Open atmanohar opened 3 years ago
I'm also wondering if blackbox_exporter supports checking of certs used by PostgreSQL?
openssl supports the postgreqsl protocol nowadays: https://www.feistyduck.com/library/openssl-cookbook/online/ch-testing-with-openssl.html#testing-protocols-that-upgrade-to-ssl
👋 just adding my experience with this problem. At my workplace, we have need to monitor an internal SSL/TLS-enabled Postgres. After a lot of unsuccessful attempts to coerce blackbox_exporter into doing that for us (as we use it everywhere else), we decided to instead add functionality into an in-house SSL/TLS management daemon to monitor this for us (with Postgres in mind). It would be great to some day remove that functionality and leverage blackbox_exporter for this need, too!
For the blackbox_exporter maintainers or others looking to do this with an established Golang ecosystem: our functionality for monitoring Postgres began with investigating how this worked, and improving it for our platform: https://github.com/chr4/pg-check-cert. I hope it can serve as a good starting point for how to do this solely in Go (or maybe there are more recent/idiomatic examples somewhere out there 🤷)
Alternatively you can now use ssl_exporter to scrape postgres cert metrics. Postgres support is available since version v2.3.1.
I also encountered this, and the issue is that currently the blackbox exporter query response expect matches operate in line mode, whereas PostgreSQL sends a single byte as a response to the SSLRequest, so it never matches and the exporter times out. The linked PR fixes this and adds a working example. Using it, I have been able to successfully scrape Postgres certificate metrics.
Host operating system: output of
uname -a
blackbox_exporter version: output of
blackbox_exporter --version
What is the blackbox.yml module config.
What is the prometheus.yml scrape config.
What logging output did you get from adding
&debug=true
to the probe URL?What did you do that produced an error?
What did you expect to see?
What did you see instead?