vrr/Pulse
2
0
Fork 0
mirror of https://github.com/rcourtman/Pulse.git synced 2026-05-19 16:27:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
Pulse/docs/security/TEMPERATURE_MONITORING.md
rcourtman 8948e84fe5 feat: AI features, agent improvements, and host monitoring enhancements 
AI Chat Integration:
- Multi-provider support (Anthropic, OpenAI, Ollama)
- Streaming responses with markdown rendering
- Agent command execution for remote troubleshooting
- Context-aware conversations with host/container metadata

Agent Updates:
- Add --enable-proxmox flag for automatic PVE/PBS token setup
- Improve auto-update with semver comparison (prevents downgrades)
- Add updatedFrom tracking to report previous version after update
- Reduce initial update check delay from 30s to 5s
- Add agent version column to Hosts page table

Host Metrics:
- Add DiskIO stats collection (read/write bytes, ops, time)
- Improve disk filtering to exclude Docker overlay mounts
- Add RAID array monitoring via mdadm
- Enhanced temperature sensor parsing

Frontend:
- New Agent Version column on Hosts overview table
- Improved node modal with agent-first installation flow
- Add DiskIO display in host drawer
- Better responsive handling for metric bars
2025-12-05 10:37:02 +00:00

1.9 KiB
Raw Blame History

🌡️ Temperature Monitoring

Pulse supports two methods for collecting hardware temperatures from Proxmox nodes.

Recommended: Pulse Agent

The simplest and most feature-rich method is installing the Pulse agent on your Proxmox nodes:

curl -fsSL http://your-pulse-server:7655/api/download/install.sh | bash -s -- \
  --url http://your-pulse-server:7655 \
  --token YOUR_TOKEN \
  --enable-proxmox

Benefits:

  • One-command setup
  • Automatic API token creation
  • Temperature monitoring built-in
  • Enables AI features for VM/container management
  • No SSH keys or proxy configuration required

The agent runs sensors -j locally and reports temperatures directly to Pulse.

Legacy: Sensor Proxy (SSH-based)

For users who prefer not to install an agent on their hypervisor, the sensor-proxy method is still available.

Note: This method is deprecated and will be removed in a future release. Consider migrating to the agent-based approach.

🛡️ Security Model

  • Isolation: SSH keys live on the host, not in the container.
  • Least Privilege: Proxy runs as pulse-sensor-proxy (no shell).
  • Verification: Container identity verified via SO_PEERCRED.

🏗️ Components

  1. Pulse Backend: Connects to Unix socket /mnt/pulse-proxy/pulse-sensor-proxy.sock.
  2. Sensor Proxy: Validates request, executes SSH to node.
  3. Target Node: Accepts SSH key restricted to sensors -j.

🔒 Key Restrictions

SSH keys deployed to nodes are locked down:

command="sensors -j",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty

🚦 Rate Limiting

  • Per Peer: ~12 req/min.
  • Concurrency: Max 2 parallel requests per peer.
  • Global: Max 8 concurrent requests.

📝 Auditing

All requests logged to system journal:

journalctl -u pulse-sensor-proxy

Logs include: uid, pid, method, node, correlation_id.