Prometheus power metrics #7423
Prometheus power metrics #7423
Conversation
Fix is the same applied here: c9742ad3d798e3c (use to_s to prevent nil.upcase calls) (cherry picked from commit 4c7f6dc)
* Schemas validated by online tool * Ambiguity errors not solved (cherry picked from commit cd9eb49)
(cherry picked from commit 822581a)
* Cleanup oned in case of initialization error * Fix monitoring after onemonitord restart. The code includes a "hook" point in case a driver is re-started so custom code can be executed. InformationManager sends the list of hosts and raft status in this case. * B #5801: Update error msg, in case of duplicated drivers (cherry picked from commit 7b07def)
Metric is in bytes, MB was published
* It looks like `onedb purge-history` sometimes fails to delete some history records. * Delete all history records with SEQ greater then VM/HISTORY_RECORDS/HISTORY/SEQ, which should be the last record (cherry picked from commit a3c4776)
Signed-off-by: dcarracedo <dcarracedo@opennebula.io> (cherry picked from commit 1fcb2ba)
| [LABELS, onDeleteLabel, onClickLabel] | ||
| ) | ||
|
|
||
| return <MultipleTags tags={labels} truncateText={10} /> |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
A potential Cross-Site Scripting (XSS) vulnerability has been identified, where untrusted input is being reflected in the response without proper sanitization. This can allow an attacker to inject and execute malicious scripts in the user's browser, potentially compromising sensitive data or application behavior. To mitigate this risk, it is strongly recommended to sanitize or encode all user input before rendering it in the DOM or returning it in a response. Commonly used methods include DOMPurify.sanitize(), encodeURIComponent(), escape(), etc., depending on the use case and framework in use. Learn more - https://cwe.mitre.org/data/definitions/79.html
| accessor: (template) => { | ||
| const { color: stateColor, name: stateName } = getState(template) | ||
|
|
||
| return <StatusCircle color={stateColor} tooltip={stateName} /> |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
A potential Cross-Site Scripting (XSS) vulnerability has been identified, where untrusted input is being reflected in the response without proper sanitization. This can allow an attacker to inject and execute malicious scripts in the user's browser, potentially compromising sensitive data or application behavior. To mitigate this risk, it is strongly recommended to sanitize or encode all user input before rendering it in the DOM or returning it in a response. Commonly used methods include DOMPurify.sanitize(), encodeURIComponent(), escape(), etc., depending on the use case and framework in use. Learn more - https://cwe.mitre.org/data/definitions/79.html
| const { percentCpuUsed, percentCpuLabel, colorCpu } = | ||
| getAllocatedInfo(host) | ||
|
|
||
| return ( |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
A potential Cross-Site Scripting (XSS) vulnerability has been identified, where untrusted input is being reflected in the response without proper sanitization. This can allow an attacker to inject and execute malicious scripts in the user's browser, potentially compromising sensitive data or application behavior. To mitigate this risk, it is strongly recommended to sanitize or encode all user input before rendering it in the DOM or returning it in a response. Commonly used methods include DOMPurify.sanitize(), encodeURIComponent(), escape(), etc., depending on the use case and framework in use. Learn more - https://cwe.mitre.org/data/definitions/79.html
| accessor: (template) => { | ||
| const { color: stateColor, name: stateName } = getState(template) | ||
|
|
||
| return <StatusCircle color={stateColor} tooltip={stateName} /> |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
A potential Cross-Site Scripting (XSS) vulnerability has been identified, where untrusted input is being reflected in the response without proper sanitization. This can allow an attacker to inject and execute malicious scripts in the user's browser, potentially compromising sensitive data or application behavior. To mitigate this risk, it is strongly recommended to sanitize or encode all user input before rendering it in the DOM or returning it in a response. Commonly used methods include DOMPurify.sanitize(), encodeURIComponent(), escape(), etc., depending on the use case and framework in use. Learn more - https://cwe.mitre.org/data/definitions/79.html
| displayName: stateDisplayName, | ||
| } = getState(vm) | ||
|
|
||
| return ( |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
A potential Cross-Site Scripting (XSS) vulnerability has been identified, where untrusted input is being reflected in the response without proper sanitization. This can allow an attacker to inject and execute malicious scripts in the user's browser, potentially compromising sensitive data or application behavior. To mitigate this risk, it is strongly recommended to sanitize or encode all user input before rendering it in the DOM or returning it in a response. Commonly used methods include DOMPurify.sanitize(), encodeURIComponent(), escape(), etc., depending on the use case and framework in use. Learn more - https://cwe.mitre.org/data/definitions/79.html
| const { percentMemUsed, percentMemLabel, colorMem } = | ||
| getAllocatedInfo(host) | ||
|
|
||
| return ( |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
A potential Cross-Site Scripting (XSS) vulnerability has been identified, where untrusted input is being reflected in the response without proper sanitization. This can allow an attacker to inject and execute malicious scripts in the user's browser, potentially compromising sensitive data or application behavior. To mitigate this risk, it is strongly recommended to sanitize or encode all user input before rendering it in the DOM or returning it in a response. Commonly used methods include DOMPurify.sanitize(), encodeURIComponent(), escape(), etc., depending on the use case and framework in use. Learn more - https://cwe.mitre.org/data/definitions/79.html
| accessor: (template) => { | ||
| const { color: stateColor, name: stateName } = getState(template) | ||
|
|
||
| return <StatusCircle color={stateColor} tooltip={stateName} /> |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
A potential Cross-Site Scripting (XSS) vulnerability has been identified, where untrusted input is being reflected in the response without proper sanitization. This can allow an attacker to inject and execute malicious scripts in the user's browser, potentially compromising sensitive data or application behavior. To mitigate this risk, it is strongly recommended to sanitize or encode all user input before rendering it in the DOM or returning it in a response. Commonly used methods include DOMPurify.sanitize(), encodeURIComponent(), escape(), etc., depending on the use case and framework in use. Learn more - https://cwe.mitre.org/data/definitions/79.html
| accessor: (service) => { | ||
| const { color: stateColor, name: stateName } = getState(service) | ||
|
|
||
| return <StatusCircle color={stateColor} tooltip={stateName} /> |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
A potential Cross-Site Scripting (XSS) vulnerability has been identified, where untrusted input is being reflected in the response without proper sanitization. This can allow an attacker to inject and execute malicious scripts in the user's browser, potentially compromising sensitive data or application behavior. To mitigate this risk, it is strongly recommended to sanitize or encode all user input before rendering it in the DOM or returning it in a response. Commonly used methods include DOMPurify.sanitize(), encodeURIComponent(), escape(), etc., depending on the use case and framework in use. Learn more - https://cwe.mitre.org/data/definitions/79.html
| accessor: (vm) => { | ||
| const { color: stateColor, name: stateName } = getState(vm) | ||
|
|
||
| return <StatusCircle color={stateColor} tooltip={stateName} /> |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
A potential Cross-Site Scripting (XSS) vulnerability has been identified, where untrusted input is being reflected in the response without proper sanitization. This can allow an attacker to inject and execute malicious scripts in the user's browser, potentially compromising sensitive data or application behavior. To mitigate this risk, it is strongly recommended to sanitize or encode all user input before rendering it in the DOM or returning it in a response. Commonly used methods include DOMPurify.sanitize(), encodeURIComponent(), escape(), etc., depending on the use case and framework in use. Learn more - https://cwe.mitre.org/data/definitions/79.html
| accessor: (vm) => { | ||
| const { color: stateColor, name: stateName } = getState(vm) | ||
|
|
||
| return <StatusCircle color={stateColor} tooltip={stateName} /> |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
A potential Cross-Site Scripting (XSS) vulnerability has been identified, where untrusted input is being reflected in the response without proper sanitization. This can allow an attacker to inject and execute malicious scripts in the user's browser, potentially compromising sensitive data or application behavior. To mitigate this risk, it is strongly recommended to sanitize or encode all user input before rendering it in the DOM or returning it in a response. Commonly used methods include DOMPurify.sanitize(), encodeURIComponent(), escape(), etc., depending on the use case and framework in use. Learn more - https://cwe.mitre.org/data/definitions/79.html
| accessor: (vm) => { | ||
| const { color: stateColor, name: stateName } = getState(vm) | ||
|
|
||
| return <StatusCircle color={stateColor} tooltip={stateName} /> |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
A potential Cross-Site Scripting (XSS) vulnerability has been identified, where untrusted input is being reflected in the response without proper sanitization. This can allow an attacker to inject and execute malicious scripts in the user's browser, potentially compromising sensitive data or application behavior. To mitigate this risk, it is strongly recommended to sanitize or encode all user input before rendering it in the DOM or returning it in a response. Commonly used methods include DOMPurify.sanitize(), encodeURIComponent(), escape(), etc., depending on the use case and framework in use. Learn more - https://cwe.mitre.org/data/definitions/79.html
| const capacity = useMemo(() => getCapacityInfo(template), [template]) | ||
| const { percentOfUsed, percentLabel } = capacity | ||
|
|
||
| return ( |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
A potential Cross-Site Scripting (XSS) vulnerability has been identified, where untrusted input is being reflected in the response without proper sanitization. This can allow an attacker to inject and execute malicious scripts in the user's browser, potentially compromising sensitive data or application behavior. To mitigate this risk, it is strongly recommended to sanitize or encode all user input before rendering it in the DOM or returning it in a response. Commonly used methods include DOMPurify.sanitize(), encodeURIComponent(), escape(), etc., depending on the use case and framework in use. Learn more - https://cwe.mitre.org/data/definitions/79.html
| const leasesInfo = useMemo(() => getLeasesInfo(template), [template]) | ||
| const { percentOfUsed, percentLabel } = leasesInfo | ||
|
|
||
| return ( |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
A potential Cross-Site Scripting (XSS) vulnerability has been identified, where untrusted input is being reflected in the response without proper sanitization. This can allow an attacker to inject and execute malicious scripts in the user's browser, potentially compromising sensitive data or application behavior. To mitigate this risk, it is strongly recommended to sanitize or encode all user input before rendering it in the DOM or returning it in a response. Commonly used methods include DOMPurify.sanitize(), encodeURIComponent(), escape(), etc., depending on the use case and framework in use. Learn more - https://cwe.mitre.org/data/definitions/79.html
| accessor: (vm) => { | ||
| const { color: stateColor, name: stateName } = getState(vm) | ||
|
|
||
| return <StatusCircle color={stateColor} tooltip={stateName} /> |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
A potential Cross-Site Scripting (XSS) vulnerability has been identified, where untrusted input is being reflected in the response without proper sanitization. This can allow an attacker to inject and execute malicious scripts in the user's browser, potentially compromising sensitive data or application behavior. To mitigate this risk, it is strongly recommended to sanitize or encode all user input before rendering it in the DOM or returning it in a response. Commonly used methods include DOMPurify.sanitize(), encodeURIComponent(), escape(), etc., depending on the use case and framework in use. Learn more - https://cwe.mitre.org/data/definitions/79.html
| row | ||
| const { key, ...rowProps } = getRowProps() | ||
|
|
||
| return ( |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
A potential Cross-Site Scripting (XSS) vulnerability has been identified, where untrusted input is being reflected in the response without proper sanitization. This can allow an attacker to inject and execute malicious scripts in the user's browser, potentially compromising sensitive data or application behavior. To mitigate this risk, it is strongly recommended to sanitize or encode all user input before rendering it in the DOM or returning it in a response. Commonly used methods include DOMPurify.sanitize(), encodeURIComponent(), escape(), etc., depending on the use case and framework in use. Learn more - https://cwe.mitre.org/data/definitions/79.html
| const capacity = useMemo(() => getCapacityInfo(template), [template]) | ||
| const { percentOfUsed, percentLabel } = capacity | ||
|
|
||
| return ( |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
A potential Cross-Site Scripting (XSS) vulnerability has been identified, where untrusted input is being reflected in the response without proper sanitization. This can allow an attacker to inject and execute malicious scripts in the user's browser, potentially compromising sensitive data or application behavior. To mitigate this risk, it is strongly recommended to sanitize or encode all user input before rendering it in the DOM or returning it in a response. Commonly used methods include DOMPurify.sanitize(), encodeURIComponent(), escape(), etc., depending on the use case and framework in use. Learn more - https://cwe.mitre.org/data/definitions/79.html
| id: 'consoles', | ||
| accessor: (vm) => ( | ||
| <> | ||
| {CONNECTION_TYPES.map((connectionType) => ( |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
A potential Cross-Site Scripting (XSS) vulnerability has been identified, where untrusted input is being reflected in the response without proper sanitization. This can allow an attacker to inject and execute malicious scripts in the user's browser, potentially compromising sensitive data or application behavior. To mitigate this risk, it is strongly recommended to sanitize or encode all user input before rendering it in the DOM or returning it in a response. Commonly used methods include DOMPurify.sanitize(), encodeURIComponent(), escape(), etc., depending on the use case and framework in use. Learn more - https://cwe.mitre.org/data/definitions/79.html
| diskModifications[key].__delete__ | ||
| ) { | ||
| delete acc[key] | ||
| } else if (key === 'SIZE' && diskModifications.SIZEUNIT) { |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Potential hardcoded credential detected. This code may contain sensitive
data such as passwords or API keys embedded directly in the
source. Hardcoded credentials can be extracted and misused, leading to
unauthorized access to systems or data breaches. To remediate this, store
secrets in environment variables or use a secrets management tool like AWS
Secrets Manager, Azure Key Vault, or HashiCorp Vault. Avoid committing
credentials to version control. For best practices, refer to -
https://owasp.org/www-community/vulnerabilities/Use_of_hard-coded_password
Limitations: May not detect dynamically constructed credentials, credentials
in template literals with variables, or obfuscated/encoded credentials that
don't match standard patterns. Test files are excluded from detection.
| if volatile? | ||
| @source = nil | ||
| @clone = nil | ||
| @rbd_image = "#{@pool}/one-sys-#{@vmid}-#{id}" |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
A cross-site scripting (XSS) vulnerability was detected. User-controlled data is being output without proper sanitization, allowing an attacker to inject malicious scripts. This could lead to session hijacking, malware installation, or phishing attacks. Always sanitize and encode user inputs before including them in the output, using context-appropriate encoding methods. Learn More - https://cwe.mitre.org/data/definitions/79.html.
| @clone = disk_xml.elements['CLONE'].text == 'YES' | ||
| @rbd_image = | ||
| if @clone | ||
| "#{@source}-#{@vmid}-#{@id}" |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
A cross-site scripting (XSS) vulnerability was detected. User-controlled data is being output without proper sanitization, allowing an attacker to inject malicious scripts. This could lead to session hijacking, malware installation, or phishing attacks. Always sanitize and encode user inputs before including them in the output, using context-appropriate encoding methods. Learn More - https://cwe.mitre.org/data/definitions/79.html.
| # Configure ports to allow trunk vlans | ||
| set_vlan_filter(@nic[:tap], @nic[:vlan_id], vlan_set) | ||
|
|
||
| next if bridge_done.include? @nic[:bridge] |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Cross-Site Request Forgery (CSRF) protection is disabled or missing in this Ruby web application. This vulnerability occurs when state-changing operations lack proper token validation to verify request authenticity. Attackers can exploit this by tricking authenticated users into unknowingly executing malicious actions like data modification, account changes, or financial transactions through forged requests. Enable CSRF protection by adding 'protect_from_forgery with: :exception' in Rails controllers, using 'authenticity_token' in forms, implementing 'check_csrf!' in Roda routes, or adding 'Rack::Protection::AuthenticityToken' middleware in Sinatra/Rack applications. More information: https://owasp.org/www-community/attacks/csrf
| #################################################### | ||
| @nic = nic | ||
| gen_vlan_dev_name | ||
| if @bridges[@nic[:bridge]].include? @nic[:vlan_dev] |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Cross-Site Request Forgery (CSRF) protection is disabled or missing in this Ruby web application. This vulnerability occurs when state-changing operations lack proper token validation to verify request authenticity. Attackers can exploit this by tricking authenticated users into unknowingly executing malicious actions like data modification, account changes, or financial transactions through forged requests. Enable CSRF protection by adding 'protect_from_forgery with: :exception' in Rails controllers, using 'authenticity_token' in forms, implementing 'check_csrf!' in Roda routes, or adding 'Rack::Protection::AuthenticityToken' middleware in Sinatra/Rack applications. More information: https://owasp.org/www-community/attacks/csrf
| # Configure ports to allow trunk vlans | ||
| set_vlan_filter(@nic[:tap], nil, vlan_set) | ||
|
|
||
| next if bridge_done.include? @nic[:bridge] |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Cross-Site Request Forgery (CSRF) protection is disabled or missing in this Ruby web application. This vulnerability occurs when state-changing operations lack proper token validation to verify request authenticity. Attackers can exploit this by tricking authenticated users into unknowingly executing malicious actions like data modification, account changes, or financial transactions through forged requests. Enable CSRF protection by adding 'protect_from_forgery with: :exception' in Rails controllers, using 'authenticity_token' in forms, implementing 'check_csrf!' in Roda routes, or adding 'Rack::Protection::AuthenticityToken' middleware in Sinatra/Rack applications. More information: https://owasp.org/www-community/attacks/csrf
| @logger.error "ERROR: #{err.chomp})\n" | ||
| @logger.error " [STDOUT] #{rc.stdout.gsub("\n", '\n')}\n" unless opt[:nostdout] | ||
| @logger.error " [STDERR] #{rc.stderr.gsub("\n", '\n')}\n" unless opt[:nostderr] | ||
| @logger.error err.chomp |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Potential log injection detected. Ensure all untrusted input is properly sanitized before logging. Use parameterized logging or validate input against an allow list to prevent log injection vulnerabilities. Consider using a dedicated logging library's built-in sanitization features when available. Learn more - https://cwe.mitre.org/data/definitions/117.html
| self.class.scaph_data[host['ID'].to_i] = res.split("\n") | ||
| rescue StandardError => e | ||
| puts e.message | ||
| puts "Error accessing to scaphandre metrics on #{hostname}" |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Potential log injection detected. Ensure all untrusted input is properly sanitized before logging. Use parameterized logging or validate input against an allow list to prevent log injection vulnerabilities. Consider using a dedicated logging library's built-in sanitization features when available. Learn more - https://cwe.mitre.org/data/definitions/117.html
|
|
||
| pid_cmd = issue_command(vm_id, host, cmd, "-s #{interval} -m #{vm_id} -p #{full_power}") | ||
| rescue StandardError | ||
| puts "Error executing command on VM #{vm_id}" |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Potential log injection detected. Ensure all untrusted input is properly sanitized before logging. Use parameterized logging or validate input against an allow list to prevent log injection vulnerabilities. Consider using a dedicated logging library's built-in sanitization features when available. Learn more - https://cwe.mitre.org/data/definitions/117.html
| puts "Error accessing to scaphandre metrics on #{hostname}" | ||
| end | ||
| rescue Errno::ECONNREFUSED, Errno::EHOSTUNREACH | ||
| puts "Error on #{hostname}:#{port}, is scaphandre running there?" |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Potential log injection detected. Ensure all untrusted input is properly sanitized before logging. Use parameterized logging or validate input against an allow list to prevent log injection vulnerabilities. Consider using a dedicated logging library's built-in sanitization features when available. Learn more - https://cwe.mitre.org/data/definitions/117.html
|
|
||
| def query_vm_agent(vm_id, query, host = 'localhost') | ||
| cmd = "virsh -c 'qemu+ssh://#{host}/system' qemu-agent-command one-#{vm_id} '#{query.to_json}'" | ||
| out = `#{cmd}` |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Detected a dangerous subshell execution vulnerability where user input is directly used in a shell command without proper sanitisation. This could allow an attacker to inject and execute arbitrary system commands, potentially leading to system compromise or data breach. To remediate, avoid using shell commands with user input when possible, or implement strict input validation and use shell escaping functions like Shellwords.escape(). If shell execution is necessary, consider using a allow list of allowed commands and arguments. Link to more info : https://guides.rubyonrails.org/security.html
| restic://*) | ||
| eval `$VAR_LOCATION/remotes/datastore/restic_downloader.rb "$FROM" | grep -e '^command=' -e '^clean_command='` | ||
| restic://*|restic+rbd://*) | ||
| defs=`$VAR_LOCATION/remotes/datastore/restic_downloader.rb "$FROM" | grep -e '^command=' -e '^clean_command='` |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
The use of backticks for command substitution in shell scripts can lead to vulnerabilities, quoting issues and nested command complexities. To mitigate this issue, it is recommended to use the more secure '$(...)' syntax for command substitution. This method properly quotes the substituted command, which is more readable, easier to nest, and avoids undefined behaviors related to quoting. Adopting this practice improves code clarity and maintainability. For more information on shell scripting best practices, refer to the GNU Bash Manual (https://www.gnu.org/software/bash/manual/bash.html#Command-Substitution).
| rsync://*) | ||
| eval `$VAR_LOCATION/remotes/datastore/rsync_downloader.rb "$FROM" | grep -e '^command=' -e '^clean_command='` | ||
| rsync://*|rsync+rbd://*) | ||
| defs=`$VAR_LOCATION/remotes/datastore/rsync_downloader.rb "$FROM" | grep -e '^command=' -e '^clean_command='` |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
The use of backticks for command substitution in shell scripts can lead to vulnerabilities, quoting issues and nested command complexities. To mitigate this issue, it is recommended to use the more secure '$(...)' syntax for command substitution. This method properly quotes the substituted command, which is more readable, easier to nest, and avoids undefined behaviors related to quoting. Adopting this practice improves code clarity and maintainability. For more information on shell scripting best practices, refer to the GNU Bash Manual (https://www.gnu.org/software/bash/manual/bash.html#Command-Substitution).
20 participants
Description
Add prometheus power collector
Following metrics are created if available
opennebula_host_power_consumption_uW: total microwatts used by theOpenNebula host. It is just computed at the RAPL domain level (real
power usage is higher). This number correlates with the power usage.
opennebula_vm_power_consumption_uW: microwatts used by each VMproportionally
opennebula_vmproc_power_consumption_uW: microwatts for each processon the virtual machine (please, check how to make them available)
opennebula_vmproc_cpu_time_percent: percentage of real CPU (notvCPU) used per process
Requirements for the first two metrics:
running on each host with a prometheus exporter
SCAPHANDRE_PORTmust be defined with the portwhere the scaphandre is running
Requirements for the four metrics:
execution of commands
get_proc_ticksmust be on each VM on the path/var/lib/one-context/get_proc_ticksget_proc_ticks is available in github
Branches to which this PR applies