diff --git a/roles/prometheus-blackbox-exporter/templates/blackbox.yml b/roles/prometheus-blackbox-exporter/templates/blackbox.yml index 9562596..7f4c7df 100644 --- a/roles/prometheus-blackbox-exporter/templates/blackbox.yml +++ b/roles/prometheus-blackbox-exporter/templates/blackbox.yml @@ -12,3 +12,12 @@ modules: prober: tcp icmp: prober: icmp + internal_tls_connect: + prober: tcp + timeout: 10s + tcp: + tls: true + tls_config: + ca_file: '/etc/prometheus/ca.crt' + cert_file: '/etc/prometheus/blackbox-{{ lan_address }}.crt' + key_file: '/etc/prometheus/blackbox-{{ lan_address }}.key' diff --git a/roles/prometheus-node-exporter/files/alerts-node.yml b/roles/prometheus-node-exporter/files/alerts-node.yml index cf77c0e..0fbedf8 100644 --- a/roles/prometheus-node-exporter/files/alerts-node.yml +++ b/roles/prometheus-node-exporter/files/alerts-node.yml @@ -119,7 +119,7 @@ groups: severity: warning - alert: UncorrectableErrorDetected - expr: increase(node_edac_csrow_uncorrectable_errors_total[1m]) > 0 + expr: increase(node_edac_uncorrectable_errors_total[1m]) > 0 for: 0m annotations: title: 'Memory errors could not be corrected' diff --git a/roles/prometheus-node-exporter/tasks/main.yml b/roles/prometheus-node-exporter/tasks/main.yml index 26d5aa1..2bcc23d 100644 --- a/roles/prometheus-node-exporter/tasks/main.yml +++ b/roles/prometheus-node-exporter/tasks/main.yml @@ -101,14 +101,14 @@ block: - name: Add the node to the targets set_fact: - new_server_target: "[{{ server_target[0] | combine({'targets': [lan_address + '/' + ansible_facts['nodename']]}, list_merge='append_rp') }}]" + new_server_target: "[{{ server_target[0] | combine({'targets': [lan_address + '|' + ansible_facts['nodename']]}, list_merge='append_rp') }}]" - name: Put the new target list copy: content: "{{ new_server_target | to_nice_json }}" dest: /etc/prometheus/node-targets.json delegate_to: "{{ appointed_prometheus_server }}" - when: (lan_address + '/' + ansible_facts['nodename']) not in server_target.0.targets + when: (lan_address + '|' + ansible_facts['nodename']) not in server_target.0.targets - name: Add alert rules for node on the prometheus server copy: diff --git a/roles/prometheus/templates/prometheus.yml b/roles/prometheus/templates/prometheus.yml index f6b48c8..6baa231 100644 --- a/roles/prometheus/templates/prometheus.yml +++ b/roles/prometheus/templates/prometheus.yml @@ -52,11 +52,11 @@ scrape_configs: target_label: __param_target - source_labels: [__param_target] target_label: instance - regex: '.*/(.*)' + regex: '.*\|(.*)' replacement: '$1' - source_labels: [__param_target] target_label: __address__ - regex: '(.*)/.*' + regex: '(.*)\|.*' replacement: '$1:9100' scheme: https tls_config: @@ -64,7 +64,7 @@ scrape_configs: cert_file: '/etc/prometheus/prometheus-{{ lan_address }}.crt' key_file: '/etc/prometheus/prometheus-{{ lan_address }}.key' -{% for target_type in ('https-internal', 'http-external-up', 'http-external-down') %} +{% for target_type in ('http-external-up', 'http-external-down') %} - job_name: blackbox {{ target_type }} metrics_path: /probe params: @@ -86,3 +86,32 @@ scrape_configs: key_file: '/etc/prometheus/prometheus-{{ lan_address }}.key' {% endfor %} + - job_name: blackbox internal tls + metrics_path: /probe + params: + module: [internal_tls_connect] + file_sd_configs: + - files: + - '/etc/prometheus/targets/blackbox-tls-internal-targets.json' + relabel_configs: + - source_labels: [__address__] + target_label: __tmp_address + - source_labels: [__tmp_address] + target_label: __param_target + regex: '(.*)\|.*\|.*' + replacement: '$1' + - source_labels: [__tmp_address] + target_label: cname + regex: '.*\|(.*)\|.*' + replacement: '$1' + - source_labels: [__tmp_address] + target_label: instance + regex: '.*\|.*\|(.*)' + replacement: '$1' + - target_label: __address__ + replacement: 172.20.1.1:9115 + scheme: https + tls_config: + ca_file: '/etc/prometheus/ca.crt' + cert_file: '/etc/prometheus/prometheus-172.20.1.1.crt' + key_file: '/etc/prometheus/prometheus-172.20.1.1.key'