Skip to content

Monitoring

Jump to bottom
Victor Chan edited this page May 14, 2022 · 2 revisions

Overview

🌚 Blackbox exporter generates metrics that depend on the response time of internal or external endpoints, such as HTTP/S, TCP, ICMP, DNS.

  • It gathers information about the SSL certificate. You can create alerts for expired or invalid certificates.
  • Blackbox exporter observes a variety of endpoints and fires off alarms if something goes amiss. ( Like DNS lookup, HTTP latencies, etc… )

Today, we will use prometheus Blackbox-Exporter to monitor TLS certificates.

Deploy Process

Install blackbox-exporter

  • create config.yml 
  - job_name: "SSL Expiration"
    metrics_path: /probe
    params:
      module: [http_2xx]  # Look for a HTTP 200 response.
    static_configs:
      - targets:
        - https://www.wiredcraft.com
        - https://teleport.wiredcraft.cn
    relabel_configs:
      - source_labels: [__address__]
        target_label: __param_target
      - source_labels: [__param_target]
        target_label: instance
      - target_label: __address__
        replacement: blackbox_exporter:9115
  • run with docker
docker run -p 9090:9090 -v [SRC_DIR]/prometheus.yml:/etc/prometheus/prometheus.yml prom/prometheus

Integrate blackbox-exporter with prometheus

  • add the following code snippet in prometheus configure yml.
1  - job_name: "SSL Expiration" 2    metrics_path: /probe 3    params: 4      module: [http_2xx]  # Look for a HTTP 200 response. 5    static_configs: 6      - targets: 7        - https://www.wiredcraft.com 8        - https://teleport.wiredcraft.cn 9    relabel_configs: 10      - source_labels: [__address__] 11        target_label: __param_target 12      - source_labels: [__param_target] 13        target_label: instance 14      - target_label: __address__ 15        replacement: blackbox_exporter:9115
  • run prometheus with docker
1docker run -p 9090:9090 -v [SRC_DIR]/prometheus.yml:/etc/prometheus/prometheus.yml prom/prometheus

Verify

  • access prometheus web to check if blackbox-exporter take affect
image image

  • access grafana web to check ssl status

    • Prerequisite (import template id: 13230 to grafana)
image

Deploy SSL Expiration Monitoring online

we need to update ansible playbook in wiredcraft products repo, then use ansible-playbook to deploy corresponding changes online.

  • PR for products repo.

https://github.com/Wiredcraft/products/pull/63/files

  • blackbox-exporter setup
  1. login monitor server with ssh and switch path to /opt/wcl/products .
  2. make sure current git branch is master and pull the latest version code.
  3. execute blackbox-exporter setup.
  4. update prometheus configuration file and restart prometheus container to make bind between prometheus and blackbox-exporter take affect.
  • how to add a new domain monitoring

Clone this wiki locally