Promethues monitors SSL domain name expiration time

Promethues monitoring SSL domain name expiration time deployment document

Promethues configuration

Configuration file:

Deployment address: /usr/local/prometheus/

Configuration file: prometheus.yml

# my global config
global:
  scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
  evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.
  # scrape_timeout is set to the global default (10s).

# Alertmanager configuration
alerting:
  alert managers:
  - static_configs:
    - targets:
       - 172.16.20.10:9093

# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
rule_files:
  # - "first_rules.yml"
  # - "second_rules.yml"
    - "/etc/prometheus/*.yml"
# A scrape configuration containing exactly one endpoint to scrape:
# Here it's Prometheus itself.
scrape_configs:
  # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
  - job_name: 'prometheus'


    # metrics_path defaults to '/metrics'
    # scheme defaults to 'http'.
    #
  - job_name: 'consul-prometheus'
    consul_sd_configs:
    - server: '172.16.20.197:8500'
      services: []
   - job_name: 'blackbox'
    metrics_path: /probe
    params:
      module: [http_2xx]
    static_configs:
      - targets:
#Need to monitor the domain name of SSL
        - https://www.baidu.com
    relabel_configs:
      - source_labels: [__address__]
        target_label: __param_target
      - source_labels: [__param_target]
        target_label: instance
      - target_label: __address__
        replacement: *.*.*:9115

Alarm rules:

Configuration file address: /etc/prometheus/node.yml

groups:
- name: "SSL certificate expiration reminder"
  rules:
  - alert: "Certificate expiration time < 100 days"
    expr: probe_ssl_earliest_cert_expiry-time() < 86400 * 100
    for: 0s
    labels:
      severity: "Hint"
    annotations:
      summary: "{<!-- -->{ $labels.instance }} The SSL certificate will expire in 100 days, please renew it in time!"
      description: "{<!-- -->{ $labels.instance }} The SSL certificate will expire in 100 days, please renew it in time!"
  - alert: "Certificate expiration time <30 days"
    expr: probe_ssl_earliest_cert_expiry-time() < 86400 * 30
    for: 0s
    labels:
      severity: "Hint"
    annotations:
      summary: "{<!-- -->{ $labels.instance }} The SSL certificate will expire in 30 days, please renew it in time!"
      description: "{<!-- -->{ $labels.instance }} The SSL certificate will expire in 30 days, please renew it in time!"
  - alert: "Certificate expiration time <7 days"
    expr: probe_ssl_earliest_cert_expiry -time() < 86400 * 7
    for: 0s
    labels:
      severity: "warning"
    annotations:
      summary: "{<!-- -->{ $labels.instance }} The SSL certificate will expire in 7 days, please renew it in time!"
      description: "{<!-- -->{ $labels.instance }} The SSL certificate will expire in 7 days, please renew it in time!"
  - alert: "Certificate expiration time < 1 day"
    expr: probe_ssl_earliest_cert_expiry-time() < 86400 * 1
    for: 0s
    labels:
      severity: "disaster"
    annotations:
      summary: "{<!-- -->{ $labels.instance }} The SSL certificate will expire in 1 day, please renew it in time!"
      description: "{<!-- -->{ $labels.instance }} The SSL certificate will expire in 1 day, please renew it in time!"

Start and stop command:

systemctl start promethues

systemctl stop promethues

alertmanager configuration:

Deployment address: /usr/local/alertmanager/

Configuration file:

route:
group_by: [‘alertname’]
group_wait: 30s #At least how many seconds to wait for an initial notification to be sent when an incoming alert creates a new group of alerts. default 30s
group_interval: 5m #After sending an alarm, how long to wait before sending new alarms in the same group. Default 5m
repeat_interval: 1h #How many hours to wait before resending the alert if the alert was sent successfully. default 4h
receiver: ‘webhook1’
receivers:

  • name: ‘webhook1’
    webhook_configs:
    # Change the address to your own address

    • url: ‘http://...:8060/dingtalk/webhook1/send’
      inhibit_rules:
    • source_match:
      severity: ‘critical’
      target_match:
      severity: ‘warning’
      equal: [‘alertname’, ‘dev’, ‘instance’]

    Start and stop command:

    nohup ./alertmanager & amp;

Prometheus-webhook-dingtalk configuration:

Configuration file:

Configuration file address: /usr/local/prometheus-webhook-dingtalk/config.example.yml

## Request timeout
# timeout: 5s

## Uncomment following line in order to write template from scratch (be careful!)
#no_builtin_template: true

## Customizable templates path
templates:
 - contrib/usr/local/prometheus-webhook-dingtalk/templates/default.tmpl

## You can also override default template using `default_message`
## The following example to use the 'legacy' template from v0.3.0
#default_message:
# title: '{<!-- -->{ template "legacy.title" . }}'
# text: '{<!-- -->{ template "legacy.content" . }}'

## Targets, previously was known as "profiles"
targets:
  webhook1:
  #Dingding Robot Webhook
    url: robot address
    # secret for signature
    #Dingding robot se key
    secret: DingTalk se key
    # webhook2:
 # url: https://oapi.dingtalk.com/robot/send?access_token=e2ea299d896d46e8e39ccd9fe988a176c5b5fedd2e27ac48aa68cb3a3a120335
 # secret: SEC4e645c2ab579fcc3570fca582776fa276438854d0b203c0f7b68a32e240221c6
  webhook_legacy:
    url: https://oapi.dingtalk.com/robot/send?access_token=xxxxxxxxxxxx
    # Customize template content
    message:
      # Use legacy template
      title: '{<!-- -->{ template "legacy.title" . }}'
      text: '{<!-- -->{ template "legacy.content" . }}'
  webhook_mention_all:
    url: https://oapi.dingtalk.com/robot/send?access_token=xxxxxxxxxxxx
    mention:
      all: true
  webhook_mention_users:
    url: https://oapi.dingtalk.com/robot/send?access_token=xxxxxxxxxxxx
    mention:
      mobiles: ['156xxxx8827', '189xxxx8325']

Template:

 Template address: /usr/local/prometheus-webhook-dingtalk/templates/default.yml
...
...
{<!-- -->{/* Firing */}}

{<!-- -->{ define "default.__text_alert_list" }}{<!-- -->{ range . }}

**Trigger time:** {<!-- -->{ dateInZone "2006.01.02 15:04:05" (.StartsAt) "Asia/Shanghai" }}

**Summary:** {<!-- -->{ .Annotations.summary }}

**Description:** {<!-- -->{ .Annotations.description }}

**Monitoring:** [grafana](http://grafana_ip:8000/grafana/d/GuJ5DHMnz/fu-wu-qi-jian-kong-tu-biao?orgId=1)

**Details:**
{<!-- -->{ range .Labels.SortedPairs }}{<!-- -->{ if and (ne (.Name) "severity") (ne (.Name) "summary") }}> - {<!-- -->{ .Name }}: {<!-- -->{ .Value | markdown | html }}
{<!-- -->{ end }}{<!-- -->{ end }}
{<!-- -->{ end }}{<!-- -->{ end }}

{<!-- -->{/* Resolved */}}

{<!-- -->{ define "default.__text_resolved_list" }}{<!-- -->{ range . }}

**Trigger time:** {<!-- -->{ dateInZone "2006.01.02 15:04:05" (.StartsAt) "Asia/Shanghai" }}

**Release time:** {<!-- -->{ dateInZone "2006.01.02 15:04:05" (.EndsAt) "Asia/Shanghai" }}

**Summary:** {<!-- -->{ .Annotations.summary }}

**Monitoring:** [grafana](http://grafana_ip:8000/grafana/d/GuJ5DHMnz/fu-wu-qi-jian-kong-tu-biao?orgId=1)

**Details:**
{<!-- -->{ range .Labels.SortedPairs }}{<!-- -->{ if and (ne (.Name) "severity") (ne (.Name) "summary") }}> - {<!-- -->{ .Name }}: {<!-- -->{ .Value | markdown | html }}
{<!-- -->{ end }}{<!-- -->{ end }}
{<!-- -->{ end }}{<!-- -->{ end }}
...
...

grafana display template

9965