支持设置密码

2026-04-06 20:05:49 +08:00
parent 048582791d
commit bc78a1f601
3 changed files with 141 additions and 2 deletions
--- a/Prometheus/add_node.sh
+++ b/Prometheus/add_node.sh
@@ -0,0 +1,66 @@
 #!/bin/bash
 # This script adds a new node to the Prometheus configuration file
 # Supports optional Basic Authentication (username/password)
 # Use: sudo ./add_node.sh <SERVER_IP> [USERNAME] [PASSWORD]
 if [ -z "$1" ]; then
    echo "--- Prometheus Node Adder ---"
    read -p "Enter Target IP/Hostname: " SERVER_IP
    if [ -z "$SERVER_IP" ]; then
        echo "Error: Target IP is required."
        exit 1
    fi
    read -p "Enable Basic Authentication? [y/N]: " ENABLE_AUTH
    if [[ "$ENABLE_AUTH" =~ ^[Yy]$ ]]; then
        read -p "Enter Username: " USER_NAME
        read -s -p "Enter Password: " PASSWORD
        echo "" # New line
    fi
 else
    SERVER_IP=$1
    USER_NAME=$2
    PASSWORD=$3
 fi
 CONFIG_FILE="/etc/prometheus/prometheus.yml"
 # Ensure the script is run with sudo
 if [ "$EUID" -ne 0 ]; then
  echo "Please run this script with sudo."
  exit 1
 fi
 if [ ! -f "$CONFIG_FILE" ]; then
    echo "Prometheus configuration file not found at $CONFIG_FILE"
    exit 1
 fi
 echo "Adding node $SERVER_IP to $CONFIG_FILE..."
 # Build the configuration block
 JOB_BLOCK="
  - job_name: 'nodes_$SERVER_IP'
    static_configs:
      - targets: ['$SERVER_IP:9100']"
 if [ -n "$USER_NAME" ] && [ -n "$PASSWORD" ]; then
    echo "Applying basic authentication for user: $USER_NAME"
    JOB_BLOCK="$JOB_BLOCK
    basic_auth:
      username: '$USER_NAME'
      password: '$PASSWORD'"
 fi
 # Append the new job configuration
 echo "$JOB_BLOCK" >> "$CONFIG_FILE"
 # Restart Prometheus to apply changes
 if [ -x "/usr/bin/restart_prometheus" ]; then
    /usr/bin/restart_prometheus
 else
    systemctl restart prometheus
 fi
 echo "Done. node $SERVER_IP added. Prometheus restarted."
--- a/Prometheus/install_Prometheus.sh
+++ b/Prometheus/install_Prometheus.sh
@@ -64,6 +64,18 @@ scrape_configs:
    static_configs:
      - targets: ['8.8.8.8:9100']
  - job_name: 'nodes'
    static_configs:
      - targets: ['your-server-ip:9100']
  # Basic Auth example:
  # - job_name: 'nodes_auth'
  #   static_configs:
  #     - targets: ['your-server-ip:9100']
  #   basic_auth:
  #     username: 'user'
  #     password: 'password'
 EOF
 # Create systemd service file
--- a/Prometheus/install_node_exporter.sh
+++ b/Prometheus/install_node_exporter.sh
@@ -1,7 +1,34 @@
 #!/bin/bash
 set -e
-#Detect Operation System
+# Arguments for Basic Auth
 USER_NAME=""
 PASSWORD_PLAIN=""
 while [[ "$#" -gt 0 ]]; do
    case $1 in
        --user) USER_NAME="$2"; shift ;;
        --pass) PASSWORD_PLAIN="$2"; shift ;;
        *) echo "Unknown option: $1"; exit 1 ;;
    esac
    shift
 done
 # If not provided via arguments, ask interactively
 if [ -z "$USER_NAME" ]; then
    read -p "Do you want to enable Basic Authentication for Node Exporter? [y/N]: " ENABLE_AUTH
    if [[ "$ENABLE_AUTH" =~ ^[Yy]$ ]]; then
        read -p "Enter Username: " USER_NAME
        read -s -p "Enter Password: " PASSWORD_PLAIN
        echo "" # New line after password
        if [ -z "$USER_NAME" ] || [ -z "$PASSWORD_PLAIN" ]; then
            echo "Error: Username and Password cannot be empty."
            exit 1
        fi
    fi
 fi
 # Detect Operation System
 if command -v apt >/dev/null 2>&1; then
    echo "Detected apt-based system"
@@ -53,6 +80,37 @@ tar -zxvf /tmp/node_exporter.tar.gz -C /tmp
 echo "Copying Node Exporter to /node_exporter..."
 sudo cp -r /tmp/node_exporter-1.10.2.linux-amd64 /node_exporter
 # Handle Basic Auth configuration
 if [ -n "$USER_NAME" ] && [ -n "$PASSWORD_PLAIN" ]; then
    echo "Configuring Basic Authentication for Node Exporter..."
    # Generate bcrypt hash using python3 (common on Linux)
    # If python3 is not available, you'll need to provide the hash manually
    if command -v python3 >/dev/null 2>&1; then
        HASHED_PASSWORD=$(python3 -c "import bcrypt; print(bcrypt.hashpw('$PASSWORD_PLAIN'.encode(), bcrypt.gensalt()).decode())" 2>/dev/null || true)
        # Fallback if bcrypt module is not installed
        if [ -z "$HASHED_PASSWORD" ]; then
             echo "Python bcrypt module not found, using simple crypt fallback (not bcrypt!)..."
             HASHED_PASSWORD=$(python3 -c "import crypt; print(crypt.crypt('$PASSWORD_PLAIN', crypt.mksalt(crypt.METHOD_SHA512)))" 2>/dev/null || true)
        fi
    fi
    if [ -n "$HASHED_PASSWORD" ]; then
        sudo tee "/node_exporter/web-config.yml" > /dev/null <<EOF
 basic_auth_users:
    $USER_NAME: $HASHED_PASSWORD
 EOF
        EXTRA_OPTS="--web.config.file=/node_exporter/web-config.yml"
        echo "Basic Auth configured for user: $USER_NAME"
    else
        echo "Warning: Could not generate password hash. Standard Node Exporter will be installed without auth."
        EXTRA_OPTS=""
    fi
 else
    EXTRA_OPTS=""
 fi
 # Create systemd service file
 SERVICE_FILE="/etc/systemd/system/node_exporter.service"
@@ -65,7 +123,7 @@ After=network-online.target
 [Service]
 User=root
-ExecStart=/node_exporter/node_exporter --web.listen-address=":9100"
+ExecStart=/node_exporter/node_exporter --web.listen-address=":9100" $EXTRA_OPTS
 Restart=always
 [Install]
@@ -78,3 +136,6 @@ sudo systemctl daemon-reload
 sudo systemctl enable --now node_exporter.service
 echo "Node Exporter installation completed, listening on port 9100"
 if [ -n "$EXTRA_OPTS" ]; then
    echo "Basic authentication is ENABLED."
 fi