archive/netdata_netdata
0
0
Fork 0
mirror of https://github.com/netdata/netdata.git synced 2025-04-16 10:31:07 +00:00
Code Issues Projects Releases Wiki Activity

Improve the behavior of claiming ()

Browse source 
The default cloud url has been updated to app.netdata.cloud ready for the release. The claiming process now checks the current user executing claiming and refuses to perform the claim for the wrong user. If the current UID is 0 then claiming proceeds but the file ownership is adjusted to be the correct netdata user. The default expected user is `netdata` unless the script can identify the user from the current configuration. After the claiming script is executed the CLI is used to reload the claiming state.
This commit is contained in:
Andrew Moss 2020-03-31 13:07:24 +02:00 committed by GitHub
parent cf948d42c2
commit fe722cb2a4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 47 additions and 13 deletions

2
aclk/agent_cloud_link.c
View file

@ -1321,7 +1321,7 @@ void *aclk_main(void *ptr)
char *aclk_hostname = NULL; // Initializers are over-written but prevent gcc complaining about clobbering. char *aclk_hostname = NULL; // Initializers are over-written but prevent gcc complaining about clobbering.
char *aclk_port = NULL; char *aclk_port = NULL;
uint32_t port_num = 0; uint32_t port_num = 0;
char *cloud_base_url = config_get(CONFIG_SECTION_CLOUD, "cloud base url", "https://netdata.cloud"); char *cloud_base_url = config_get(CONFIG_SECTION_CLOUD, "cloud base url", DEFAULT_CLOUD_BASE_URL);
if (aclk_decode_base_url(cloud_base_url, &aclk_hostname, &aclk_port)) { if (aclk_decode_base_url(cloud_base_url, &aclk_hostname, &aclk_port)) {
error("Configuration error - cannot use agent cloud link"); error("Configuration error - cannot use agent cloud link");
return NULL; return NULL;

2
claim/README.md
View file

@ -26,7 +26,7 @@ following arguments:
-rooms=ROOM1,ROOM2,... -rooms=ROOM1,ROOM2,...
where ROOMX is the workspace war-room to join. This list is optional. where ROOMX is the workspace war-room to join. This list is optional.
-url=URL_BASE -url=URL_BASE
where URL_BASE is the Netdata Cloud endpoint base URL. By default, this is https://netdata.cloud. where URL_BASE is the Netdata Cloud endpoint base URL. By default, this is https://app.netdata.cloud.
-id=AGENT_ID -id=AGENT_ID
where AGENT_ID is the unique identifier of the agent. This is the agent's MACHINE_GUID by default. where AGENT_ID is the unique identifier of the agent. This is the agent's MACHINE_GUID by default.
-hostname=HOSTNAME -hostname=HOSTNAME

4
claim/claim.c
View file

@ -53,7 +53,7 @@ void claim_agent(char *claiming_arguments)
char *cloud_base_hostname = NULL; // Initializers are over-written but prevent gcc complaining about clobbering. char *cloud_base_hostname = NULL; // Initializers are over-written but prevent gcc complaining about clobbering.
char *cloud_base_port = NULL; char *cloud_base_port = NULL;
char *cloud_base_url = config_get(CONFIG_SECTION_CLOUD, "cloud base url", "https://netdata.cloud"); char *cloud_base_url = config_get(CONFIG_SECTION_CLOUD, "cloud base url", DEFAULT_CLOUD_BASE_URL);
if( aclk_decode_base_url(cloud_base_url, &cloud_base_hostname, &cloud_base_port)) if( aclk_decode_base_url(cloud_base_url, &cloud_base_hostname, &cloud_base_port))
{ {
error("Configuration error - cannot decode \"cloud base url\""); error("Configuration error - cannot decode \"cloud base url\"");
@ -71,7 +71,7 @@ void claim_agent(char *claiming_arguments)
snprintfz(command_buffer, snprintfz(command_buffer,
CLAIMING_COMMAND_LENGTH, CLAIMING_COMMAND_LENGTH,
"exec netdata-claim.sh %s -hostname=%s -id=%s -url=%s %s", "exec netdata-claim.sh %s -hostname=%s -id=%s -url=%s -noreload %s",
proxy_flag, proxy_flag,
netdata_configured_hostname, netdata_configured_hostname,

36
claim/netdata-claim.sh.in
View file

@ -10,6 +10,8 @@
# Exit code: 3 - Missing dependencies # Exit code: 3 - Missing dependencies
# Exit code: 4 - Failure to connect to endpoint # Exit code: 4 - Failure to connect to endpoint
# Exit code: 5 - Unknown HTTP error message # Exit code: 5 - Unknown HTTP error message
# Exit code: 6 - The CLI didn't work
# Exit code: 7 - Wrong user
# #
# OK: Agent claimed successfully # OK: Agent claimed successfully
# HTTP Status code: 204 # HTTP Status code: 204
@ -96,13 +98,22 @@ fi
MACHINE_GUID_FILE="@registrydir_POST@/netdata.public.unique.id" MACHINE_GUID_FILE="@registrydir_POST@/netdata.public.unique.id"
CLAIMING_DIR="${NETDATA_USER_CONFIG_DIR}/claim.d" CLAIMING_DIR="${NETDATA_USER_CONFIG_DIR}/claim.d"
TOKEN="unknown" TOKEN="unknown"
URL_BASE="https://netdata.cloud" URL_BASE="https://app.netdata.cloud"
ID="unknown" ID="unknown"
ROOMS="" ROOMS=""
HOSTNAME=$(hostname) HOSTNAME=$(hostname)
CLOUD_CERTIFICATE_FILE="${CLAIMING_DIR}/cloud_fullchain.pem" CLOUD_CERTIFICATE_FILE="${CLAIMING_DIR}/cloud_fullchain.pem"
VERBOSE=0 VERBOSE=0
INSECURE=0 INSECURE=0
RELOAD=1
NETDATA_USER=netdata
[ -z "$EUID" ] && EUID="$(id -u)"
CONF_USER=$(grep '^[^#]*run as user[ \t]*=' "${NETDATA_USER_CONFIG_DIR}/netdata.conf" 2>/dev/null)
if [ -n "$CONF_USER" ]; then
NETDATA_USER=$(echo "$CONF_USER" | sed 's/^[^=]*=[ \t]*//' | sed 's/[ \t]*$//')
fi
# get the MACHINE_GUID by default # get the MACHINE_GUID by default
if [ -r "${MACHINE_GUID_FILE}" ]; then if [ -r "${MACHINE_GUID_FILE}" ]; then
@ -131,12 +142,19 @@ do
-insecure) INSECURE=1 ;; -insecure) INSECURE=1 ;;
-proxy=*) PROXY=${arg:7} ;; -proxy=*) PROXY=${arg:7} ;;
-noproxy) NOPROXY=yes ;; -noproxy) NOPROXY=yes ;;
-noreload) RELOAD=0 ;;
-user=*) NETDATA_USER=${arg:6} ;;
*) echo >&2 "Unknown argument ${arg}" *) echo >&2 "Unknown argument ${arg}"
exit 1 ;; exit 1 ;;
esac esac
shift 1 shift 1
done done
if [ "$EUID" != "0" ] && [ "$(whoami)" != "$NETDATA_USER" ]; then
echo >&2 "This script must be run by the $NETDATA_USER user account"
exit 7
fi
# if curl not installed give warning SOCKS can't be used # if curl not installed give warning SOCKS can't be used
if [[ "${URLTOOL}" != "curl" && "${PROXY:0:5}" = socks ]] ; then if [[ "${URLTOOL}" != "curl" && "${PROXY:0:5}" = socks ]] ; then
echo >&2 "wget doesn't support SOCKS. Please install curl or disable SOCKS proxy." echo >&2 "wget doesn't support SOCKS. Please install curl or disable SOCKS proxy."
@ -149,6 +167,7 @@ echo >&2 "Id: $ID"
echo >&2 "Rooms: $ROOMS" echo >&2 "Rooms: $ROOMS"
echo >&2 "Hostname: $HOSTNAME" echo >&2 "Hostname: $HOSTNAME"
echo >&2 "Proxy: $PROXY" echo >&2 "Proxy: $PROXY"
echo >&2 "Netdata user: $NETDATA_USER"
# create the claiming directory for this user # create the claiming directory for this user
if [ ! -d "${CLAIMING_DIR}" ] ; then if [ ! -d "${CLAIMING_DIR}" ] ; then
@ -264,10 +283,17 @@ HTTP_STATUS_CODE=$(grep "HTTP" "${CLAIMING_DIR}/tmpout.txt" | awk -F " " '{print
if [ "${HTTP_STATUS_CODE}" = "204" ] ; then if [ "${HTTP_STATUS_CODE}" = "204" ] ; then
rm -f "${CLAIMING_DIR}/tmpout.txt" rm -f "${CLAIMING_DIR}/tmpout.txt"
echo -n "${ID}" >"${CLAIMING_DIR}/claimed_id" echo -n "${ID}" >"${CLAIMING_DIR}/claimed_id" || (echo >&2 "Claiming failed"; set -e; exit 2)
rm -f "${CLAIMING_DIR}/token" rm -f "${CLAIMING_DIR}/token" || (echo >&2 "Claiming failed"; set -e; exit 2)
echo >&2 "Node was successfully claimed." if [ "$EUID" == "0" ]; then
exit 0 chown -R "${NETDATA_USER}:${NETDATA_USER}" ${CLAIMING_DIR} || (echo >&2 "Claiming failed"; set -e; exit 2)
fi
if [ "${RELOAD}" == "0" ] ; then
exit 0
fi
netdatacli reload-claiming-state && echo >&2 "Node was successfully claimed." && exit 0
echo "The claim was successful but the agent could not be notified ($?)- it requires a restart to connect to the cloud"
exit 6
fi fi
ERROR_MESSAGE=$(grep "\"errorMsgKey\":" "${CLAIMING_DIR}/tmpout.txt" | awk -F "errorMsgKey\":\"" '{print $2}' | awk -F "\"" '{print $1}') ERROR_MESSAGE=$(grep "\"errorMsgKey\":" "${CLAIMING_DIR}/tmpout.txt" | awk -F "errorMsgKey\":\"" '{print $2}' | awk -F "\"" '{print $1}')

4
daemon/commands.c
View file

@ -190,6 +190,10 @@ static cmd_status_t cmd_reload_claiming_state_execute(char *args, char **message
info("The claiming feature has been disabled"); info("The claiming feature has been disabled");
return CMD_STATUS_FAILURE; return CMD_STATUS_FAILURE;
#endif #endif
#ifndef ENABLE_ACLK
info("Cloud functionality is not enabled because of missing dependencies at build-time.");
return CMD_STATUS_FAILURE;
#endif
error_log_limit_unlimited(); error_log_limit_unlimited();
info("COMMAND: Reloading Agent Claiming configuration."); info("COMMAND: Reloading Agent Claiming configuration.");

2
health/notifications/alarm-notify.sh.in
View file

@ -193,7 +193,7 @@ fi
[ -z "${NETDATA_STOCK_CONFIG_DIR}" ] && NETDATA_STOCK_CONFIG_DIR="@libconfigdir_POST@" [ -z "${NETDATA_STOCK_CONFIG_DIR}" ] && NETDATA_STOCK_CONFIG_DIR="@libconfigdir_POST@"
[ -z "${NETDATA_CACHE_DIR}" ] && NETDATA_CACHE_DIR="@cachedir_POST@" [ -z "${NETDATA_CACHE_DIR}" ] && NETDATA_CACHE_DIR="@cachedir_POST@"
[ -z "${NETDATA_REGISTRY_URL}" ] && NETDATA_REGISTRY_URL="https://registry.my-netdata.io" [ -z "${NETDATA_REGISTRY_URL}" ] && NETDATA_REGISTRY_URL="https://registry.my-netdata.io"
[ -z "${NETDATA_REGISTRY_CLOUD_BASE_URL}" ] && NETDATA_REGISTRY_CLOUD_BASE_URL="https://netdata.cloud" [ -z "${NETDATA_REGISTRY_CLOUD_BASE_URL}" ] && NETDATA_REGISTRY_CLOUD_BASE_URL="https://app.netdata.cloud"
# ----------------------------------------------------------------------------- # -----------------------------------------------------------------------------
# parse command line parameters # parse command line parameters

3
libnetdata/libnetdata.h
View file

@ -321,4 +321,7 @@ extern char *netdata_configured_host_prefix;
#include "health/health.h" #include "health/health.h"
#include "string/utf8.h" #include "string/utf8.h"
// BEWARE: Outside of the C code this also exists in alarm-notify.sh
#define DEFAULT_CLOUD_BASE_URL "https://app.netdata.cloud"
#endif // NETDATA_LIB_H #endif // NETDATA_LIB_H

1
packaging/docker/Dockerfile
View file

@ -47,6 +47,7 @@ RUN mkdir -p /app/usr/sbin/ \
mv /etc/netdata /app/etc/ && \ mv /etc/netdata /app/etc/ && \
mv /usr/sbin/netdata /app/usr/sbin/ && \ mv /usr/sbin/netdata /app/usr/sbin/ && \
mv /usr/sbin/netdata-claim.sh /app/usr/sbin/ && \ mv /usr/sbin/netdata-claim.sh /app/usr/sbin/ && \
mv /usr/sbin/netdatacli /app/usr/sbin/ && \
mv packaging/docker/run.sh /app/usr/sbin/ && \ mv packaging/docker/run.sh /app/usr/sbin/ && \
cp -rp /deps/* /app/usr/local/ && \ cp -rp /deps/* /app/usr/local/ && \
chmod +x /app/usr/sbin/run.sh chmod +x /app/usr/sbin/run.sh

2
registry/registry_init.c
View file

@ -41,7 +41,7 @@ int registry_init(void) {
registry.verify_cookies_redirects = config_get_boolean(CONFIG_SECTION_REGISTRY, "verify browser cookies support", 1); registry.verify_cookies_redirects = config_get_boolean(CONFIG_SECTION_REGISTRY, "verify browser cookies support", 1);
// netdata.cloud configuration, if cloud_base_url == "", cloud functionality is disabled. // netdata.cloud configuration, if cloud_base_url == "", cloud functionality is disabled.
registry.cloud_base_url = config_get(CONFIG_SECTION_CLOUD, "cloud base url", "https://netdata.cloud"); registry.cloud_base_url = config_get(CONFIG_SECTION_CLOUD, "cloud base url", DEFAULT_CLOUD_BASE_URL);
setenv("NETDATA_REGISTRY_CLOUD_BASE_URL", registry.cloud_base_url, 1); setenv("NETDATA_REGISTRY_CLOUD_BASE_URL", registry.cloud_base_url, 1);
setenv("NETDATA_REGISTRY_HOSTNAME", registry.hostname, 1); setenv("NETDATA_REGISTRY_HOSTNAME", registry.hostname, 1);

2
tests/alarm_repetition/netdata.conf_with_repetition
View file

@ -54,4 +54,4 @@
allow from = * allow from = *
[cloud] [cloud]
cloud base url = https://netdata.cloud cloud base url = https://app.netdata.cloud

2
tests/alarm_repetition/netdata.conf_without_repetition
View file

@ -54,4 +54,4 @@
allow from = * allow from = *
[cloud] [cloud]
cloud base url = https://netdata.cloud cloud base url = https://app.netdata.cloud