55
66set -e
77
8+ DOCKER_USR=" ${DOCKER_USR:- netdata} "
9+
810if [ ! -w / ] && [ " ${EUID} " -eq 0 ]; then
911 echo >&2 " WARNING: This Docker host appears to not properly support newer stat system calls. This is known to cause issues with Netdata (most notably, nodes running on such hosts **cannot be claimed**)."
1012 echo >&2 " WARNING: For more information, see https://learn.netdata.cloud/docs/agent/claim#known-issues-on-older-hosts-with-seccomp-enabled"
1113fi
1214
13- # Needed to read Proxmox VMs and (LXC) containers configuration files (name resolution + CPU and memory limits)
14- function add_netdata_to_proxmox_conf_files_group() {
15- [ " ${DOCKER_USR} " = " root" && return
15+ # Check if user is a member of a group by GID
16+ # Arguments: $1 = GID, $2 = username
17+ is_user_in_group () {
18+ local gid=" $1 "
19+ local user=" $2 "
20+ getent group " ${gid} " 2> /dev/null | awk -F: ' {print $4}' | tr ' ,' ' \n' | grep -qx " ${user} "
21+ }
22+
23+ # Add user to a group by GID, creating the group if necessary
24+ # Arguments: $1 = GID, $2 = group name (for creation)
25+ add_user_to_gid () {
26+ local gid=" $1 "
27+ local group_name=" $2 "
1628
17- local group_guid
18- group_guid=" $( stat -c %g /host/etc/pve 2> /dev/null || true) "
19- [ -z " ${group_guid} " && return
29+ [ -z " ${gid} " && return 1
2030
21- if ! getent group " ${group_guid } " > /dev/null; then
22- echo " Creating proxmox-etc-pve group with GID ${group_guid } "
23- if ! addgroup --gid " ${group_guid } " " proxmox-etc-pve " ; then
24- echo >&2 " Failed to add group proxmox-etc-pve with GID ${group_guid } ."
25- return
31+ if ! getent group " ${gid } " > /dev/null; then
32+ echo " Creating ${group_name} group with GID ${gid } "
33+ if ! addgroup --gid " ${gid } " " ${group_name} " ; then
34+ echo >&2 " Failed to add group ${group_name} with GID ${gid } ."
35+ return 1
2636 fi
2737 fi
2838
29- if ! getent group " ${group_guid} " | grep -q " ${DOCKER_USR} " ; then
30- echo " Assigning ${DOCKER_USR} user to group ${group_guid } "
31- if ! usermod --apend --groups " ${group_guid } " " ${DOCKER_USR} " ; then
32- echo >&2 " Failed to add ${DOCKER_USR} user to group with GID ${group_guid } ."
33- return
39+ if ! is_user_in_group " ${gid} " " ${DOCKER_USR} " ; then
40+ echo " Assigning ${DOCKER_USR} user to group ${gid } "
41+ if ! usermod --append --groups " ${gid } " " ${DOCKER_USR} " ; then
42+ echo >&2 " Failed to add ${DOCKER_USR} user to group with GID ${gid } ."
43+ return 1
3444 fi
3545 fi
3646}
3747
48+ # Needed to read Proxmox VMs and (LXC) containers configuration files
49+ add_netdata_to_proxmox_conf_files_group () {
50+ [ " ${DOCKER_USR} " = " root" && return 0
51+
52+ local group_gid
53+ group_gid=" $( stat -c %g /host/etc/pve 2> /dev/null || true) "
54+ [ -z " ${group_gid} " && return 0
55+
56+ add_user_to_gid " ${group_gid} " " proxmox-etc-pve"
57+ }
58+
3859# Needed to access NVIDIA GPU monitoring
39- function add_netdata_to_nvidia_group() {
40- [ " ${DOCKER_USR} " = " root" && return
60+ add_netdata_to_nvidia_group () {
61+ [ " ${DOCKER_USR} " = " root" && return 0
4162
4263 local group_gid
43- group_gid=" $( stat -c %g /dev/nvidiactl 2> /dev/null || true) "
44- [ -z " ${group_gid} " && return
64+ group_gid=" $( stat -c %g /dev/nvidiactl 2> /dev/null || true) "
65+ [ -z " ${group_gid} " && return 0
4566
4667 # Skip if the device is owned by root group
47- [ " ${group_gid} " -eq 0 ] && return
48-
49- if ! getent group " ${group_gid} " > /dev/null; then
50- echo " Creating nvidia-dev group with GID ${group_gid} "
51- if ! addgroup --gid " ${group_gid} " " nvidia-dev" ; then
52- echo >&2 " Failed to add group nvidia-dev with GID ${group_gid} ."
53- return
54- fi
55- fi
68+ [ " ${group_gid} " -eq 0 ] && return 0
5669
57- if ! getent group " ${group_gid} " | grep -q " ${DOCKER_USR} " ; then
58- echo " Assigning ${DOCKER_USR} user to group ${group_gid} "
59- if ! usermod --append --groups " ${group_gid} " " ${DOCKER_USR} " ; then
60- echo >&2 " Failed to add ${DOCKER_USR} user to group with GID ${group_gid} ."
61- return
62- fi
63- fi
70+ add_user_to_gid " ${group_gid} " " nvidia-dev"
6471}
6572
66- if [ ! " ${DISABLE_TELEMETRY:- 0} " -eq 0 ] ||
67- [ -n " $DISABLE_TELEMETRY " ||
68- [ ! " ${DO_NOT_TRACK:- 0} " -eq 0 ] ||
69- [ -n " $DO_NOT_TRACK " ; then
73+ if [ " ${DISABLE_TELEMETRY:- 0} " != " 0" ||
74+ [ " ${DO_NOT_TRACK:- 0} " != " 0" ; then
7075 touch /etc/netdata/.opt-out-from-anonymous-statistics
7176fi
7277
73- chmod o+rX / 2> /dev/null || echo " Unable to change permissions without errors."
78+ chmod o+rX / 2> /dev/null || echo " Unable to change permissions without errors."
7479
7580if [ " ${EUID} " -eq 0 ]; then
7681 if [ -n " ${NETDATA_EXTRA_APK_PACKAGES} " ; then
@@ -93,8 +98,8 @@ if [ "${EUID}" -eq 0 ]; then
9398 fi
9499 fi
95100
96- BALENA_PGID=$( stat -c %g /var/run/balena.sock 2> /dev/null || true)
97- DOCKER_PGID=$( stat -c %g /var/run/docker.sock 2> /dev/null || true)
101+ BALENA_PGID=$( stat -c %g /var/run/balena.sock 2> /dev/null || true)
102+ DOCKER_PGID=$( stat -c %g /var/run/docker.sock 2> /dev/null || true)
98103
99104 re=' ^[0-9]+$'
100105 if [[ $BALENA_PGID =~ $re ]]; then
@@ -106,19 +111,23 @@ if [ "${EUID}" -eq 0 ]; then
106111 DOCKER_HOST=" unix:///var/run/docker.sock"
107112 PGID=" $DOCKER_PGID "
108113 fi
109- export PGID
110- export DOCKER_HOST
111114
112115 if [ -n " ${PGID} " ; then
113- echo " Creating docker group with GID ${PGID} "
114- addgroup --gid " ${PGID} " " docker" || echo >&2 " Failed to add group docker with GID ${PGID} , probably one already exists."
115- echo " Assigning ${DOCKER_USR} user to group with GID ${PGID} "
116- usermod --append --groups " ${PGID} " " ${DOCKER_USR} " || echo >&2 " Failed to add ${DOCKER_USR} user to group with GID ${PGID} ."
116+ export PGID
117+ fi
118+ if [ -n " ${DOCKER_HOST} " ; then
119+ export DOCKER_HOST
120+ fi
121+
122+ if [ -n " ${PGID} " ; then
123+ echo " Configuring docker group (GID ${PGID} ) for ${DOCKER_USR} "
124+ add_user_to_gid " ${PGID} " " docker" || true
117125 fi
118126
119127 if [ -d " /host/etc/pve" ; then
120128 add_netdata_to_proxmox_conf_files_group || true
121129 fi
130+
122131 if [ -e " /dev/nvidiactl" ; then
123132 add_netdata_to_nvidia_group || true
124133 fi
134143
135144if [ -w " /etc/netdata" ; then
136145 if mountpoint -q /etc/netdata; then
137- hostname > /etc/netdata/.container-hostname
146+ hostname > /etc/netdata/.container-hostname
138147 else
139148 rm -f /etc/netdata/.container-hostname
140149 fi
141150fi
142151
143- exec /usr/sbin/netdata -u " ${DOCKER_USR} " " ${NETDATA_LISTENER_PORT} " " $@ "
152+ exec /usr/sbin/netdata -u " ${DOCKER_USR} " " ${NETDATA_LISTENER_PORT:- 19999 } " " $@ "
0 commit comments