diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..45edbc7 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,60 @@ +FROM debian:11-slim + +LABEL org.opencontainers.image.authors="info@paessler.com" +LABEL org.opencontainers.image.vendor="Paessler GmbH" +LABEL org.opencontainers.image.licenses="MIT" + +ARG DEBIAN_FRONTEND=noninteractive + +# enforce image to be up to date +RUN \ + apt-get update \ + && apt-get -y upgrade \ + && apt-get clean + +# install necessary prerequisites +# +# needed additional packages: +# - ca-certificates (for TLS certificate validation and curl) +# - python3-minimal (for Script v2 sensor) +# - gosu (to drop to unprivileged user) +# - libcap2-bin (for setcap command) +# +RUN \ + apt-get update \ + && apt-get -y install --no-install-recommends --no-install-suggests \ + ca-certificates \ + python3-minimal \ + gosu \ + libcap2-bin \ + && apt-get clean + +# add paessler's official package repository +RUN \ + apt-get update \ + && apt-get -y install --no-install-recommends --no-install-suggests \ + curl \ + && curl --fail --silent https://packages.paessler.com/keys/paessler.asc > /usr/share/keyrings/paessler-archive-keyring.asc \ + && curl --fail --silent https://packages.paessler.com/docs/apt-sources/$(. /etc/os-release && echo $VERSION_CODENAME).sources > /etc/apt/sources.list.d/paessler.sources \ + && apt-get -y remove --purge curl \ + && apt-get clean + +# install the latest multi-platform probe +RUN \ + apt-get update \ + && apt-get -y install --no-install-recommends --no-install-suggests \ + prtgmpprobe \ + && apt-get clean + +# add entrypoint script +COPY --chown=root:root --chmod=0555 run-prtgmpprobe.sh /run-prtgmpprobe.sh + +# specify volumes: +# - /config : configuration directory for the prtgmpprobe, put your config.yml here. +# - /opt/paessler/share/scripts : scripts directory for the Script v2 sensor. Mount your scripts here. +VOLUME [ "/config", "/opt/paessler/share/scripts" ] + +# set WORKDIR to a sane default +WORKDIR / + +ENTRYPOINT [ "/run-prtgmpprobe.sh", "service-run" ] diff --git a/README.md b/README.md index 1c9693f..e0ff381 100644 --- a/README.md +++ b/README.md @@ -65,11 +65,14 @@ nats: password: PASSWORD ``` -You must put it into the `/config/config.yml` volume of the docker container. +You must put the configuration file into the `/config/config.yml` volume of the docker container. -Another volume `/opt/paessler/share/scripts` is available for the scripts of the [Script v2][prtgmanual:scriptv2] sensor. +ℹ️ The container also used the `/config` volume to store the [multi-platform probe's GID][GID] and therefore cannot be set as read-only (`:ro`) unless you specify the GID as an environment variable. -[prtgmanual:scriptv2]: https://www.paessler.com/br/manuals/prtg/script_v2_sensor +You can also use the `/opt/paessler/share/scripts` volume for the scripts of the [Script v2][prtgmanual:scriptv2] sensor. + +[prtgmanual:scriptv2]: https://www.paessler.com/manuals/prtg/script_v2_sensor +[GID]: https://www.paessler.com/manuals/prtg/prtg_administration_tool_on_remote_probe_systems#:~:text=GID ```sh docker run -it \ @@ -83,6 +86,17 @@ docker run -it \ You can also use `docker-compose`. There is an example file here: [docker-compose.yml](docker-compose.yml) +### Customization + +The multi-platform probe container supports all safe environment variables which are environment variables which do not contain secrets. +While the container provides some defaults, we recommend that you change the following environment variables to your liking: + +| Environment Variable | Description | Default | +|--|--|--| +| `PRTGMPPROBE__NAME` | The name of the object shown in PRTG. | `multi-platform-probe@$(hostname)` | +| `PRTGMPPROBE__ID` | The GID of the multi-platform probe. This must be a valid UUIDv4. The container automatically generates the GID when you create it and stores the GID in the `/config` volume. If you want to ensure that you always get the same UUIDv4, then we recommend that you use `uuidgen(1)` with a unique DNS string for your container, e.g. `uuidgen --namespace @dns --name com.paesslerfans.containers.acme --sha1`. | Randomly generated on the first run. | + + ## Feedback and issues We are thankful for any feedback or ideas on how to improve. If you want to submit feedback or report an issue, please open an issue in our [Issue Tracker]. diff --git a/config/config.full-example.yml b/config/config.full-example.yml new file mode 100644 index 0000000..e8d6b9d --- /dev/null +++ b/config/config.full-example.yml @@ -0,0 +1,29 @@ +id: 0f2dcfe4-3ea4-4fd8-99d1-f22bd923544a +access_key: YOUR_SUPER_SECRET_ACCESS_KEY +name: multi-platform-probe@HOSTNAME +max_scheduling_delay: 300 +heartbeat_interval: 30 +nats: + url: tls://localhost:23561 + authentication: + user: USER + password: PASSWORD + request_timeout: 15 + server_ca: /config/certs/example-ca.crt + client_name: ClientName (displayed on NATS Server) +momo: + dir: MonitoringModules/ + timeout: 900 +logging: + console: + level: info + without_time: false + journald: + level: off + field_prefix: PRTGMPPROBE +observability: + enable_endpoint: true + endpoint: + interface: localhost + port: 23562 + process_check_interval: 10 \ No newline at end of file diff --git a/config/config.minimal-example.yml b/config/config.minimal-example.yml new file mode 100644 index 0000000..a0e53b8 --- /dev/null +++ b/config/config.minimal-example.yml @@ -0,0 +1,6 @@ +access_key: YOUR_SUPER_SECRET_ACCESS_KEY +nats: + url: tls://localhost:23561 + authentication: + user: USER + password: PASSWORD diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..107e732 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,17 @@ +version: "2.4" + +services: + prtgmpprobe: + build: . + image: paessler/multi-platform-probe:latest + restart: unless-stopped + + network_mode: "bridge" + + volumes: + - ./scripts:/opt/paessler/share/scripts:ro + - ./config:/config + + cap_add: + - NET_ADMIN # for gosu and icmp + - NET_RAW # for icmp diff --git a/run-prtgmpprobe.sh b/run-prtgmpprobe.sh new file mode 100644 index 0000000..affcb3d --- /dev/null +++ b/run-prtgmpprobe.sh @@ -0,0 +1,89 @@ +#!/bin/bash +set -eu + +error() { + echo >&2 "Error: $*" +} + +################# + +PRTGMPPROBE__BINARY=/opt/paessler/mpprobe/prtgmpprobe + +_passthrough=0 +for _arg in "$@" +do + case "$_arg" in + --help|example-config) + _passthrough=1 + ;; + esac +done +if [ ! $_passthrough -eq 0 ] ; then + exec gosu paessler_mpprobe:paessler_mpprobe \ + ${PRTGMPPROBE__BINARY} \ + "$@" +fi + +PRTGMPPROBE__CONFIG_FILE=${PRTGMPPROBE__CONFIG_FILE:-/config/config.yml} # needs to be provided by user +PRTGMPPROBE__ID_FILE=${PRTGMPPROBE__ID_FILE:-/config/id.txt} + +for _var in PRTGMPPROBE__ACCESS_KEY \ + PRTGMPPROBE__NATS__AUTHENTICATION__USER \ + PRTGMPPROBE__NATS__AUTHENTICATION__PASSWORD +do + if [ -n "${!_var-}" ] ; then + error "Setting ${_var} = ${!_var-} as environment variable is insecure. Please set any security related variables inside ${PRTGMPPROBE__CONFIG_FILE}." + echo >&2 " " + echo >&2 "Example:" + ${PRTGMPPROBE__BINARY} example-config >&2 + exit 1 + fi +done + +# Handling Env vars + +# Get/Generate a probe id from PRTGMPPROBE__ID_FILE or from PRTGMPPROBE__ID +if [ -z "${PRTGMPPROBE__ID-}" ] ; then + if [ ! -f "${PRTGMPPROBE__ID_FILE}" ] ; then + cat /proc/sys/kernel/random/uuid > ${PRTGMPPROBE__ID_FILE} || ( + error "Unable to write to ${PRTGMPPROBE__ID_FILE}. Please either set PRTGMPPROBE__ID in the container environment or make sure the location ${PRTGMPPROBE__ID_FILE} is writable." + echo >&2 " " + echo >&2 "Example:" + echo >&2 "PRTGMPPROBE__ID=$(cat /proc/sys/kernel/random/uuid)" + exit 1 + ) + fi + PRTGMPPROBE__ID=$(cat ${PRTGMPPROBE__ID_FILE}) + export PRTGMPPROBE__ID +fi + +export PRTGMPPROBE__NAME=${PRTGMPPROBE__NAME:-"multi-platform-probe@$(hostname)"} + +export PRTGMPPROBE__MOMO__DIR=${PRTGMPPROBE__MOMO__DIR:-/opt/paessler/mpprobe/monitoringmodules/} +export PRTGMPPROBE__MAX_SCHEDULING_DELAY=${PRTGMPPROBE__MAX_SCHEDULING_DELAY:-300} +export PRTGMPPROBE__HEARTBEAT_INTERVAL=${PRTGMPPROBE__HEARTBEAT_INTERVAL:-30} +export PRTGMPPROBE__NATS__CLIENT_NAME=${PRTGMPPROBE__NATS__CLIENT_NAME:-${PRTGMPPROBE__NAME}} + +# Containers don't have journald available +export PRTGMPPROBE__LOGGING__CONSOLE__LEVEL=${PRTGMPPROBE__LOGGING__CONSOLE__LEVEL:-"info"} +export PRTGMPPROBE__LOGGING__CONSOLE__WITHOUT_TIME=${PRTGMPPROBE__LOGGING__CONSOLE__WITHOUT_TIME:-"true"} +export PRTGMPPROBE__LOGGING__JOURNALD__LEVEL=${PRTGMPPROBE__LOGGING__JOURNALD__FIELD_PREFIX:-"off"} +export PRTGMPPROBE__LOGGING__JOURNALD__FIELD_PREFIX=${PRTGMPPROBE__LOGGING__JOURNALD__FIELD_PREFIX:-"PRTGMPPROBE"} + +if [ ! -f "${PRTGMPPROBE__CONFIG_FILE}" ] ; then + error "Configuration file ${PRTGMPPROBE__CONFIG_FILE} does not exist. Please create one." + echo >&2 " " + echo >&2 "Example:" + ${PRTGMPPROBE__BINARY} example-config >&2 + exit 1 +fi + +env | grep PRTGMPPROBE__ >&2 + +# add capabilities for icmp to the probe executable +setcap cap_net_admin,cap_net_raw+eip ${PRTGMPPROBE__BINARY} || true + +exec gosu paessler_mpprobe:paessler_mpprobe \ + ${PRTGMPPROBE__BINARY} \ + --config ${PRTGMPPROBE__CONFIG_FILE} \ + "$@"