postgres ssl cert monitoring
130 views
Skip to first unread message
ihor.pi...@gmail.com
Jun 3, 2021, 2:13:11 AM6/3/21
to Prometheus Users
Hi,
Is there any way to get metrics out of postgres ssl certs? AFAIK black box exporter can not do it because of the way postgres doing starttls.
/Ihor
Reto Kupferschmid
Jun 3, 2021, 5:57:55 PM6/3/21
to Prometheus Users
Hi
Probably not with the blackbox_exporter. Although you can upgrade TCP connections to TLS using starttls=true in the query_response, as far as I can see this is only intended to be used for line-based protocols since the blackbox_exporter will always append a newline to the data (there is a similar issue here: https://github.com/prometheus/blackbox_exporter/issues/295). So you could create a blackbox_exporter module using something like
postgres:
prober: tcp
tcp:
query_response:
- send: !!binary AAAACATSFi8=
- starttls: true
to send a startup packet (which basically sends 0x00 0x00 0x00 0x08 0x04 0xd2 0x16 0x2f to postgres). But since the blackbox_exporter always appends a newline, postgres will receive 0x00 0x00 0x00 0x08 0x04 0xd2 0x16 0x2f 0x0a and throw an error.
Cheers,
Reto
Probably not with the blackbox_exporter. Although you can upgrade TCP connections to TLS using starttls=true in the query_response, as far as I can see this is only intended to be used for line-based protocols since the blackbox_exporter will always append a newline to the data (there is a similar issue here: https://github.com/prometheus/blackbox_exporter/issues/295). So you could create a blackbox_exporter module using something like
postgres:
prober: tcp
tcp:
query_response:
- send: !!binary AAAACATSFi8=
- starttls: true
to send a startup packet (which basically sends 0x00 0x00 0x00 0x08 0x04 0xd2 0x16 0x2f to postgres). But since the blackbox_exporter always appends a newline, postgres will receive 0x00 0x00 0x00 0x08 0x04 0xd2 0x16 0x2f 0x0a and throw an error.
Cheers,
Reto
Reply all
Reply to author
Forward
0 new messages