Solaris 2.5.1時代に原型を作ったperl CGIも存在してるWebサーバは時代を経てCentOS4→CentOS7→Oracle Autonomous Linux 7(OCI上)と移転しつつ運用していた。ただ、それもいい加減置き換えるかとOracle Linux9(OCI上)へ移行した時のメモ書き
[Thu Apr 25 13:24:45.157549 2024] [core:error] [pid 6267:tid 6455] (13)Permission denied: [client 118.238.215.174:55006] AH00035: access to /index.html denied (filesystem path '/home/user/web/index.html') because search permissions are missing on a component of the path
# ausearch -m AVC|grep denied|grep cgi | audit2allow -M comchatq
******************** IMPORTANT ***********************
To make this policy package active, execute:
semodule -i comchatq.pp
# ls -l comchatq*
-rw-r--r--. 1 root root 1329 Apr 26 15:23 comchatq.pp
-rw-r--r--. 1 root root 586 Apr 26 15:23 comchatq.te
# cat comchatq.te
module comchatq 1.0;
require {
type user_home_dir_t;
type httpd_sys_rw_content_t;
type httpd_t;
type httpd_sys_script_t;
class file { execute execute_no_trans };
class dir search;
}
#============= httpd_sys_script_t ==============
#!!!! This avc can be allowed using one of the these booleans:
# httpd_enable_homedirs, httpd_read_user_content
allow httpd_sys_script_t user_home_dir_t:dir search;
#============= httpd_t ==============
#!!!! This avc can be allowed using the boolean 'httpd_unified'
allow httpd_t httpd_sys_rw_content_t:file { execute execute_no_trans };
#
$ ./joyful.cgi
Can't use 'defined(%hash)' (Maybe you should just omit the defined()?) at ./jcode.pl line 684.
Compilation failed in require at ./joyful.cgi line 44.
$
$ curl -O https://cpan.metacpan.org/authors/id/I/IN/INA/Jacode/Jacode-2.13.4.31.tar.gz
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 5408k 100 5408k 0 0 5803k 0 --:--:-- --:--:-- --:--:-- 5797k
$ tar xfz Jacode-2.13.4.31.tar.gz
$ cd Jacode-2.13.4.31/lib
$ ls -l
total 220
-rwxr-xr-x. 1 osakanataro osakanataro 217584 Mar 21 2023 jacode.pl
-rw-r--r--. 1 osakanataro osakanataro 2432 Mar 21 2023 Jacode.pm
$
MySQL 8におけるデータベースユーザ作成と権限の割り当てが従来の「grant all on DB名.* to wordpress@localhost identified by ‘パスワード’;」という一文から、「create user ~」と「grant ~」の2つに分かれている点に注意が必要です。
$ sudo mysql -u root
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 8.0.32 Source distribution
Copyright (c) 2000, 2023, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> create database DB名 character set utf8;
Query OK, 1 row affected, 1 warning (0.01 sec)
mysql> create user wordpress@localhost identified by 'パスワード';
Query OK, 0 rows affected (0.01 sec)
mysql> grant all privileges on DB名.* to wordpress@localhost;
Query OK, 0 rows affected (0.00 sec)
mysql> quit
Bye
$
手順7: Webサーバ設定
手順7-1: httpdインストール
httpdをインストールします。
Oracle Linux 9.2ではWebサーバとして Apache(httpd) 2.4.53 、nginx 1.20.1、nginx 1.22.1が使えるが、apacheを使う。
$ sudo dnf install httpd -y
Last metadata expiration check: 0:05:50 ago on Tue 12 Sep 2023 11:38:07 AM JST.
Package httpd-2.4.53-11.0.1.el9_2.5.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
$
$ sudo dehydrated --register
# INFO: Using main config file /etc/dehydrated/config
# INFO: Using additional config file /etc/dehydrated/conf.d/local.sh
To use dehydrated with this certificate authority you have to agree to their terms of service which you can find here: https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf
To accept these terms of service run "/bin/dehydrated --register --accept-terms".
$ sudo /bin/dehydrated --register --accept-terms
# INFO: Using main config file /etc/dehydrated/config
# INFO: Using additional config file /etc/dehydrated/conf.d/local.sh
+ Generating account key...
+ Registering account key with ACME server...
+ Fetching account URL...
+ Done!
$
初回のSSL証明書発行処理を実行します。
$ sudo dehydrated --cron
# INFO: Using main config file /etc/dehydrated/config
# INFO: Using additional config file /etc/dehydrated/conf.d/local.sh
+ Creating chain cache directory /etc/dehydrated/chains
Processing ホスト1名.ドメイン名 with alternative names: ホスト2名.ドメイン名
+ Creating new directory /etc/dehydrated/certs/ホスト1名.ドメイン名 ...
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting new certificate order from CA...
+ Received 2 authorizations URLs from the CA
+ Handling authorization for ホスト1名.ドメイン名
+ Handling authorization for ホスト2名.ドメイン名
+ 2 pending challenge(s)
+ Deploying challenge tokens...
+ Responding to challenge for ホスト1名.ドメイン名 authorization...
+ Challenge is valid!
+ Responding to challenge for ホスト2名.ドメイン名 authorization...
+ Challenge is valid!
+ Cleaning challenge tokens...
+ Requesting certificate...
+ Checking certificate...
+ Done!
+ Creating fullchain.pem...
+ Done!
+ Running automatic cleanup
$
手順7-3: WebサーバへのSSL証明書設定
まず、httpdにmod_sslを追加します。
$ sudo dnf install mod_ssl -y
Last metadata expiration check: 0:13:55 ago on Tue 12 Sep 2023 11:38:07 AM JST.
Dependencies resolved.
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
mod_ssl x86_64 1:2.4.53-11.0.1.el9_2.5 ol9_appstream 119 k
Transaction Summary
================================================================================
Install 1 Package
<略>
$
$ cd /var/www/html
$ ls
$ sudo curl -O https://wordpress.org/latest.tar.gz
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 22.3M 100 22.3M 0 0 17.6M 0 0:00:01 0:00:01 --:--:-- 17.6M
$ ls
latest.tar.gz
$ sudo tar xfz latest.tar.gz
$ ls -l
total 22904
-rw-r--r--. 1 root root 23447259 Sep 12 11:57 latest.tar.gz
drwxr-xr-x. 5 nobody nobody 4096 Aug 29 23:14 wordpress
$ sudo rm latest.tar.gz
$
現在の設定値を「sudo getsebool -a |grep httpd_can_network」で確認し、「sudo setsebool -P httpd_can_network_connect on」で有効にする
$ sudo getsebool -a |grep httpd_can_network
httpd_can_network_connect --> off
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_relay --> off
$ sudo setsebool -P httpd_can_network_connect on
$ sudo getsebool -a |grep httpd_can_network
httpd_can_network_connect --> on
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_relay --> off
$
$ sudo vi /etc/dnf/automatic.conf
$ cat /etc/dnf/automatic.conf
[commands]
# What kind of upgrade to perform:
# default = all available upgrades
# security = only the security upgrades
upgrade_type = default
random_sleep = 0
# Maximum time in seconds to wait until the system is on-line and able to
# connect to remote repositories.
network_online_timeout = 60
# To just receive updates use dnf-automatic-notifyonly.timer
# Whether updates should be downloaded when they are available, by
# dnf-automatic.timer. notifyonly.timer, download.timer and
# install.timer override this setting.
download_updates = yes
# Whether updates should be applied when they are available, by
# dnf-automatic.timer. notifyonly.timer, download.timer and
# install.timer override this setting.
apply_updates = yes
[emitters]
# Name to use for this system in messages that are emitted. Default is the
# hostname.
# system_name = my-host
# How to send messages. Valid options are stdio, email and motd. If
# emit_via includes stdio, messages will be sent to stdout; this is useful
# to have cron send the messages. If emit_via includes email, this
# program will send email itself according to the configured options.
# If emit_via includes motd, /etc/motd file will have the messages. if
# emit_via includes command_email, then messages will be send via a shell
# command compatible with sendmail.
# Default is email,stdio.
# If emit_via is None or left blank, no messages will be sent.
emit_via = stdio
[email]
# The address to send email messages from.
email_from = root@example.com
# List of addresses to send messages to.
email_to = root
# Name of the host to connect to to send email messages.
email_host = localhost
[command]
# The shell command to execute. This is a Python format string, as used in
# str.format(). The format function will pass a shell-quoted argument called
# `body`.
# command_format = "cat"
# The contents of stdin to pass to the command. It is a format string with the
# same arguments as `command_format`.
# stdin_format = "{body}"
[command_email]
# The shell command to use to send email. This is a Python format string,
# as used in str.format(). The format function will pass shell-quoted arguments
# called body, subject, email_from, email_to.
# command_format = "mail -Ssendwait -s {subject} -r {email_from} {email_to}"
# The contents of stdin to pass to the command. It is a format string with the
# same arguments as `command_format`.
# stdin_format = "{body}"
# The address to send email messages from.
email_from = root@example.com
# List of addresses to send messages to.
email_to = root
[base]
# This section overrides dnf.conf
# Use this to filter DNF core messages
debuglevel = 1
$
そしてdnf-automatic.timerを有効化し、開始します。
$ sudo systemctl enable dnf-automatic.timer
Created symlink /etc/systemd/system/timers.target.wants/dnf-automatic.timer → /usr/lib/systemd/system/dnf-automatic.timer.
$ sudo systemctl status dnf-automatic
○ dnf-automatic.service - dnf automatic
Loaded: loaded (/usr/lib/systemd/system/dnf-automatic.service; static)
Active: inactive (dead)
TriggeredBy: ○ dnf-automatic.timer
$ sudo systemctl start dnf-automatic.timer
$ sudo systemctl status dnf-automatic.timer
● dnf-automatic.timer - dnf-automatic timer
Loaded: loaded (/usr/lib/systemd/system/dnf-automatic.timer; enabled; pres>
Active: active (waiting) since Tue 2023-09-12 13:11:00 JST; 5s ago
Until: Tue 2023-09-12 13:11:00 JST; 5s ago
Trigger: Wed 2023-09-13 06:44:33 JST; 17h left
Triggers: ● dnf-automatic.service
Sep 12 13:11:00 ホスト名 systemd[1]: Started dnf-automatic timer.
$
手順14 メモリが足らない対策
Oracle CloudのFree Tierで初期値のまま稼働させてみたのですが、頻繁に応答がなくなりました。(Oracle Linux 8だと問題なかったんだけど、Oracle Linux 9だと1日複数回発生)
# dnf repolist
repo id repo の名前
ol9_UEKR7 Oracle Linux 9 UEK Release 7 (x86_64)
ol9_addons Oracle Linux 9 Addons (x86_64)
ol9_appstream Oracle Linux 9 Application Stream Packages (x86_64)
ol9_baseos_latest Oracle Linux 9 BaseOS Latest (x86_64)
#
しかし、”Oracle Linux 9 OCI Included Packages (x86_64)”(oci-included-ol9.repo)を戻したところ応答がなくなる現象発生
# dnf repolist
repo id repo の名前
ol9_UEKR7 Oracle Linux 9 UEK Release 7 (x86_64)
ol9_addons Oracle Linux 9 Addons (x86_64)
ol9_appstream Oracle Linux 9 Application Stream Packages (x86_64)
ol9_baseos_latest Oracle Linux 9 BaseOS Latest (x86_64)
ol9_oci_included Oracle Linux 9 OCI Included Packages (x86_64)
# dnf check-update
Oracle Linux 9 OCI Included Packages (x86_64) 27 MB/s | 84 MB 00:03
<ここから出力が続かない>
強制再起動したあと、Oracle Linux 9 OCI Included Packages (x86_64)を除外して、EPELを含めてそれ以外の状態を戻してみるとdnf check-updateに成功
# dnf repolist
repo id repo の名前
ol9_UEKR7 Oracle Linux 9 UEK Release 7 (x86_64)
ol9_addons Oracle Linux 9 Addons (x86_64)
ol9_appstream Oracle Linux 9 Application Stream Packages (x86_64)
ol9_baseos_latest Oracle Linux 9 BaseOS Latest (x86_64)
ol9_developer_EPEL Oracle Linux 9 EPEL Packages for Development (x86_64)
ol9_ksplice Ksplice for Oracle Linux 9 (x86_64)
#
が・・・dnf updateでエラーが・・・
# dnf update -y
メタデータの期限切れの最終確認: 0:01:49 前の 2024年05月07日 11時32分27秒 に実施しました。
エラー:
問題 1: package ImageMagick-libs-6.9.12.93-1.el9.x86_64 from @System requires libraw_r.so.20()(64bit), but none of the providers can be installed
- cannot install both LibRaw-0.21.1-1.el9.x86_64 from ol9_appstream and LibRaw-0.20.2-6.el9.x86_64 from @System
- cannot install both LibRaw-0.21.1-1.el9.x86_64 from ol9_appstream and LibRaw-0.20.2-5.el9.x86_64 from ol9_appstream
- cannot install both LibRaw-0.21.1-1.el9.x86_64 from ol9_appstream and LibRaw-0.20.2-6.el9.x86_64 from ol9_appstream
- パッケージの最良アップデート候補をインストールできません LibRaw-0.20.2-6.el9.x86_64
- パッケージの最良アップデート候補をインストールできません ImageMagick-libs-6.9.12.93-1.el9.x86_64
問題 2: package tuned-profiles-oci-2.21.0-1.0.1.el9_3.noarch from @System requires tuned = 2.21.0-1.0.1.el9_3, but none of the providers can be installed
- cannot install both tuned-2.22.1-1.0.1.el9.noarch from ol9_baseos_latest and tuned-2.21.0-1.0.1.el9_3.noarch from @System
- cannot install both tuned-2.22.1-1.0.1.el9.noarch from ol9_baseos_latest and tuned-2.21.0-1.0.1.el9_3.noarch from ol9_baseos_latest
- パッケージの最良アップデート候補をインストールできません tuned-2.21.0-1.0.1.el9_3.noarch
- インストール済パッケージの問題 tuned-profiles-oci-2.21.0-1.0.1.el9_3.noarch
(競合するパッケージを置き換えるには、コマンドラインに '--allowerasing' を追加してみてください または、'--skip-broken' を追加して、インストール不可のパッケージをスキップしてください または、'--nobest' を追加して、最適候補のパッケージのみを使用しないでください)
#
# dnf update -y --exclude=tuned*
メタデータの期限切れの最終確認: 0:21:39 前の 2024年05月07日 11時32分27秒 に実施しました。
エラー:
問題: package ImageMagick-libs-6.9.12.93-1.el9.x86_64 from @System requires libraw_r.so.20()(64bit), but none of the providers can be installed
- cannot install both LibRaw-0.21.1-1.el9.x86_64 from ol9_appstream and LibRaw-0.20.2-6.el9.x86_64 from @System
- cannot install both LibRaw-0.21.1-1.el9.x86_64 from ol9_appstream and LibRaw-0.20.2-5.el9.x86_64 from ol9_appstream
- cannot install both LibRaw-0.21.1-1.el9.x86_64 from ol9_appstream and LibRaw-0.20.2-6.el9.x86_64 from ol9_appstream
- パッケージの最良アップデート候補をインストールできません LibRaw-0.20.2-6.el9.x86_64
- パッケージの最良アップデート候補をインストールできません ImageMagick-libs-6.9.12.93-1.el9.x86_64
(競合するパッケージを置き換えるには、コマンドラインに '--allowerasing' を追加してみてください または、'--skip-broken' を追加して、インストール不可のパッケージをスキップしてください または、'--nobest' を追加して、最適候補のパッケージのみを使用しないでください)
# dnf update -y --exclude=tuned*,ImageMagick-libs,LibRaw
メタデータの期限切れの最終確認: 0:22:54 前の 2024年05月07日 11時32分27秒 に実施しました。
依存関係が解決しました。
<略>
アップデート完了後、Oracle Linux 9 OCI Included Packages (x86_64)を戻してdnf check-updateを実行すると、これまでと同じで止まる
とりあえずお知らせ記載の「wget -O /tmp/netdata-kickstart.sh https://my-netdata.io/kickstart.sh && sh /tmp/netdata-kickstart.sh 」を実行したところエラーとなった
# wget -O /tmp/netdata-kickstart.sh https://my-netdata.io/kickstart.sh && sh /tmp/netdata-kickstart.sh
--2023-06-26 11:17:16-- https://my-netdata.io/kickstart.sh
Resolving my-netdata.io (my-netdata.io)... 2606:4700:3031::6815:d9f, 2606:4700:3036::ac43:9cc0, 172.67.156.192, ...
Connecting to my-netdata.io (my-netdata.io)|2606:4700:3031::6815:d9f|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [application/octet-stream]
Saving to: ‘/tmp/netdata-kickstart.sh’
/tmp/netdata-kickst [ <=> ] 81.38K --.-KB/s in 0.01s
2023-06-26 11:17:17 (6.31 MB/s) - ‘/tmp/netdata-kickstart.sh’ saved [83335]
--- Using /tmp/netdata-kickstart-UrT2UNzClU as a temporary directory. ---
--- Checking for existing installations of Netdata... ---
[/tmp/netdata-kickstart-UrT2UNzClU]# sh -c cat "//etc/netdata/.install-type" > "/tmp/netdata-kickstart-UrT2UNzClU/install-type"
OK
ABORTED Found an existing netdata install at /, but the install type is 'custom', which is not supported by this script, refusing to proceed.
For community support, you can connect with us on:
- GitHub: https://github.com/netdata/netdata/discussions
- Discord: https://discord.gg/5ygS846fR6
- Our community forums: https://community.netdata.cloud/
[/root]# rm -rf /tmp/netdata-kickstart-UrT2UNzClU
OK
#
# wget -O /tmp/netdata-kickstart.sh https://my-netdata.io/kickstart.sh && sh /tmp/netdata-kickstart.sh --reinstall
--2023-06-26 11:17:34-- https://my-netdata.io/kickstart.sh
Resolving my-netdata.io (my-netdata.io)... 2606:4700:3036::ac43:9cc0, 2606:4700:3031::6815:d9f, 104.21.13.159, ...
Connecting to my-netdata.io (my-netdata.io)|2606:4700:3036::ac43:9cc0|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [application/octet-stream]
Saving to: ‘/tmp/netdata-kickstart.sh’
/tmp/netdata-kickst [ <=> ] 81.38K --.-KB/s in 0.01s
2023-06-26 11:17:34 (6.37 MB/s) - ‘/tmp/netdata-kickstart.sh’ saved [83335]
--- Using /tmp/netdata-kickstart-J62Yweer7w as a temporary directory. ---
--- Attempting to install using native packages... ---
--- Repository configuration is already present, attempting to install netdata. ---
There was an error communicating with OSMS server.
OSMS based repositories will be disabled.
<ProtocolError for http://127.0.0.1:9003/XMLRPC: 500 500 Server Error: Internal Server Error for url: http://127.0.0.1:9003/XMLRPC>
WARNING Could not find a usable native package for ol on aarch64.
--- Attempting to uninstall repository configuration package. ---
[/tmp/netdata-kickstart-J62Yweer7w]# env dnf remove netdata-repo-edge
There was an error communicating with OSMS server.
OSMS based repositories will be disabled.
<ProtocolError for http://127.0.0.1:9003/XMLRPC: 500 500 Server Error: Internal Server Error for url: http://127.0.0.1:9003/XMLRPC>
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Removing:
netdata-repo-edge noarch 1-2 @@commandline 580
Transaction Summary
================================================================================
Remove 1 Package
Freed space: 580
Is this ok [y/N]: y
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Erasing : netdata-repo-edge-1-2.noarch 1/1
warning: file /etc/yum.repos.d/netdata-edge.repo: remove failed: No such file or directory
Verifying : netdata-repo-edge-1-2.noarch 1/1
Removed:
netdata-repo-edge-1-2.noarch
Complete!
OK
WARNING Could not install native binary packages, falling back to alternative installation method.
[/tmp/netdata-kickstart-J62Yweer7w]# sh -c /bin/curl https://github.com/netdata/netdata-nightlies/releases/latest -s -L -I -o /dev/null -w '%{url_effective}' | grep -o '[^/]*$'
OK
--- Attempting to install using static build... ---
[/tmp/netdata-kickstart-J62Yweer7w]# /bin/curl --fail -q -sSL --connect-timeout 10 --retry 3 --output /tmp/netdata-kickstart-J62Yweer7w/netdata-aarch64-latest.gz.run https://github.com/netdata/netdata-nightlies/releases/download/v1.40.0-38-nightly/netdata-aarch64-latest.gz.run
OK
[/tmp/netdata-kickstart-J62Yweer7w]# /bin/curl --fail -q -sSL --connect-timeout 10 --retry 3 --output /tmp/netdata-kickstart-J62Yweer7w/sha256sum.txt https://github.com/netdata/netdata-nightlies/releases/download/v1.40.0-38-nightly/sha256sums.txt
OK
--- Installing netdata ---
[/tmp/netdata-kickstart-J62Yweer7w]# sh /tmp/netdata-kickstart-J62Yweer7w/netdata-aarch64-latest.gz.run --
^
|.-. .-. .-. .-. . netdata
| '-' '-' '-' '-' real-time performance monitoring, done right!
+----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+--->
(C) Copyright 2017-2023, Costa Tsaousis
All rights reserved
Released under GPL v3+
You are about to install netdata to this system.
netdata will be installed at:
/opt/netdata
The following changes will be made to your system:
# USERS / GROUPS
User 'netdata' and group 'netdata' will be added, if not present.
# LOGROTATE
This file will be installed if logrotate is present.
- /etc/logrotate.d/netdata
# SYSTEM INIT
If a supported init system is detected, appropriate configuration will be
installed to allow Netdata to run as a system service. We currently support
systemd, OpenRC, LSB init scripts, and traditional init.d setups, as well as
having experimental support for runit.
This package can also update a netdata installation that has been
created with another version of it.
Your netdata configuration will be retained.
After installation, netdata will be (re-)started.
netdata re-distributes a lot of open source software components.
Check its full license at:
https://github.com/netdata/netdata/blob/master/LICENSE
Please type y to accept, n otherwise: y
Creating directory /opt/netdata
Verifying archive integrity... 100% MD5 checksums are OK. All good.
Uncompressing netdata, the real-time performance and health monitoring system 100%
--- Attempt to create user/group netdata/netadata ---
Group 'netdata' already exists.
User 'netdata' already exists.
--- Add user netdata to required user groups ---
Group 'docker' does not exist.
User 'netdata' is already in group 'nginx'.
Group 'varnish' does not exist.
Group 'haproxy' does not exist.
User 'netdata' is already in group 'adm'.
Group 'nsd' does not exist.
Group 'proxy' does not exist.
Group 'squid' does not exist.
Group 'ceph' does not exist.
User 'netdata' is already in group 'nobody'.
Group 'I2C' does not exist.
--- Install logrotate configuration for netdata ---
[/opt/netdata]# chmod 644 /etc/logrotate.d/netdata
OK ''
--- Telemetry configuration ---
You can opt out from anonymous statistics via the --disable-telemetry option, or by creating an empty file /opt/netdata/etc/netdata/.opt-out-from-anonymous-statistics
--- Install netdata at system init ---
Installing systemd service...
--- Install (but not enable) netdata updater tool ---
cat: /system/systemd/netdata-updater.timer: No such file or directory
cat: /system/systemd/netdata-updater.service: No such file or directory
Update script is located at /opt/netdata/usr/libexec/netdata/netdata-updater.sh
--- creating quick links ---
[/opt/netdata]# ln -s bin sbin
OK ''
[/opt/netdata/usr]# ln -s ../bin bin
OK ''
[/opt/netdata/usr]# ln -s ../bin sbin
OK ''
[/opt/netdata/usr]# ln -s . local
OK ''
[/opt/netdata]# ln -s etc/netdata netdata-configs
OK ''
[/opt/netdata]# ln -s usr/share/netdata/web netdata-web-files
OK ''
[/opt/netdata]# ln -s usr/libexec/netdata netdata-plugins
OK ''
[/opt/netdata]# ln -s var/lib/netdata netdata-dbs
OK ''
[/opt/netdata]# ln -s var/cache/netdata netdata-metrics
OK ''
[/opt/netdata]# ln -s var/log/netdata netdata-logs
OK ''
[/opt/netdata/etc/netdata]# rm orig
OK ''
[/opt/netdata/etc/netdata]# ln -s ../../usr/lib/netdata/conf.d orig
OK ''
--- fix permissions ---
[/opt/netdata]# chmod g+rx,o+rx /opt
OK ''
[/opt/netdata]# find /opt/netdata -type d -exec chmod go+rx {} +
OK ''
[/opt/netdata]# chown -R netdata:netdata /opt/netdata/var
OK ''
--- changing plugins ownership and permissions ---
[/opt/netdata]# chown root:netdata usr/libexec/netdata/plugins.d/apps.plugin
OK ''
[/opt/netdata]# chown root:netdata usr/libexec/netdata/plugins.d/perf.plugin
OK ''
[/opt/netdata]# chown root:netdata usr/libexec/netdata/plugins.d/slabinfo.plugin
OK ''
[/opt/netdata]# chown root:netdata usr/libexec/netdata/plugins.d/debugfs.plugin
OK ''
[/opt/netdata]# chown root:netdata usr/libexec/netdata/plugins.d/ioping
OK ''
[/opt/netdata]# chown root:netdata usr/libexec/netdata/plugins.d/cgroup-network
OK ''
[/opt/netdata]# chown root:netdata usr/libexec/netdata/plugins.d/nfacct.plugin
OK ''
[/opt/netdata]# chown root:netdata usr/libexec/netdata/plugins.d/python.d.plugin
OK ''
[/opt/netdata]# chown root:netdata usr/libexec/netdata/plugins.d/charts.d.plugin
OK ''
[/opt/netdata]# chown root:netdata usr/libexec/netdata/plugins.d/go.d.plugin
OK ''
[/opt/netdata]# chown root:netdata usr/libexec/netdata/plugins.d/ioping.plugin
OK ''
[/opt/netdata]# chown root:netdata usr/libexec/netdata/plugins.d/cgroup-network-helper.sh
OK ''
[/opt/netdata]# setcap cap_dac_read_search,cap_sys_ptrace=ep usr/libexec/netdata/plugins.d/apps.plugin
OK ''
[/opt/netdata]# setcap cap_dac_read_search=ep usr/libexec/netdata/plugins.d/slabinfo.plugin
OK ''
[/opt/netdata]# setcap cap_dac_read_search=ep usr/libexec/netdata/plugins.d/debugfs.plugin
OK ''
[/opt/netdata]# setcap cap_sys_admin=ep usr/libexec/netdata/plugins.d/perf.plugin
OK ''
[/opt/netdata]# setcap cap_net_admin,cap_net_raw=eip usr/libexec/netdata/plugins.d/go.d.plugin
OK ''
[/opt/netdata]# chmod 4750 usr/libexec/netdata/plugins.d/ioping
OK ''
[/opt/netdata]# chmod 4750 usr/libexec/netdata/plugins.d/cgroup-network
OK ''
[/opt/netdata]# chmod 4750 usr/libexec/netdata/plugins.d/nfacct.plugin
OK ''
Configure TLS certificate paths
Using /etc/pki/tls for TLS configuration and certificates
Save install options
--- starting netdata ---
--- Restarting netdata instance ---
Stopping all netdata threads
[/opt/netdata]# stop_all_netdata
OK ''
Starting netdata using command 'systemctl start netdata'
[/opt/netdata]# systemctl start netdata
OK ''
Downloading default configuration from netdata...
[/opt/netdata]# /bin/curl -sSL --connect-timeout 10 --retry 3 http://localhost:19999/netdata.conf
OK ''
[/opt/netdata]# mv /opt/netdata/etc/netdata/netdata.conf.new /opt/netdata/etc/netdata/netdata.conf
OK ''
OK New configuration saved for you to edit at /opt/netdata/etc/netdata/netdata.conf
^
|.-. .-. .-. .-. .-. . netdata .-. .-. .-. .-. .-. .-
| '-' '-' '-' '-' '-' '-' '-' '-' '-' '-'
+----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+--->
[/opt/netdata]# chmod 0644 /opt/netdata/etc/netdata/netdata.conf
OK ''
OK
[/tmp/netdata-kickstart-J62Yweer7w]# sh -c cat "/opt/netdata/etc/netdata/.install-type" > "/tmp/netdata-kickstart-J62Yweer7w/install-type"
OK
[/tmp/netdata-kickstart-J62Yweer7w]# chown 0:0 /tmp/netdata-kickstart-J62Yweer7w/install-type
OK
[/tmp/netdata-kickstart-J62Yweer7w]# chown netdata:netdata /tmp/netdata-kickstart-J62Yweer7w/install-type
OK
[/tmp/netdata-kickstart-J62Yweer7w]# cp /tmp/netdata-kickstart-J62Yweer7w/install-type /opt/netdata/etc/netdata/.install-type
OK
[/tmp/netdata-kickstart-J62Yweer7w]# test -x /opt/netdata/usr/libexec/netdata/netdata-updater.sh
OK
[/tmp/netdata-kickstart-J62Yweer7w]# grep -q \-\-enable-auto-updates /opt/netdata/usr/libexec/netdata/netdata-updater.sh
OK
[/tmp/netdata-kickstart-J62Yweer7w]# /opt/netdata/usr/libexec/netdata/netdata-updater.sh --enable-auto-updates
Mon Jun 26 11:18:13 JST 2023 : INFO: netdata-updater.sh: Auto-updating has been ENABLED through cron, updater script linked to /etc/cron.daily/netdata-updater\n
Mon Jun 26 11:18:13 JST 2023 : INFO: netdata-updater.sh: If the update process fails and you have email notifications set up correctly for cron on this system, you should receive an email notification of the failure.
Mon Jun 26 11:18:13 JST 2023 : INFO: netdata-updater.sh: Successful updates will not send an email.
OK
Successfully installed the Netdata Agent.
The following non-fatal warnings or errors were encountered:
- Could not find a usable native package for ol on aarch64.
- Could not install native binary packages, falling back to alternative installation method.
Official documentation can be found online at https://learn.netdata.cloud/docs/.
Looking to monitor all of your infrastructure with Netdata? Check out Netdata Cloud at https://app.netdata.cloud.
Join our community and connect with us on:
- GitHub: https://github.com/netdata/netdata/discussions
- Discord: https://discord.gg/5ygS846fR6
- Our community forums: https://community.netdata.cloud/
[/root]# rm -rf /tmp/netdata-kickstart-J62Yweer7w
OK
#
# curl -O https://my-netdata.io/kickstart.sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 83335 0 83335 0 0 129k 0 --:--:-- --:--:-- --:--:-- 128k
# bash kickstart.sh
kickstart.sh: line 34: cd: kickstart.sh: Not a directory
--- Using /tmp/netdata-kickstart-gOQowVR9j7 as a temporary directory. ---
--- Checking for existing installations of Netdata... ---
[/tmp/netdata-kickstart-gOQowVR9j7]# sh -c cat "//etc/netdata/.install-type" > "/tmp/netdata-kickstart-gOQowVR9j7/install-type"
OK
ABORTED Found an existing netdata install at /, but the install type is 'custom', which is not supported by this script, refusing to proceed.
For community support, you can connect with us on:
- GitHub: https://github.com/netdata/netdata/discussions
- Discord: https://discord.gg/5ygS846fR6
- Our community forums: https://community.netdata.cloud/
[/root]# rm -rf /tmp/netdata-kickstart-gOQowVR9j7
OK
#
### etc/Renviron. Generated from Renviron.in by configure.
###
### ${R_HOME}/etc/Renviron
###
### Record R system environment variables.
## As from R 4.0.0 the C code reading this follows the POSIX rules
## for parameter substitution in shells, section 2.6.2 of
## https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18
## In earlier versions ${FOO-bar} was interpreted the same as ${FOO:-bar}
R_PLATFORM=${R_PLATFORM-'x86_64-pc-linux-gnu'}
## Default printer paper size: first record if user set R_PAPERSIZE
R_PAPERSIZE_USER=${R_PAPERSIZE}
R_PAPERSIZE=${R_PAPERSIZE-'letter'}
## Default print command
R_PRINTCMD=${R_PRINTCMD-'/usr/bin/lpr'}
# for Rd2pdf, reference manual
R_RD4PDF=${R_RD4PDF-'times,hyper'}
## used for options("texi2dvi")
R_TEXI2DVICMD=${R_TEXI2DVICMD-${TEXI2DVI-'/usr/bin/texi2dvi'}}
## used by untar(support_old_tars = TRUE) and installing grDevices
R_GZIPCMD=${R_GZIPCMD-'/usr/bin/gzip'}
## Default zip/unzip commands
R_UNZIPCMD=${R_UNZIPCMD-'/usr/bin/unzip'}
R_ZIPCMD=${R_ZIPCMD-'/usr/bin/zip'}
R_BZIPCMD=${R_BZIPCMD-'/usr/bin/bzip2'}
## Default browser
R_BROWSER=${R_BROWSER-'xdg-open'}
## Default editor
EDITOR=${EDITOR-${VISUAL-vi}}
## Default pager
PAGER=${PAGER-'/usr/bin/less'}
## Default PDF viewer
R_PDFVIEWER=${R_PDFVIEWER-''}
## Used by libtool
LN_S='ln -s'
MAKE=${MAKE-'make'}
## Prefer a POSIX-compliant sed on e.g. Solaris
SED=${SED-'/usr/bin/sed'}
## Prefer a tar that can automagically read compressed archives
TAR=${TAR-'/usr/bin/gtar'}
## System and compiler types.
R_SYSTEM_ABI='linux,gcc,gxx,gfortran,gfortran'
## Strip shared objects and static libraries.
R_STRIP_SHARED_LIB=${R_STRIP_SHARED_LIB-'strip --strip-unneeded'}
R_STRIP_STATIC_LIB=${R_STRIP_STATIC_LIB-'strip --strip-debug'}
R_LIBS_USER=${R_LIBS_USER-'~/R/x86_64-pc-linux-gnu-library/4.1'}
#R_LIBS_USER=${R_LIBS_USER-'~/Library/R//4.1/library'}
### Local Variables: ***
### mode: sh ***
### sh-indentation: 2 ***
### End: ***