I built a self-hosted Linux fleet manager with no database and zero pip dependencies

查看原文 / View Original 编辑 / Edit

I built a self-hosted Linux fleet manager with no database and zero pip dependencies

我构建了一个无需数据库、零 pip 依赖的自托管 Linux 集群管理器

I manage a small fleet of Linux servers and got tired of the options: Ansible is great but not a dashboard. Grafana + Prometheus is powerful but heavy. Checkmk and Zabbix are overkill for a handful of machines. So I built my own.

我管理着一小批 Linux 服务器,但对现有的方案感到厌倦:Ansible 很棒,但它不是仪表盘;Grafana + Prometheus 功能强大,但过于臃肿;Checkmk 和 Zabbix 对于几台机器来说又显得大材小用。于是,我构建了自己的工具。

What is RemotePower? RemotePower is a self-hosted control plane for Linux servers. One small Python agent per host, one nginx + CGI server, flat JSON storage. No database, no framework, no pip dependencies — pure Python stdlib. The agent heartbeats every 60 seconds. The dashboard auto-refreshes. Everything just works.

什么是 RemotePower?RemotePower 是一个用于 Linux 服务器的自托管控制平面。每个主机运行一个小型 Python 代理,配合一个 nginx + CGI 服务器,并使用扁平的 JSON 文件存储数据。它没有数据库,没有框架,也没有 pip 依赖——完全基于 Python 标准库。代理每 60 秒发送一次心跳,仪表盘自动刷新。一切运行顺畅。

What it does

功能特性

  • Remote command execution — run commands, reboot, shutdown, Wake-on-LAN. Batch across devices. Cron scheduling. Command library and allowlist.
  • 远程命令执行 — 执行命令、重启、关机、网络唤醒 (Wake-on-LAN)。支持跨设备批量操作、Cron 调度、命令库及白名单管理。
  • Browser SSH via xterm.js.
  • 通过 xterm.js 实现浏览器端 SSH。
  • CVE scanning — OSV.dev backed, real CVSS v3.1 scoring, per-CVE ignore list.
  • CVE 扫描 — 基于 OSV.dev,提供真实的 CVSS v3.1 评分,支持针对单个 CVE 的忽略列表。
  • Patch management — pending updates across the fleet, one-click upgrade, update history, patch alerts via webhook.
  • 补丁管理 — 查看集群待更新项、一键升级、更新历史记录,并通过 Webhook 发送补丁提醒。
  • Configuration drift detection — hash critical files, baseline diffing, drift_detected webhook.
  • 配置漂移检测 — 对关键文件进行哈希校验、基准差异对比,支持 drift_detected Webhook。
  • Proxmox VE integration — manage QEMU VMs and LXC containers, create and rollback snapshots, no SDK needed.
  • Proxmox VE 集成 — 管理 QEMU 虚拟机和 LXC 容器,创建并回滚快照,无需 SDK。
  • Container awareness — Docker, Podman, Kubernetes.
  • 容器感知 — 支持 Docker、Podman 和 Kubernetes。
  • Custom monitoring scripts — write any bash check server-side, assign it to devices, get fleet-wide pass/fail every 5 minutes. Exit 0 = OK, anything else = FAIL. No SSH needed.
  • 自定义监控脚本 — 在服务端编写任意 Bash 检查脚本,分配给设备,每 5 分钟获取全集群的通过/失败状态。退出码 0 为正常,其他均为失败。无需 SSH。
  • Monitoring and alerts — ping, TCP, HTTP probes, TLS/DNS expiry, 17 webhook event types (Discord, Slack, ntfy, Gotify).
  • 监控与告警 — 支持 Ping、TCP、HTTP 探测、TLS/DNS 过期提醒,以及 17 种 Webhook 事件类型(Discord、Slack、ntfy、Gotify)。
  • AI assistant — optional LLM integration (Ollama, Anthropic, OpenAI). Triage CVEs, prioritise patches, generate monitoring scripts. Disabled by default, no cloud calls unless you choose one.
  • AI 助手 — 可选的 LLM 集成(Ollama、Anthropic、OpenAI)。用于分类 CVE、确定补丁优先级、生成监控脚本。默认禁用,除非你主动选择,否则不会进行任何云端调用。
  • MCP server — lets any MCP-capable AI client query fleet state.
  • MCP 服务器 — 允许任何支持 MCP 的 AI 客户端查询集群状态。

The architecture

架构设计

[ agent (Python) ] --heartbeat--> [ nginx + CGI ] --> [ flat JSON ]

Push-based. Agents reach out — the server never needs inbound access to your hosts. The agent is a single Python file with no dependencies beyond the standard library. The server is the same — pure Python CGI behind nginx. Atomic file writes throughout. The entire thing runs on a Raspberry Pi.

基于推送模式。由代理主动发起连接——服务器无需访问主机的入站端口。代理是一个单一的 Python 文件,除了标准库外没有任何依赖。服务器端也是如此——运行在 nginx 之后的纯 Python CGI。全程采用原子文件写入。整个系统可以在树莓派上运行。

Why no database?

为什么不使用数据库?

For a small-to-medium fleet, a database is overhead without benefit. Flat JSON files are: Easy to back up (one file, one command), Easy to inspect (cat devices.json), Easy to version control, Fast enough for hundreds of devices. The backup export is a single ZIP. Restore is extracting it.

对于中小型集群,数据库带来的开销大于收益。扁平的 JSON 文件具有以下优势:易于备份(一个文件,一条命令)、易于查看(cat devices.json)、易于版本控制、对于数百台设备来说速度足够快。备份导出为一个 ZIP 文件,恢复时只需解压即可。

Why no pip dependencies?

为什么不使用 pip 依赖?

Every dependency is a supply chain risk, a version conflict waiting to happen, and something that breaks on the next distro upgrade. Python’s stdlib covers everything RemotePower needs: HTTP, JSON, cryptography (hmac, hashlib), subprocess, threading, logging. The agent deploys as a single file copy. No virtualenv, no pip install, no Docker required.

每一个依赖项都是供应链风险,是潜在的版本冲突源,也是下一次发行版升级时可能导致崩溃的隐患。Python 标准库涵盖了 RemotePower 所需的一切:HTTP、JSON、加密(hmac, hashlib)、子进程、线程、日志记录。代理只需复制单个文件即可部署。无需虚拟环境,无需 pip 安装,无需 Docker。

Custom monitoring scripts

自定义监控脚本

The newest feature and probably the most useful for day-to-day ops. You write a bash script on the server — anything you want. Check if nginx is responding, verify a backup file is fresh, test a database port. Assign it to any set of devices. The agent runs it every 5 minutes and reports back.

这是最新功能,也是日常运维中最实用的功能。你在服务器上编写一个 Bash 脚本——内容随你所愿。检查 nginx 是否响应、验证备份文件是否最新、测试数据库端口。将其分配给任意设备组,代理每 5 分钟运行一次并报告结果。

#!/bin/bash curl -sf --max-time 10 http://localhost/ > /dev/null echo "HTTP OK"

Exit 0 = OK. Anything else = FAIL. Edge-triggered webhooks fire on status changes — once when it breaks, once when it recovers. No alert fatigue. The UI has an AI generate button — describe the check in plain English, get a bash script back, review it, save it.

退出码 0 为正常,其他均为失败。边缘触发的 Webhook 会在状态改变时发送通知——故障时一次,恢复时一次。不会产生告警疲劳。UI 界面提供了一个 AI 生成按钮——用简单的英语描述检查需求,即可获得 Bash 脚本,审核后保存即可。

Try the demo: https://demoremote.tvipper.com (Username: demo / Password: demo) 体验演示: https://demoremote.tvipper.com (用户名: demo / 密码: demo)

Get it: https://github.com/tyxak/remotepower 获取源码: https://github.com/tyxak/remotepower

Clone, point nginx at server/, enrol a host: 克隆代码,将 nginx 指向 server/ 目录,并注册主机:

git clone https://github.com/tyxak/remotepower ./client/remotepower-agent enroll

Happy to answer questions about the architecture, the no-dependency approach, or any of the features. And if you self-host your own servers, I’d love to know what you’d want to see next.

我很乐意回答关于架构、无依赖方案或任何功能的问题。如果你也自托管服务器,我很想知道你接下来希望看到什么功能。

← 返回新闻列表 / Back to news list