New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add notes/known issues section to installation page #9053
Conversation
Manage this branch in SquashTest this branch here: https://joelhansfix-openssl-psk6s.squash.io |
We might want to mention here that the build also currently does not work with LibreSSL in place of OpenSSL, and also fails when using Clang in some configurations. |
@Ferroin Done! |
packaging/installer/README.md
Outdated
**LibreSSL**: The Agent installer is only compatible with OpenSSL. Critical functions do not work on systems with | ||
LibreSSL installed as a replacement for OpenSSL. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually, the build fails completely if you try to use LibreSSL instead of OpenSSL. They use the same naming for libraries and headers but aren't API compatible.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Ferroin I am working on a new PR with TLS right now, I will bring a fix for this on it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Ferroin Done.
@thiagoftsm We can always edit this text again when your PR is ready.
There was a PR to fix this. I'm not sure this is true anymore. Let me find the PR. |
Issue tracking LibreSSL fix #8796 |
We should hold of fon merging this until #8796 is resolved otherwise it makes us look a bit silly to say it doens't compile with LibreSSL one day but does the next. :) |
Waiting is fine with me. You guys can ping me when this is ready for an update and I'll get on it. |
An update on this one: @zack-shoylev and I need to add a few more workarounds for old systems into this PR, so I changed the title to better reflect what we're doing and we'll ask for reviews again when we've added all the notes. Context is at netdata/marketing#240. |
Probably a good idea. Should also mention that using the Static install is a valid solution here (not even a work-around either). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's add the additional notes as suggested before merging.
@zack-shoylev Of course—that's been the plan all along. I'm hoping to get it done today. |
packaging/installer/README.md
Outdated
export CFLAGS="-DACLK_SSL_ALLOW_SELF_SIGNED" | ||
``` | ||
|
||
Then install Netdata using your method of choice. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we need to review this very carefully...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
wanted to make one thing very clear for the workaround
packaging/installer/README.md
Outdated
#### Ubuntu 14.04 LTS | ||
|
||
To use the `CFLAGS` workaround on Ubuntu 14.04 LTS, you must first install `libuv1-dev` via a PPA: | ||
|
||
```bash | ||
add-apt-repository ppa:acooks/libwebsockets6 | ||
apt-get update | ||
apt-get install libuv1-dev | ||
``` | ||
|
||
Then proceed with the CFLAGS workaround described above. | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is already handled by #8916 not sure we need to duplicate the code in our docuemtnation as we don't do this for similar reasons for handling other systems.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That PR is not merged yet. Is some other fix already present for Ubuntu 14.04?
### CentOS 6 and CentOS 8 | ||
|
||
To install the Agent on certain CentOS and RHEL systems, you must enable non-default repositories, such as EPEL or | ||
PowerTools, to gather hard dependencies. See the [CentOS 6](/packaging/installer/methods/manual.md#centos-rehel-6-x) and | ||
[CentOS 8](/packaging/installer/methods/manual.md#centos-rehel-8-x) sections for more information. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is this here? The installer takes care of this, it even tells the user and prompts then (optionally).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would just add a note to say that our installer automatically takes cares of this if you use our kickstart.sh
.
@prologic Given that I wrote this PR on Friday and #9198 was then merged over the weekend, @zack-shoylev and I will need to take some time to figure out how to redesign this entire PR to accommodate those changes. More soon. |
Thanks @joelhans :) Let me know if you need any help! |
@prologic This is actually ready for another review when you have time. I chatted with @zack-shoylev off GitHub about what's in the PR right now, and while he's happy with it, the opinions of you and @amoss are what really count! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good - really nice explanation of the security issue. LGTM
@zack-shoylev Can you hop in here and make any last requests or approve? I think merging is blocked, in part, because you requested changes. Thanks! |
You had two approvals. Merged. |
* Add notes section to installer with OpenSSL * Add LibreSSL and Clang * Libre * Remove LibreSSL warning * Add sections about CFLAGS to install and claim * Update * Retrigger CI
Summary
Fixes #8306
I added this notes section to the installation page where we can put notices like SSL and workarounds for various distros. I don't love cluttering up that page any more, but I can't figure out where else we could put this information with the best mix of discoverability and not being too in-your-face.
Component Name
packaging/
Test Plan
Additional Information