Loading... ## Blackbox Exporter 部署 <div class="tab-container post_tab box-shadow-wrap-lg"> <ul class="nav no-padder b-b scroll-hide" role="tablist"> <li class='nav-item active' role="presentation"><a class='nav-link active' style="" data-toggle="tab" aria-controls='tabs-3f0b5e5496767fae43c1f7b895bb3ef7960' role="tab" data-target='#tabs-3f0b5e5496767fae43c1f7b895bb3ef7960'>在容器中运行</a></li><li class='nav-item ' role="presentation"><a class='nav-link ' style="" data-toggle="tab" aria-controls='tabs-5aa8fcb2697ec24245a30d25187531e7131' role="tab" data-target='#tabs-5aa8fcb2697ec24245a30d25187531e7131'>在服务器上运行</a></li> </ul> <div class="tab-content no-border"> <div role="tabpanel" id='tabs-3f0b5e5496767fae43c1f7b895bb3ef7960' class="tab-pane fade active in"> 创建配置文件 `/usr/local/blackbox_exporter/config.yaml`,内容根据需求修改 ```bash modules: http_2xx: # http 监测 prober: http http: preferred_ip_protocol: "ip4" http_post_2xx: # http post 监测 prober: http http: method: POST preferred_ip_protocol: "ip4" tcp_connect: # tcp 监测 prober: tcp tcp: preferred_ip_protocol: "ip4" icmp: prober: icmp timeout: 5s icmp: preferred_ip_protocol: "ip4" dns: prober: dns dns: transport_protocol: "udp" preferred_ip_protocol: "ip4" query_name: "www.baidu.com" # 利用这个域名来检查 dns 服务器 query_type: "A" ``` 启动容器 ```bash docker run -d --restart=always --name blackbox-exporter \ -v /data/blackbox_exporter:/etc/blackbox_exporter \ --network prometheus \ prom/blackbox-exporter:v0.25.0 --config.file=/etc/blackbox_exporter/blackbox.yml ``` 然后在 prometheus 中增加配置 ```yaml - job_name: blackbox_http_2xx scheme: http metrics_path: /probe params: module: [http_2xx] # 模块对应 blackbox.yml static_configs: - targets: - https://www.baidu.com # https labels: module: https env: test name: https-baidu - targets: - https://www.qwerto.cc # https labels: module: https env: prod name: https-qwerto relabel_configs: - source_labels: [__address__] target_label: __param_target - source_labels: [__param_target] target_label: instance - target_label: __address__ replacement: blackbox_exporter:9115 - job_name: 'blackbox_icmp_ping' scheme: http metrics_path: /probe params: module: [icmp] static_configs: - targets: - www.baidu.com labels: module: icmp env: test name: icmp-baidu relabel_configs: - source_labels: [__address__] target_label: __param_target - source_labels: [__param_target] target_label: instance - target_label: __address__ replacement: blackbox_exporter:9115 - job_name: "blackbox_dns" scheme: http metrics_path: /probe params: module: [dns] # DNS 模块 static_configs: - targets: - 8.8.8.8:53 labels: module: dns env: test name: dns-google relabel_configs: - source_labels: [__address__] target_label: __param_target - source_labels: [__param_target] target_label: instance - target_label: __address__ replacement: blackbox_exporter:9115 ``` </div><div role="tabpanel" id='tabs-5aa8fcb2697ec24245a30d25187531e7131' class="tab-pane fade "> 从[官网]([https://prometheus.io/download/](https://github.com/prometheus/blackbox_exporter/releases))下载对应的 Blackbox Exporter 软件包,解压到 `/usr/local/black_exporter` ```bash wget https://github.com/prometheus/blackbox_exporter/releases/download/v0.25.0/blackbox_exporter-0.25.0.linux-amd64.tar.gz tar zxvf blackbox_exporter-0.25.0.linux-amd64.tar.gz mv blackbox_exporter-0.25.0.linux-amd64 /usr/local/blackbox_exporter ``` ### 配置 TLS 和 Basic Auth #### TLS 将安装 Prometheus 时创建的证书 `node_exporter.crt` 和密钥 `node_exporter.key` 复制到 Blackbox Exporter 路径 `/usr/local/blackbox_exporter/` 创建配置文件 `vim /usr/local/blackbox_exporter/config.yaml` ```yaml tls_server_config: cert_file: node_exporter.crt key_file: node_exporter.key ``` #### Basic Auth 使用 htpasswd 生成密码hash(如果命令不存在,则需要安装软件包 `apt install apache2-utils` ) ```bash htpasswd -nBC 12 '' | tr -d ':\n' ``` 完整的 `/usr/local/blackbox_exporter/config.yaml` 配置文件参考: ```yaml tls_server_config: cert_file: node_exporter.crt key_file: node_exporter.key # 增加 BasicAuth 验证 basic_auth_users: # 当前设置的用户名为 asdasfdassad,可以设置多个,冒号后面为上面生成的密码hash asdasfdassad: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ``` #### 修改配置文件 修改 Blackbox Exporter 的配置文件 `vim /usr/local/blackbox_exporter/blackbox.yml` ,默认已有一些配置,需要按需求修改下 ```yaml modules: http_2xx: # http 监测 prober: http http: preferred_ip_protocol: "ip4" http_post_2xx: # http post 监测 prober: http http: method: POST preferred_ip_protocol: "ip4" tcp_connect: # tcp 监测 prober: tcp tcp: preferred_ip_protocol: "ip4" icmp: prober: icmp timeout: 5s icmp: preferred_ip_protocol: "ip4" dns: prober: dns dns: transport_protocol: "udp" preferred_ip_protocol: "ip4" query_name: "www.baidu.com" # 利用这个域名来检查 dns 服务器 query_type: "A" ``` ### 通过服务启动 创建服务 `vim /etc/systemd/system/blackbox_exporter.service`,要根据实际情况修改启动参数 ```bash [Unit] Description=Prometheus blackbox exporter Wants=network-online.target After=network-online.target [Service] User=prometheus Group=prometheus AmbientCapabilities=CAP_NET_RAW Type=simple ExecStart=/usr/local/blackbox_exporter/blackbox_exporter --config.file=/usr/local/blackbox_exporter/blackbox.yml --web.config.file=/usr/local/blackbox_exporter/config.yaml [Install] WantedBy=multi-user.target ``` 创建用户并赋权 ```bash useradd prometheus -M -s /sbin/nologin chown prometheus:prometheus /usr/local/blackbox_exporter -R chmod 755 /usr/local/blackbox_exporter -R ``` 设置开机启动并启动服务 ```bash systemctl enable blackbox_exporter service blackbox_exporter start service blackbox_exporter status ``` ### 增加防火墙规则 Blackbox Exporter 默认使用 `9115` 端口,防火墙上需要放行这个端口(不建议公网直接访问),建议只允许 Prometheus 服务端IP访问 ``` iptables -A INPUT -s 1.1.1.1/32 -p tcp --dport 9115 -j ACCEPT -m comment --comment "prometheus-blackbox-exporter" iptables-save >/etc/iptables/rules.v4 ``` ### 在 Prometheus 服务端增加 Node `prometheus.yml` 中增加,然后 reload 配置 ```yaml - job_name: blackbox_http_2xx scheme: https tls_config: ca_file: node_exporter.crt # 证书 server_name: "qwerto.local" insecure_skip_verify: true basic_auth: # 进行 Basic Auth 验证 username: xxxxx # blackbox exporter 配置的用户名 password: xxxxxxxxxxxxxxxxxxxxxxxxxxx # blackbox exporter 配置的密码(明文) metrics_path: /probe params: module: [http_2xx] # 模块对应 blackbox.yml static_configs: - targets: - https://www.baidu.com # https labels: module: https env: 公网 name: https-baidu - targets: - https://www.qwerto.cc # https labels: module: https env: 公网 name: https-qwerto relabel_configs: - source_labels: [__address__] target_label: __param_target - source_labels: [__param_target] target_label: instance - target_label: __address__ replacement: 127.0.0.1:9115 # blackbox exporter - job_name: 'blackbox_icmp_ping' scheme: https tls_config: ca_file: node_exporter.crt # 证书 server_name: "qwerto.local" insecure_skip_verify: true basic_auth: # 进行 Basic Auth 验证 username: xxxxx # blackbox exporter 配置的用户名 password: xxxxxxxxxxxxxxxxxxxxxxxxxxx # blackbox exporter 配置的密码(明文) metrics_path: /probe params: module: [icmp] static_configs: - targets: - 119.29.29.29 labels: module: icmp env: 公网 name: icmp-tencent - targets: - www.baidu.com labels: module: icmp env: 公网 name: icmp-baidu - targets: - www.taobao.com labels: module: icmp env: 公网 name: icmp-taobao relabel_configs: - source_labels: [__address__] target_label: __param_target - source_labels: [__param_target] target_label: instance - target_label: __address__ replacement: 127.0.0.1:9115 - job_name: "blackbox_dns" scheme: https tls_config: ca_file: node_exporter.crt # 证书 server_name: "qwerto.local" insecure_skip_verify: true basic_auth: # 进行 Basic Auth 验证 username: xxxxx # blackbox exporter 配置的用户名 password: xxxxxxxxxxxxxxxxxxxxxxxxxxx # blackbox exporter 配置的密码(明文) metrics_path: /probe params: module: [dns] # DNS 模块 static_configs: - targets: - 119.29.29.29:53 labels: module: dns env: 公网 name: dns-dnspod - targets: - 8.8.8.8:53 labels: module: dns env: 公网 name: dns-google relabel_configs: - source_labels: [__address__] target_label: __param_target - source_labels: [__param_target] target_label: instance - target_label: __address__ replacement: 127.0.0.1:9115 ``` </div> </div> </div> ## 告警规则参考 ```yaml groups: - name: blackbox告警 rules: - alert: BlackboxProbeFailed expr: probe_success{env="HK"} == 0 for: 0m labels: severity: critical annotations: summary: Blackbox probe failed description: "Probe failed\n 名称:{{ $labels.name }}\n 站点:{{ $labels.instance }}" - alert: SSL证书即将到期 expr: 3 <= round((last_over_time(probe_ssl_earliest_cert_expiry[10m]) - time()) / 86400, 0.1) < 20 for: 0m labels: severity: warning annotations: summary: SSL证书即将到期 description: "SSL证书即将在 20 天后到期\n 名称:{{ $labels.name }}\n 站点:{{ $labels.instance }}" - alert: SSL证书即将到期 expr: 0 <= round((last_over_time(probe_ssl_earliest_cert_expiry[10m]) - time()) / 86400, 0.1) < 3 for: 0m labels: severity: critical annotations: summary: SSL证书即将到期 description: "SSL证书即将在 3 天后到期\n 名称:{{ $labels.name }}\n 站点:{{ $labels.instance }}" - alert: SSL证书已过期 expr: round((last_over_time(probe_ssl_earliest_cert_expiry[10m]) - time()) / 86400, 0.1) < 0 for: 0m labels: severity: critical annotations: summary: SSL证书已过期 description: "SSL证书已过期\n 名称:{{ $labels.name }}\n 站点:{{ $labels.instance }}" ```  ## Grafana #9965 #20338   最后修改:2024 年 07 月 30 日 © 允许规范转载 赞 如果觉得我的文章对你有用,请随意赞赏