paulmataruso/patchmon.net
1
0
Fork 0
mirror of https://github.com/9technologygroup/patchmon.net.git synced 2025-11-21 06:58:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

API for auto-enrollment

Browse Source 
Api
This commit is contained in:
9 Technology Group LTD
2025-11-15 00:08:37 +00:00
committed by GitHub
parent 3f18074f01 307970ebd4
commit c770bf1444
18 changed files with 840 additions and 697 deletions
Download Patch File Download Diff File Expand all files Collapse all files

270
agents/direct_host_auto_enroll.sh Executable file
View File

@@ -0,0 +1,270 @@
#!/bin/sh
# PatchMon Direct Host Auto-Enrollment Script
# POSIX-compliant shell script (works with dash, ash, bash, etc.)
# Usage: curl -s "https://patchmon.example.com/api/v1/auto-enrollment/script?type=direct-host&token_key=KEY&token_secret=SECRET" | sh
set -e
SCRIPT_VERSION="1.0.0"
# =============================================================================
# PatchMon Direct Host Auto-Enrollment Script
# =============================================================================
# This script automatically enrolls the current host into PatchMon for patch
# management.
#
# Usage:
# curl -s "https://patchmon.example.com/api/v1/auto-enrollment/script?type=direct-host&token_key=KEY&token_secret=SECRET" | sh
#
# With custom friendly name:
# curl -s "https://patchmon.example.com/api/v1/auto-enrollment/script?type=direct-host&token_key=KEY&token_secret=SECRET" | FRIENDLY_NAME="My Server" sh
#
# Requirements:
# - Run as root or with sudo
# - Auto-enrollment token from PatchMon
# - Network access to PatchMon server
# =============================================================================
# ===== CONFIGURATION =====
PATCHMON_URL="${PATCHMON_URL:-https://patchmon.example.com}"
AUTO_ENROLLMENT_KEY="${AUTO_ENROLLMENT_KEY:-}"
AUTO_ENROLLMENT_SECRET="${AUTO_ENROLLMENT_SECRET:-}"
CURL_FLAGS="${CURL_FLAGS:--s}"
FORCE_INSTALL="${FORCE_INSTALL:-false}"
FRIENDLY_NAME="${FRIENDLY_NAME:-}" # Optional: Custom friendly name for the host
# ===== COLOR OUTPUT =====
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# ===== LOGGING FUNCTIONS =====
info() { printf "%b\n" "${GREEN}[INFO]${NC} $1"; }
warn() { printf "%b\n" "${YELLOW}[WARN]${NC} $1"; }
error() { printf "%b\n" "${RED}[ERROR]${NC} $1" >&2; exit 1; }
success() { printf "%b\n" "${GREEN}[SUCCESS]${NC} $1"; }
debug() { [ "${DEBUG:-false}" = "true" ] && printf "%b\n" "${BLUE}[DEBUG]${NC} $1" || true; }
# ===== BANNER =====
cat << "EOF"
╔═══════════════════════════════════════════════════════════════╗
║ ║
║ ____ _ _ __ __ ║
| _ \ __ _| |_ ___| |__ | \/ | ___ _ __ ║
| |_) / _` | __/ __| '_ \| |\/| |/ _ \| '_ \
| __/ (_| | || (__| | | | | | | (_) | | | |
|_| \__,_|\__\___|_| |_|_| |_|\___/|_| |_|
║ ║
║ Direct Host Auto-Enrollment Script ║
║ ║
╚═══════════════════════════════════════════════════════════════╝
EOF
echo ""
# ===== VALIDATION =====
info "Validating configuration..."
if [ -z "$AUTO_ENROLLMENT_KEY" ] || [ -z "$AUTO_ENROLLMENT_SECRET" ]; then
error "AUTO_ENROLLMENT_KEY and AUTO_ENROLLMENT_SECRET must be set"
fi
if [ -z "$PATCHMON_URL" ]; then
error "PATCHMON_URL must be set"
fi
# Check if running as root
if [ "$(id -u)" -ne 0 ]; then
error "This script must be run as root (use sudo)"
fi
# Check for required commands
for cmd in curl; do
if ! command -v $cmd >/dev/null 2>&1; then
error "Required command '$cmd' not found. Please install it first."
fi
done
info "Configuration validated successfully"
info "PatchMon Server: $PATCHMON_URL"
echo ""
# ===== GATHER HOST INFORMATION =====
info "Gathering host information..."
# Get hostname
hostname=$(hostname)
# Use FRIENDLY_NAME env var if provided, otherwise use hostname
if [ -n "$FRIENDLY_NAME" ]; then
friendly_name="$FRIENDLY_NAME"
info "Using custom friendly name: $friendly_name"
else
friendly_name="$hostname"
fi
# Try to get machine_id (optional, for tracking)
machine_id=""
if [ -f /etc/machine-id ]; then
machine_id=$(cat /etc/machine-id 2>/dev/null || echo "")
elif [ -f /var/lib/dbus/machine-id ]; then
machine_id=$(cat /var/lib/dbus/machine-id 2>/dev/null || echo "")
fi
# Get OS information
os_info="unknown"
if [ -f /etc/os-release ]; then
os_info=$(grep "^PRETTY_NAME=" /etc/os-release 2>/dev/null | cut -d'"' -f2 || echo "unknown")
fi
# Get IP address (first non-loopback)
ip_address=$(hostname -I 2>/dev/null | awk '{print $1}' || echo "unknown")
# Detect architecture
arch_raw=$(uname -m 2>/dev/null || echo "unknown")
case "$arch_raw" in
"x86_64")
architecture="amd64"
;;
"i386"|"i686")
architecture="386"
;;
"aarch64"|"arm64")
architecture="arm64"
;;
"armv7l"|"armv6l"|"arm")
architecture="arm"
;;
*)
warn " ⚠ Unknown architecture '$arch_raw', defaulting to amd64"
architecture="amd64"
;;
esac
info "Hostname: $hostname"
info "Friendly Name: $friendly_name"
info "IP Address: $ip_address"
info "OS: $os_info"
info "Architecture: $architecture"
if [ -n "$machine_id" ]; then
# POSIX-compliant substring (first 16 chars)
machine_id_short=$(printf "%.16s" "$machine_id")
info "Machine ID: ${machine_id_short}..."
else
info "Machine ID: (not available)"
fi
echo ""
# ===== CHECK IF AGENT ALREADY INSTALLED =====
info "Checking if agent is already configured..."
config_check=$(sh -c "
if [ -f /etc/patchmon/config.yml ] && [ -f /etc/patchmon/credentials.yml ]; then
if [ -f /usr/local/bin/patchmon-agent ]; then
# Try to ping using existing configuration
if /usr/local/bin/patchmon-agent ping >/dev/null 2>&1; then
echo 'ping_success'
else
echo 'ping_failed'
fi
else
echo 'binary_missing'
fi
else
echo 'not_configured'
fi
" 2>/dev/null || echo "error")
if [ "$config_check" = "ping_success" ]; then
success "Host already enrolled and agent ping successful - nothing to do"
exit 0
elif [ "$config_check" = "ping_failed" ]; then
warn "Agent configuration exists but ping failed - will reinstall"
elif [ "$config_check" = "binary_missing" ]; then
warn "Config exists but agent binary missing - will reinstall"
elif [ "$config_check" = "not_configured" ]; then
info "Agent not yet configured - proceeding with enrollment"
else
warn "Could not check agent status - proceeding with enrollment"
fi
echo ""
# ===== ENROLL HOST =====
info "Enrolling $friendly_name in PatchMon..."
# Build JSON payload
json_payload=$(cat <<EOF
{
"friendly_name": "$friendly_name",
"metadata": {
"hostname": "$hostname",
"ip_address": "$ip_address",
"os_info": "$os_info",
"architecture": "$architecture"
}
}
EOF
)
# Add machine_id if available
if [ -n "$machine_id" ]; then
json_payload=$(echo "$json_payload" | sed "s/\"friendly_name\"/\"machine_id\": \"$machine_id\",\n \"friendly_name\"/")
fi
response=$(curl $CURL_FLAGS -X POST \
-H "X-Auto-Enrollment-Key: $AUTO_ENROLLMENT_KEY" \
-H "X-Auto-Enrollment-Secret: $AUTO_ENROLLMENT_SECRET" \
-H "Content-Type: application/json" \
-d "$json_payload" \
"$PATCHMON_URL/api/v1/auto-enrollment/enroll" \
-w "\n%{http_code}" 2>&1)
http_code=$(echo "$response" | tail -n 1)
body=$(echo "$response" | sed '$d')
if [ "$http_code" = "201" ]; then
# Use grep and cut instead of jq since jq may not be installed
api_id=$(echo "$body" | grep -o '"api_id":"[^"]*' | cut -d'"' -f4 || echo "")
api_key=$(echo "$body" | grep -o '"api_key":"[^"]*' | cut -d'"' -f4 || echo "")
if [ -z "$api_id" ] || [ -z "$api_key" ]; then
error "Failed to parse API credentials from response"
fi
success "Host enrolled successfully: $api_id"
echo ""
# ===== INSTALL AGENT =====
info "Installing PatchMon agent..."
# Build install URL with force flag and architecture
install_url="$PATCHMON_URL/api/v1/hosts/install?arch=$architecture"
if [ "$FORCE_INSTALL" = "true" ]; then
install_url="$install_url&force=true"
info "Using force mode - will bypass broken packages"
fi
info "Using architecture: $architecture"
# Download and execute installation script
install_exit_code=0
install_output=$(curl $CURL_FLAGS \
-H "X-API-ID: $api_id" \
-H "X-API-KEY: $api_key" \
"$install_url" | sh 2>&1) || install_exit_code=$?
# Check both exit code AND success message in output
if [ "$install_exit_code" -eq 0 ] || echo "$install_output" | grep -q "PatchMon Agent installation completed successfully"; then
success "Agent installed successfully"
else
error "Failed to install agent (exit: $install_exit_code)"
fi
else
printf "%b\n" "${RED}[ERROR]${NC} Failed to enroll $friendly_name - HTTP $http_code" >&2
printf "%b\n" "Response: $body" >&2
exit 1
fi
echo ""
success "Auto-enrollment complete!"
exit 0

BIN
agents/patchmon-agent-linux-386
View File

Binary file not shown.

BIN
agents/patchmon-agent-linux-amd64
View File

Binary file not shown.

BIN
agents/patchmon-agent-linux-arm
View File

Binary file not shown.

BIN
agents/patchmon-agent-linux-arm64
View File

Binary file not shown.

186
agents/patchmon_install.sh
View File

@@ -19,20 +19,20 @@ NC='\033[0m' # No Color
# Functions
error() {
printf "%b\n" "${RED}ERROR: $1${NC}" >&2
printf "%b\n" "${RED}ERROR: $1${NC}" >&2
exit 1
}
info() {
printf "%b\n" "${BLUE} $1${NC}"
printf "%b\n" "${BLUE}INFO: $1${NC}"
}
success() {
printf "%b\n" "${GREEN} $1${NC}"
printf "%b\n" "${GREEN}SUCCESS: $1${NC}"
}
warning() {
printf "%b\n" "${YELLOW}⚠️ $1${NC}"
printf "%b\n" "${YELLOW}WARNING: $1${NC}"
}
# Check if running as root
@@ -42,7 +42,7 @@ fi
# Verify system datetime and timezone
verify_datetime() {
info "🕐 Verifying system datetime and timezone..."
info "Verifying system datetime and timezone..."
# Get current system time
system_time=$(date)
@@ -50,7 +50,7 @@ verify_datetime() {
# Display current datetime info
echo ""
printf "%b\n" "${BLUE}📅 Current System Date/Time:${NC}"
printf "%b\n" "${BLUE}Current System Date/Time:${NC}"
echo " • Date/Time: $system_time"
echo " • Timezone: $timezone"
echo ""
@@ -62,26 +62,26 @@ verify_datetime() {
read -r response
case "$response" in
[Yy]*)
success "Date/time verification passed"
success "Date/time verification passed"
echo ""
return 0
;;
*)
echo ""
printf "%b\n" "${RED}Date/time verification failed${NC}"
printf "%b\n" "${RED}Date/time verification failed${NC}"
echo ""
printf "%b\n" "${YELLOW}💡 Please fix the date/time and re-run the installation script:${NC}"
printf "%b\n" "${YELLOW}Please fix the date/time and re-run the installation script:${NC}"
echo " sudo timedatectl set-time 'YYYY-MM-DD HH:MM:SS'"
echo " sudo timedatectl set-timezone 'America/New_York' # or your timezone"
echo " sudo timedatectl list-timezones # to see available timezones"
echo ""
printf "%b\n" "${BLUE} After fixing the date/time, re-run this installation script.${NC}"
printf "%b\n" "${BLUE}After fixing the date/time, re-run this installation script.${NC}"
error "Installation cancelled - please fix date/time and re-run"
;;
esac
else
# Non-interactive (piped from curl) - show warning and continue
printf "%b\n" "${YELLOW}⚠️ Non-interactive installation detected${NC}"
printf "%b\n" "${YELLOW}Non-interactive installation detected${NC}"
echo ""
echo "Please verify the date/time shown above is correct."
echo "If the date/time is incorrect, it may cause issues with:"
@@ -89,8 +89,8 @@ verify_datetime() {
echo " • Scheduled updates"
echo " • Data synchronization"
echo ""
printf "%b\n" "${GREEN}Continuing with installation...${NC}"
success "Date/time verification completed (assumed correct)"
printf "%b\n" "${GREEN}Continuing with installation...${NC}"
success "Date/time verification completed (assumed correct)"
echo ""
fi
}
@@ -159,7 +159,7 @@ if [ -z "$ARCHITECTURE" ]; then
ARCHITECTURE="arm"
;;
*)
warning "⚠️ Unknown architecture '$arch_raw', defaulting to amd64"
warning "Unknown architecture '$arch_raw', defaulting to amd64"
ARCHITECTURE="amd64"
;;
esac
@@ -177,31 +177,21 @@ case "$*" in
esac
if [ "$FORCE_INSTALL" = "true" ]; then
FORCE_INSTALL="true"
warning "⚠️ Force mode enabled - will bypass broken packages"
warning "Force mode enabled - will bypass broken packages"
fi
# Get unique machine ID for this host
MACHINE_ID=$(get_machine_id)
export MACHINE_ID
info "🚀 Starting PatchMon Agent Installation..."
info "📋 Server: $PATCHMON_URL"
info "🔑 API ID: $(echo "$API_ID" | cut -c1-16)..."
info "🆔 Machine ID: $(echo "$MACHINE_ID" | cut -c1-16)..."
info "🏗️ Architecture: $ARCHITECTURE"
# Display diagnostic information
echo ""
printf "%b\n" "${BLUE}🔧 Installation Diagnostics:${NC}"
echo " • URL: $PATCHMON_URL"
echo " • CURL FLAGS: $CURL_FLAGS"
echo " • API ID: $(echo "$API_ID" | cut -c1-16)..."
echo " • API Key: $(echo "$API_KEY" | cut -c1-16)..."
echo " • Architecture: $ARCHITECTURE"
echo ""
info "Starting PatchMon Agent Installation..."
info "Server: $PATCHMON_URL"
info "API ID: $(echo "$API_ID" | cut -c1-16)..."
info "Machine ID: $(echo "$MACHINE_ID" | cut -c1-16)..."
info "Architecture: $ARCHITECTURE"
# Install required dependencies
info "📦 Installing required dependencies..."
info "Installing required dependencies..."
echo ""
# Function to check if a command exists
@@ -417,7 +407,7 @@ if command -v apt-get >/dev/null 2>&1; then
if [ "$FORCE_INSTALL" = "true" ]; then
warning "Detected broken packages on system - force mode will work around them"
else
warning "⚠️ Broken packages detected on system"
warning "Broken packages detected on system"
warning "If installation fails, retry with: curl -s {URL}/api/v1/hosts/install --force -H ..."
fi
fi
@@ -466,88 +456,88 @@ success "Dependencies installation completed"
echo ""
# Step 1: Handle existing configuration directory
info "📁 Setting up configuration directory..."
info "Setting up configuration directory..."
# Check if configuration directory already exists
if [ -d "/etc/patchmon" ]; then
warning "⚠️ Configuration directory already exists at /etc/patchmon"
warning "⚠️ Preserving existing configuration files"
warning "Configuration directory already exists at /etc/patchmon"
warning "Preserving existing configuration files"
# List existing files for user awareness
info "📋 Existing files in /etc/patchmon:"
info "Existing files in /etc/patchmon:"
ls -la /etc/patchmon/ 2>/dev/null | grep -v "^total" | while read -r line; do
echo " $line"
done
else
info "📁 Creating new configuration directory..."
info "Creating new configuration directory..."
mkdir -p /etc/patchmon
fi
# Check if agent is already configured and working (before we overwrite anything)
info "🔍 Checking if agent is already configured..."
info "Checking if agent is already configured..."
if [ -f /etc/patchmon/config.yml ] && [ -f /etc/patchmon/credentials.yml ]; then
if [ -f /usr/local/bin/patchmon-agent ]; then
info "📋 Found existing agent configuration"
info "🧪 Testing existing configuration with ping..."
info "Found existing agent configuration"
info "Testing existing configuration with ping..."
if /usr/local/bin/patchmon-agent ping >/dev/null 2>&1; then
success "Agent is already configured and ping successful"
info "📋 Existing configuration is working - skipping installation"
success "Agent is already configured and ping successful"
info "Existing configuration is working - skipping installation"
info ""
info "If you want to reinstall, remove the configuration files first:"
info " sudo rm -f /etc/patchmon/config.yml /etc/patchmon/credentials.yml"
echo ""
exit 0
else
warning "⚠️ Agent configuration exists but ping failed"
warning "⚠️ Will move existing configuration and reinstall"
warning "Agent configuration exists but ping failed"
warning "Will move existing configuration and reinstall"
echo ""
fi
else
warning "⚠️ Configuration files exist but agent binary is missing"
warning "⚠️ Will move existing configuration and reinstall"
warning "Configuration files exist but agent binary is missing"
warning "Will move existing configuration and reinstall"
echo ""
fi
else
success "Agent not yet configured - proceeding with installation"
success "Agent not yet configured - proceeding with installation"
echo ""
fi
# Step 2: Create configuration files
info "🔐 Creating configuration files..."
info "Creating configuration files..."
# Check if config file already exists
if [ -f "/etc/patchmon/config.yml" ]; then
warning "⚠️ Config file already exists at /etc/patchmon/config.yml"
warning "⚠️ Moving existing file out of the way for fresh installation"
warning "Config file already exists at /etc/patchmon/config.yml"
warning "Moving existing file out of the way for fresh installation"
# Clean up old config backups (keep only last 3)
ls -t /etc/patchmon/config.yml.backup.* 2>/dev/null | tail -n +4 | xargs -r rm -f
# Move existing file out of the way
mv /etc/patchmon/config.yml /etc/patchmon/config.yml.backup.$(date +%Y%m%d_%H%M%S)
info "📋 Moved existing config to: /etc/patchmon/config.yml.backup.$(date +%Y%m%d_%H%M%S)"
info "Moved existing config to: /etc/patchmon/config.yml.backup.$(date +%Y%m%d_%H%M%S)"
fi
# Check if credentials file already exists
if [ -f "/etc/patchmon/credentials.yml" ]; then
warning "⚠️ Credentials file already exists at /etc/patchmon/credentials.yml"
warning "⚠️ Moving existing file out of the way for fresh installation"
warning "Credentials file already exists at /etc/patchmon/credentials.yml"
warning "Moving existing file out of the way for fresh installation"
# Clean up old credential backups (keep only last 3)
ls -t /etc/patchmon/credentials.yml.backup.* 2>/dev/null | tail -n +4 | xargs -r rm -f
# Move existing file out of the way
mv /etc/patchmon/credentials.yml /etc/patchmon/credentials.yml.backup.$(date +%Y%m%d_%H%M%S)
info "📋 Moved existing credentials to: /etc/patchmon/credentials.yml.backup.$(date +%Y%m%d_%H%M%S)"
info "Moved existing credentials to: /etc/patchmon/credentials.yml.backup.$(date +%Y%m%d_%H%M%S)"
fi
# Clean up old credentials file if it exists (from previous installations)
if [ -f "/etc/patchmon/credentials" ]; then
warning "⚠️ Found old credentials file, removing it..."
warning "Found old credentials file, removing it..."
rm -f /etc/patchmon/credentials
info "📋 Removed old credentials file"
info "Removed old credentials file"
fi
# Create main config file
@@ -574,29 +564,29 @@ chmod 600 /etc/patchmon/config.yml
chmod 600 /etc/patchmon/credentials.yml
# Step 3: Download the PatchMon agent binary using API credentials
info "📥 Downloading PatchMon agent binary..."
info "Downloading PatchMon agent binary..."
# Determine the binary filename based on architecture
BINARY_NAME="patchmon-agent-linux-${ARCHITECTURE}"
# Check if agent binary already exists
if [ -f "/usr/local/bin/patchmon-agent" ]; then
warning "⚠️ Agent binary already exists at /usr/local/bin/patchmon-agent"
warning "⚠️ Moving existing file out of the way for fresh installation"
warning "Agent binary already exists at /usr/local/bin/patchmon-agent"
warning "Moving existing file out of the way for fresh installation"
# Clean up old agent backups (keep only last 3)
ls -t /usr/local/bin/patchmon-agent.backup.* 2>/dev/null | tail -n +4 | xargs -r rm -f
# Move existing file out of the way
mv /usr/local/bin/patchmon-agent /usr/local/bin/patchmon-agent.backup.$(date +%Y%m%d_%H%M%S)
info "📋 Moved existing agent to: /usr/local/bin/patchmon-agent.backup.$(date +%Y%m%d_%H%M%S)"
info "Moved existing agent to: /usr/local/bin/patchmon-agent.backup.$(date +%Y%m%d_%H%M%S)"
fi
# Clean up old shell script if it exists (from previous installations)
if [ -f "/usr/local/bin/patchmon-agent.sh" ]; then
warning "⚠️ Found old shell script agent, removing it..."
warning "Found old shell script agent, removing it..."
rm -f /usr/local/bin/patchmon-agent.sh
info "📋 Removed old shell script agent"
info "Removed old shell script agent"
fi
# Download the binary
@@ -610,30 +600,30 @@ chmod +x /usr/local/bin/patchmon-agent
# Get the agent version from the binary
AGENT_VERSION=$(/usr/local/bin/patchmon-agent version 2>/dev/null || echo "Unknown")
info "📋 Agent version: $AGENT_VERSION"
info "Agent version: $AGENT_VERSION"
# Handle existing log files and create log directory
info "📁 Setting up log directory..."
info "Setting up log directory..."
# Create log directory if it doesn't exist
mkdir -p /etc/patchmon/logs
# Handle existing log files
if [ -f "/etc/patchmon/logs/patchmon-agent.log" ]; then
warning "⚠️ Existing log file found at /etc/patchmon/logs/patchmon-agent.log"
warning "⚠️ Rotating log file for fresh start"
warning "Existing log file found at /etc/patchmon/logs/patchmon-agent.log"
warning "Rotating log file for fresh start"
# Rotate the log file
mv /etc/patchmon/logs/patchmon-agent.log /etc/patchmon/logs/patchmon-agent.log.old.$(date +%Y%m%d_%H%M%S)
info "📋 Log file rotated to: /etc/patchmon/logs/patchmon-agent.log.old.$(date +%Y%m%d_%H%M%S)"
info "Log file rotated to: /etc/patchmon/logs/patchmon-agent.log.old.$(date +%Y%m%d_%H%M%S)"
fi
# Step 4: Test the configuration
info "🧪 Testing API credentials and connectivity..."
info "Testing API credentials and connectivity..."
if /usr/local/bin/patchmon-agent ping; then
success "TEST: API credentials are valid and server is reachable"
success "TEST: API credentials are valid and server is reachable"
else
error "Failed to validate API credentials or reach server"
error "Failed to validate API credentials or reach server"
fi
# Step 5: Setup service for WebSocket connection
@@ -641,16 +631,16 @@ fi
# Detect init system and create appropriate service
if command -v systemctl >/dev/null 2>&1; then
# Systemd is available
info "🔧 Setting up systemd service..."
info "Setting up systemd service..."
# Stop and disable existing service if it exists
if systemctl is-active --quiet patchmon-agent.service 2>/dev/null; then
warning "⚠️ Stopping existing PatchMon agent service..."
warning "Stopping existing PatchMon agent service..."
systemctl stop patchmon-agent.service
fi
if systemctl is-enabled --quiet patchmon-agent.service 2>/dev/null; then
warning "⚠️ Disabling existing PatchMon agent service..."
warning "Disabling existing PatchMon agent service..."
systemctl disable patchmon-agent.service
fi
@@ -680,9 +670,9 @@ EOF
# Clean up old crontab entries if they exist (from previous installations)
if crontab -l 2>/dev/null | grep -q "patchmon-agent"; then
warning "⚠️ Found old crontab entries, removing them..."
warning "Found old crontab entries, removing them..."
crontab -l 2>/dev/null | grep -v "patchmon-agent" | crontab -
info "📋 Removed old crontab entries"
info "Removed old crontab entries"
fi
# Reload systemd and enable/start the service
@@ -692,25 +682,25 @@ EOF
# Check if service started successfully
if systemctl is-active --quiet patchmon-agent.service; then
success "PatchMon Agent service started successfully"
info "🔗 WebSocket connection established"
success "PatchMon Agent service started successfully"
info "WebSocket connection established"
else
warning "⚠️ Service may have failed to start. Check status with: systemctl status patchmon-agent"
warning "Service may have failed to start. Check status with: systemctl status patchmon-agent"
fi
SERVICE_TYPE="systemd"
elif [ -d /etc/init.d ] && command -v rc-service >/dev/null 2>&1; then
# OpenRC is available (Alpine Linux)
info "🔧 Setting up OpenRC service..."
info "Setting up OpenRC service..."
# Stop and disable existing service if it exists
if rc-service patchmon-agent status >/dev/null 2>&1; then
warning "⚠️ Stopping existing PatchMon agent service..."
warning "Stopping existing PatchMon agent service..."
rc-service patchmon-agent stop
fi
if rc-update show default 2>/dev/null | grep -q "patchmon-agent"; then
warning "⚠️ Disabling existing PatchMon agent service..."
warning "Disabling existing PatchMon agent service..."
rc-update del patchmon-agent default
fi
@@ -737,9 +727,9 @@ EOF
# Clean up old crontab entries if they exist (from previous installations)
if crontab -l 2>/dev/null | grep -q "patchmon-agent"; then
warning "⚠️ Found old crontab entries, removing them..."
warning "Found old crontab entries, removing them..."
crontab -l 2>/dev/null | grep -v "patchmon-agent" | crontab -
info "📋 Removed old crontab entries"
info "Removed old crontab entries"
fi
# Enable and start the service
@@ -748,40 +738,40 @@ EOF
# Check if service started successfully
if rc-service patchmon-agent status >/dev/null 2>&1; then
success "PatchMon Agent service started successfully"
info "🔗 WebSocket connection established"
success "PatchMon Agent service started successfully"
info "WebSocket connection established"
else
warning "⚠️ Service may have failed to start. Check status with: rc-service patchmon-agent status"
warning "Service may have failed to start. Check status with: rc-service patchmon-agent status"
fi
SERVICE_TYPE="openrc"
else
# No init system detected, use crontab as fallback
warning "⚠️ No init system detected (systemd or OpenRC). Using crontab for service management."
warning "No init system detected (systemd or OpenRC). Using crontab for service management."
# Clean up old crontab entries if they exist
if crontab -l 2>/dev/null | grep -q "patchmon-agent"; then
warning "⚠️ Found old crontab entries, removing them..."
warning "Found old crontab entries, removing them..."
crontab -l 2>/dev/null | grep -v "patchmon-agent" | crontab -
info "📋 Removed old crontab entries"
info "Removed old crontab entries"
fi
# Add crontab entry to run the agent
(crontab -l 2>/dev/null; echo "@reboot /usr/local/bin/patchmon-agent serve >/dev/null 2>&1") | crontab -
info "📋 Added crontab entry for PatchMon agent"
info "Added crontab entry for PatchMon agent"
# Start the agent manually
/usr/local/bin/patchmon-agent serve >/dev/null 2>&1 &
success "PatchMon Agent started in background"
info "🔗 WebSocket connection established"
success "PatchMon Agent started in background"
info "WebSocket connection established"
SERVICE_TYPE="crontab"
fi
# Installation complete
success "🎉 PatchMon Agent installation completed successfully!"
success "PatchMon Agent installation completed successfully!"
echo ""
printf "%b\n" "${GREEN}📋 Installation Summary:${NC}"
printf "%b\n" "${GREEN}Installation Summary:${NC}"
echo " • Configuration directory: /etc/patchmon"
echo " • Agent binary installed: /usr/local/bin/patchmon-agent"
echo " • Architecture: $ARCHITECTURE"
@@ -801,16 +791,16 @@ echo " • Logs directory: /etc/patchmon/logs"
MOVED_FILES=$(ls /etc/patchmon/credentials.yml.backup.* /etc/patchmon/config.yml.backup.* /usr/local/bin/patchmon-agent.backup.* /etc/patchmon/logs/patchmon-agent.log.old.* /usr/local/bin/patchmon-agent.sh.backup.* /etc/patchmon/credentials.backup.* 2>/dev/null || true)
if [ -n "$MOVED_FILES" ]; then
echo ""
printf "%b\n" "${YELLOW}📋 Files Moved for Fresh Installation:${NC}"
printf "%b\n" "${YELLOW}Files Moved for Fresh Installation:${NC}"
echo "$MOVED_FILES" | while read -r moved_file; do
echo "$moved_file"
done
echo ""
printf "%b\n" "${BLUE}💡 Note: Old files are automatically cleaned up (keeping last 3)${NC}"
printf "%b\n" "${BLUE}Note: Old files are automatically cleaned up (keeping last 3)${NC}"
fi
echo ""
printf "%b\n" "${BLUE}🔧 Management Commands:${NC}"
printf "%b\n" "${BLUE}Management Commands:${NC}"
echo " • Test connection: /usr/local/bin/patchmon-agent ping"
echo " • Manual report: /usr/local/bin/patchmon-agent report"
echo " • Check status: /usr/local/bin/patchmon-agent diagnostics"
@@ -827,4 +817,4 @@ else
echo " • Restart service: pkill -f 'patchmon-agent serve' && /usr/local/bin/patchmon-agent serve &"
fi
echo ""
success "Your system is now being monitored by PatchMon!"
success "Your system is now being monitored by PatchMon!"

2
backend/package.json
View File

@@ -1,6 +1,6 @@
{
"name": "patchmon-backend",
"version": "1.3.3",
"version": "1.3.4",
"description": "Backend API for Linux Patch Monitoring System",
"license": "AGPL-3.0",
"main": "src/server.js",

13
backend/prisma/migrations/20251114215738_remove_machine_id_unique_constraint/migration.sql Normal file
View File

@@ -0,0 +1,13 @@
-- Remove machine_id unique constraint and make it nullable
-- This allows multiple hosts with the same machine_id
-- Duplicate detection now relies on config.yml/credentials.yml checking instead
-- Drop the unique constraint
ALTER TABLE "hosts" DROP CONSTRAINT IF EXISTS "hosts_machine_id_key";
-- Make machine_id nullable
ALTER TABLE "hosts" ALTER COLUMN "machine_id" DROP NOT NULL;
-- Keep the index for query performance (but not unique)
CREATE INDEX IF NOT EXISTS "hosts_machine_id_idx" ON "hosts"("machine_id");

2
backend/prisma/schema.prisma
View File

@@ -81,7 +81,7 @@ model host_repositories {
model hosts {
id String @id
machine_id String @unique
machine_id String?
friendly_name String
ip String?
os_type String

101
backend/src/routes/autoEnrollmentRoutes.js
View File

@@ -481,19 +481,22 @@ router.delete(
);
// ========== AUTO-ENROLLMENT ENDPOINTS (Used by Scripts) ==========
// Future integrations can follow this pattern:
// - /proxmox-lxc - Proxmox LXC containers
// - /vmware-esxi - VMware ESXi VMs
// - /docker - Docker containers
// - /kubernetes - Kubernetes pods
// - /aws-ec2 - AWS EC2 instances
// Universal script-serving endpoint with type parameter
// Supported types:
// - proxmox-lxc - Proxmox LXC containers
// - direct-host - Direct host enrollment
// Future types:
// - vmware-esxi - VMware ESXi VMs
// - docker - Docker containers
// - kubernetes - Kubernetes pods
// Serve the Proxmox LXC enrollment script with credentials injected
router.get("/proxmox-lxc", async (req, res) => {
// Serve auto-enrollment scripts with credentials injected
router.get("/script", async (req, res) => {
try {
// Get token from query params
// Get parameters from query params
const token_key = req.query.token_key;
const token_secret = req.query.token_secret;
const script_type = req.query.type;
if (!token_key || !token_secret) {
return res
@@ -501,6 +504,25 @@ router.get("/proxmox-lxc", async (req, res) => {
.json({ error: "Token key and secret required as query parameters" });
}
if (!script_type) {
return res.status(400).json({
error:
"Script type required as query parameter (e.g., ?type=proxmox-lxc or ?type=direct-host)",
});
}
// Map script types to script file paths
const scriptMap = {
"proxmox-lxc": "proxmox_auto_enroll.sh",
"direct-host": "direct_host_auto_enroll.sh",
};
if (!scriptMap[script_type]) {
return res.status(400).json({
error: `Invalid script type: ${script_type}. Supported types: ${Object.keys(scriptMap).join(", ")}`,
});
}
// Validate token
const token = await prisma.auto_enrollment_tokens.findUnique({
where: { token_key: token_key },
@@ -526,13 +548,13 @@ router.get("/proxmox-lxc", async (req, res) => {
const script_path = path.join(
__dirname,
"../../../agents/proxmox_auto_enroll.sh",
`../../../agents/${scriptMap[script_type]}`,
);
if (!fs.existsSync(script_path)) {
return res
.status(404)
.json({ error: "Proxmox enrollment script not found" });
return res.status(404).json({
error: `Enrollment script not found: ${scriptMap[script_type]}`,
});
}
let script = fs.readFileSync(script_path, "utf8");
@@ -591,11 +613,11 @@ export FORCE_INSTALL="${force_install ? "true" : "false"}"
res.setHeader("Content-Type", "text/plain");
res.setHeader(
"Content-Disposition",
'inline; filename="proxmox_auto_enroll.sh"',
`inline; filename="${scriptMap[script_type]}"`,
);
res.send(script);
} catch (error) {
console.error("Proxmox script serve error:", error);
console.error("Script serve error:", error);
res.status(500).json({ error: "Failed to serve enrollment script" });
}
});
@@ -609,8 +631,11 @@ router.post(
.isLength({ min: 1, max: 255 })
.withMessage("Friendly name is required"),
body("machine_id")
.optional()
.isLength({ min: 1, max: 255 })
.withMessage("Machine ID is required"),
.withMessage(
"Machine ID must be between 1 and 255 characters if provided",
),
body("metadata").optional().isObject(),
],
async (req, res) => {
@@ -626,24 +651,7 @@ router.post(
const api_id = `patchmon_${crypto.randomBytes(8).toString("hex")}`;
const api_key = crypto.randomBytes(32).toString("hex");
// Check if host already exists by machine_id (not hostname)
const existing_host = await prisma.hosts.findUnique({
where: { machine_id },
});
if (existing_host) {
return res.status(409).json({
error: "Host already exists",
host_id: existing_host.id,
api_id: existing_host.api_id,
machine_id: existing_host.machine_id,
friendly_name: existing_host.friendly_name,
message:
"This machine is already enrolled in PatchMon (matched by machine ID)",
});
}
// Create host
// Create host (no duplicate check - using config.yml checking instead)
const host = await prisma.hosts.create({
data: {
id: uuidv4(),
@@ -760,30 +768,7 @@ router.post(
try {
const { friendly_name, machine_id } = host_data;
if (!machine_id) {
results.failed.push({
friendly_name,
error: "Machine ID is required",
});
continue;
}
// Check if host already exists by machine_id
const existing_host = await prisma.hosts.findUnique({
where: { machine_id },
});
if (existing_host) {
results.skipped.push({
friendly_name,
machine_id,
reason: "Machine already enrolled",
api_id: existing_host.api_id,
});
continue;
}
// Generate credentials
// Generate credentials (no duplicate check - using config.yml checking instead)
const api_id = `patchmon_${crypto.randomBytes(8).toString("hex")}`;
const api_key = crypto.randomBytes(32).toString("hex");

49
backend/src/routes/hostRoutes.js
View File

@@ -551,8 +551,11 @@ router.post(
updated_at: new Date(),
};
// Update machine_id if provided and current one is a placeholder
if (req.body.machineId && host.machine_id.startsWith("pending-")) {
// Update machine_id if provided and current one is a placeholder or null
if (
req.body.machineId &&
(host.machine_id === null || host.machine_id.startsWith("pending-"))
) {
updateData.machine_id = req.body.machineId;
}
@@ -1708,47 +1711,7 @@ ${archExport}
}
});
// Check if machine_id already exists (requires auth)
router.post("/check-machine-id", validateApiCredentials, async (req, res) => {
try {
const { machine_id } = req.body;
if (!machine_id) {
return res.status(400).json({
error: "machine_id is required",
});
}
// Check if a host with this machine_id exists
const existing_host = await prisma.hosts.findUnique({
where: { machine_id },
select: {
id: true,
friendly_name: true,
machine_id: true,
api_id: true,
status: true,
created_at: true,
},
});
if (existing_host) {
return res.status(200).json({
exists: true,
host: existing_host,
message: "This machine is already enrolled",
});
}
return res.status(200).json({
exists: false,
message: "Machine not yet enrolled",
});
} catch (error) {
console.error("Error checking machine_id:", error);
res.status(500).json({ error: "Failed to check machine_id" });
}
});
// Note: /check-machine-id endpoint removed - using config.yml checking method instead
// Serve the removal script (public endpoint - no authentication required)
router.get("/remove", async (_req, res) => {

12
docker/backend.Dockerfile
View File

@@ -20,9 +20,7 @@ COPY --chown=node:node agents ./agents_backup
COPY --chown=node:node agents ./agents
COPY --chmod=755 docker/backend.docker-entrypoint.sh ./entrypoint.sh
WORKDIR /app/backend
RUN npm ci --ignore-scripts && npx prisma generate
RUN npm install --workspace=backend --ignore-scripts && cd backend && npx prisma generate
EXPOSE 3001
@@ -44,13 +42,11 @@ WORKDIR /app
COPY --chown=node:node package*.json ./
COPY --chown=node:node backend/ ./backend/
WORKDIR /app/backend
RUN npm cache clean --force &&\
rm -rf node_modules ~/.npm /root/.npm &&\
npm ci --ignore-scripts --legacy-peer-deps --no-audit --prefer-online --fetch-retries=3 --fetch-retry-mintimeout=20000 --fetch-retry-maxtimeout=120000 &&\
PRISMA_CLI_BINARY_TYPE=binary npm run db:generate &&\
npm prune --omit=dev &&\
npm install --workspace=backend --ignore-scripts --legacy-peer-deps --no-audit --prefer-online --fetch-retries=3 --fetch-retry-mintimeout=20000 --fetch-retry-maxtimeout=120000 &&\
cd backend && PRISMA_CLI_BINARY_TYPE=binary npm run db:generate &&\
cd .. && npm prune --omit=dev --workspace=backend &&\
npm cache clean --force
# Production stage

2
docker/frontend.Dockerfile
View File

@@ -6,7 +6,7 @@ WORKDIR /app
COPY package*.json ./
COPY frontend/ ./frontend/
RUN npm ci --ignore-scripts
RUN npm install --workspace=frontend --ignore-scripts
WORKDIR /app/frontend

2
frontend/env.example
View File

@@ -6,5 +6,5 @@ VITE_API_URL=http://localhost:3001/api/v1
# Application Metadata
VITE_APP_NAME=PatchMon
VITE_APP_VERSION=1.3.1
VITE_APP_VERSION=1.3.4

2
frontend/package.json
View File

@@ -1,7 +1,7 @@
{
"name": "patchmon-frontend",
"private": true,
"version": "1.3.3",
"version": "1.3.4",
"license": "AGPL-3.0",
"type": "module",
"scripts": {

516
frontend/src/pages/settings/Integrations.jsx
View File

@@ -23,7 +23,7 @@ const Integrations = () => {
const token_base64_id = useId();
const gethomepage_config_id = useId();
const [activeTab, setActiveTab] = useState("proxmox");
const [activeTab, setActiveTab] = useState("auto-enrollment");
const [tokens, setTokens] = useState([]);
const [host_groups, setHostGroups] = useState([]);
const [loading, setLoading] = useState(true);
@@ -34,6 +34,9 @@ const Integrations = () => {
const [show_secret, setShowSecret] = useState(false);
const [server_url, setServerUrl] = useState("");
const [force_proxmox_install, setForceProxmoxInstall] = useState(false);
const [usage_type, setUsageType] = useState("proxmox-lxc");
const [selected_script_type, setSelectedScriptType] = useState("proxmox-lxc");
const [curl_flags, setCurlFlags] = useState("-s");
// Form state
const [form_data, setFormData] = useState({
@@ -49,9 +52,9 @@ const Integrations = () => {
const [copy_success, setCopySuccess] = useState({});
// Helper function to build Proxmox enrollment URL with optional force flag
const getProxmoxUrl = () => {
const baseUrl = `${server_url}/api/v1/auto-enrollment/proxmox-lxc?token_key=${new_token.token_key}&token_secret=${new_token.token_secret}`;
// Helper function to build enrollment URL with optional force flag and selected type
const getEnrollmentUrl = (scriptType = selected_script_type) => {
const baseUrl = `${server_url}/api/v1/auto-enrollment/script?type=${scriptType}&token_key=${new_token.token_key}&token_secret=${new_token.token_secret}`;
return force_proxmox_install ? `${baseUrl}&force=true` : baseUrl;
};
@@ -110,9 +113,12 @@ const Integrations = () => {
try {
const response = await api.get("/settings");
setServerUrl(response.data.server_url || window.location.origin);
// Set curl flags based on SSL settings
setCurlFlags(response.data.ignore_ssl_self_signed ? "-sk" : "-s");
} catch (error) {
console.error("Failed to load server URL:", error);
setServerUrl(window.location.origin);
setCurlFlags("-s");
}
};
@@ -120,12 +126,13 @@ const Integrations = () => {
e.preventDefault();
try {
// Determine integration type based on active tab
// Determine integration type based on active tab or usage_type
let integration_type = "proxmox-lxc";
if (activeTab === "gethomepage") {
integration_type = "gethomepage";
} else if (activeTab === "api") {
integration_type = "api";
} else if (activeTab === "auto-enrollment") {
// Use the usage_type selected in the modal
integration_type = usage_type;
}
const data = {
@@ -148,7 +155,7 @@ const Integrations = () => {
}
// Add scopes for API credentials
if (activeTab === "api" && form_data.scopes) {
if (usage_type === "api" && form_data.scopes) {
data.scopes = form_data.scopes;
}
@@ -156,6 +163,7 @@ const Integrations = () => {
setNewToken(response.data.token);
setShowCreateModal(false);
load_tokens();
// Keep usage_type so the success modal can use it
// Reset form
setFormData({
@@ -338,14 +346,14 @@ const Integrations = () => {
<div className="border-b border-secondary-200 dark:border-secondary-600 flex">
<button
type="button"
onClick={() => handleTabChange("proxmox")}
onClick={() => handleTabChange("auto-enrollment")}
className={`px-6 py-3 text-sm font-medium ${
activeTab === "proxmox"
activeTab === "auto-enrollment"
? "text-primary-600 dark:text-primary-400 border-b-2 border-primary-500 bg-primary-50 dark:bg-primary-900/20"
: "text-secondary-500 dark:text-secondary-400 hover:text-secondary-700 dark:hover:text-secondary-300 hover:bg-secondary-50 dark:hover:bg-secondary-700/50"
}`}
>
Proxmox LXC
Auto-Enrollment & API
</button>
<button
type="button"
@@ -358,17 +366,6 @@ const Integrations = () => {
>
GetHomepage
</button>
<button
type="button"
onClick={() => handleTabChange("api")}
className={`px-6 py-3 text-sm font-medium ${
activeTab === "api"
? "text-primary-600 dark:text-primary-400 border-b-2 border-primary-500 bg-primary-50 dark:bg-primary-900/20"
: "text-secondary-500 dark:text-secondary-400 hover:text-secondary-700 dark:hover:text-secondary-300 hover:bg-secondary-50 dark:hover:bg-secondary-700/50"
}`}
>
API
</button>
<button
type="button"
onClick={() => handleTabChange("docker")}
@@ -385,8 +382,8 @@ const Integrations = () => {
{/* Tab Content */}
<div className="p-6">
{/* Proxmox Tab */}
{activeTab === "proxmox" && (
{/* Auto-Enrollment & API Tab */}
{activeTab === "auto-enrollment" && (
<div className="space-y-6">
{/* Header with New Token Button */}
<div className="flex items-center justify-between">
@@ -396,11 +393,11 @@ const Integrations = () => {
</div>
<div>
<h3 className="text-lg font-semibold text-secondary-900 dark:text-white">
Proxmox LXC Auto-Enrollment
Auto-Enrollment & API Credentials
</h3>
<p className="text-sm text-secondary-600 dark:text-secondary-400">
Automatically discover and enroll LXC containers from
Proxmox hosts
Manage tokens for Proxmox LXC auto-enrollment and API
access
</p>
</div>
</div>
@@ -419,17 +416,27 @@ const Integrations = () => {
<div className="text-center py-8">
<div className="inline-block animate-spin rounded-full h-8 w-8 border-b-2 border-primary-600" />
</div>
) : tokens.length === 0 ? (
) : tokens.filter(
(token) =>
token.metadata?.integration_type === "proxmox-lxc" ||
token.metadata?.integration_type === "api",
).length === 0 ? (
<div className="text-center py-8 text-secondary-600 dark:text-secondary-400">
<p>No auto-enrollment tokens created yet.</p>
<p>No auto-enrollment or API tokens created yet.</p>
<p className="text-sm mt-2">
Create a token to enable automatic host enrollment from
Proxmox.
Create a token to enable Proxmox auto-enrollment or API
access.
</p>
</div>
) : (
<div className="space-y-3">
{tokens.map((token) => (
{tokens
.filter(
(token) =>
token.metadata?.integration_type === "proxmox-lxc" ||
token.metadata?.integration_type === "api",
)
.map((token) => (
<div
key={token.id}
className="border border-secondary-200 dark:border-secondary-600 rounded-lg p-4 hover:border-primary-300 dark:hover:border-primary-700 transition-colors"
@@ -440,9 +447,16 @@ const Integrations = () => {
<h4 className="font-medium text-secondary-900 dark:text-white">
{token.token_name}
</h4>
{token.metadata?.integration_type ===
"proxmox-lxc" ? (
<span className="inline-flex items-center px-2 py-0.5 rounded text-xs font-medium bg-blue-100 text-blue-800 dark:bg-blue-900 dark:text-blue-200">
Proxmox LXC
</span>
) : (
<span className="inline-flex items-center px-2 py-0.5 rounded text-xs font-medium bg-green-100 text-green-800 dark:bg-green-900 dark:text-green-200">
API
</span>
)}
{token.is_active ? (
<span className="inline-flex items-center px-2 py-0.5 rounded text-xs font-medium bg-green-100 text-green-800 dark:bg-green-900 dark:text-green-200">
Active
@@ -475,11 +489,16 @@ const Integrations = () => {
)}
</button>
</div>
{token.metadata?.integration_type ===
"proxmox-lxc" && (
<p>
Usage: {token.hosts_created_today}/
{token.max_hosts_per_day} hosts today
</p>
{token.host_groups && (
)}
{token.metadata?.integration_type ===
"proxmox-lxc" &&
token.host_groups && (
<p>
Default Group:{" "}
<span
@@ -493,6 +512,18 @@ const Integrations = () => {
</span>
</p>
)}
{token.metadata?.integration_type === "api" &&
token.scopes && (
<p>
Scopes:{" "}
{Object.entries(token.scopes)
.map(
([resource, actions]) =>
`${resource}: ${Array.isArray(actions) ? actions.join(", ") : actions}`,
)
.join(" | ")}
</p>
)}
{token.allowed_ip_ranges?.length > 0 && (
<p>
Allowed IPs:{" "}
@@ -508,7 +539,8 @@ const Integrations = () => {
{token.expires_at && (
<p>
Expires: {format_date(token.expires_at)}
{new Date(token.expires_at) < new Date() && (
{new Date(token.expires_at) <
new Date() && (
<span className="ml-2 text-red-600 dark:text-red-400">
(Expired)
</span>
@@ -518,6 +550,15 @@ const Integrations = () => {
</div>
</div>
<div className="flex items-center gap-2">
{token.metadata?.integration_type === "api" && (
<button
type="button"
onClick={() => open_edit_modal(token)}
className="px-3 py-1 text-sm rounded bg-blue-100 text-blue-700 hover:bg-blue-200 dark:bg-blue-900 dark:text-blue-300"
>
Edit
</button>
)}
<button
type="button"
onClick={() =>
@@ -549,41 +590,55 @@ const Integrations = () => {
{/* Documentation Section */}
<div className="bg-primary-50 dark:bg-primary-900/20 border border-primary-200 dark:border-primary-800 rounded-lg p-6">
<div className="flex items-center justify-between mb-4">
<h3 className="text-lg font-semibold text-primary-900 dark:text-primary-200">
How to Use Auto-Enrollment
<h3 className="text-lg font-semibold text-primary-900 dark:text-primary-200 mb-4">
Documentation
</h3>
<div className="grid grid-cols-1 md:grid-cols-2 gap-4">
{/* Proxmox Documentation */}
<div className="border border-primary-200 dark:border-primary-700 rounded-lg p-4 bg-white dark:bg-secondary-800">
<div className="flex items-center gap-2 mb-3">
<Server className="h-5 w-5 text-blue-600 dark:text-blue-400" />
<h4 className="font-semibold text-secondary-900 dark:text-white">
Auto-enrollment
</h4>
</div>
<p className="text-sm text-secondary-600 dark:text-secondary-400 mb-3">
Automatically discover and enroll hosts from Proxmox or
direct enrollment.
</p>
<a
href="https://docs.patchmon.net/books/patchmon-application-documentation/page/proxmox-lxc-auto-enrollment-guide"
target="_blank"
rel="noopener noreferrer"
className="px-4 py-2 bg-primary-600 hover:bg-primary-700 dark:bg-primary-500 dark:hover:bg-primary-600 text-white rounded-lg flex items-center gap-2 transition-colors"
className="inline-flex items-center gap-2 px-3 py-2 bg-primary-600 hover:bg-primary-700 dark:bg-primary-500 dark:hover:bg-primary-600 text-white rounded-lg text-sm transition-colors"
>
<BookOpen className="h-4 w-4" />
Documentation
View Guide
</a>
</div>
<ol className="list-decimal list-inside space-y-2 text-sm text-primary-800 dark:text-primary-300">
<li>
Create a new auto-enrollment token using the button above
</li>
<li>
Copy the one-line installation command shown in the
success dialog
</li>
<li>SSH into your Proxmox host as root</li>
<li>
Paste and run the command - it will automatically discover
and enroll all running LXC containers
</li>
<li>View enrolled containers in the Hosts page</li>
</ol>
<div className="mt-4 p-3 bg-primary-100 dark:bg-primary-900/40 rounded border border-primary-200 dark:border-primary-700">
<p className="text-xs text-primary-800 dark:text-primary-300">
<strong>💡 Tip:</strong> You can run the same command
multiple times safely - already enrolled containers will
be automatically skipped.
{/* API Documentation */}
<div className="border border-primary-200 dark:border-primary-700 rounded-lg p-4 bg-white dark:bg-secondary-800">
<div className="flex items-center gap-2 mb-3">
<Server className="h-5 w-5 text-green-600 dark:text-green-400" />
<h4 className="font-semibold text-secondary-900 dark:text-white">
Scoped credentials
</h4>
</div>
<p className="text-sm text-secondary-600 dark:text-secondary-400 mb-3">
Programmatic access to PatchMon data with granular
scope-based permissions.
</p>
<a
href="https://docs.patchmon.net/books/patchmon-application-documentation/page/integration-api-documentation"
target="_blank"
rel="noopener noreferrer"
className="inline-flex items-center gap-2 px-3 py-2 bg-primary-600 hover:bg-primary-700 dark:bg-primary-500 dark:hover:bg-primary-600 text-white rounded-lg text-sm transition-colors"
>
<BookOpen className="h-4 w-4" />
View Guide
</a>
</div>
</div>
</div>
</div>
@@ -849,214 +904,6 @@ const Integrations = () => {
</div>
)}
{/* API Tab */}
{activeTab === "api" && (
<div className="space-y-6">
{/* Header with New Credential Button */}
<div className="flex items-center justify-between">
<div className="flex items-center gap-3">
<div className="w-10 h-10 bg-primary-100 dark:bg-primary-900 rounded-lg flex items-center justify-center">
<Server className="h-5 w-5 text-primary-600 dark:text-primary-400" />
</div>
<div>
<h3 className="text-lg font-semibold text-secondary-900 dark:text-white">
API Credentials
</h3>
<p className="text-sm text-secondary-600 dark:text-secondary-400">
Manage API credentials for programmatic access to
PatchMon data
</p>
</div>
</div>
<button
type="button"
onClick={() => setShowCreateModal(true)}
className="btn-primary flex items-center gap-2"
>
<Plus className="h-4 w-4" />
New Credential
</button>
</div>
{/* API Credentials List */}
{loading ? (
<div className="text-center py-8">
<div className="inline-block animate-spin rounded-full h-8 w-8 border-b-2 border-primary-600" />
</div>
) : tokens.filter(
(token) => token.metadata?.integration_type === "api",
).length === 0 ? (
<div className="text-center py-8 text-secondary-600 dark:text-secondary-400">
<p>No API credentials created yet.</p>
<p className="text-sm mt-2">
Create a credential to enable programmatic access to
PatchMon.
</p>
</div>
) : (
<div className="space-y-3">
{tokens
.filter(
(token) => token.metadata?.integration_type === "api",
)
.map((token) => (
<div
key={token.id}
className="border border-secondary-200 dark:border-secondary-600 rounded-lg p-4 hover:border-primary-300 dark:hover:border-primary-700 transition-colors"
>
<div className="flex justify-between items-start">
<div className="flex-1">
<div className="flex items-center gap-2 flex-wrap">
<h4 className="font-medium text-secondary-900 dark:text-white">
{token.token_name}
</h4>
<span className="inline-flex items-center px-2 py-0.5 rounded text-xs font-medium bg-green-100 text-green-800 dark:bg-green-900 dark:text-green-200">
API
</span>
{token.is_active ? (
<span className="inline-flex items-center px-2 py-0.5 rounded text-xs font-medium bg-green-100 text-green-800 dark:bg-green-900 dark:text-green-200">
Active
</span>
) : (
<span className="inline-flex items-center px-2 py-0.5 rounded text-xs font-medium bg-secondary-100 text-secondary-800 dark:bg-secondary-700 dark:text-secondary-200">
Inactive
</span>
)}
</div>
<div className="mt-2 space-y-1 text-sm text-secondary-600 dark:text-secondary-400">
<div className="flex items-center gap-2">
<span className="font-mono text-xs bg-secondary-100 dark:bg-secondary-700 px-2 py-1 rounded">
{token.token_key}
</span>
<button
type="button"
onClick={() =>
copy_to_clipboard(
token.token_key,
`key-${token.id}`,
)
}
className="text-primary-600 hover:text-primary-700 dark:text-primary-400"
>
{copy_success[`key-${token.id}`] ? (
<CheckCircle className="h-4 w-4" />
) : (
<Copy className="h-4 w-4" />
)}
</button>
</div>
{token.scopes && (
<p>
Scopes:{" "}
{Object.entries(token.scopes)
.map(
([resource, actions]) =>
`${resource}: ${Array.isArray(actions) ? actions.join(", ") : actions}`,
)
.join(" | ")}
</p>
)}
{token.allowed_ip_ranges?.length > 0 && (
<p>
Allowed IPs:{" "}
{token.allowed_ip_ranges.join(", ")}
</p>
)}
<p>Created: {format_date(token.created_at)}</p>
{token.last_used_at && (
<p>
Last Used: {format_date(token.last_used_at)}
</p>
)}
{token.expires_at && (
<p>
Expires: {format_date(token.expires_at)}
{new Date(token.expires_at) <
new Date() && (
<span className="ml-2 text-red-600 dark:text-red-400">
(Expired)
</span>
)}
</p>
)}
</div>
</div>
<div className="flex items-center gap-2">
<button
type="button"
onClick={() => open_edit_modal(token)}
className="px-3 py-1 text-sm rounded bg-blue-100 text-blue-700 hover:bg-blue-200 dark:bg-blue-900 dark:text-blue-300"
>
Edit
</button>
<button
type="button"
onClick={() =>
toggle_token_active(token.id, token.is_active)
}
className={`px-3 py-1 text-sm rounded ${
token.is_active
? "bg-secondary-100 text-secondary-700 hover:bg-secondary-200 dark:bg-secondary-700 dark:text-secondary-300"
: "bg-green-100 text-green-700 hover:bg-green-200 dark:bg-green-900 dark:text-green-300"
}`}
>
{token.is_active ? "Disable" : "Enable"}
</button>
<button
type="button"
onClick={() =>
delete_token(token.id, token.token_name)
}
className="text-red-600 hover:text-red-800 dark:text-red-400 p-2"
>
<Trash2 className="h-4 w-4" />
</button>
</div>
</div>
</div>
))}
</div>
)}
{/* Documentation Section */}
<div className="bg-primary-50 dark:bg-primary-900/20 border border-primary-200 dark:border-primary-800 rounded-lg p-6">
<h3 className="text-lg font-semibold text-primary-900 dark:text-primary-200 mb-4">
Using API Credentials
</h3>
<div className="space-y-4 text-sm text-primary-800 dark:text-primary-300">
<p>
API credentials allow you to programmatically access
PatchMon data using Basic Authentication.
</p>
<div>
<p className="font-semibold mb-2">
Example cURL Request:
</p>
<div className="bg-primary-100 dark:bg-primary-900/40 p-3 rounded border border-primary-200 dark:border-primary-700 font-mono text-xs overflow-x-auto">
curl -u "YOUR_API_KEY:YOUR_API_SECRET" \<br />
&nbsp;&nbsp;{server_url}/api/v1/api/hosts
</div>
</div>
<div>
<p className="font-semibold mb-2">
Query Hosts by Group:
</p>
<div className="bg-primary-100 dark:bg-primary-900/40 p-3 rounded border border-primary-200 dark:border-primary-700 font-mono text-xs overflow-x-auto">
curl -u "YOUR_API_KEY:YOUR_API_SECRET" \<br />
&nbsp;&nbsp;"{server_url}
/api/v1/api/hosts?hostgroup=Production,Development"
</div>
</div>
<p className="text-xs">
<strong>💡 Tip:</strong> You can filter by host group
names or UUIDs. Multiple groups can be specified as a
comma-separated list.
</p>
</div>
</div>
</div>
)}
{/* Docker Tab */}
{activeTab === "docker" && (
<div className="space-y-6">
@@ -1202,23 +1049,53 @@ const Integrations = () => {
<div className="fixed inset-0 bg-black bg-opacity-50 flex items-center justify-center z-50 p-4">
<div className="bg-white dark:bg-secondary-800 rounded-lg max-w-2xl w-full max-h-[90vh] overflow-y-auto">
<div className="p-6">
<div className="flex items-center justify-between mb-6">
<div className="flex items-center justify-between mb-4">
<h2 className="text-xl font-bold text-secondary-900 dark:text-white">
{activeTab === "gethomepage"
? "Create GetHomepage API Key"
: activeTab === "api"
? "Create API Credential"
: "Create Auto-Enrollment Token"}
: "Create Token"}
</h2>
<button
type="button"
onClick={() => setShowCreateModal(false)}
onClick={() => {
setShowCreateModal(false);
setUsageType("proxmox-lxc");
setSelectedScriptType("proxmox-lxc");
}}
className="text-secondary-400 hover:text-secondary-600 dark:hover:text-secondary-200"
>
<X className="h-6 w-6" />
</button>
</div>
{/* Tabs for Auto-enrollment modal */}
{activeTab === "auto-enrollment" && (
<div className="flex border-b border-secondary-200 dark:border-secondary-700 mb-6">
<button
type="button"
onClick={() => setUsageType("proxmox-lxc")}
className={`px-4 py-2 text-sm font-medium border-b-2 transition-colors ${
usage_type === "proxmox-lxc"
? "text-primary-600 dark:text-primary-400 border-primary-500"
: "text-secondary-500 dark:text-secondary-400 border-transparent hover:text-secondary-700 dark:hover:text-secondary-300"
}`}
>
Auto-enrollment
</button>
<button
type="button"
onClick={() => setUsageType("api")}
className={`px-4 py-2 text-sm font-medium border-b-2 transition-colors ${
usage_type === "api"
? "text-primary-600 dark:text-primary-400 border-primary-500"
: "text-secondary-500 dark:text-secondary-400 border-transparent hover:text-secondary-700 dark:hover:text-secondary-300"
}`}
>
Scoped credentials
</button>
</div>
)}
<form onSubmit={create_token} className="space-y-4">
<label className="block">
<span className="block text-sm font-medium text-secondary-700 dark:text-secondary-300 mb-1">
@@ -1234,7 +1111,7 @@ const Integrations = () => {
placeholder={
activeTab === "gethomepage"
? "e.g., GetHomepage Widget"
: activeTab === "api"
: usage_type === "api"
? "e.g., Ansible Inventory"
: "e.g., Proxmox Production"
}
@@ -1242,7 +1119,8 @@ const Integrations = () => {
/>
</label>
{activeTab === "proxmox" && (
{usage_type === "proxmox-lxc" &&
activeTab === "auto-enrollment" && (
<>
<label className="block">
<span className="block text-sm font-medium text-secondary-700 dark:text-secondary-300 mb-1">
@@ -1295,7 +1173,7 @@ const Integrations = () => {
</>
)}
{activeTab === "api" && (
{usage_type === "api" && activeTab === "auto-enrollment" && (
<div className="block">
<span className="block text-sm font-medium text-secondary-700 dark:text-secondary-300 mb-2">
Scopes *
@@ -1390,7 +1268,10 @@ const Integrations = () => {
</button>
<button
type="button"
onClick={() => setShowCreateModal(false)}
onClick={() => {
setShowCreateModal(false);
setUsageType("proxmox-lxc");
}}
className="flex-1 bg-secondary-100 dark:bg-secondary-700 text-secondary-700 dark:text-secondary-300 py-2 px-4 rounded-md hover:bg-secondary-200 dark:hover:bg-secondary-600"
>
Cancel
@@ -1411,9 +1292,11 @@ const Integrations = () => {
<div className="flex items-center gap-2">
<CheckCircle className="h-6 w-6 text-green-600 dark:text-green-400" />
<h2 className="text-lg font-bold text-secondary-900 dark:text-white">
{activeTab === "gethomepage"
{new_token.metadata?.integration_type === "gethomepage" ||
activeTab === "gethomepage"
? "API Key Created Successfully"
: activeTab === "api"
: new_token.metadata?.integration_type === "api" ||
usage_type === "api"
? "API Credential Created Successfully"
: "Token Created Successfully"}
</h2>
@@ -1423,6 +1306,8 @@ const Integrations = () => {
onClick={() => {
setNewToken(null);
setShowSecret(false);
setUsageType("proxmox-lxc");
setSelectedScriptType("proxmox-lxc");
}}
className="text-secondary-400 hover:text-secondary-600 dark:hover:text-secondary-200"
>
@@ -1538,7 +1423,9 @@ const Integrations = () => {
</div>
</div>
{activeTab === "api" && new_token.scopes && (
{(new_token.metadata?.integration_type === "api" ||
usage_type === "api") &&
new_token.scopes && (
<div className="mt-4">
<div className="block text-xs font-medium text-secondary-700 dark:text-secondary-300 mb-2">
Granted Scopes
@@ -1562,7 +1449,8 @@ const Integrations = () => {
</div>
)}
{activeTab === "api" && (
{(new_token.metadata?.integration_type === "api" ||
usage_type === "api") && (
<div className="mt-6">
<div className="block text-sm font-medium text-secondary-700 dark:text-secondary-300 mb-2">
Usage Examples
@@ -1635,14 +1523,43 @@ const Integrations = () => {
</div>
)}
{activeTab === "proxmox" && (
{(new_token.metadata?.integration_type === "proxmox-lxc" ||
usage_type === "proxmox-lxc") && (
<div className="mt-6">
<div className="block text-sm font-medium text-secondary-700 dark:text-secondary-300 mb-2">
One-Line Installation Command
Auto-Enrollment Command
</div>
{/* Script Type Toggle Buttons */}
<div className="flex gap-2 mb-3">
<button
type="button"
onClick={() => setSelectedScriptType("proxmox-lxc")}
className={`px-3 py-1.5 text-sm font-medium rounded-md transition-colors ${
selected_script_type === "proxmox-lxc"
? "bg-primary-600 text-white dark:bg-primary-500"
: "bg-secondary-200 text-secondary-700 dark:bg-secondary-700 dark:text-secondary-300 hover:bg-secondary-300 dark:hover:bg-secondary-600"
}`}
>
Proxmox
</button>
<button
type="button"
onClick={() => setSelectedScriptType("direct-host")}
className={`px-3 py-1.5 text-sm font-medium rounded-md transition-colors ${
selected_script_type === "direct-host"
? "bg-primary-600 text-white dark:bg-primary-500"
: "bg-secondary-200 text-secondary-700 dark:bg-secondary-700 dark:text-secondary-300 hover:bg-secondary-300 dark:hover:bg-secondary-600"
}`}
>
Direct Host
</button>
</div>
<p className="text-xs text-secondary-600 dark:text-secondary-400 mb-2">
Run this command on your Proxmox host to download and
execute the enrollment script:
{selected_script_type === "proxmox-lxc"
? "Run this command on your Proxmox host to automatically discover and enroll all running LXC containers:"
: "Run this command on individual hosts to enroll them directly:"}
</p>
{/* Force Install Toggle */}
@@ -1657,19 +1574,19 @@ const Integrations = () => {
className="rounded border-secondary-300 dark:border-secondary-600 text-primary-600 focus:ring-primary-500 dark:focus:ring-primary-400 dark:bg-secondary-700"
/>
<span className="text-secondary-800 dark:text-secondary-200">
Force install (bypass broken packages in containers)
Force install (bypass broken packages)
</span>
</label>
<p className="text-xs text-secondary-600 dark:text-secondary-400 mt-1">
Enable this if your LXC containers have broken packages
(CloudPanel, WHM, etc.) that block apt-get operations
Enable this if hosts have broken packages (CloudPanel,
WHM, etc.) that block apt-get operations
</p>
</div>
<div className="flex items-center gap-2">
<input
type="text"
value={`curl -s "${getProxmoxUrl()}" | sh`}
value={`curl ${curl_flags} "${getEnrollmentUrl()}" | sh`}
readOnly
className="flex-1 px-3 py-2 border border-secondary-300 dark:border-secondary-600 rounded-md bg-secondary-50 dark:bg-secondary-900 text-secondary-900 dark:text-white font-mono text-xs"
/>
@@ -1677,13 +1594,13 @@ const Integrations = () => {
type="button"
onClick={() =>
copy_to_clipboard(
`curl -s "${getProxmoxUrl()}" | sh`,
"curl-command",
`curl ${curl_flags} "${getEnrollmentUrl()}" | sh`,
"enrollment-command",
)
}
className="btn-primary flex items-center gap-1 px-3 py-2 whitespace-nowrap"
>
{copy_success["curl-command"] ? (
{copy_success["enrollment-command"] ? (
<>
<CheckCircle className="h-4 w-4" />
Copied
@@ -1696,14 +1613,21 @@ const Integrations = () => {
)}
</button>
</div>
<p className="text-xs text-secondary-500 dark:text-secondary-400 mt-2">
💡 This command will automatically discover and enroll all
running LXC containers.
{/* Usage hint for direct-host */}
{selected_script_type === "direct-host" && (
<p className="text-xs text-secondary-500 dark:text-secondary-400 mt-3 p-2 bg-blue-50 dark:bg-blue-900/20 rounded border border-blue-200 dark:border-blue-800">
💡 <strong>Tip:</strong> Specify a custom name:{" "}
<code className="text-xs bg-secondary-200 dark:bg-secondary-700 px-1 py-0.5 rounded">
FRIENDLY_NAME="My Server" sh
</code>
</p>
)}
</div>
)}
{activeTab === "gethomepage" && (
{(new_token.metadata?.integration_type === "gethomepage" ||
activeTab === "gethomepage") && (
<div className="mt-3 space-y-3">
<div>
<label
@@ -1835,6 +1759,8 @@ const Integrations = () => {
onClick={() => {
setNewToken(null);
setShowSecret(false);
setUsageType("proxmox-lxc");
setSelectedScriptType("proxmox-lxc");
}}
className="w-full btn-primary py-2 px-4 rounded-md"
>

8
package-lock.json generated
View File

@@ -1,12 +1,12 @@
{
"name": "patchmon",
"version": "1.3.2",
"version": "1.3.4",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "patchmon",
"version": "1.3.2",
"version": "1.3.4",
"license": "AGPL-3.0",
"workspaces": [
"backend",
@@ -23,7 +23,7 @@
},
"backend": {
"name": "patchmon-backend",
"version": "1.3.2",
"version": "1.3.4",
"license": "AGPL-3.0",
"dependencies": {
"@bull-board/api": "^6.13.1",
@@ -59,7 +59,7 @@
},
"frontend": {
"name": "patchmon-frontend",
"version": "1.3.2",
"version": "1.3.4",
"license": "AGPL-3.0",
"dependencies": {
"@dnd-kit/core": "^6.3.1",

2
package.json
View File

@@ -1,6 +1,6 @@
{
"name": "patchmon",
"version": "1.3.3",
"version": "1.3.4",
"description": "Linux Patch Monitoring System",
"license": "AGPL-3.0",
"private": true,