ssh exporter

[EHSchmitt4395]

PR Description

ssh exporter for remote hosts

define ip along with password or key for the creation of custom metrics from a remote host via bash interpolation

ex alloy config:

prometheus.exporter.ssh "example" {
  verbose_logging = true

  targets {
    address         = "192.168.1.10"
    port            = 22
    username        = "admin"
    password        = "password"
    command_timeout = 10

    custom_metrics {
      name    = "load_average"
      command = "cat /proc/loadavg | awk '{print $1}'"
      type    = "gauge"
      help    = "Load average over 1 minute"
    }
  }

  targets {
    address         = "192.168.1.11"
    port            = 22
    username        = "monitor"
    key_file        = "/path/to/private.key"
    command_timeout = 15

    custom_metrics {
      name        = "disk_usage"
      command     = "df / | tail -1 | awk '{print $5}'"
      type        = "gauge"
      help        = "Disk usage percentage"
      parse_regex = "(\\d+)%"
    }
  }
}

prometheus.scrape "demo" {
  targets    = prometheus.exporter.ssh.example.targets
  forward_to = [prometheus.remote_write.demo.receiver]
}

prometheus.remote_write "demo" {
  endpoint {
    url = PROMETHEUS_REMOTE_WRITE_URL

    basic_auth {
      username = USERNAME
      password = PASSWORD
    }
  }
}

Notes to the Reviewer

plz let me know if issue or something missing with my pr - cheers :)

PR Checklist

• CHANGELOG.md updated
• Documentation added
• Tests updated

[ptodev]

Suggested change

| `targets` | `block` | One or more target configurations for SSH metrics. | | yes |

We don't list blocks in the table in the Arguments section. They are listed in the table in the Blocks section.

[ptodev]

It's better to just have a key attribute which is a secret string. People can still get that string from a file if they use local.file. The benefit is that it's more flexible, because you can also get the secret from somewhere like remote.vault or remote.kubernetes.secret.

[ptodev]

Suggested change

	| `password` | `secret` | Password for password-based SSH authentication. | | Required if `key_file` is not provided |
	| `password` | `secret` | Password for password-based SSH authentication. | | no

If an argument is not always required, we'll usually just say "no" in the table and then we'll explain under the table that one of those two arguments must be supplied.

[ptodev]

Suggested change

	#### Metric Types
	- `gauge`: Represents a numerical value that can go up or down.
	- `counter`: Represents a cumulative value that only increases.
	#### parse_regex
	The `type` argument can have either of the following values:
	- `gauge`: Represents a numerical value that can go up or down.
	- `counter`: Represents a cumulative value that only increases.

We usually don't use sub-headings under the tables, unless there's too much text and there's no other way to structure the information.

[ptodev]

Suggested change

	- If the `known_hosts` file does not exist, the component creates it and fetches the host key using `ssh-keyscan`.
	- If the `~/.ssh/known_hosts` file does not exist, the component creates it and fetches the host key using `ssh-keyscan`.

Would be good to know where the file is located.

[ptodev]

We don't need static mode converters, since static mode doesn't support this exporter :)

[ptodev]

Do we really need this file? The reason other exporters have it is that they come from Agent Static mode.

[ptodev]

Is the code copied from an already existing prometheus exporter? If so, we should probably check the license to make sure it's ok to copy it. But it might be better to just import the other exporter if possible?

[ptodev]

If a user fixes the issue with this, would they have to restart Alloy for things to start working? Ideally the component should just keep trying periodically until it works.

[ptodev]

Are there any SSH commands that should not be allowed? I realise this may be hard to enforce, but I just think some users might want extra security and I wonder if there are any further checks we can do.

[ptodev]

Once the component is merged, it would be useful to have modules in the alloy-modules repo which show how to extract various metrics in Linux.

[wildum]

Please add the experimental snippet to document the fact that the component is experimental

[wildum]

aliases are not need for this component because it's brand new (this was used for mapping after the structure of the doc was changed)

[ptodev]

We could add debug statements like this to Live Debugging. They can also include the output of the command.

[mattdurham]

Should this be a duration? We rarely use dedicated seconds.

[mattdurham]

What is the expected behavior if command timeout > scrape timeout?

[mattdurham]

Is this windows compatible?

[mattdurham]

Can target address be hijacked for any injection? We should ensure it is an valid URI.

[mattdurham]

Is this safe? It likely is because its only called from NewSSHClient but maybe a global mutex?

[mattdurham]

The underlying component context should likely also be passed here.

[mattdurham]

And checked against.

[clayton-cornell]

Observation: In reviewing this I've noticed that the wording of some sections in the Prometheus topics are not consistent with the rest of the components. For example, Arguments in other sections simply state: The following arguments are supported:

I'll create an Issue to follow up on this. No action or suggestions for this PR.

[clayton-cornell]

Should we add/include the Hierarchy column in this table?