Browse Source

use local_x509

monitoring
histausse 12 months ago
parent
commit
6778edbe52
Signed by: histausse
GPG Key ID: 67486F107F62E9E9
  1. 4
      roles/prometheus-blackbox-exporter/files/alerts-blackbox.yml
  2. 22
      roles/prometheus-node-exporter/files/alerts-node.yml
  3. 2
      roles/prometheus-node-exporter/files/prometheus-node-exporter-local_x509
  4. 4
      roles/prometheus-node-exporter/tasks/local_x509_collector.yml

4
roles/prometheus-blackbox-exporter/files/alerts-blackbox.yml

@ -23,7 +23,7 @@ groups:
value: "{{ $value }}"
severity: 'warning'
- alert: CertExpLess30days
- alert: CertExpLess30daysProb
expr: (probe_ssl_earliest_cert_expiry{job="blackbox internal tls"}-time()) < 2592000
annotations:
title: '{{ $labels.cname }} will expire soon'
@ -34,7 +34,7 @@ groups:
value: "{{ $value }}"
severity: 'warning'
- alert: CertExpLess10days
- alert: CertExpLess10daysProb
expr: (probe_ssl_earliest_cert_expiry{job="blackbox internal tls"}-time()) < 864000
annotations:
title: '{{ $labels.cname }} expiracy is imminent!'

22
roles/prometheus-node-exporter/files/alerts-node.yml

@ -156,4 +156,26 @@ groups:
labels:
value: "{{ $value }}"
severity: warning
- alert: CertExpLess30days
expr: (local_x509_expiry_date{job="blackbox internal tls"}-time()) < 2592000
annotations:
title: '{{ $labels.cname }} will expire soon'
description: >-
The certificate {{ $labels.cname }} on {{ $labels.instance }} at {{ $labels.file }}
will expire in {{ $value | humanizeDuration }}, it's time to renew it.
labels:
value: "{{ $value }}"
severity: 'warning'
- alert: CertExpLess10days
expr: (local_x509_expiry_date{job="blackbox internal tls"}-time()) < 864000
annotations:
title: '{{ $labels.cname }} expiracy is imminent!'
description: >-
The certificate {{ $labels.cname }} on {{ $labels.instance }} at {{ $labels.file }}
will expire in {{ $value | humanizeDuration }}, RENEW IT!!!
labels:
value: "{{ $value }}"
severity: 'critical'
...

2
roles/prometheus-node-exporter/files/prometheus-node-exporter-local_x509

@ -1,5 +1,5 @@
# The list of certs to monitor
ARGS="
/etc/letsencrypt/live/**/cert.pem
/etc/hackypky/crts/*.pem
/etc/hackypky/crts/*.crt
"

4
roles/prometheus-node-exporter/tasks/local_x509_collector.yml

@ -32,7 +32,7 @@
- name: Add the script
copy:
src: local_x509.sh
dest: /usr/share/prometheus-node-exporter/local_x509.sh
dest: /usr/share/prometheus-node-exporter-collectors/local_x509.sh
group: root
owner: root
mode: u=rwx,g=,o=
@ -66,4 +66,4 @@
systemd:
name: prometheus-node-exporter-local_x509.timer
enabled: true
state: started

Loading…
Cancel
Save