一、简介
blackbox_exporter:
blackbox_exporter是Prometheus 官方提供的 exporter 之一,可以提供 http、dns、tcp、icmp 的监控数据采集,blackbox_exporter 可用于以下监测:
HTTP 测试: 定义Request Header信息、判断 Http status/Http Respones Header/HttpBody 内容
TCP 测试: 业务组件端口状态监听、应用层协议定义与监听
ICMP 测试: 主机探活机制
POST 测试: 接口联通性
SSL证书过期时间
github地址:GitHub - prometheus/blackbox_exporter: Blackbox prober exporterhttps://github.com/prometheus/blackbox_exporter
二、安装
二进制安装
$ wget https://github.com/prometheus/blackbox_exporter/releases/download/v0.16.0/blackbox_exporter-0.16.0.linux-amd64.tar.gz
$ tar -zxvf blackbox_exporter-0.16.0.linux-amd64.tar.gz -C /data
$ mv /data/blackbox_exporter-0.16.0.linux-amd64 /data/blackbox_exporter
$ cd /data/blackbox_exporter/
$ ./blackbox_exporter --version
$ nohup ./blackbox_exporter &
使用blackbox_exporter 检测目标,使用语法如下:
语法结构(debug模式):
http://localhost:9115/probe?target=xxx&module=xxx&debug=true
例如:
$ curl "http://localhost:9115/probe?target=10.50.10.7:22022&module=tcp_connect&debug=true"
$ curl "http://localhost:9115/probe?target=10.50.10.7&module=icmp&debug=true"
K8S安装
配置文件
$ cat config.yml
apiVersion: v1
kind: ConfigMap
metadata:
name: blackbox-exporter
namespace: kube-mon
data:
blackbox.yml: |-
modules:
http_2xx:
prober: http
timeout: 2s
http:
valid_http_versions: ["HTTP/1.1", "HTTP/2"]
valid_status_codes: [200,301,302]
method: GET
preferred_ip_protocol: "ipv4"
tcp_connect:
prober: tcp
timeout: 2s
http_403:
prober: http
timeout: 2s
http:
valid_http_versions: ["HTTP/1.1", "HTTP/2"]
valid_status_codes: [403]
method: GET
preferred_ip_protocol: "ipv4"
https_403:
prober: https
timeout: 2s
http:
valid_http_versions: ["HTTP/1.1", "HTTP/2"]
valid_status_codes: [403]
method: GET
preferred_ip_protocol: "ipv4"
icmp:
prober: icmp
deploy部署
$ cat deploy.yml
kind: Deployment
apiVersion: apps/v1
metadata:
name: blackbox-exporter
namespace: kube-mon
labels:
app.kubernetes.io/name: blackbox
app.kubernetes.io/version: 0.16.0
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: blackbox
template:
metadata:
labels:
app.kubernetes.io/name: blackbox
spec:
volumes:
- name: config
configMap:
name: blackbox-exporter
defaultMode: 420
containers:
- name: blackbox-exporter
image: prom/blackbox-exporter:v0.16.0
imagePullPolicy: IfNotPresent
args:
- --config.file=/etc/blackbox_exporter/blackbox.yml
- --log.level=info
- --web.listen-address=:9115
ports:
- name: blackbox-port
containerPort: 9115
protocol: TCP
resources:
limits:
cpu: 30m
memory: 100Mi
requests:
cpu: 10m
memory: 50Mi
volumeMounts:
- name: config
mountPath: /etc/blackbox_exporter
readinessProbe:
tcpSocket:
port: 9115
initialDelaySeconds: 5
timeoutSeconds: 5
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
svc 服务发现
$ cat svc.yml
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/name: blackbox
name: blackbox-exporter
namespace: kube-mon
spec:
ports:
- name: balckbox
port: 9115
protocol: TCP
targetPort: 9115
selector:
app.kubernetes.io/name: blackbox
创建以上资源:
$ kubectl apply -f .
如更改配置文件需要重新加载配置:
$ curl -X POST localhost:31425/-/reload
三、配置Prometheus采集数据
1、ICMP 测试(主机探活)
可以通过 ping(icmp) 检测服务器的存活,在 blackbox.yml 使用的配置是icmp 模块:
modules:
icmp:
prober: icmp
添加Prometheus配置:
- job_name: "check_hosts"
metrics_path: /probe
params:
modelus: [icmp]
static_configs:
- targets:
- 10.60.38.208
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: blackbox-exporter:9115
2、TCP 测试(监控主机端口存活状态)
检测端口是否存活,在blackbox.yml 配置文件中使用的配置是tcp_connect模块:
modules:
tcp_connect:
prober: tcp
添加pronetheus配置
- job_name: "check_ports"
metrics_path: /probe
params:
module: [tcp_connect]
static_configs:
- targets:
- 10.60.38.208:8080
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: blackbox-exporter:9115
3、检测SSL证书过期时间
检测SSL证书,在blackbox.yml 配置文件中使用的配置是模块:
http_2xx:
prober: http
timeout: 10s
http:
preferred_ip_protocol: "ipv4"
valid_http_versions: ["HTTP/1.1", "HTTP/2"]
valid_status_codes: [200,301,302,303]
method: GET
添加pronetheus配置
- job_name: "blackbox_ssl"
metrics_path: /probe
params:
module: [http_2xx]
static_configs:
- targets:
- https://www.baidu.com
relabel_configs:
- source_labels: [__address__]
target_label: instance
- source_labels: [__address__]
target_label: __param_target
- target_label: __address__
replacement: blackbox-exporter:9115
告警规则
端口监测失败 (正则匹配8080端口)
sum by(instance) (probe_success{instance=~".*:8080$",job="check_ports"}) == 0
主机ping不通
sum by (instance)(probe_success{job="check_hosts"}) == 0
证书还有30天过期
probe_ssl_earliest_cert_expiry{job="blackbox_ssl"} - time() < 86400 * 30
grafana id: 9965 13230
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)