Open hellais opened 9 months ago
This was leading to the following error when running the node exporter scrape:
As a hotfix we just put in the tls_config section the following:
tls_config:
# XXX this is a hotfix to https://github.com/ooni/backend/issues/747
insecure_skip_verify: true
Older hosts are using
ooca_ca
to generate the certificates used by the prometheus scraper to collect blackbox exported metrics.Newer hosts are handling this "on the fly", like this: https://github.com/ooni/sysadmin/blob/master/ansible/roles/base-bullseye/tasks/main.yml#L219.
https://github.com/ooni/sysadmin/blob/master/ansible/roles/base-bullseye/tasks/main.yml#L229 <--- this deploys the updated cert to all hosts sending data to vector without running a full host bootstrap
We should update the old hosts to make use of this new pattern.