Promethues monitoring SSL domain name expiration time deployment document
Promethues configuration
Configuration file:
Deployment address: /usr/local/prometheus/
Configuration file: prometheus.yml
# my global config global: scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute. evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute. # scrape_timeout is set to the global default (10s). # Alertmanager configuration alerting: alert managers: - static_configs: - targets: - 172.16.20.10:9093 # Load rules once and periodically evaluate them according to the global 'evaluation_interval'. rule_files: # - "first_rules.yml" # - "second_rules.yml" - "/etc/prometheus/*.yml" # A scrape configuration containing exactly one endpoint to scrape: # Here it's Prometheus itself. scrape_configs: # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config. - job_name: 'prometheus' # metrics_path defaults to '/metrics' # scheme defaults to 'http'. # - job_name: 'consul-prometheus' consul_sd_configs: - server: '172.16.20.197:8500' services: [] - job_name: 'blackbox' metrics_path: /probe params: module: [http_2xx] static_configs: - targets: #Need to monitor the domain name of SSL - https://www.baidu.com relabel_configs: - source_labels: [__address__] target_label: __param_target - source_labels: [__param_target] target_label: instance - target_label: __address__ replacement: *.*.*:9115
Alarm rules:
Configuration file address: /etc/prometheus/node.yml
groups: - name: "SSL certificate expiration reminder" rules: - alert: "Certificate expiration time < 100 days" expr: probe_ssl_earliest_cert_expiry-time() < 86400 * 100 for: 0s labels: severity: "Hint" annotations: summary: "{<!-- -->{ $labels.instance }} The SSL certificate will expire in 100 days, please renew it in time!" description: "{<!-- -->{ $labels.instance }} The SSL certificate will expire in 100 days, please renew it in time!" - alert: "Certificate expiration time <30 days" expr: probe_ssl_earliest_cert_expiry-time() < 86400 * 30 for: 0s labels: severity: "Hint" annotations: summary: "{<!-- -->{ $labels.instance }} The SSL certificate will expire in 30 days, please renew it in time!" description: "{<!-- -->{ $labels.instance }} The SSL certificate will expire in 30 days, please renew it in time!" - alert: "Certificate expiration time <7 days" expr: probe_ssl_earliest_cert_expiry -time() < 86400 * 7 for: 0s labels: severity: "warning" annotations: summary: "{<!-- -->{ $labels.instance }} The SSL certificate will expire in 7 days, please renew it in time!" description: "{<!-- -->{ $labels.instance }} The SSL certificate will expire in 7 days, please renew it in time!" - alert: "Certificate expiration time < 1 day" expr: probe_ssl_earliest_cert_expiry-time() < 86400 * 1 for: 0s labels: severity: "disaster" annotations: summary: "{<!-- -->{ $labels.instance }} The SSL certificate will expire in 1 day, please renew it in time!" description: "{<!-- -->{ $labels.instance }} The SSL certificate will expire in 1 day, please renew it in time!"
Start and stop command:
systemctl start promethues systemctl stop promethues
alertmanager configuration:
Deployment address: /usr/local/alertmanager/
Configuration file:
route:
group_by: [‘alertname’]
group_wait: 30s #At least how many seconds to wait for an initial notification to be sent when an incoming alert creates a new group of alerts. default 30s
group_interval: 5m #After sending an alarm, how long to wait before sending new alarms in the same group. Default 5m
repeat_interval: 1h #How many hours to wait before resending the alert if the alert was sent successfully. default 4h
receiver: ‘webhook1’
receivers:
-
name: ‘webhook1’
webhook_configs:
# Change the address to your own address- url: ‘http://...:8060/dingtalk/webhook1/send’
inhibit_rules: - source_match:
severity: ‘critical’
target_match:
severity: ‘warning’
equal: [‘alertname’, ‘dev’, ‘instance’]
Start and stop command:
nohup ./alertmanager & amp;
- url: ‘http://...:8060/dingtalk/webhook1/send’
Prometheus-webhook-dingtalk configuration:
Configuration file:
Configuration file address: /usr/local/prometheus-webhook-dingtalk/config.example.yml
## Request timeout # timeout: 5s ## Uncomment following line in order to write template from scratch (be careful!) #no_builtin_template: true ## Customizable templates path templates: - contrib/usr/local/prometheus-webhook-dingtalk/templates/default.tmpl ## You can also override default template using `default_message` ## The following example to use the 'legacy' template from v0.3.0 #default_message: # title: '{<!-- -->{ template "legacy.title" . }}' # text: '{<!-- -->{ template "legacy.content" . }}' ## Targets, previously was known as "profiles" targets: webhook1: #Dingding Robot Webhook url: robot address # secret for signature #Dingding robot se key secret: DingTalk se key # webhook2: # url: https://oapi.dingtalk.com/robot/send?access_token=e2ea299d896d46e8e39ccd9fe988a176c5b5fedd2e27ac48aa68cb3a3a120335 # secret: SEC4e645c2ab579fcc3570fca582776fa276438854d0b203c0f7b68a32e240221c6 webhook_legacy: url: https://oapi.dingtalk.com/robot/send?access_token=xxxxxxxxxxxx # Customize template content message: # Use legacy template title: '{<!-- -->{ template "legacy.title" . }}' text: '{<!-- -->{ template "legacy.content" . }}' webhook_mention_all: url: https://oapi.dingtalk.com/robot/send?access_token=xxxxxxxxxxxx mention: all: true webhook_mention_users: url: https://oapi.dingtalk.com/robot/send?access_token=xxxxxxxxxxxx mention: mobiles: ['156xxxx8827', '189xxxx8325']
Template:
Template address: /usr/local/prometheus-webhook-dingtalk/templates/default.yml ... ... {<!-- -->{/* Firing */}} {<!-- -->{ define "default.__text_alert_list" }}{<!-- -->{ range . }} **Trigger time:** {<!-- -->{ dateInZone "2006.01.02 15:04:05" (.StartsAt) "Asia/Shanghai" }} **Summary:** {<!-- -->{ .Annotations.summary }} **Description:** {<!-- -->{ .Annotations.description }} **Monitoring:** [grafana](http://grafana_ip:8000/grafana/d/GuJ5DHMnz/fu-wu-qi-jian-kong-tu-biao?orgId=1) **Details:** {<!-- -->{ range .Labels.SortedPairs }}{<!-- -->{ if and (ne (.Name) "severity") (ne (.Name) "summary") }}> - {<!-- -->{ .Name }}: {<!-- -->{ .Value | markdown | html }} {<!-- -->{ end }}{<!-- -->{ end }} {<!-- -->{ end }}{<!-- -->{ end }} {<!-- -->{/* Resolved */}} {<!-- -->{ define "default.__text_resolved_list" }}{<!-- -->{ range . }} **Trigger time:** {<!-- -->{ dateInZone "2006.01.02 15:04:05" (.StartsAt) "Asia/Shanghai" }} **Release time:** {<!-- -->{ dateInZone "2006.01.02 15:04:05" (.EndsAt) "Asia/Shanghai" }} **Summary:** {<!-- -->{ .Annotations.summary }} **Monitoring:** [grafana](http://grafana_ip:8000/grafana/d/GuJ5DHMnz/fu-wu-qi-jian-kong-tu-biao?orgId=1) **Details:** {<!-- -->{ range .Labels.SortedPairs }}{<!-- -->{ if and (ne (.Name) "severity") (ne (.Name) "summary") }}> - {<!-- -->{ .Name }}: {<!-- -->{ .Value | markdown | html }} {<!-- -->{ end }}{<!-- -->{ end }} {<!-- -->{ end }}{<!-- -->{ end }} ... ...
grafana display template
9965