr/libexec/netdata/plugins.d/local-listeners \
- /usr/libexec/netdata/plugins.d/apps.plugin \
- /usr/libexec/netdata/plugins.d/debugfs.plugin && \
- if [ -f /usr/libexec/netdata/plugins.d/freeipmi.plugin ]; then \
- chmod 4755 /usr/libexec/netdata/plugins.d/freeipmi.plugin; \
- fi && \
- if [ -f /usr/libexec/netdata/plugins.d/go.d.plugin ]; then \
- chmod 4755 /usr/libexec/netdata/plugins.d/go.d.plugin; \
- fi && \
+ for name in cgroup-network \
+ local-listeners \
+ apps.plugin \
+ debugfs.plugin \
+ freeipmi.plugin \
+ go.d.plugin \
+ perf.plugin \
+ slabinfo.plugin \
+ systemd-journal.plugin; do \
+ [ -f "/usr/libexec/netdata/plugins.d/$name" ] && chmod 4755 "/usr/libexec/netdata/plugins.d/$name"; \
+ done && \
# Group write permissions due to: https://github.com/netdata/netdata/pull/6543
find /var/lib/netdata /var/cache/netdata -type d -exec chmod 0770 {} \; && \
find /var/lib/netdata /var/cache/netdata -type f -exec chmod 0660 {} \; && \
diff --git a/packaging/docker/README.md b/packaging/docker/README.md
index 26fc24db29..0de1010fa6 100644
--- a/packaging/docker/README.md
+++ b/packaging/docker/README.md
@@ -460,15 +460,13 @@ reading `- /etc/hostname:/host/etc/hostname:ro`.
## Adding extra packages at runtime
By default, the official Netdata container images do not include a number of optional runtime dependencies. You
-can add these dependencies, or any other APK packages, at runtime by listing them in the environment variable
-`NETDATA_EXTRA_APK_PACKAGES`.
+can add these dependencies, or any other APT packages, at runtime by listing them in the environment variable
+`NETDATA_EXTRA_DEB_PACKAGES`.
Commonly useful packages include:
- `apcupsd`: For monitoring APC UPS devices.
-- `libvirt-daemon`: For resolving cgroup names for libvirt domains.
- `lm-sensors`: For monitoring hardware sensors.
-- `msmtp`: For email alert support.
- `netcat-openbsd`: For IRC alert support.
## Health Checks
diff --git a/packaging/docker/run.sh b/packaging/docker/run.sh
index fd5e44b81d..4155733207 100755
--- a/packaging/docker/run.sh
+++ b/packaging/docker/run.sh
@@ -41,9 +41,9 @@ export DOCKER_HOST
if [ -n "${PGID}" ]; then
echo "Creating docker group ${PGID}"
- addgroup -g "${PGID}" "docker" || echo >&2 "Could not add group docker with ID ${PGID}, its already there probably"
+ addgroup --gid "${PGID}" "docker" || echo >&2 "Could not add group docker with ID ${PGID}, its already there probably"
echo "Assign netdata user to docker group ${PGID}"
- usermod -a -G "${PGID}" "${DOCKER_USR}" || echo >&2 "Could not add netdata user to group docker with ID ${PGID}"
+ usermod --append --groups "docker" "${DOCKER_USR}" || echo >&2 "Could not add netdata user to group docker with ID ${PGID}"
fi
# Needed to read Proxmox VMs and (LXC) containers configuration files (name resolution + CPU and memory limits)
@@ -98,13 +98,20 @@ if [ -n "${NETDATA_CLAIM_URL}" ] && [ -n "${NETDATA_CLAIM_TOKEN}" ] && [ ! -f /v
fi
if [ -n "${NETDATA_EXTRA_APK_PACKAGES}" ]; then
- echo "Fetching APK repository metadata."
- if ! apk update; then
- echo "Failed to fetch APK repository metadata."
+ echo >&2 "WARNING: Netdata’s Docker images have switched from Alpine to Debian as a base platform. Supplementary package support is now handled through the NETDATA_EXTRA_DEB_PACKAGES variable instead of NETDATA_EXTRA_APK_PACKAGES."
+ echo >&2 "WARNING: The container will still run, but supplementary packages listed in NETDATA_EXTRA_APK_PACKAGES will not be installed."
+ echo >&2 "WARNING: To remove these messages, either undefine NETDATA_EXTRA_APK_PACKAGES, or define it to an empty string."
+fi
+
+if [ -n "${NETDATA_EXTRA_DEB_PACKAGES}" ]; then
+ echo "Fetching APT repository metadata."
+ if ! apt-get update; then
+ echo "Failed to fetch APT repository metadata."
else
echo "Installing supplementary packages."
+ export DEBIAN_FRONTEND="noninteractive"
# shellcheck disable=SC2086
- if ! apk add --no-cache ${NETDATA_EXTRA_APK_PACKAGES}; then
+ if ! apt-get install -y --no-install-recommends ${NETDATA_EXTRA_DEB_PACKAGES}; then
echo "Failed to install supplementary packages."
fi
fi