Commit graph

10 commits

Author SHA1 Message Date
rcourtman
13c2005282 Fix docker agent version not being embedded in binaries
The docker agent binaries built in the Dockerfile were missing version
information in their ldflags, causing them to always report v4.30.0
(the hardcoded default). This created an update loop where agents would
continuously download and restart when checking for updates.

The server's /api/agent/version endpoint returns dockeragent.Version,
which for the bundled binaries was always v4.30.0 instead of the actual
release version (e.g., v4.25.0). When an older agent (e.g., v4.23.0)
checked for updates, it would see v4.30.0 available, download it, restart,
and repeat the cycle continuously.

This fix adds the VERSION file content to the ldflags when building
all docker agent binaries (amd64, arm64, armv7), matching the pattern
already used in scripts/build-release.sh.

Related to #631
2025-11-05 19:58:05 +00:00
rcourtman
8a052baa2a Fix temperature monitoring for standalone Proxmox nodes and add multi-arch sensor proxy builds
Related to #571

This addresses multiple temperature monitoring issues:

1. Fix single-node Proxmox installation failure: Add '|| true' to pvecm status
   calls to prevent script exit on standalone (non-clustered) nodes with
   'set -euo pipefail'. The script now properly falls through to standalone
   node configuration when cluster detection fails.

2. Build pulse-sensor-proxy for all Linux architectures (amd64, arm64, armv7)
   in Dockerfile to ensure binaries are available for download on all supported
   platforms. This resolves the missing binary issue from v4.23.0.

Note: AMD Tctl sensor support was already implemented in a previous commit.
2025-11-05 19:41:09 +00:00
rcourtman
fdf0977be2 Add host agent multi-platform binary distribution and improve host details UI
- Build host agent binaries for all platforms (linux/darwin/windows, amd64/arm64/armv7) in Docker
- Add Makefile target for building agent binaries locally
- Add startup validation to check for missing agent binaries
- Improve download endpoint error messages with troubleshooting guidance
- Enhance host details drawer layout with better organization and visual hierarchy
- Update base images to rolling versions (node:20-alpine, golang:1.24-alpine, alpine:3.20)
2025-11-05 17:38:17 +00:00
rcourtman
6eb1a10d9b Refactor: Code cleanup and localStorage consolidation
This commit includes comprehensive codebase cleanup and refactoring:

## Code Cleanup
- Remove dead TypeScript code (types/monitoring.ts - 194 lines duplicate)
- Remove unused Go functions (GetClusterNodes, MigratePassword, GetClusterHealthInfo)
- Clean up commented-out code blocks across multiple files
- Remove unused TypeScript exports (helpTextClass, private tag color helpers)
- Delete obsolete test files and components

## localStorage Consolidation
- Centralize all storage keys into STORAGE_KEYS constant
- Update 5 files to use centralized keys:
  * utils/apiClient.ts (AUTH, LEGACY_TOKEN)
  * components/Dashboard/Dashboard.tsx (GUEST_METADATA)
  * components/Docker/DockerHosts.tsx (DOCKER_METADATA)
  * App.tsx (PLATFORMS_SEEN)
  * stores/updates.ts (UPDATES)
- Benefits: Single source of truth, prevents typos, better maintainability

## Previous Work Committed
- Docker monitoring improvements and disk metrics
- Security enhancements and setup fixes
- API refactoring and cleanup
- Documentation updates
- Build system improvements

## Testing
- All frontend tests pass (29 tests)
- All Go tests pass (15 packages)
- Production build successful
- Zero breaking changes

Total: 186 files changed, 5825 insertions(+), 11602 deletions(-)
2025-11-04 21:50:46 +00:00
rcourtman
5c4be1921c chore: snapshot current changes 2025-11-02 22:47:55 +00:00
rcourtman
524f42cc28 security: complete Phase 1 sensor proxy hardening
Implements comprehensive security hardening for pulse-sensor-proxy:
- Privilege drop from root to unprivileged user (UID 995)
- Hash-chained tamper-evident audit logging with remote forwarding
- Per-UID rate limiting (0.2 QPS, burst 2) with concurrency caps
- Enhanced command validation with 10+ attack pattern tests
- Fuzz testing (7M+ executions, 0 crashes)
- SSH hardening, AppArmor/seccomp profiles, operational runbooks

All 27 Phase 1 tasks complete. Ready for production deployment.
2025-10-20 15:13:37 +00:00
rcourtman
dd70bdee08 feat: switch to Ed25519 SSH keys and add openssh-client to container
- Changed SSH key generation from RSA 2048 to Ed25519 (more secure, faster, smaller)
- Added openssh-client package to Docker image (required for temperature monitoring)
- Updated SSH config template to use id_ed25519
- Removed unused crypto/rsa and crypto/x509 imports

Ed25519 provides better security with shorter keys and faster operations
compared to RSA. The container now has SSH client tools needed to connect
to Proxmox nodes for temperature data collection.
2025-10-19 08:43:20 +00:00
rcourtman
3759f2eb1b fix: restore pulse-docker-agent fallback in Docker image
The router's handleDownloadAgent searches for /opt/pulse/bin/pulse-docker-agent
as a fallback when arch-specific binaries are not found or requested. In v4.23.0,
this fallback binary was missing from the Docker image, causing 404 errors for
linux-amd64 downloads.

The Dockerfile now explicitly copies the fallback binary to /opt/pulse/bin/pulse-docker-agent
alongside the arch-specific binaries (linux-amd64, linux-arm64, linux-armv7).

Verified with local build - all four binaries now exist in /opt/pulse/bin/.

Addresses #528
2025-10-13 15:27:21 +00:00
rcourtman
ce602a989a fix: Build multi-arch docker-agent binaries in Docker image
When Pulse runs in Docker, ARM users couldn't download the docker-agent
because only the host architecture binary was built. The Dockerfile now
builds amd64, arm64, and armv7 binaries and includes them at /opt/pulse/bin/
so the download endpoint can serve all architectures.
2025-10-12 20:01:10 +00:00
rcourtman
f46ff1792b Fix settings security tab navigation 2025-10-11 23:29:47 +00:00