use local_x509

1 year ago · 6778edbe52
parent dc8bd8cae5
commit 6778edbe52
4 changed files with 27 additions and 5 deletions
--- a/roles/prometheus-blackbox-exporter/files/alerts-blackbox.yml
+++ b/roles/prometheus-blackbox-exporter/files/alerts-blackbox.yml
@ -23,7 +23,7 @@ groups:
      value: "{{ $value }}"
      severity: 'warning'

-  - alert: CertExpLess30days
+  - alert: CertExpLess30daysProb
    expr: (probe_ssl_earliest_cert_expiry{job="blackbox internal tls"}-time()) < 2592000
    annotations:
      title: '{{ $labels.cname }} will expire soon'
@ -34,7 +34,7 @@ groups:
      value: "{{ $value }}"
      severity: 'warning'

-  - alert: CertExpLess10days
+  - alert: CertExpLess10daysProb
    expr: (probe_ssl_earliest_cert_expiry{job="blackbox internal tls"}-time()) < 864000
    annotations:
      title: '{{ $labels.cname }} expiracy is imminent!'
--- a/roles/prometheus-node-exporter/files/alerts-node.yml
+++ b/roles/prometheus-node-exporter/files/alerts-node.yml
@ -156,4 +156,26 @@ groups:
    labels:
      value: "{{ $value }}"
      severity: warning
+
+  - alert: CertExpLess30days
+    expr: (local_x509_expiry_date{job="blackbox internal tls"}-time()) < 2592000
+    annotations:
+      title: '{{ $labels.cname }} will expire soon'
+      description: >-
+        The certificate {{ $labels.cname }} on {{ $labels.instance }} at {{ $labels.file }}
+        will expire in  {{ $value | humanizeDuration }}, it's time to renew it.
+    labels:
+      value: "{{ $value }}"
+      severity: 'warning'
+
+  - alert: CertExpLess10days
+    expr: (local_x509_expiry_date{job="blackbox internal tls"}-time()) < 864000
+    annotations:
+      title: '{{ $labels.cname }} expiracy is imminent!'
+      description: >-
+        The certificate {{ $labels.cname }} on {{ $labels.instance }} at {{ $labels.file }}
+        will expire in  {{ $value | humanizeDuration }}, RENEW IT!!!
+    labels:
+      value: "{{ $value }}"
+      severity: 'critical'
 ...
--- a/roles/prometheus-node-exporter/files/prometheus-node-exporter-local_x509
+++ b/roles/prometheus-node-exporter/files/prometheus-node-exporter-local_x509
@ -1,5 +1,5 @@
 # The list of certs to monitor
 ARGS="
    /etc/letsencrypt/live/**/cert.pem
-    /etc/hackypky/crts/*.pem
+    /etc/hackypky/crts/*.crt
 "
--- a/roles/prometheus-node-exporter/tasks/local_x509_collector.yml
+++ b/roles/prometheus-node-exporter/tasks/local_x509_collector.yml
@ -32,7 +32,7 @@
 - name: Add the script
  copy:
    src: local_x509.sh
-    dest: /usr/share/prometheus-node-exporter/local_x509.sh
+    dest: /usr/share/prometheus-node-exporter-collectors/local_x509.sh
    group: root
    owner: root
    mode: u=rwx,g=,o=
@ -66,4 +66,4 @@
  systemd:
    name: prometheus-node-exporter-local_x509.timer
    enabled: true
-
+    state: started