getting error when upgrade netdata from 1.3 to 1.4 in redhat 8.10

HI everyone,

Problem/Question

i am getting error when try to upgrade netdata from version 1.31 to 1.40 nightly version.

Relevant docs you followed/actions you took to solve the issue

i am using below command to upgrade the version.

[root@lpdevtmp]/opt/netdata/var/log/netdata #wget -O /tmp/netdata-kickstart.sh https://get.netdata.cloud/kickstart.sh && sh /tmp/netdata-kickstart.sh
–2024-09-18 16:24:46-- https://get.netdata.cloud/kickstart.sh
Connecting to 192.9.200.120:8080… connected.
ERROR: The certificate of ‘get.netdata.cloud’ is not trusted.
ERROR: The certificate of ‘get.netdata.cloud’ hasn’t got a known issuer.
[root@lpdevtmp]/opt/netdata/var/log/netdata #

[root@lpdevtmp]/opt/netdata/var/log/netdata #uname -a
Linux lpdevtmp 4.18.0-477.15.1.el8_8.x86_64 #1 SMP Fri Jun 2 08:27:19 EDT 2023 x86_64 x86_64 x86_64 GNU/Linux

[root@lpdevtmp]/opt/netdata/bin #netdata -W buildinfo
Version: netdata v1.37.0-24-g6a232de18
Configure options: ‘–prefix=/opt/netdata/usr’ ‘–sysconfdir=/opt/netdata/etc’ ‘–localstatedir=/opt/netdata/var’ ‘–libexecdir=/opt/netdata/usr/libexec’ ‘–libdir=/opt/netdata/usr/lib’ ‘–with-zlib’ ‘–with-math’ ‘–with-user=netdata’ ‘–enable-cloud’ ‘–without-bundled-protobuf’ ‘–disable-dependency-tracking’ ‘CFLAGS=-static -O2 -I/openssl-static/include -pipe’ ‘LDFLAGS=-static -L/openssl-static/lib’ ‘PKG_CONFIG_PATH=/openssl-static/lib/pkgconfig’
Install type: kickstart-static
Binary architecture: x86_64
Features:
dbengine: YES
Native HTTPS: YES
Netdata Cloud: YES
ACLK: YES
TLS Host Verification: YES
Machine Learning: YES
Stream Compression: YES
Libraries:
protobuf: YES (system)
jemalloc: NO
JSON-C: YES
libcap: NO
libcrypto: YES
libm: YES
tcalloc: NO
zlib: YES
Plugins:
apps: YES
cgroup Network Tracking: YES
CUPS: NO
EBPF: YES
IPMI: NO
NFACCT: NO
perf: YES
slabinfo: YES
Xen: NO
Xen VBD Error Tracking: NO
Exporters:
AWS Kinesis: NO
GCP PubSub: NO
MongoDB: NO
Prometheus Remote Write: YES
Debug/Developer Features:
Trace Allocations: NO

[root@lpdevtmp]/opt/netdata/bin #netdata -W buildinfo | grep -E ‘Installation Type|Install type:’
Install type: kickstart-static
[root@lpdevtmp]/opt/netdata/bin #netdata -v
netdata v1.37.0-24-g6a232de18

Anyone can help me on this.

Thanks

Hi @Juriani_Hashim,

The IP address/port 192.9.200.120:8080 is not us. I assume you are going though a proxy. Also, to debug the certificate issue, can you please paste the output of this command (from the machine in question)?

openssl s_client -showcerts -connect get.netdata.cloud:443

hi,

yes, we connected to our proxy server. i had copy the command but seems it hung there, and nothing appear. it is i need to enter to the specific path and only run the command.
Can i upgrade the netdata with bypass the proxy server? which is offline upgrade and download the specific version and transfer to redhat server ?

netdata cert result819×37 6.83 KB

Thanks

i got below result

image838×236 4.95 KB

The OpenSSL command doesn’t automatically pick up proxies. If your proxy is an HTTP proxy, then you need to provide -proxy 192.19.200.120:8080 to the command above (before the target address). If it is a SOCKS proxy, then it is a bit more involved.

As for bypassing, there are two ways:

• Pick up the RPM from Index of /repos/stable/el/ (stable) or Index of /repos/edge/el/ (nightly). Choose the repo and architecture that matches your setup, and then download the PRM of the desired version.
• Use the offline install option: Install Netdata on offline systems | Learn Netdata.

Note that you mentioned 1.40. This version was released in June 2023, and unsupported. The currently supported versions are the latest patch releases of the 1.46 and 1.47 major releases. It is also recommended you use the stable release channel if you are doing manual updates. Particularly in production settings.

The kickstart script will automatically pick up the latest version, and you can use the --release-channel parameter to specify either stable or nightly.

Hi,

Noted and thanks for the info. By the way can you provide the manual step to upgrade the netdata version in redhat and which command should i use. Thanks again.

These manual steps are suggestions to get around the original issue, not what we would recommend in general. The documented way is the command you provided initially.

If we can find out why you get the certificate error, then that would be preferable. If you can’t get the proxy working, to verify you target machine has all the right root certificates, you can do the following on another machine:

echo -n | openssl s_client --showcerts -connect get.netdata.cloud:443 2>/dev/null >chain.pem
openssl x509 -in chain.pem > cert.pem

Then copy those two PEM files to the target machine and there do:

openssl verify -CAfile chain.pem -untrusted chain.pem cert.pem

This should yield:

cert.pem: OK