Shulou(Shulou.com)06/02 Report--

Network probe: what is Blackbox Exporter blackbox exporter?

Blackbox Exporter is the official black box monitoring solution provided by the Prometheus community, which allows users to explore the network by: http\ HTTPS\ DNS\ TCP\ ICMP.

Run blackbox exporter as docker

Pull the image

Docker pull prom/blackbox-exporter

Check dockerfile (this is a good habit)

$cat checkcheck dockerships file.shemaking PATH=$PATHif PATH=$PATHif [$#-eq 1] Then docker history-- format {{.CreatedBy}}-- no-trunc=true $1 | sed "s /\ / bin\ / sh\-c\\ # (nop)\ / g" | sed "s /\ / bin\ / sh\-c/RUN/g" | tac else echo "sh Obtain_dockerfile.sh $DOCKER_IMAGE" fi$ sh check_docker_file.sh prom/blackbox-exporter:latestADD file:b265aa0ea2ef7ff1f4a3e087217e75aca2c90f5c345406299664cc7969b2b28e in / CMD ["sh"] MAINTAINER The Prometheus Authors COPY dir : b1c1c3c551755544b818d03ad9136b137ca12c48393ba5cdd58d7f845647e042 in/ LABEL maintainer=The Prometheus Authors ARG ARCH=amd64 ARG OS=linuxCOPY file:2bfe91827ebb767bc51f40cd84675a3c315d9da8a70f6d8071c806e0b2b1ee73 in/ bin/blackbox_exporterCOPY file:6e820c2d591d3433d139b66241b74e9b7ffc90c9e120bac49cf97014e16f070a in/ etc/blackbox_exporter/config.yml EXPOSE 9115 ENTRYPOINT ["/ bin/blackbox_exporter"] CMD ["--config.file=/etc/blackbox_exporter/config.yml"]

Run blackbox exporter

Docker run-id-- name blackbox-exporter-p 9115 prom/blackbox-exporterblackbox exporter configuration file interpretation

Official explanation: https://github.com/prometheus/blackbox_exporter/blob/master/CONFIGURATION.md

Modules: http_2xx: prober: http http_post_2xx: prober: http http: method: POST tcp_connect: prober: tcp pop3s_banner: prober: tcp tcp: query_response:-expect: ^ + OK "tls: true tls_config: insecure_skip_verify: false ssh_banner: prober: tcp tcp: query_response:-expect:" ^ SSH-2.0- "irc_banner: prober: tcp tcp: query_response:-send:" NICK prober "- send:" USER prober prober prober: prober "- expect:" PING: ([^] +) "send:" PONG ${1} "- expect:" ^: [^] + 001 "icmp: prober: icmp

When running blackbox exporter, the user needs to provide the configuration information of the probe, which may be some custom HTTP header information, some TSL (secret key certificate) configuration needed for probe, or the verification behavior of the probe itself. Each probe configuration in blackbox exporter is called a module and is provided to blackbox exporter in the form of a YAML configuration file. Each module mainly contains the following configuration contents, probe type (prober), authentication access timeout (timeout), and specific configuration items for the current probe:

# probe type: http https tcp dns icmpprober: # required # timeout: [timeout:] # detailed configuration of the default unit second # probe. You can only configure at most one of the [http:] [tcp:] [dns:] [icmp:] Configurable parameter # the status code accepted by this probe. The default is 2xx. [valid_status_codes:,... | default = 2xx] # the HTTP version accepted by this probe. [valid_http_versions:,...] # the HTTP method that the probe will use. [method: | default = "GET"] # is the HTTP header set by the probe. Headers: [:...] # whether the probe will follow any redirection [no_follow_redirects: | default = false] # if there is a SSL, the probe fails. [fail_if_ssl: | default = false] # if SSL does not exist, the probe fails. [fail_if_not_ssl: | default = false] # if the response body matches the regular expression, the probe fails. Fail_if_body_matches_regexp: [-,...] # if the response body does not match the regular expression, the probe fails. Fail_if_body_not_matches_regexp: [-,...] # if the response header matches the regular expression, the probe fails. For headers with multiple values, if * at least one * matches, it fails. Fail_if_header_matches: [-,...] # if the response header does not match the regular expression, the probe fails. For headers with multiple values, if * none * does not match, it fails. Fail_if_header_not_matches: [-,...] # configuration of the TLS protocol for the HTTP probe. Tls_config: [] # HTTP basic authentication credentials for the target. Basic_auth: [username:] [password:] # the bearer token of the target. [bearer_token:] # the host token file of the target [bearer_token_file:] # is used to connect to the target's HTTP proxy server. [proxy_url:] # IP protocol (ip4,ip6) of the HTTP probe [preferred_ip_protocol: | default = "ip6"] [ip_protocol_fallback: | default = true] # the body of the HTTP request used in the probe. Body: [] # header:, regexp:, [allow_missing: | default = false] introduce several application scenarios of ping detection

You can detect the survival of the server through ping (icmp), and configure the use of ping module in the prometheus configuration file:

Icmp: prober: icmp

Integrate with prometheus

-job_name: 'blackbox-ping' metrics_path: / probe params: modelus: [icmp] static_configs:-targets:-223.5.5.5 lables: instance: aliyun-targets:-47.92.229.67 lables: instance: zsf relabel_configs:-source_labels: [_ address__] target_label : _ _ param_target-source_labels: [_ param_target] target_label: instance-target_label: _ _ address__ replacement: 192.168.111.65:9115HTTP

Blackbox config file

Modules: http_2xx: prober: http http: method: GET http_post_2xx: prober: http http: method: POST

Run as instructions after configuration

# DNS resolution time, unit sprobe_dns_lookup_time_seconds 0.03943135 probe time from start to end, unit s Request this page response time probe_duration_seconds 0.651619323probe_failed_due_to_regex 0#HTTP content response length probe_http_content_length-duration counts the time of each phase by phase probe_http_duration_seconds {phase= "connect"} 0.050388884 # connection time probe_http_duration_seconds {phase= "processing"} 0.45868667 # processing time probe_http_duration_seconds {phase= "resolve"} 0.040037612 # response time probe_http_duration_seconds {phase= "tls"} 0.145433254 # time to verify the certificate probe_http_duration_seconds {phase= "transfer"} 0.000566269 # number of redirects probe_http_redirects 1#ssl indicates whether to use SSL for the final redirection of the status code probe_http_status_code 20 returned by the probe_http_ssl administrator uncompressed response body length probe_http_uncompressed_body_length 40339#http Whether the version number probe_ip_protocol 4probe_ssl_earliest_cert_expiry 1.59732e+09# of the ip protocol used by probe_http_version 1. Protocol detects successfully the version number probe_tls_version_info {version= "TLS 1. 2"} 1 of probe_success 1#TLS

Integrated with prometheus, using prometheus's Relabelinng capabilities (service discovery)

-job_name: 'blackbox-http' metrics_path: / probe params: modelue: [http_2xx] static_configs:-targets:-http://www.zhangshoufu.com-http://www.xuliangwei.com relabel_configs:-source_labels: [_ address__] target_label: _ _ param_target-source_labels: [_ _ param_ Target] target_label: instance-target_label: _ _ address__ replacement: 192.168.111.65 instance 9115 # blackbox-exporter machine and port

Here, a collection task is defined for each probe service (such as http_2xx), and the collection target of the task is directly defined as the site we need to detect. Before collecting the sample data, the collection task is dynamically set by relabel_configs.

1. Write the _ _ param_target tag to the _ _ param_target tag according to the address of the Target instance. The tag in the form of _ _ param_ indicates that parameters are added to the request destination address when collecting the task, which is equivalent to the setting of params.

2. Get the value of _ _ param_target and overwrite it in the instance tag

3. Override the _ _ address__ tag of the Target instance to the access address of the BlockBox Exporter instance.

Custom HTTP request

HTTP services are usually exposed in different forms, some may be simple web pages, while others may be REST-based API services. The detection of different types of HTTP requires the administrator to make more custom settings on the behavior of the HTTP probe, including: HTTP request method, HTTP header information, request parameters and so on. For some services with security authentication enabled, you also need to be able to set up appropriate Auth support for HTTP probes. For services of type HTTPS, you also need to be able to customize the certificate.

As shown below, the request method used for detection is defined through method. For some services that require request parameters, you can also define the relevant request header information through headers, and use body to define the request content:

Http_post_2xx: prober: http timeout: 5s http: method: POST headers: Content-Type: application/json body:'{}'

If security authentication is enabled for HTTP service, Blockbox Exporter has built-in support for basic_auth, so you can directly set the relevant authentication information:

Http_basic_auth_example: prober: http timeout: 5s http: method: POST headers: Host: "login.example.com" basic_auth: username: "username" password: "mysecret"

For services that use Bear Token, you can also specify a token string directly through the bearer_token configuration item, or a token file through bearer_token_file.

For services that have HTTPS enabled but require custom certificates, you can specify the relevant certificate information through tls_config:

Http_custom_ca_example: prober: http http: method: GET tls_config: ca_file: "/ certs/my_cert.crt"

Custom probe behavior

By default, the HTTP probe will only check the HTTP return status code. If the status code is 2XX (200400 and probe_success {job= "blackbox-http"} = = 0 # for: 1m labels: docker: number annotations: summary: 'business alarm: website inaccessible' description: {{$labels.instance}} inaccessible, please check in time, the current status code is {{$value}}'

Reference:

Blackbox-configs-- > https://github.com/prometheus/blackbox_exporter/blob/master/CONFIGURATION.mdprometheus-configs-- > https://prometheus.io/docs/prometheus/latest/configuration/configuration/https://yunlzheng.gitbook.io/prometheus-book/part-ii-prometheus-jin-jie/exporter/commonly-eporter-usage/install_blackbox_exporterhttps://www.li-rui.top/2018/11/23/monitor/blackbox_exporter%E4%BD%BF%E7%94%A8/

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.