mirrors/nixpkgs
1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-09-11 15:08:33 +01:00
Code Issues Wiki Activity

netdata: set NETDATA_PIPENAME to /run/netdata/ipc

Browse source 
Netdata creates its control socket at /tmp/netdata-ipc by default, which
is insecure and actually inaccessible with systemd's PrivateTmp enabled.

Originally we patched its source code to move the socket to
/run/netdata/ipc. However, it was removed due to incompatibility when
upgrading to v1.41.0: 1d2a2dc7d0

Fortunately, this new version of netdata adds support for setting the
location of the control socket via the environment variable
NETDATA_PIPENAME. So let's set it for the netdata service and the
command line utility so that they can communicate properly.
This commit is contained in:
DDoSolitary 2023-08-05 17:52:52 +08:00
parent aebee3ca2a
commit 060a47e1e4
No known key found for this signature in database
GPG key ID: FC7D8A0E70542CCF
4 changed files with 6 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
nixos/modules/services/monitoring/netdata.nix
View file

@ -216,6 +216,7 @@ in {
PYTHONPATH = "${cfg.package}/libexec/netdata/python.d/python_modules"; PYTHONPATH = "${cfg.package}/libexec/netdata/python.d/python_modules";
} // lib.optionalAttrs (!cfg.enableAnalyticsReporting) { } // lib.optionalAttrs (!cfg.enableAnalyticsReporting) {
DO_NOT_TRACK = "1"; DO_NOT_TRACK = "1";
NETDATA_PIPENAME = "/run/netdata/ipc";
}; };
restartTriggers = [ restartTriggers = [
config.environment.etc."netdata/netdata.conf".source config.environment.etc."netdata/netdata.conf".source

5
nixos/tests/netdata.nix
View file

@ -10,7 +10,7 @@ import ./make-test-python.nix ({ pkgs, ...} : {
netdata = netdata =
{ pkgs, ... }: { pkgs, ... }:
{ {
environment.systemPackages = with pkgs; [ curl jq ]; environment.systemPackages = with pkgs; [ curl jq netdata ];
services.netdata.enable = true; services.netdata.enable = true;
}; };
}; };
@ -34,5 +34,8 @@ import ./make-test-python.nix ({ pkgs, ...} : {
filter = '[.data[range(10)][.labels | indices("root")[0]]] | add | . > 0' filter = '[.data[range(10)][.labels | indices("root")[0]]] | add | . > 0'
cmd = f"curl -s {url} | jq -e '{filter}'" cmd = f"curl -s {url} | jq -e '{filter}'"
netdata.wait_until_succeeds(cmd) netdata.wait_until_succeeds(cmd)
# check if the control socket is available
netdata.succeed("sudo netdatacli ping")
''; '';
}) })

1
pkgs/tools/system/netdata/default.nix
View file

@ -103,6 +103,7 @@ stdenv.mkDerivation rec {
postFixup = '' postFixup = ''
wrapProgram $out/bin/netdata-claim.sh --prefix PATH : ${lib.makeBinPath [ openssl ]} wrapProgram $out/bin/netdata-claim.sh --prefix PATH : ${lib.makeBinPath [ openssl ]}
wrapProgram $out/libexec/netdata/plugins.d/cgroup-network-helper.sh --prefix PATH : ${lib.makeBinPath [ bash ]} wrapProgram $out/libexec/netdata/plugins.d/cgroup-network-helper.sh --prefix PATH : ${lib.makeBinPath [ bash ]}
wrapProgram $out/bin/netdatacli --set NETDATA_PIPENAME /run/netdata/ipc
''; '';
enableParallelBuild = true; enableParallelBuild = true;

13
pkgs/tools/system/netdata/ipc-socket-in-run.patch
View file

@ -1,13 +0,0 @@
diff --git a/daemon/commands.h b/daemon/commands.h
index bd4aabfe1cbe4..ce7eb3c730228 100644
--- a/daemon/commands.h
+++ b/daemon/commands.h
@@ -6,7 +6,7 @@
#ifdef _WIN32
# define PIPENAME "\\\\?\\pipe\\netdata-cli"
#else
-# define PIPENAME "/tmp/netdata-ipc"
+# define PIPENAME "/run/netdata/ipc"
#endif
#define MAX_COMMAND_LENGTH 4096