基于blackbox_exporter实现对URL状态、IP可用性、端口状态、TLS证书的过期时间监控
一、blackbox_exporter介绍
blackbox_exporter 是 Prometheus 官方提供的一个 exporter, 可以监控 HTTP、HTTPS,、 DNS、 TCP 、 ICMP 等目标实例, 从而实现对被监控节点进行监控和数据采集。
HTTP/HTPPS: URL/API 可用性检测
TCP: 端口监听检测
ICMP: 主机存活检测
DNS: 域名解析
二、安装部署blackbox_exporter
wget https://github.com/prometheus/blackbox_exporter/releases/download/v0.22.0/blackbox_exporter-0.22.0.linux-amd64.tar.gz
tar -xf blackbox_exporter-0.22.0.linux-amd64.tar.gz -C /apps/
cd /apps/
mv blackbox_exporter-0.22.0.linux-amd64/ blackbox_exporter
[root@monitoring ~]# vim /etc/systemd/system/blackbox-exporter.service [root@monitoring ~]# cat /etc/systemd/system/blackbox-exporter.service [Unit] Description=Prometheus Blackbox Exporter After=network.target [Service] Type=simple User=root Group=root ExecStart=/apps/blackbox_exporter/blackbox_exporter \ --config.file=/apps/blackbox_exporter/blackbox.yml \ --web.listen-address=:9115 Restart=on-failure [Install] WantedBy=multi-user.target [root@monitoring ~]# [root@monitoring ~]# systemctl enable --now blackbox-exporter.service Created symlink /etc/systemd/system/multi-user.target.wants/blackbox-exporter.service → /etc/systemd/system/blackbox-exporter.service. [root@monitoring ~]# systemctl status blackbox-exporter.service ● blackbox-exporter.service - Prometheus Blackbox Exporter Loaded: loaded (/etc/systemd/system/blackbox-exporter.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2022-09-27 16:56:04 CST; 1min 13s ago Main PID: 29832 (blackbox_export) Tasks: 8 (limit: 49440) Memory: 4.9M CGroup: /system.slice/blackbox-exporter.service └─29832 /apps/blackbox_exporter/blackbox_exporter --config.file=/apps/blackbox_exporter/blackbox.yml --web.listen-address=:9115 Sep 27 16:56:04 monitoring systemd[1]: Started Prometheus Blackbox Exporter. Sep 27 16:56:04 monitoring blackbox_exporter[29832]: ts=2022-09-27T08:56:04.252Z caller=main.go:256 level=info msg="Starting blackbox_exporter" version="(version=0.22.0, > Sep 27 16:56:04 monitoring blackbox_exporter[29832]: ts=2022-09-27T08:56:04.253Z caller=main.go:257 level=info build_context="(go=go1.18.5, user=root@4d81de342d10, date=2> Sep 27 16:56:04 monitoring blackbox_exporter[29832]: ts=2022-09-27T08:56:04.255Z caller=main.go:269 level=info msg="Loaded config file" Sep 27 16:56:04 monitoring blackbox_exporter[29832]: ts=2022-09-27T08:56:04.257Z caller=main.go:417 level=info msg="Listening on address" address=:9115 Sep 27 16:56:04 monitoring blackbox_exporter[29832]: ts=2022-09-27T08:56:04.258Z caller=tls_config.go:195 level=info msg="TLS is disabled." http2=false [root@monitoring ~]# netstat -tnlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 835/sshd tcp6 0 0 :::22 :::* LISTEN 835/sshd tcp6 0 0 :::3000 :::* LISTEN 24712/grafana-serve tcp6 0 0 :::9115 :::* LISTEN 29832/blackbox_expo tcp6 0 0 :::9090 :::* LISTEN 29615/prometheus tcp6 0 0 :::51234 :::* LISTEN 24847/node_exporter tcp6 0 0 :::9256 :::* LISTEN 24879/process-expor [root@monitoring ~]#
2.1、blackbox exporter 实现 URL 监控
配置Prometheus
[root@monitoring prometheus]# vim prometheus.yml [root@monitoring prometheus]# grep http_status -A10 prometheus.yml - job_name: 'http_status' metrics_path: /probe params: module: [http_2xx] static_configs: - targets: ['http://www.xiaomi.com', 'http://www.magedu.com'] labels: instance: http_status group: web relabel_configs: - source_labels: [__address__] # 将__address__(当前监控目标URL地址的标签)修改为__param_target,用于传递给blackbox_exporter target_label: __param_target #标签key为__param_target、value为www.xiaomi.mkey为__param_target、value为www.magedu.com - source_labels: [__param_target] #基于__param_target获取监控目标 target_label: url #将监控目标的值与 url 创建一个label - target_label: __address__ #新添加一个目标__address__,指向blackbox_exporter服务器地址,用于将监控请求发送给指定的blackbox_exporter服务器 replacement: 172.16.88.20:9115 #指定blackbox_exporter服务器地址 #API Serevr节点发现 [root@monitoring prometheus]# ./promtool check config prometheus.yml Checking prometheus.yml SUCCESS: prometheus.yml is valid prometheus config file syntax [root@monitoring prometheus]# systemctl restart prometheus.service [root@monitoring prometheus]#
2.2、blackbox exporter 实现 ICMP 监控
[root@monitoring prometheus]# vim prometheus.yml [root@monitoring prometheus]# ./promtool check config prometheus.yml Checking prometheus.yml SUCCESS: prometheus.yml is valid prometheus config file syntax [root@monitoring prometheus]# grep ping_status -A10 prometheus.yml - job_name: 'ping_status' metrics_path: /probe params: module: [icmp] static_configs: - targets: ['172.16.88.254',"223.6.6.6"] labels: instance: 'ping_status' group: 'icmp' relabel_configs: - source_labels: [__address__] target_label: __param_target - source_labels: [__param_target] target_label: ip - target_label: __address__ replacement: 172.16.88.20:9115 #API Serevr节点发现 [root@monitoring prometheus]# systemctl restart prometheus.service [root@monitoring prometheus]#
2.3、blackbox exporter 实现端口监控
[root@monitoring prometheus]# vim prometheus.yml [root@monitoring prometheus]# ./promtool check config prometheus.yml Checking prometheus.yml SUCCESS: prometheus.yml is valid prometheus config file syntax [root@monitoring prometheus]# grep port_status -A10 prometheus.yml - job_name: 'port_status' metrics_path: /probe params: module: [tcp_connect] static_configs: - targets: ['172.16.88.20:51234', '172.16.88.20:9256','172.16.88.20:22'] labels: instance: 'port_status' group: 'port' relabel_configs: - source_labels: [__address__] target_label: __param_target - source_labels: [__param_target] target_label: ip - target_label: __address__ replacement: 172.16.88.20:9115 #API Serevr节点发现 [root@monitoring prometheus]# systemctl restart prometheus.service [root@monitoring prometheus]#
2.4、导入模板
