支持设置密码

2026-04-06 20:05:49 +08:00
parent 048582791d
commit bc78a1f601
3 changed files with 141 additions and 2 deletions
--- a/Prometheus/add_node.sh
+++ b/Prometheus/add_node.sh
@@ -0,0 +1,66 @@
+#!/bin/bash
+
+# This script adds a new node to the Prometheus configuration file
+# Supports optional Basic Authentication (username/password)
+# Use: sudo ./add_node.sh <SERVER_IP> [USERNAME] [PASSWORD]
+
+if [ -z "$1" ]; then
+    echo "--- Prometheus Node Adder ---"
+    read -p "Enter Target IP/Hostname: " SERVER_IP
+    if [ -z "$SERVER_IP" ]; then
+        echo "Error: Target IP is required."
+        exit 1
+    fi
+    
+    read -p "Enable Basic Authentication? [y/N]: " ENABLE_AUTH
+    if [[ "$ENABLE_AUTH" =~ ^[Yy]$ ]]; then
+        read -p "Enter Username: " USER_NAME
+        read -s -p "Enter Password: " PASSWORD
+        echo "" # New line
+    fi
+else
+    SERVER_IP=$1
+    USER_NAME=$2
+    PASSWORD=$3
+fi
+
+CONFIG_FILE="/etc/prometheus/prometheus.yml"
+
+# Ensure the script is run with sudo
+if [ "$EUID" -ne 0 ]; then
+  echo "Please run this script with sudo."
+  exit 1
+fi
+
+if [ ! -f "$CONFIG_FILE" ]; then
+    echo "Prometheus configuration file not found at $CONFIG_FILE"
+    exit 1
+fi
+
+echo "Adding node $SERVER_IP to $CONFIG_FILE..."
+
+# Build the configuration block
+JOB_BLOCK="
+  - job_name: 'nodes_$SERVER_IP'
+    static_configs:
+      - targets: ['$SERVER_IP:9100']"
+
+if [ -n "$USER_NAME" ] && [ -n "$PASSWORD" ]; then
+    echo "Applying basic authentication for user: $USER_NAME"
+    JOB_BLOCK="$JOB_BLOCK
+    basic_auth:
+      username: '$USER_NAME'
+      password: '$PASSWORD'"
+fi
+
+# Append the new job configuration
+echo "$JOB_BLOCK" >> "$CONFIG_FILE"
+
+# Restart Prometheus to apply changes
+if [ -x "/usr/bin/restart_prometheus" ]; then
+    /usr/bin/restart_prometheus
+else
+    systemctl restart prometheus
+fi
+
+echo "Done. node $SERVER_IP added. Prometheus restarted."
--- a/Prometheus/install_Prometheus.sh
+++ b/Prometheus/install_Prometheus.sh
@@ -64,6 +64,18 @@ scrape_configs:
    static_configs:
      - targets: ['8.8.8.8:9100']

+  - job_name: 'nodes'
+    static_configs:
+      - targets: ['your-server-ip:9100']
+
+  # Basic Auth example:
+  # - job_name: 'nodes_auth'
+  #   static_configs:
+  #     - targets: ['your-server-ip:9100']
+  #   basic_auth:
+  #     username: 'user'
+  #     password: 'password'
+
 EOF

 # Create systemd service file
--- a/Prometheus/install_node_exporter.sh
+++ b/Prometheus/install_node_exporter.sh
@@ -1,6 +1,33 @@
 #!/bin/bash
 set -e

+# Arguments for Basic Auth
+USER_NAME=""
+PASSWORD_PLAIN=""
+
+while [[ "$#" -gt 0 ]]; do
+    case $1 in
+        --user) USER_NAME="$2"; shift ;;
+        --pass) PASSWORD_PLAIN="$2"; shift ;;
+        *) echo "Unknown option: $1"; exit 1 ;;
+    esac
+    shift
+done
+
+# If not provided via arguments, ask interactively
+if [ -z "$USER_NAME" ]; then
+    read -p "Do you want to enable Basic Authentication for Node Exporter? [y/N]: " ENABLE_AUTH
+    if [[ "$ENABLE_AUTH" =~ ^[Yy]$ ]]; then
+        read -p "Enter Username: " USER_NAME
+        read -s -p "Enter Password: " PASSWORD_PLAIN
+        echo "" # New line after password
+        if [ -z "$USER_NAME" ] || [ -z "$PASSWORD_PLAIN" ]; then
+            echo "Error: Username and Password cannot be empty."
+            exit 1
+        fi
+    fi
+fi
+
 # Detect Operation System

 if command -v apt >/dev/null 2>&1; then
@@ -53,6 +80,37 @@ tar -zxvf /tmp/node_exporter.tar.gz -C /tmp
 echo "Copying Node Exporter to /node_exporter..."
 sudo cp -r /tmp/node_exporter-1.10.2.linux-amd64 /node_exporter

+# Handle Basic Auth configuration
+if [ -n "$USER_NAME" ] && [ -n "$PASSWORD_PLAIN" ]; then
+    echo "Configuring Basic Authentication for Node Exporter..."
+    
+    # Generate bcrypt hash using python3 (common on Linux)
+    # If python3 is not available, you'll need to provide the hash manually
+    if command -v python3 >/dev/null 2>&1; then
+        HASHED_PASSWORD=$(python3 -c "import bcrypt; print(bcrypt.hashpw('$PASSWORD_PLAIN'.encode(), bcrypt.gensalt()).decode())" 2>/dev/null || true)
+        
+        # Fallback if bcrypt module is not installed
+        if [ -z "$HASHED_PASSWORD" ]; then
+             echo "Python bcrypt module not found, using simple crypt fallback (not bcrypt!)..."
+             HASHED_PASSWORD=$(python3 -c "import crypt; print(crypt.crypt('$PASSWORD_PLAIN', crypt.mksalt(crypt.METHOD_SHA512)))" 2>/dev/null || true)
+        fi
+    fi
+
+    if [ -n "$HASHED_PASSWORD" ]; then
+        sudo tee "/node_exporter/web-config.yml" > /dev/null <<EOF
+basic_auth_users:
+    $USER_NAME: $HASHED_PASSWORD
+EOF
+        EXTRA_OPTS="--web.config.file=/node_exporter/web-config.yml"
+        echo "Basic Auth configured for user: $USER_NAME"
+    else
+        echo "Warning: Could not generate password hash. Standard Node Exporter will be installed without auth."
+        EXTRA_OPTS=""
+    fi
+else
+    EXTRA_OPTS=""
+fi
+
 # Create systemd service file
 SERVICE_FILE="/etc/systemd/system/node_exporter.service"

@@ -65,7 +123,7 @@ After=network-online.target

 [Service]
 User=root
-ExecStart=/node_exporter/node_exporter --web.listen-address=":9100"
+ExecStart=/node_exporter/node_exporter --web.listen-address=":9100" $EXTRA_OPTS
 Restart=always

 [Install]
@@ -78,3 +136,6 @@ sudo systemctl daemon-reload
 sudo systemctl enable --now node_exporter.service

 echo "Node Exporter installation completed, listening on port 9100"
+if [ -n "$EXTRA_OPTS" ]; then
+    echo "Basic authentication is ENABLED."
+fi