adding node exporter, loki, and promtail

This commit is contained in:
ai-dev
2024-10-30 20:26:28 +01:00
parent b1dbbe1a8b
commit b840c65795
87 changed files with 2372 additions and 2366 deletions

View File

@ -0,0 +1,112 @@
# Changelog
## [1.0.1] - 2024-09-11
- Upgraded base image from `ghcr.io/hassio-addons/base/<arch>:16.1.2` to `16.3.0`
## [1.0.0] - 2024-07-01
⚠️ BREAKING CHANGES ⚠️
- Upgraded Node Exporter to `1.8.1`
- Upgraded base image from `ghcr.io/hassio-addons/base/<arch>:15.0.8` to `16.1.2`
- Removes the default username/password
- Now requires a plaintext password instead of a bcrypt string (the container will bcrypt the password for you)
- If you're upgrading from `0.9.1` or any earlier version, you will **NEED** to go to the "Configuration" tab and enter the plaintext version of your password (if you leave the bcrypt hash in the password field, the container will try to hash your already-hashed password)
## [0.9.1] - 2024-05-14
- Upgraded base image from `ghcr.io/hassio-addons/base/<arch>:15.0.4` to `15.0.8`
- Added [CONTRIBUTING.md](https://github.com/loganmarchione/hassos-addons/blob/main/prometheus_node_exporter/CONTRIBUTING.md)
## [0.9.0] - 2024-05-13
- Upgraded Node Exporter to `1.8.0` thanks to [@b-reich](https://github.com/b-reich) in https://github.com/loganmarchione/hassos-addons/pull/49
## [0.8.2] - 2024-01-16
- Upgraded base image from `ghcr.io/hassio-addons/base/<arch>:15.0.1` to `15.0.4`
## [0.8.1] - 2024-01-11
- Published pre-built image to GHCR thanks to [@wozz](https://github.com/wozz) in https://github.com/loganmarchione/hassos-addons/pull/47
## [0.8.0] - 2023-12-13
- Upgraded Node Exporter to `1.7.0`
- Upgraded base image from `ghcr.io/hassio-addons/base/<arch>:14.1.0` to `15.0.1`
## [0.7.0] - 2023-08-18
- Upgraded Node Exporter to `1.6.1`
- Upgraded base image from `ghcr.io/hassio-addons/base/<arch>:14.0.0` to `14.1.0`
## [0.6.0] - 2023-05-18
- Upgraded base image from `ghcr.io/hassio-addons/base/<arch>:13.1.3` to `14.0.0`
- Added support for Prometheus Node Exporter command-line arguments thanks to [@falzm](https://github.com/falzm) in https://github.com/loganmarchione/hassos-addons/pull/34
## [0.5.0] - 2023-03-16
- Upgraded Node Exporter to `1.5.0`
- Upgraded base image from `ghcr.io/hassio-addons/base/<arch>:12.2.4` to `13.1.3`
## [0.4.0] - 2022-10-20
- Upgraded base image from `ghcr.io/hassio-addons/base/<arch>:12.2.0` to `12.2.4`
## [0.3.0] - 2022-09-26
- Upgraded Node Exporter to `1.4.0`
## [0.2.1] - 2022-08-05
- Added more logging around TLS
## [0.2.0] - 2022-08-05
- Added TLS support thanks to [@Quedale](https://github.com/Quedale) in https://github.com/loganmarchione/hassos-addons/pull/7
- Mapped Node Exporter config files from `/etc` to `/config`, to allow editing via the [File editor add-on](https://github.com/home-assistant/addons/tree/master/configurator)
## [0.1.1] - 2022-08-05
- Added configuration option descriptions
## [0.1.0] - 2022-07-11
- Upgraded base image from `ghcr.io/hassio-addons/base/<arch>:11.1.2` to `12.2.0` (Alpine Linux 3.16), but also disabled the s6 init system because of [this issue](https://github.com/home-assistant/supervisor/issues/3642)
- Added CI from [here](https://github.com/hassio-addons/addon-glances/blob/main/.github/workflows/ci.yaml)
## [0.0.7] - 2022-06-07
- Upgraded base image from `ghcr.io/hassio-addons/base/<arch>:11.1.0` to `11.1.2` (this is the last without s6 v3)
## [0.0.6] - 2022-05-17
- Fixed S6-overlay v3 problems
- Added build.json file to better control base image versions
- Small formatting fixes and readability changes
## [0.0.5] - 2022-02-13
- Added HTTP Basic Auth
## [0.0.4] - 2021-12-29
- Upgraded Node Exporter to `1.3.1`
## [0.0.3] - 2021-12-12
- Built for `armv7` (Raspberry Pi 3B) thanks to [@jaredacox](https://github.com/jaredacox) in https://github.com/loganmarchione/hassos-addons/pull/1
## [0.0.2] - 2021-11-16
- Built for `aarch64` (Raspberry Pi 4B)
## [0.0.1] - 2021-11-03
- Initial release
## Note
I'm not making numbered GitHub releases/tags, since this is still a beta project. These release numbers are purely made up.

View File

@ -0,0 +1,57 @@
# Contributing
## Making changes
Currently, this repo pushes a tagged image from `main` to the [packages](https://github.com/users/loganmarchione/packages?repo_name=hassos-addons) tab each time `main` is updated. As such, if you're proposing a change, please update the following files in a PR and DO NOT push directly to `main`.
1. Bump the `version` number in the [config.json](https://github.com/loganmarchione/hassos-addons/blob/main/prometheus_node_exporter/config.json) file
1. Make whatever changes you need (e.g., bumping the [version of Node Exporter](https://github.com/loganmarchione/hassos-addons/blob/main/prometheus_node_exporter/Dockerfile) or the [version of the base images](https://github.com/loganmarchione/hassos-addons/blob/main/prometheus_node_exporter/build.json))
1. Add your changes to the [CHANGELOG.md](https://github.com/loganmarchione/hassos-addons/blob/main/prometheus_node_exporter/CHANGELOG.md) file
## Testing
I'm still working this out, but am doing testing based on [this page](https://developers.home-assistant.io/docs/add-ons/testing).
After making your changes, run the command below from the git root directory (i.e., `hassos-addons`) to ensure that the add-on builds successfully (substitute `amd64` with `armhf`, `aarch64`, or `i386` based on your system).
```
docker run \
--rm \
-it \
--name builder \
--privileged \
-v ./prometheus_node_exporter:/data \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
ghcr.io/home-assistant/amd64-builder \
-t /data \
--amd64 \
--test \
-i test-prometheus-node-exporter \
-d local
```
To test that the add-on actually runs, I've been using my personal instance of Home Assistant 🤷‍♂️
1. Open the Add-ons panel in Home Assistant by going to `Settings-->Add-ons-->Add-on Store`
1. Uninstall the current Prometheus Node Exporter add-on (the one published from GHCR.io)
1. Install the official [samba add-on](https://github.com/home-assistant/addons/tree/master/samba)
1. Enable samba with a username and password
1. Mount the samba share locally (e.g., Dolphin can use `smb://your_home_assistant_ip_address`)
1. Navigate to the `addons` directory in the samba share
1. Copy/paste the entire `prometheus_node_exporter` directory to the `addons` directory in the samba share
1. In the `config.json` file in the samba share, remove this entire line
```
"image": "ghcr.io/loganmarchione/hassos-addons/prometheusnodeexporter-{arch}",
```
1. Open the Add-ons panel in Home Assistant by going to `Settings-->Add-ons-->Add-on Store`
1. Click the menu icon in the top-right, then click "Check for updates"
1. Refresh the page
1. At the very top, there should be a new section for "Local add-ons" with the "Prometheus Node Exporter" to install
1. Install the new add-on from the local repository
1. Test all configurations
1. Make sure log entries line up with configuration settings
1. Navigate to `http://your_home_assistant_ip_address:9100/metrics` and ensure that HTTP basic auth works as expected
1. Stop and uninstall the local add-on
1. Delete the entire `prometheus_node_exporter` directory in the `addons` directory in the samba share
1. Disable the samba add-on
1. Re-install add-on from GHCR.io (you'll need to re-configure the add-on)

View File

@ -0,0 +1,33 @@
ARG BUILD_FROM
# hadolint ignore=DL3006
FROM $BUILD_FROM
# Set shell
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
# Setup base system
ARG \
BUILD_ARCH \
NODE_EXPORTER_VERSION="1.8.2"
# Copy root filesystem
COPY rootfs /
# hadolint ignore=DL3003,DL3018
RUN \
apk add --no-cache --update apache2-utils tar \
&& ARCH="${BUILD_ARCH}" \
&& if [ "${BUILD_ARCH}" = "aarch64" ]; then ARCH="arm64"; fi \
&& curl -J -L -o /tmp/node_exporter.tar.gz \
"https://github.com/prometheus/node_exporter/releases/download/v${NODE_EXPORTER_VERSION}/node_exporter-${NODE_EXPORTER_VERSION}.linux-${ARCH}.tar.gz" \
&& cd /tmp \
&& tar -xzvf node_exporter.tar.gz --strip-components=1 \
&& mv node_exporter /usr/local/bin/ \
&& adduser -s /bin/false -D -H prometheus \
&& chown -R prometheus:prometheus /usr/local/bin/node_exporter \
&& rm -rf /tmp/node_exporter* LICENSE NOTICE
# This add-on runs on the host pid namespace, making it impossible
# to use S6-Overlay. Therefore the init system is disabled at this point.
ENTRYPOINT []
CMD ["/run.sh"]

View File

@ -0,0 +1,93 @@
# prometheus_node_exporter
[![CI](https://github.com/loganmarchione/hassos-addons/actions/workflows/main.yml/badge.svg)](https://github.com/loganmarchione/hassos-addons/actions/workflows/main.yml)
The Prometheus [Node Exporter](https://github.com/prometheus/node_exporter) for hardware and OS metrics exposed by \*NIX kernels.
## Installation
1. Add my [repository](https://github.com/loganmarchione/hassos-addons). The URL is `https://github.com/loganmarchione/hassos-addons`.
1. Search for the "Prometheus Node Exporter" add-on in the Supervisor add-on store and install it.
1. Disable "Protection mode" in the add-on panel.
1. Optional - Check the `Configuration` tab of the add-on to make any changes you'd like.
1. Start the add-on.
1. Check the `Logs` tab of the add-on to see if everything went well.
1. To verify the metrics are available, visit `http://your_home_assistant_ip_address:9100/metrics` in your browser, or use curl: `curl -X GET http://your_home_assistant_ip_address:9100/metrics`.
## Configuration
By default, Prometheus Node Exporter listens on TCP port 9100.
### HTTP Basic Authentication
[HTTP Basic Auth](https://en.wikipedia.org/wiki/Basic_access_authentication) is disabled by default. If you want to enable HTTP Basic Auth:
1. set `enable_basic_auth` to true
1. enter the `basic_auth_user` and `basic_auth_pass`
### TLS
TLS is disabled by default. If you want to enable TLS:
1. set `enable_tls` to true
1. enter the `cert_file` and `cert_key`
⚠️ Note that the `cert_file` and `cert_key` need to be a `/path/to/fullchain.pem` and `/path/to/privkey.pem`, respectively (`/config` and `/ssl` are mapped to this add-on) ⚠️
### Command-line arguments
This option allows you to pass command-line arguments directly to Prometheus Node Exporter. This is particularly useful to adjust which [collectors](https://github.com/prometheus/node_exporter/#collectors) run. For example, to disable all collectors except the `cpu` collector, you can use this string: `--collector.disable-defaults --collector.cpu`.
## Usage (in Prometheus server)
Add the following to the `/etc/prometheus/prometheus.yml` config file on your Prometheus server:
```
scrape_configs:
...
...
...
- job_name: 'homeassistant'
static_configs:
- targets: ['your_home_assistant_ip_address:9100']
basic_auth:
username: username_goes_here
password: password_goes_here
```
The following Prometheus query should return data:
```
node_uname_info{job="homeassistant"}
```
## Support
- Tested on `amd64` and `aarch64` (Raspberry Pi 4B) platforms
## License
WIP
## Known issues
- [ ] The "Open Web UI" button doesn't work when Home Assistant is behind a reverse proxy.
- [x] Only tested on `amd64` builds.
## TODO
- [x] Add HTTP Basic Auth
- [x] Add abilty to enter plain-text password instead of bcyrpt-ed hash
- [x] Add TLS
- [x] Per [this comment](https://community.home-assistant.io/t/hello-world-example-addon-from-developer-docs-stopped-working-s6-overlay-issue/421486/7), setup container images on a registry (DockerHub or GitHub) so that users aren't building the container with each install (would have prevented [this issue](https://github.com/loganmarchione/hassos-addons/issues/2))
- [x] Investigate CI/CD for this repo, specifically [this](https://github.com/home-assistant/actions) and [this](https://github.com/hassio-addons/addon-glances/blob/main/.github/workflows/ci.yaml) as an example
- [ ] Investigate dropping API access (e.g., `hassio_api`, `homeassistant_api`, `auth_api`) in order to get my rating up
## FAQ
- Doesn't Home Assistant already have Prometheus integration?
- Yes, but the [official integration](https://www.home-assistant.io/integrations/prometheus/) only exposes entity-related metrics, not host-related metrics.
- Isn't there already an Prometheus add-on?
- Yes, but that [add-on](https://github.com/hassio-addons/addon-prometheus) is for Prometheus server, not the node exporter.
- Why does this add-on require so many permissions?
- The add-on needs to access to host-level metrics (CPU, memory, disk, etc...). As such, I have requested all possible permissions. Please inspect the code of this add-on before you run it.

View File

@ -0,0 +1,7 @@
{
"build_from": {
"amd64": "ghcr.io/hassio-addons/base/amd64:16.3.0",
"aarch64": "ghcr.io/hassio-addons/base/aarch64:16.3.0",
"armv7": "ghcr.io/hassio-addons/base/armv7:16.3.0"
}
}

View File

@ -0,0 +1,47 @@
{
"name": "Prometheus Node Exporter",
"version": "1.0.1",
"slug": "prometheus_node_exporter",
"description": "Prometheus node exporter for hardware and OS metrics",
"url": "https://mezgit.duckdns.org/mezned/HAddons",
"image": "ghcr.io/loganmarchione/hassos-addons/prometheusnodeexporter-{arch}",
"arch": ["amd64", "aarch64", "armv7"],
"startup": "services",
"init": false,
"webui": "[PROTO:enable_tls]://[HOST]:[PORT:9100]",
"ports": {
"9100/tcp": 9100
},
"ports_description": {
"9100/tcp": "Default node exporter port and web interface"
},
"map": [
"config:rw",
"ssl"
],
"hassio_api": true,
"homeassistant_api": true,
"auth_api": true,
"docker_api": true,
"host_network": true,
"host_pid": true,
"apparmor": false,
"options": {
"enable_basic_auth": false,
"basic_auth_user": "",
"basic_auth_pass": "",
"enable_tls": false,
"cert_file": "",
"cert_key": "",
"cmdline_extra_args": ""
},
"schema": {
"enable_basic_auth": "bool",
"basic_auth_user": "str",
"basic_auth_pass": "password",
"enable_tls": "bool",
"cert_file": "str",
"cert_key": "str",
"cmdline_extra_args": "str?"
}
}

Binary file not shown.

After

Width:  |  Height:  |  Size: 15 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 15 KiB

View File

@ -0,0 +1,82 @@
#!/usr/bin/env bashio
# ==============================================================================
# Home Assistant Community Add-on: Prometheus Node Exporter
# Configures Prometheus Node Exporter
# ==============================================================================
bashio::require.unprotected
echo "${SUPERVISOR_TOKEN}" > '/run/home-assistant.token'
# Even if the user isn't using these options, we're creating the web config file
# This will allow us to append to the web config file as needed (based on variables)
# Prometheus Node Exporter will run with a blank web config file in the meantime
config_dir=/config
web_config_dir=$config_dir/prometheus_node_exporter
mkdir -p $web_config_dir
chmod 750 $web_config_dir
chown root:prometheus $web_config_dir
web_config_file=$web_config_dir/node_exporter_web.yml
rm -f $web_config_file
touch $web_config_file
chmod 740 $web_config_file
chown root:prometheus $web_config_file
# Poor man's debugger: check permissions on web config file
#ls -la $web_config_file
bashio::log.info "Add-on info - name: $(bashio::addon.name)"
bashio::log.info "Add-on info - version: $(bashio::addon.version)"
bashio::log.info "Add-on info - hostname: $(bashio::addon.hostname)"
bashio::log.info "Add-on info - DNS name: $(bashio::addon.dns)"
bashio::log.info "Checking configuration options..."
#####################
# HTTP Basic Auth
#####################
if bashio::config.false 'enable_basic_auth'; then
bashio::log.warning "HTTP Basic Auth is disabled!"
fi
if bashio::config.true 'enable_basic_auth'; then
bashio::log.info "HTTP Basic Auth is enabled!"
# Require variables
bashio::config.require 'basic_auth_user' "You enabled HTTP Basic Auth, so you must set a username"
bashio::config.require 'basic_auth_pass' "You enabled HTTP Basic Auth, so you must set a password"
basic_auth_user="$(bashio::config 'basic_auth_user')"
basic_auth_pass="$(bashio::config 'basic_auth_pass')"
# bcrypt the password
hashed_password=$(htpasswd -bnBC 12 "" "$basic_auth_pass" | tr -d ':\n')
# Start echoing lines out to web config file (YAML is space-sensitive so I'm lazily not using a heredoc)
echo "basic_auth_users:" >> $web_config_file
echo " $basic_auth_user: $hashed_password" >> $web_config_file
fi
#####################
# TLS
#####################
if bashio::config.false 'enable_tls'; then
bashio::log.warning "TLS is disabled!"
fi
if bashio::config.true 'enable_tls'; then
bashio::log.info "TLS is enabled!"
# Require variables
bashio::config.require 'cert_file' "You enabled TLS, so you must set certificate file"
bashio::config.require 'cert_key' "You enabled TLS, so you must set certificate key"
cert_file="$(bashio::config 'cert_file')"
cert_key="$(bashio::config 'cert_key')"
# Start echoing lines out to web config file (YAML is space-sensitive so I'm lazily not using a heredoc)
echo "tls_server_config:" >> $web_config_file
echo " cert_file: $cert_file" >> $web_config_file
echo " key_file: $cert_key" >> $web_config_file
fi

View File

@ -0,0 +1,9 @@
#!/usr/bin/env bashio
# ==============================================================================
# Home Assistant Community Add-on: Prometheus Node Exporter
# Runs the Prometheus Node Exporter
# ==============================================================================
bashio::log.info "Starting Prometheus Node Exporter..."
# Run Prometheus
exec /usr/local/bin/node_exporter --web.config.file=/config/prometheus_node_exporter/node_exporter_web.yml $(bashio::config 'cmdline_extra_args' '')

View File

@ -0,0 +1,16 @@
#!/usr/bin/env bashio
# ==============================================================================
# Home Assistant Community Add-on: Prometheus Node Exporter
# Runs the Prometheus Node Exporter
# ==============================================================================
#
# WHAT IS THIS FILE?!
#
# The Prometheus Node Exporter add-on runs in the host PID namespace, therefore it cannot
# use the regular S6-Overlay; hence this add-on uses a "old school" script
# to run; with a couple of "hacks" to make it work.
# ==============================================================================
/etc/cont-init.d/node_exporter.sh
# Start Prometheus Node Exporter
exec /etc/services.d/node_exporter/run

View File

@ -0,0 +1,23 @@
---
configuration:
enable_basic_auth:
name: Enable HTTP basic auth
description: Toggle on to enable HTTP basic authentication (i.e., password protection)
basic_auth_user:
name: Basic auth username
description: The basic auth username
basic_auth_pass:
name: Basic auth password
description: The basic auth password
enable_tls:
name: Enable TLS
description: Toggle on to enable TLS (you will need to provide a path to certificates)
cert_file:
name: Public key
description: This is a /path/to/fullchain.pem
cert_key:
name: Private key
description: This is a /path/to/privkey.pem
cmdline_extra_args:
name: Command line extra arguments
description: Extra arguments to pass to the "node_exporter" command at startup (see https://github.com/prometheus/node_exporter/#installation-and-usage for more information)