From 6778edbe5253bb3635ce6a4f04378913499158a5 Mon Sep 17 00:00:00 2001 From: Jean-Marie Mineau Date: Tue, 12 Oct 2021 22:28:47 +0200 Subject: [PATCH] use local_x509 --- .../files/alerts-blackbox.yml | 4 ++-- .../files/alerts-node.yml | 22 +++++++++++++++++++ .../files/prometheus-node-exporter-local_x509 | 2 +- .../tasks/local_x509_collector.yml | 4 ++-- 4 files changed, 27 insertions(+), 5 deletions(-) diff --git a/roles/prometheus-blackbox-exporter/files/alerts-blackbox.yml b/roles/prometheus-blackbox-exporter/files/alerts-blackbox.yml index 58d9546..33508b6 100644 --- a/roles/prometheus-blackbox-exporter/files/alerts-blackbox.yml +++ b/roles/prometheus-blackbox-exporter/files/alerts-blackbox.yml @@ -23,7 +23,7 @@ groups: value: "{{ $value }}" severity: 'warning' - - alert: CertExpLess30days + - alert: CertExpLess30daysProb expr: (probe_ssl_earliest_cert_expiry{job="blackbox internal tls"}-time()) < 2592000 annotations: title: '{{ $labels.cname }} will expire soon' @@ -34,7 +34,7 @@ groups: value: "{{ $value }}" severity: 'warning' - - alert: CertExpLess10days + - alert: CertExpLess10daysProb expr: (probe_ssl_earliest_cert_expiry{job="blackbox internal tls"}-time()) < 864000 annotations: title: '{{ $labels.cname }} expiracy is imminent!' diff --git a/roles/prometheus-node-exporter/files/alerts-node.yml b/roles/prometheus-node-exporter/files/alerts-node.yml index 1dd79b8..84c0195 100644 --- a/roles/prometheus-node-exporter/files/alerts-node.yml +++ b/roles/prometheus-node-exporter/files/alerts-node.yml @@ -156,4 +156,26 @@ groups: labels: value: "{{ $value }}" severity: warning + + - alert: CertExpLess30days + expr: (local_x509_expiry_date{job="blackbox internal tls"}-time()) < 2592000 + annotations: + title: '{{ $labels.cname }} will expire soon' + description: >- + The certificate {{ $labels.cname }} on {{ $labels.instance }} at {{ $labels.file }} + will expire in {{ $value | humanizeDuration }}, it's time to renew it. + labels: + value: "{{ $value }}" + severity: 'warning' + + - alert: CertExpLess10days + expr: (local_x509_expiry_date{job="blackbox internal tls"}-time()) < 864000 + annotations: + title: '{{ $labels.cname }} expiracy is imminent!' + description: >- + The certificate {{ $labels.cname }} on {{ $labels.instance }} at {{ $labels.file }} + will expire in {{ $value | humanizeDuration }}, RENEW IT!!! + labels: + value: "{{ $value }}" + severity: 'critical' ... diff --git a/roles/prometheus-node-exporter/files/prometheus-node-exporter-local_x509 b/roles/prometheus-node-exporter/files/prometheus-node-exporter-local_x509 index e15d6d3..24cd9e1 100644 --- a/roles/prometheus-node-exporter/files/prometheus-node-exporter-local_x509 +++ b/roles/prometheus-node-exporter/files/prometheus-node-exporter-local_x509 @@ -1,5 +1,5 @@ # The list of certs to monitor ARGS=" /etc/letsencrypt/live/**/cert.pem - /etc/hackypky/crts/*.pem + /etc/hackypky/crts/*.crt " diff --git a/roles/prometheus-node-exporter/tasks/local_x509_collector.yml b/roles/prometheus-node-exporter/tasks/local_x509_collector.yml index 9eafbd8..e7c896b 100644 --- a/roles/prometheus-node-exporter/tasks/local_x509_collector.yml +++ b/roles/prometheus-node-exporter/tasks/local_x509_collector.yml @@ -32,7 +32,7 @@ - name: Add the script copy: src: local_x509.sh - dest: /usr/share/prometheus-node-exporter/local_x509.sh + dest: /usr/share/prometheus-node-exporter-collectors/local_x509.sh group: root owner: root mode: u=rwx,g=,o= @@ -66,4 +66,4 @@ systemd: name: prometheus-node-exporter-local_x509.timer enabled: true - + state: started