Selemon Exporter

Selemon Exporter is a Docker-based system monitoring tool that collects metrics from multiple sources and exposes them in Prometheus format.

---

🚀 Quick Start

Use the docker-compose.yml file already included in this repository as a reference or starting point.

Example:

version: '3.8'

services:
  selemon-exporter:
    image: ghcr.io/selectel/selemon-exporter:latest
    environment:
    # Change this value if you want to use custom node_exporter port
      - EXPORTER_PORT=9100
    container_name: selemon-exporter
    restart: unless-stopped

    deploy:
      resources:
        limits:
          memory: 100m
          cpus: '1.0'

    network_mode: "host"
    pid: "host"

    volumes:
      - "/:/host:ro,rslave"
      - "/dev:/dev:ro"

    cap_add:
      - CAP_SYS_RAWIO
      - CAP_SYS_ADMIN
      - CAP_SYSLOG

    security_opt:
      - "no-new-privileges:true"

    device_cgroup_rules:
      - "b 259:* r"  # NVMe
      - "b 8:* r"    # SCSI/SATA
      - "b 3:* r"    # IDE

Start the exporter:

docker-compose up -d

---

🔐 Required Privileges

The container requires specific Linux capabilities to access hardware metrics:

Capability	Description
CAP_SYS_RAWIO	Raw I/O operations to read SMART data for ATA/SATA/IDE devices
CAP_SYSLOG	Read system logs (e.g., dmesg)
CAP_SYS_ADMIN	NVMe monitoring via NVME_IOCTL_ADMIN_CMD ioctl calls

Note: CAP_SYS_ADMIN is required for proper NVMe disk monitoring and cannot be replaced with more fine-grained permissions.

---

📦 What's Inside

The image includes:

• Node Exporter (with SSL support)
• Custom collectors:
  • dmesg log collector
  • SMART disk health monitoring
  • Support for HDD, SSD, and NVMe devices

---

🛡 Security

• Host filesystem is mounted read-only (/, /dev)
• Privilege escalation is disabled (no-new-privileges:true)
• Resource limits are enforced via Docker
• Device access is restricted to storage controller block devices

---