diff options
| author | Joel Hans <joel@netdata.cloud> | 2020-06-04 07:09:16 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-06-05 00:09:16 +1000 |
| commit | b1c96ce59d2eb7e46b35609b03715c9c15243aa6 (patch) | |
| tree | 64be84d3f7de02a6b7cebb20d4f8381b3b6236dc | |
| parent | f53631297973d7acd0c35e28f22c80c5c64945b3 (diff) | |
Add notes/known issues section to installation page (#9053)
* Add notes section to installer with OpenSSL
* Add LibreSSL and Clang
* Libre
* Remove LibreSSL warning
* Add sections about CFLAGS to install and claim
* Update
* Retrigger CI
| -rw-r--r-- | claim/README.md | 14 | ||||
| -rw-r--r-- | packaging/installer/README.md | 39 |
2 files changed, 53 insertions, 0 deletions
diff --git a/claim/README.md b/claim/README.md index 0fdcd8f854..beab8977f7 100644 --- a/claim/README.md +++ b/claim/README.md @@ -189,6 +189,20 @@ might be having with the ACLK or claiming process. Use these keys and the information below to troubleshoot the ACLK. +#### Claiming on older distributions (Ubuntu 14.04, Debian 8, CentOS 6) + +If you're running an older Linux distribution or one that has reached EOL, such as Ubuntu 14.04 LTS, Debian 8, or CentOS +6, your Agent may not be able to securely connect to Netdata Cloud due to an outdated version of OpenSSL. These old +versions of OpenSSL cannot perform [hostname validation](https://wiki.openssl.org/index.php/Hostname_validation), which +helps securely encrypt SSL connections. + +We recommend you reinstall Netdata with a [static build](/packaging/installer/methods/kickstart-64.md), which uses an +up-to-date version of OpenSSL with hostname validation enabled. + +If you choose to continue using the outdated version of OpenSSL, your node will still connect to Netdata Cloud, albeit +with hostname verification disabled. Without verification, your Netdata Cloud connection could be vulnerable to +man-in-the-middle attacks. + #### cloud-enabled is false If `cloud-enabled` is `false`, you probably ran the installer with `--disable-cloud` option. diff --git a/packaging/installer/README.md b/packaging/installer/README.md index 044b65ef14..dce8093fb6 100644 --- a/packaging/installer/README.md +++ b/packaging/installer/README.md @@ -165,3 +165,42 @@ the community helps fix any bugs that might have been introduced in previous rel - Protect yourself from the rare instance when major bugs slip through our testing and negatively affect a Netdata installation - Retain more control over the Netdata version you use + +## Installation notes and known issues + +We are tracking a few issues related to installation and packaging. + +### Older distributions (Ubuntu 14.04, Debian 8, CentOS 6) and OpenSSL + +If you're running an older Linux distribution or one that has reached EOL, such as Ubuntu 14.04 LTS, Debian 8, or CentOS +6, your Agent may not be able to securely connect to Netdata Cloud due to an outdated version of OpenSSL. These old +versions of OpenSSL cannot perform [hostname validation](https://wiki.openssl.org/index.php/Hostname_validation), which +helps securely encrypt SSL connections. + +We recommend you reinstall Netdata with a [static build](/packaging/installer/methods/kickstart-64.md), which uses an +up-to-date version of OpenSSL with hostname validation enabled. + +If you choose to continue using the outdated version of OpenSSL, your node will still connect to Netdata Cloud, albeit +with hostname verification disabled. Without verification, your Netdata Cloud connection could be vulnerable to +man-in-the-middle attacks. + +### CentOS 6 and CentOS 8 + +To install the Agent on certain CentOS and RHEL systems, you must enable non-default repositories, such as EPEL or +PowerTools, to gather hard dependencies. See the [CentOS 6](/packaging/installer/methods/manual.md#centos-rehel-6-x) and +[CentOS 8](/packaging/installer/methods/manual.md#centos-rehel-8-x) sections for more information. + +### Multiple versions of OpenSSL + +We've received reports from the community about issues with running the `kickstart.sh` script on systems that have both +a distribution-installed version of OpenSSL and a manually-installed local version. The Agent's installer cannot handle +both. + +We recommend you install Netdata with the [static binary](/packaging/installer/methods/kickstart-64.md) to avoid the +issue altogether. Or, you can manually remove one version of OpenSSL to remove the conflict. + +### Clang compiler on Linux + +Our current build process has some issues when using certain configurations of the `clang` C compiler on Linux. See [the +section on `nonrepresentable section on output` +errors](/packaging/installer/methods/manual.md#nonrepresentable-section-on-output-errors) for a workaround.
\ No newline at end of file |