natrontech / pbs-exporter Goto Github PK
View Code? Open in Web Editor NEWA prometheus exporter for Proxmox Backup Server
License: GNU General Public License v3.0
A prometheus exporter for Proxmox Backup Server
License: GNU General Public License v3.0
Test with Proxmox Backup Server 3.X (see Roadmap)
Hi
Exporter will set pbs_up = 0 when some datastore is being deleted
I think It does not make sense to set pbs_up = 0 because the proxmox backup server still working and can get other metrics.
I have created PR #7 to check datastore is being deleted.
I already check PBS API docs. It does seem not to have any paths to get its status.
Pbs-exporter authentication to PBS is based on Token access linked to a user.
Authentication credentials must be the same for all the endpoints.
As far as I know, there is no way to force the token value in PBS, instead it will be automatically generated by the user interface.
I found a way to force the token, writing directly inside the /etc/proxmox-backup/token.shadow
but it seems not very straightforward.
Did I miss something ?
Support multiple endpoints with one exporter like the prometheus-pve-exporter.
- job_name: 'pbs-exporter'
static_configs:
- targets:
- <target-ip-1>
- <target-ip-2>
metrics_path: /metrics
params:
module: [default]
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: pbs-exporter:9101
deploy config as below
docker-compose.yaml
services:
pbs-exporter:
image: ghcr.io/natrontech/pbs-exporter:latest
container_name: pbs-exporter
restart: always
ports:
- "10019:10019"
environment:
- PBS_API_TOKEN=b975aa4f-2abf-49ac-bd7d-929530b0b8e5
- PBS_ENDPOINT=http://192.168.31.64:8007
- PBS_INSECURE=false
sudo docker logs pbs-exporter
2024/09/08 12:46:07 INFO: Starting PBS Exporter v0.6.1, commit e8c63cb, built at 2024-07-08T14:17:48+00:00
2024/09/08 12:46:07 INFO: Using fix connection endpoint: http://192.168.31.64:8007
2024/09/08 12:46:07 INFO: Listening on: :10019
2024/09/08 12:46:07 INFO: Metrics path: /metrics
2024/09/08 12:46:10 Get "https://192.168.31.64:8007": tls: failed to verify certificate: x509: certificate is valid for 127.0.0.1, ::1, not 192.168.31.64
2024/09/08 12:46:11 Get "https://192.168.31.64:8007": tls: failed to verify certificate: x509: certificate is valid for 127.0.0.1, ::1, not 192.168.31.64
Add attestation for the release artifacts according the SLSA build level 3 specification.
I propose to add support to dockerfile secrets for PBS_USERNAME, PBS_API_TOKEN_NAME and PBS_API_TOKEN.
Idea is to move secrets outside of docker-compose file for instance for security purpose.
As example a docker-compose file can be created like this:
proxmoxbackup:
image: ghcr.io/natrontech/pbs-exporter:0.1.5
container_name: proxmoxbackup
restart: always
secrets:
- proxmoxbackup-username
- proxmoxbackup-api-token-name
- proxmoxbackup-api-token
environment:
PBS_USERNAME_FILE: /run/secrets/proxmoxbackup-username
PBS_API_TOKEN_NAME_FILE: /run/secrets/proxmoxbackup-api-token-name
PBS_API_TOKEN_FILE: /run/secrets/proxmoxbackup-api-token
secrets:
proxmoxbackup-username:
file: "./.secrets/proxmoxbackup_username.secret"
proxmoxbackup-api-token-name:
file: "./.secrets/proxmoxbackup_api_token_name.secret"
proxmoxbackup-api-token:
file: "./.secrets/proxmoxbackup_api_token.secret"
All secrets are now stored in a folder .secrets.
Convention naming for secrets in docker is to add _FILE to regular environnement variable.
In our case we need to manage PBS_USERNAME_FILE, PBS_API_TOKEN_NAME_FILE and PBS_API_TOKEN_FILE env variables.
I just adapt the main.go to read the new env variable for the secret file name and read the first line from the file.
Sorry I cannot add a file here so I post a diff of main
diff --git a/main.go b/main.go
index 1e6686d..cd8cd88 100644
--- a/main.go
+++ b/main.go
@@ -1,6 +1,7 @@
package main
import (
+func ReadSecretFile(secretfilename string) string {
log.Fatal(err)
if err = file.Close(); err != nil {
log.Fatal(err)
}
func NewExporter(endpoint string, username string, apitoken string, apitokenname string) *Exporter {
return &Exporter{
endpoint: endpoint,
@@ -660,12 +679,24 @@ func main() {
}
if os.Getenv("PBS_USERNAME") != "" {
*username = os.Getenv("PBS_USERNAME")
if os.Getenv("PBS_USERNAME_FILE") != "" {
*username = ReadSecretFile(os.Getenv("PBS_USERNAME_FILE"))
}
if os.Getenv("PBS_API_TOKEN_NAME_FILE") != "" {
*apitokenname = ReadSecretFile(os.Getenv("PBS_API_TOKEN_NAME_FILE"))
}
if os.Getenv("PBS_API_TOKEN_FILE") != "" {
*apitoken = ReadSecretFile(os.Getenv("PBS_API_TOKEN_FILE"))
}
maybe pbs-exporter/grafana-dashboard/pbs-exporter.json have problem, could you take a test?
Would be great if you could export tape data.
Libraries
Media Pools
Number of tapes in each media pool
number of full tapes in each media pool
etc.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.