Prometheus-monitoring-exporter
by euiyounghwang
Overview
This repository provides a comprehensive monitoring and alerting solution for microservices, including Elasticsearch, Kafka, Redis, and general system health, leveraging Prometheus, Grafana, Loki, and custom Python/Go exporters, with a specific component for exposing Python tools and resources as an MCP server for AI/LLM consumption.
Installation
docker run --rm --platform linux/amd64 -it -d --name python-mcp-server-basic --publish 8000:8000 --expose 8000 --network bridge -e PYTHONUNBUFFERED=1 -e LOG_LEVEL=DEBUG -e FASTMCP_PORT=8000 -e FASTMCP_TRANSPORT=sse -e FASTMCP_DEBUG=true -e FASTMCP_HOST=0.0.0.0 -v "$(pwd)/mcp/basic:/app" python-mcp-server-basic:esEnvironment Variables
- PROMETHEUS_APPS_HOST
- PROMETHEUS_LOOKUP_HOST
- PROMETHEUS_USERNAME
- PROMETHEUS_PASSWORD
- MAIL_TO
- MAIL_CC
- LOKI_HOST
- ES_CONFIGURATION_FILE
- ES_CONFIGURATION_MAPPING_FILE
- ENV
- LOKI_RESTAPI_HOST
- LOGSTASH_HOST
- PROMETHEUS_HOST
- API_HOST
- QA_LIST
- PROD_LIST
- GRAFANA_DASHBOARD_URL
- CRONJOB_PATH
- GRADIO_USER
- GRADIO_PASSWORD
- SMTP_HOST
- SMTP_PORT
- MAIL_SENDER
- MAIL_USERLIST
- DEV_ES_HOST
- ZOOKEEPER_URLS
- BROKER_LIST
- GET_KAFKA_ISR_LIST
- KAFKA_JOB_INTERFACE_API
- ES_NODES_DISK_AVAILABLE_THRESHOLD
- ES_HOST_URL_PREFIX
- SPARK_APP_CEHCK
- BASIC_AUTH_SH
- CERTIFICATE_TEST_HOST
- DB_HTTP_HOST
- ES_CONFIGURATION_URL
- ES_EXPORTER_HOST
- ES_MONITORING_APPS_EXPORTER_RUN_HOST
- ES_MONITORING_APPS_EXPORTER_URL_HOST
- PYTHONUNBUFFERED
- LOG_LEVEL
- FASTMCP_PORT
- FASTMCP_TRANSPORT
- FASTMCP_DEBUG
- FASTMCP_HOST
- credentials_id
- credentials_pw
- REDIS_SERVER_HOST
Security Notes
The project exhibits several critical security risks: extensive use of `subprocess.check_output` and `subprocess.Popen` in shell scripts and Python code for executing system commands, which is vulnerable to command injection if input is not meticulously sanitized. The `ssh_client_web.py` allows remote execution of commands via an API endpoint over SSH, posing a severe remote code execution risk. Hardcoded or weak credentials are found (e.g., empty MySQL passwords in `APM_Agent/docker-compose.yml`, 'test' basic auth in `standalone-uptime-config.json`, '1' for Gradio password in `alert-update-start.sh`). Numerous `requests.get(..., verify=False)` and `requests.post(..., verify=False)` calls disable SSL/TLS certificate verification, making communications susceptible to Man-in-the-Middle attacks. The `standalone-redis-server-script.py` reads/writes critical configuration files based on data from Redis, which could be exploited to alter system behavior if Redis is compromised. Docker configurations (`jaeger-msa-docker-compose.yaml`) explicitly disable security features (`xpack.security.enabled=false`). Services are often exposed on `0.0.0.0` without robust authentication mechanisms.
Similar Servers
mcp-grafana
Provides a Model Context Protocol (MCP) server for Grafana, enabling AI agents to interact with Grafana features such as dashboards, datasources, alerting, incidents, and more through a structured tool-based interface.
prometheus-mcp-server
A Model Context Protocol (MCP) server that enables AI assistants to query and analyze Prometheus metrics for monitoring and insights.
loki-mcp
A Go-based server that implements the Model Context Protocol (MCP) to integrate Grafana Loki log querying capabilities with AI agents like Claude Desktop or n8n.
prometheus-mcp-server
Serves as an MCP (Model Context Protocol) gateway, enabling Large Language Models (LLMs) to interact with and analyze a running Prometheus instance through its API.