admin/felhom-agent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(hub): host-report client + collector + first daemon loop (slice 3, v0.3.0)

Browse Source 
internal/hub: the agent's first daemon — a periodic read-only host-report POSTed to
the hub (the heartbeat; no separate ping).

- HostReport wire contract (shared field-for-field with the hub ingest): host
  metrics, guests (vmid + spec), cloudflared status; storage/backups/restore-tests/
  pbs/audit collections DEFINED but emitted empty (slices 5/6 fill).
- Collector over a read-only proxmoxReader (adapted to the real proxmox surface;
  no proxmox changes) + a CloudflaredProber. Partial-failure: NodeStatus fail = hard
  (skip POST); per-guest GuestConfig fail = status "unknown", still report.
- Client: Bearer-auth POST, standard TLS (system roots / optional ca_file), typed
  TransportError/HTTPError, token never in errors.
- Loop: immediate first report, adopt hub poll_interval (clamp [60,3600]), resilient
  to collect/report errors, clean ctx-cancel shutdown.
- ControlEnvelope: only poll_interval_seconds acted on; blocked/desired_generation/
  has_signed_ops parsed-but-ignored (slice 4).
- config: HubConfig + FELHOM_AGENT_HUB_* overlay + mode-aware HubConfig.Validate +
  WithDefaults + hub-key redaction; example config updated.
- main: no-selftest mode is now the daemon; added --selftest=hub. Version -> 0.3.0.

Tests: report serialization, client (incl. token-redaction), collector partial-
failure, loop continuation+interval adoption, config. internal/proxmox + internal/
authz untouched.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
authentik Default Admin
2026-06-08 16:20:09 +02:00
parent f0fee7e193
commit ab77fa3544
16 changed files with 1352 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files
configs/agent.example.json
+23
View File
@@ -13,5 +13,28 @@
"mode": "sudo",
"sudo_path": "sudo"
},
"authz": {
"nonce_store_path": "/var/lib/felhom-agent/nonces.log",
"signers": [
{
"key_id": "felhom-op-1",
"role": "operational",
"public_key": "ssh-ed25519 AAAA... felhom-op-1"
},
{
"key_id": "felhom-recovery-1",
"role": "recovery",
"public_key": "ssh-ed25519 AAAA... felhom-recovery-1"
}
]
},
"hub": {
"url": "https://hub.felhom.eu",
"host_id": "demo-host-01",
"api_key": "REPLACE_WITH_PER_HOST_HUB_KEY",
"poll_seconds": 900,
"timeout_seconds": 30,
"ca_file": ""
},
"log_level": "info"
}