Commit graph

70 commits

Author SHA1 Message Date
Richard Courtman
27db397f62 fix: use consistent number-based prompts in setup script
- Changed temperature monitoring menu from [K/r/s] to [1/2/3]
- Now all multi-choice menus use numbers consistently
- Main menu: [1/2/3]
- Temperature menu: [1/2/3] (was [K/r/s])
- Yes/no questions still use y/n (standard convention)
2025-10-18 07:39:19 +00:00
Richard Courtman
2ba50c24c0 fix: remove extra sprintf arguments causing setup script syntax error 2025-10-18 07:11:19 +00:00
Richard Courtman
de3bb47930 fix: improve turnkey temperature monitoring for standalone nodes
- Fix script input handling to work with standard curl | bash pattern by prioritizing /dev/tty
- Add Raspberry Pi temperature sensor support (cpu_thermal chip and generic temp sensors)
- Add comprehensive documentation for turnkey standalone node setup
- Fix printf formatting error in setup script
2025-10-18 06:51:56 +00:00
Richard Courtman
669d7dc05c feat: add turnkey temperature monitoring for standalone nodes
Implements automatic temperature monitoring setup for standalone
Proxmox/Pimox nodes without manual SSH key configuration.

Changes:
- Add /api/system/proxy-public-key endpoint to expose proxy's SSH public key
- Setup script now detects standalone nodes (non-cluster)
- Auto-fetches and installs proxy SSH key with forced commands
- Add Raspberry Pi temperature support via cpu_thermal and /sys/class/thermal
- Enhance setup script with better error handling for lm-sensors installation
- Add RPi detection to skip lm-sensors and use native thermal interface

Security:
- Public key endpoint is safe (public keys are meant to be public)
- All installed keys use forced command="sensors -j" with full restrictions
- No shell access, port forwarding, or other SSH features enabled
2025-10-17 22:15:50 +00:00
rcourtman
5886b920ba fix: improve sensor proxy install script reliability
Fixes two issues with the sensor proxy installation:
1. Local node IP detection now uses exact matching instead of substring matching to avoid false negatives
2. Removes duplicate output filtering in the setup script wrapper

These changes ensure that the proxy SSH key is correctly configured on the local node during cluster installations.
2025-10-17 19:09:54 +00:00
rcourtman
123e0f04ca feat: add comprehensive node cleanup system
Implements automated cleanup workflow when nodes are deleted from Pulse, removing all monitoring footprint from the host. Changes include a new RPC handler in the sensor proxy for cleanup requests, enhanced node deletion modal with detailed cleanup explanations, and improved SSH key management with proper tagging for atomic updates.
2025-10-17 18:53:45 +00:00
rcourtman
d0f7fd6404 fix: setup script now configures proxy socket bind mount
The setup script was restarting the container but never running the
pct set command to configure the bind mount. This meant the socket
was never accessible inside the container.

Now runs: pct set <ctid> -mp0 /run/pulse-sensor-proxy,mp=/mnt/pulse-proxy
before restarting the container to ensure the mount is configured.
2025-10-17 14:25:30 +00:00
rcourtman
65b696f2d6 fix: remove unused log import from tempproxy client
Leftover from removing EnsureClusterKeys() method. Caused compile failure
preventing hot-dev from starting.
2025-10-17 14:15:37 +00:00
rcourtman
f141f7db33 feat: enhance sensor proxy with improved cluster discovery and SSH management
Improvements to pulse-sensor-proxy:
- Fix cluster discovery to use pvecm status for IP addresses instead of node names
- Add standalone node support for non-clustered Proxmox hosts
- Enhanced SSH key push with detailed logging, success/failure tracking, and error reporting
- Add --pulse-server flag to installer for custom Pulse URLs
- Configure www-data group membership for Proxmox IPC access

UI and API cleanup:
- Remove unused "Ensure cluster keys" button from Settings
- Remove /api/diagnostics/temperature-proxy/ensure-cluster-keys endpoint
- Remove EnsureClusterKeys method from tempproxy client

The setup script already handles SSH key distribution during initial configuration,
making the manual refresh button redundant.
2025-10-17 11:43:26 +00:00
rcourtman
e367cd384e fix: normalize version strings with build metadata in tests 2025-10-16 09:07:40 +00:00
rcourtman
f7c4e9cdde fix: resolve race condition in mock mode update loop 2025-10-16 09:04:50 +00:00
rcourtman
219fcc6de5 Stop disabled metrics from sending webhooks
Refs #561
2025-10-16 08:57:12 +00:00
rcourtman
79dc620b34 Docker agent: add arch-aware self-update download
Refs #526
2025-10-16 08:43:59 +00:00
rcourtman
61b492e93b Fix race in mock mode and address frontend type checks 2025-10-16 08:28:17 +00:00
rcourtman
6fdef61710 Expand monitoring and discovery test coverage 2025-10-16 08:17:08 +00:00
rcourtman
3a4fc044ea Add guest agent caching and update doc hints (refs #560) 2025-10-16 08:15:49 +00:00
rcourtman
1d580c658d chore: bump version to v4.24.0 2025-10-15 22:26:24 +00:00
rcourtman
4838793677 feat: enhance alerts system with tests and improved thresholds
- Add comprehensive test coverage for alerts package with 285+ new tests
- Implement ThresholdsTable component with metric thresholds display
- Enhance Alerts page UI with improved layout and metric filtering
- Add frontend component tests for Alerts page and ThresholdsTable
- Set up Vitest testing infrastructure for SolidJS components
- Improve config persistence with better validation
- Expand discovery tests with 333+ test cases
- Update API, configuration, and Docker monitoring documentation
2025-10-15 22:25:04 +00:00
rcourtman
958d6218c2 test: cover docker command lifecycle and server info 2025-10-15 19:47:51 +00:00
rcourtman
91fecacfef feat: add docker agent command handling 2025-10-15 19:27:19 +00:00
rcourtman
aaae27dc11 Log memory source transitions for diagnostics (#553) 2025-10-15 19:19:11 +00:00
rcourtman
5927535110 Ref #556: adjust alert history range handling 2025-10-15 18:41:06 +00:00
rcourtman
32421b36b8 Refs #533: add total-minus-used memory fallback 2025-10-15 18:19:54 +00:00
rcourtman
881b7f9a54 Fix false ZFS log/cache warnings 2025-10-14 20:57:43 +00:00
rcourtman
5f5d746caf fix: support pmg connection tests (#551) 2025-10-14 17:44:44 +00:00
rcourtman
0a5a4c1a0d Allow printable alert IDs for acknowledgements (#550) 2025-10-14 16:48:22 +00:00
rcourtman
7e5fa9a147 fix: restore cache-aware node memory on PVE 8.4 2025-10-14 16:40:45 +00:00
rcourtman
78889ffedc Ignore read-only guest filesystems in disk aggregation 2025-10-14 16:13:53 +00:00
rcourtman
261bd7ac74 Adopt multi-token auth across docs, UI, and tooling 2025-10-14 15:47:49 +00:00
rcourtman
5cf0697157 Document optional host-script upgrade path 2025-10-14 13:19:38 +00:00
rcourtman
61020881c4 Align proxy upgrade messaging with node re-add workflow 2025-10-14 13:17:34 +00:00
rcourtman
982a078753 Include temperature proxy status in diagnostics 2025-10-14 12:49:53 +00:00
rcourtman
e4c3b06f14 Automate sensor proxy container mount and auth 2025-10-14 12:41:48 +00:00
rcourtman
156fd34c50 Update Proxmox guest agent permissions docs and tooling (refs #548) 2025-10-14 10:21:52 +00:00
rcourtman
c389c7625d fix: fallback agent download for legacy docker layout 2025-10-14 09:56:40 +00:00
rcourtman
5c79d2516d feat: streamline docker agent onboarding 2025-10-14 09:45:32 +00:00
rcourtman
966b3a7ebe fix: Setup script fmt.Sprintf argument mismatch causing bash syntax error
Fixed a fmt.Sprintf argument alignment issue in the PVE setup script that
caused a bash syntax error at the end of script execution. The error
manifested as "syntax error near unexpected token EXTRA" followed by the
serverHost URL.

Root cause: 23 arguments were provided for 22 %s placeholders. An extra
tokenName at position 15 pushed all subsequent arguments off by one,
leaving the final serverHost with no placeholder to fill.

Fix: Removed duplicate tokenName at position 15 and ensured serverHost
is correctly positioned at position 22 for the "Host URL" placeholder.
2025-10-13 19:36:37 +00:00
rcourtman
6b206f773a chore: update fallback version to 4.24.0-rc.3 2025-10-13 17:50:44 +00:00
rcourtman
6d83f52763 fix: Add missing tokenName parameter for PVE auto-registration JSON tokenId field
The REGISTER_JSON template at line 3311 was getting storagePerms instead of tokenName
for the tokenId field, causing 'Missing required fields' errors during auto-registration.

Added tokenName parameter before storagePerms to shift all subsequent parameters.

Fixes #<issue-number>
2025-10-13 17:50:12 +00:00
rcourtman
c57f2bad0a fix: setup script UX and auth verification for v4.24.0-rc.2
- Changed menu from [I/r/c] to numbered options [1/2/3]
- Added RequireAuth to temperature verification endpoint
- Bumped version to 4.24.0-rc.2
2025-10-13 16:37:43 +00:00
rcourtman
b931e1e126 fix: Setup script UX and auth issues for rc.2
Fixes two issues found in v4.24.0-rc.1:

1. Setup script menu now uses numbered options [1/2/3] instead of
   [I/r/c] for better UX (maintains backward compatibility)

2. Temperature verification endpoint now requires authentication
   (wraps HandleVerifyTemperatureSSH with RequireAuth middleware)

These fixes address user feedback and prepare for v4.24.0-rc.2.
2025-10-13 16:36:25 +00:00
rcourtman
3fd37796c5 fix: Prioritize VERSION file over git describe for release builds #64 2025-10-13 15:52:10 +00:00
rcourtman
6475ba8374 fix: Update test version fallback and fix lint warnings #64 2025-10-13 15:50:23 +00:00
rcourtman
07bd996150 chore: bump version to v4.24.0-rc.1 2025-10-13 15:46:53 +00:00
rcourtman
9362614c66 fix: Address Codex feedback on legacy SSH detection before release
Codex identified critical issues preventing release. All issues resolved:

1. FIXED: LXC container detection reliability
   - Added 4 detection methods (was 2):
     * Method 1: /.dockerenv (Docker)
     * Method 2: /proc/1/cgroup with more patterns (Docker/LXC)
     * Method 3: /run/systemd/container (systemd containers)
     * Method 4: /proc/1/environ container markers
   - Tested on LXC container (debian-go): detection confirmed working

2. FIXED: False positives from proxy outages
   - Now distinguishes "not configured" vs "temporarily down"
   - Checks if /usr/local/bin/pulse-sensor-proxy exists
   - If binary exists but socket missing = transient issue (no banner)
   - If binary missing and SSH keys present = legacy setup (show banner)

3. FIXED: Banner guidance insufficient
   - Added "Go to Nodes →" button that navigates to /settings/nodes
   - Users now have direct path to fix the issue
   - Banner message remains clear and concise

4. ADDED: Telemetry for removal criteria tracking
   - Backend logs: "Legacy SSH configuration detected" (WARN level)
   - Frontend logs: Banner shown/dismissed events to console
   - Enables data-driven removal per criteria: <1% for 30+ days
   - Log format: detection_type=legacy_ssh_migration for easy filtering

Testing:
- Created fake SSH key in /etc/pulse/.ssh/ on LXC container
- Verified detection triggered (legacySSHDetected: true)
- Verified telemetry logged: "Legacy SSH configuration detected"
- Removed fake key, verified detection cleared (null values)
- Container detection working via /run/systemd/container

Ready for release per Codex review.
2025-10-13 15:06:40 +00:00
rcourtman
21714fdf7a refactor: Mark legacy SSH detection as temporary migration scaffolding
Addresses user concern about technical debt: detection code exists only
to handle migration from SSH-in-container to proxy architecture, not to
serve functional purpose of the application.

Changes:
- Add PULSE_LEGACY_DETECTION env var to disable detection without redeployment
- Add explicit removal criteria: v5.0 or <1% detection rate for 30+ days
- Mark all detection code with "MIGRATION SCAFFOLDING" warnings
- Create MIGRATION_SCAFFOLDING.md to track temporary code across codebase
- Document removal instructions for when migration period ends

Backend:
- internal/api/router.go: detectLegacySSH() checks env var and has removal plan
- internal/api/types.go: HealthResponse fields documented as temporary

Frontend:
- src/components/LegacySSHBanner.tsx: Component marked with removal criteria
- src/App.tsx: Banner integration (will be removed with component)

This approach balances user safety during migration (auto-detection catches
rushed admins who skip changelogs) with long-term code cleanliness (explicit
removal plan prevents indefinite technical debt).
2025-10-13 14:54:52 +00:00
rcourtman
6d56917cd9 feat: Add detection for legacy SSH temperature monitoring
Added automatic detection to alert users when they're using the old
SSH-in-container method for temperature monitoring so they can upgrade
to the secure proxy architecture.

**Detection Logic:**
- Checks if Pulse is running in a container (Docker or LXC)
- Checks if SSH keys exist in data directory (/etc/pulse/.ssh)
- Checks if pulse-sensor-proxy socket is NOT available
- Sets legacySSHDetected and recommendProxyUpgrade flags in health endpoint

**API Changes:**
- Added fields to HealthResponse:
  - legacySSHDetected: true when old method detected
  - recommendProxyUpgrade: true when upgrade is recommended
  - proxyInstallScriptAvailable: always true

**Use Case:**
Users who set up temperature monitoring before the proxy feature
won't know they should upgrade. This detection allows the frontend
to show a banner prompting them to re-run the setup script to
migrate to the secure proxy architecture.

**Frontend Integration (to be added):**
Frontend can poll /api/health and show a dismissible banner similar
to UpdateBanner when legacySSHDetected is true, with a button to
view the setup script.

Addresses #123
2025-10-13 14:40:03 +00:00
rcourtman
8d6ab4113d fix: Handle authorized_keys removal when all keys are managed
Codex caught an edge case in the authorized_keys removal logic:

**Problem:**
When authorized_keys contains ONLY pulse-managed keys, `grep -vF` returns
exit code 1 (no lines matched the inverse filter). The previous code only
executed the rewrite on exit 0, leaving managed keys in place when they
should have been removed.

**Solution:**
- Capture grep exit code explicitly
- Treat both exit 0 (lines remain) and exit 1 (all removed) as success
- Only treat exit codes > 1 as actual errors
- Properly handles the "remove all keys" scenario

This ensures complete removal works even when the file contains nothing
but Pulse-managed entries.

Addresses #123
2025-10-13 14:35:06 +00:00
rcourtman
e0d7cc7f58 fix: Address final Codex review findings
Fixed three remaining issues from Codex's final review:

**1. nullglob State Management (line 3124)**
- Replaced shopt -s/u nullglob with compgen -G check
- Prevents changing global shell behavior that could affect later globs
- More explicit and safer pattern matching

**2. authorized_keys Permission Preservation (lines 3116-3117)**
- Now uses chmod/chown --reference to preserve original ownership/perms
- Falls back gracefully if --reference not available
- Proper cleanup on mv failure to prevent temp file leaks
- Aborts atomically if operations fail, leaving original untouched

**3. Multi-Address Container Detection (lines 3750-3761)**
- Iterates over ALL IPs from hostname -I, not just first one
- Handles dual-stack (IPv4 + IPv6) and multi-IP containers
- Uses break 2 to exit both loops when match found
- Prevents false negatives when Pulse IP is not the first address

All operations now handle edge cases properly: non-root accounts,
dual-stack networking, empty directories, and partial failures.

Addresses #123
2025-10-13 14:32:38 +00:00
rcourtman
096801e96a fix: Improve setup script robustness and safety (Codex review)
Applied Codex's security and reliability recommendations:

**SSH Key Safety:**
- Added "pulse-managed-key" comment marker to all SSH keys
- Removal now targets only marked keys (prevents deleting operator keys)
- Uses atomic file replacement via mktemp for authorized_keys edits

**Idempotency Improvements:**
- LXC config glob now uses nullglob to handle empty directories
- pveum token removal handles missing users gracefully (|| printf '')
- All systemctl operations wrapped with || true for non-systemd hosts
- sed operations in loops protected with || true

**Container Detection:**
- Validates container is running before IP check (pct status)
- Confirms container exists with pct config before proceeding
- Uses printf '' instead of || true for command substitution
- Handles IPv6 and multi-IP scenarios more reliably

**Network Operations:**
- curl now uses --fail --show-error --silent --location
- Error messages visible to users instead of silenced
- Better diagnostics when download fails

**Migration Safety:**
- Verifies pulse-sensor-proxy service is active before key removal
- Fallback check for binary existence if systemd unavailable
- Preserves legacy SSH keys if proxy not confirmed healthy
- Clear messaging about deferred cleanup

All cleanup operations are now fully idempotent and safe for
repeated execution, even on partially-configured hosts.

Addresses #123
2025-10-13 14:19:17 +00:00