prometheus监控ssl证书过期(使用插件blackbox_exporter)

blackbox_exporter的Github网址:https://github.com/prometheus/blackbox_exporter

1、安装blackbox_exporter

wget -P /data/ https://github.com/prometheus/blackbox_exporter/releases/download/v0.19.0/blackbox_exporter-0.19.0.linux-amd64.tar.gz
tar xf blackbox_exporter-0.19.0.linux-amd64.tar.gz
cd blackbox_exporter-0.19.0.linux-amd64/

2、加入开机自启服务’ 

cat /usr/lib/systemd/system/blackbox_exporter.service 
[Unit]
Description=blackbox_exporter
After=network.target

[Service]
User=root
Type=simple
ExecStart=/data/blackbox_exporter-0.19.0.linux-amd64/blackbox_exporter --config.file=/data/blackbox_exporter-0.19.0.linux-amd64/blackbox.yml
Restart=on-failure

[Install]
WantedBy=multi-user.target

systemctl daemon-reload
systemct start blackbox_exporter.service
systemct enable blackbox_exporter.service
systemct status blackbox_exporter.service

3、配置prometheus:

vim prometheus.yml
  - job_name: 'blackbox'
    metrics_path: /probe
    params:
      module: [http_2xx]  # Look for a HTTP 200 response.
    static_configs:
      - targets:
        - https://prometheus.io   # Target to probe with https.
    relabel_configs:
      - source_labels: [__address__]
        target_label: __param_target
      - source_labels: [__param_target]
        target_label: instance
      - target_label: __address__
        replacement: 127.0.0.1:9115  # The blackbox exporter's real hostname:port.

4、配置告警规则:

- name: 证书还有30天过期
  rules:
  - alert: SslCertificateWillExpireSoon
    expr: probe_ssl_earliest_cert_expiry - time() < 86400 * 300
    for: 5m
    labels:
      severity: warning
    annotations:
      summary: "SSL certificate will expire soon (instance {{ $labels.instance }})"
      description: "SSL certificate expires in 30 days\n  VALUE = {{ $value }}\n  LABELS: {{ $labels }}"
- name: 证书已过期
  rules:
  - alert: SslCertificateExpired
    expr: probe_ssl_earliest_cert_expiry - time()  <= 0
    for: 5m
    labels:
      severity: error
    annotations:
      summary: "SSL certificate expired (instance {{ $labels.instance }})"
      description: "SSL certificate has expired already\n  VALUE = {{ $value }}\n  LABELS: {{ $labels }}"

#热加载prometheus
curl -X POST http://localhost:9090/-/reload


5、Grafana中加入 blackbox_exporter监控数据

1、此模板为9965号模板,数据源选择Prometheus 模板下载地址
https://grafana.com/grafana/dashboards/9965

注意
此模板需要安装饼状图插件 下载地址 https://grafana.com/grafana/plugins/grafana-piechart-panel
安装插件,重启grafana生效。

grafana-cli plugins install grafana-piechart-panel
systemctl restart grafana-server

2、添加模板13230,专门监控ssl的模板

版权声明:本文为weixin_45203131原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。