Re: [prometheus-users] How to check exporter down time in 1 week

2020-07-06 Thread Jack Chew 
I try rate(up{idc="azure"}[5m] offset 1w) and then all value is 0. I need 
check the node within 1 week down time(up==0).

在 2020年7月6日星期一 UTC+8下午3:23:56,sayf eddine Hammemi写道:
>
> Hello, you can use offset to go back in time given you have enabled data 
> retention for at least one week
> Exp: rate(http_requests_total[5m] offset 1w) (change it accordingly to 
> your metrics)
>
> On Mon, Jul 6, 2020 at 9:18 AM Jack Chew > 
> wrote:
>
>> Hey guys,
>>
>>
>>How i check up == 0 in 1week accourd  by instacne.
>>
>>
>> Thanks
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Prometheus Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to promethe...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/prometheus-users/6127ffce-02ad-48ed-b70e-b5d27daf1647o%40googlegroups.com
>>  
>> <https://groups.google.com/d/msgid/prometheus-users/6127ffce-02ad-48ed-b70e-b5d27daf1647o%40googlegroups.com?utm_medium=email_source=footer>
>> .
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Prometheus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to prometheus-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/prometheus-users/42464747-6a2d-47bb-a174-3b81840c7278o%40googlegroups.com.

[prometheus-users] How to check exporter down time in 1 week

2020-07-06 Thread Jack Chew 
Hey guys,


   How i check up == 0 in 1week accourd  by instacne.


Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"Prometheus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to prometheus-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/prometheus-users/6127ffce-02ad-48ed-b70e-b5d27daf1647o%40googlegroups.com.

Re: [prometheus-users] Get https://ip/metrics: x509: cannot validate certificate for ip because it doesn't contain any IP SANs

2020-03-25 Thread Jack Chew 
Thank Cameron Kerr,

I follow 
https://groups.google.com/d/msg/prometheus-users/7SzbGIWpiD4/kwVEG8blBAAJ 
have been solve the issue.

在 2020年3月25日星期三 UTC+8上午9:42:06,Cameron Kerr写道:
>
> From the error message, it would appear that you are communicating via the 
> IP and not the DNS name. You should communicate using the DNS name. If you 
> really want to communicate by IP (why? if DNS stability is a concern, use 
> /etc/hosts or similar), then you would need to have an IP type of entry in 
> the name (probably in addition to the DNS name).
>
> Having IPs in the certificate is not recommended (even deprecated, I 
> think) in CA certificates, and I wouldn't trust browsers to honour them. 
> Cf: https://www.geocerts.com/support/ip-address-in-ssl-certificate, which 
> discusses some of the pitfalls, although you may well decide that is not 
> valid for your deployment.
>
> This is like creating a self-signed certificate with a Subject Alternate 
> Name (aka, a SAN cert). This will allow you to put other names / aliases 
> into the certificate.
>
> However, the best thing would be to communicate using the hostname; or 
> turn of validation if you are comfortable with that, and can be bothered 
> supporting that (in case other things want to communicate with Prometheus, 
> such as Grafana or any ad-hoc reporting)
>
> When creating a self-signed certificate, you can include a 
> Subject-Alternate-Name (SAN). It appears to be more of requirement these 
> days according to the CA Browser forum, or so I'm led to believe by the 
> people who provide us with certificates.
>
> Here's some bash commands you can use (from my own notes)
>
> Tested for RHEL5, RHEL6, and RHEL7 (creating a self-signed certificate 
> with a SAN)
>
> First copy and edit the BASE, CN and SANs, and paste those into a 
> terminal, then paste the command.
>
> BASE=test
> CN="/CN=test.example.com"
> SANs="DNS:test.example.com,IP:192.168.12.23"
>
> openssl req -x509 -nodes -newkey rsa:2048 -days 3650 -sha256 \
>   -keyout /etc/pki/tls/private/$BASE-selfsigned.key \
>   -out/etc/pki/tls/certs/$BASE-selfsigned.cert \
>   -reqexts SAN -extensions SAN \
>   -subj "$CN" \
>   -config <(
> cat /etc/pki/tls/openssl.cnf
> printf "[SAN]\nsubjectAltName=$SANs"
>
> I hope you find that useful.
>
> Cheers,
> Cameron
>
> On Thursday, 19 March 2020 03:45:41 UTC+13, Jakub Jakubik wrote:
>>
>> do you have the target configured with the ip address or the domain? is 
>> the domain in the cert? with curl do you use the ip or hostname?
>>
>> On Wed, Mar 18, 2020 at 12:35 PM Jack Chew  wrote:
>>
>>> Hi team,
>>>
>>>
>>> I config prometheus configere file TLS path will arise  Get 
>>> https://ip:9100/metrics: x509: cannot validate certificate for ip 
>>> because it doesn't contain any IP SANs, But i try use curl is work. 
>>>
>>> -- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "Prometheus Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to promethe...@googlegroups.com.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/prometheus-users/577749e3-a177-46d2-b05f-a2c8b3697dbc%40googlegroups.com
>>>  
>>> <https://groups.google.com/d/msgid/prometheus-users/577749e3-a177-46d2-b05f-a2c8b3697dbc%40googlegroups.com?utm_medium=email_source=footer>
>>> .
>>>
>>
>>
>> -- 
>> Kuba Jakubik
>>
>> SRE Tech Lead
>>
>> Netguru - Building software for world changers
>> jakub@netguru.com
>> netguru.com
>> [image: facebook] <https://www.facebook.com/netguru> [image: twitter] 
>> <https://twitter.com/netguru> [image: linkedin] 
>> <https://www.linkedin.com/company/netguru/> 
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Prometheus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to prometheus-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/prometheus-users/d667df07-f3b4-45fd-b7ea-a48a45b9f696%40googlegroups.com.

[prometheus-users] Re: Node exporter use tls will arise msg="collector failed"

2020-03-23 Thread Jack Chew 

Ok Thank Brian Candler
在 2020年3月23日星期一 UTC+8下午8:33:10,Brian Candler写道:
>
> The ovh one has a newer kernel but is still giving the schedstat error; 
> you'll need to build it yourself from git so that you have the patch from 
> https://github.com/prometheus/node_exporter/pull/1641
>
> Or wait for 1.0.0 final or the next rc.
>
> So, I want open case in node_exporter github?
>>
>>
> Yes, specifically for the softnet_stat problem.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Prometheus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to prometheus-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/prometheus-users/445458ce-28f1-4aed-8bf9-e0410a65dc41%40googlegroups.com.

[prometheus-users] Re: Node exporter use tls will arise msg="collector failed"

2020-03-22 Thread Jack Chew 
Hi Brian Candler,

Thanks you manual, i try is TLS is work, but problem still, My node_exporter 
is 1.0.0 rc1. Now node_exporter arise issue islevel=error 
ts=2020-03-23T05:27:56.168Z caller=collector.go:161 msg="collector failed" 
name=softnet duration_seconds=3.915e-05 err="could not get softnet 
statistics: failed to parse /proc/net/softnet_stat: 10 columns were 
detected, but 11 were expected"

在 2020年3月20日星期五 UTC+8上午1:22:06,Brian Candler写道:
>
> On Thursday, 19 March 2020 11:04:56 UTC, Jack Chew wrote:
>>
>> When i use node_exporter web-config.yml for TLS setting will arsie the 
>> screenshot error. I try to different node_exporter server also same 
>> promble, but i cancel web-config is no promblem.
>>
>
> node_exporter 1.0.0 rc1?  TLS with client cert authentication works for me.
>
> But if you're doing full TLS with client certs, you need authentication in 
> both directions:
>
> - The server (node_exporter) needs a certificate signed by a CA
> - The name in the certificate (CN or SAN) needs to match either the 
> hostname that prometheus is connecting to, or the "server_name" setting in 
> tls_config 
> <https://prometheus.io/docs/prometheus/latest/configuration/configuration/#tls_config>
>  if 
> that is specified
> - The client (prometheus) needs a certificate signed by a CA [not 
> necessarily the same one]
> - The server (node_exporter) doesn't care about the identity in the 
> certificate, but it does need the CA cert of the certificate which signed 
> prometheus' cert.
>
> Here's how I make this work with two keys and certs: one for prometheus, 
> and one shared by all the node_exporters.
>
> I am going to assume you do the following on the prometheus server, and 
> node_exporter is also running on this node (reachable as 127.0.0.1:9100), 
> and show how to build it up in stages.
>
> 1. create a key and certificate for node_exporter to use:
>
> mkdir /etc/prometheus/ssl
> cd /etc/prometheus/ssl
> openssl req -x509 -newkey rsa:1024 -keyout prom_node_key.pem -out 
> prom_node_cert.pem -days 29220 -nodes -subj /commonName=prom_node/
>
> Type `ls` and you should see two files: `prom_node_cert.pem` and 
> `prom_node_key.pem`.  This is how the node_exporter identifies itself to 
> prometheus.
>
> 2. create a file `/etc/prometheus/node_tls.yml` with the following 
> contents:
>
> tlsConfig:
>   tlsCertPath: /etc/prometheus/ssl/prom_node_cert.pem
>   tlsKeyPath: /etc/prometheus/ssl/prom_node_key.pem
>
> 3. Change your node_exporter config to add
>
> --web.config=/etc/prometheus/node_tls.yml
>
> to the command-line options it runs with (e.g. edit your systemd unit 
> file, or /etc/default/node_exporter, or whatever).  Restart it and check 
> for errors.
>
> 4. Now we can do a test scrape using curl and https:
>
> curl --cacert /etc/prometheus/ssl/prom_node_cert.pem --resolve 
> prom_node:9100:127.0.0.1 -v https://prom_node:9100/metrics
>
> The scrape should be successful.  We've done it over https.  We've used 
> the fake hostname "prom_node" to match the certificate, and told curl to 
> use address 127.0.0.1 for this hostname, and to verify the certificate in 
> prom_node_cert.pem.
>
> If it doesn't work at this point, fix the problem before proceeding.
>
> However, still anyone is authorized to scrape.  So now we need to make a 
> new key and cert for the prometheus server to use when scraping, and 
> configure node_exporter so that it only accepts scrapes from someone with 
> this key.
>
> 5. Create the new key and cert for prometheus:
>
> cd /etc/prometheus/ssl
> openssl req -x509 -newkey rsa:1024 -keyout prometheus_key.pem -out 
> prometheus_cert.pem -days 29220 -nodes -subj /commonName=prometheus/
>
> 6. Edit `/etc/prometheus/node_tls.yml` so it looks like this:
>
> tlsConfig:
>   tlsCertPath: /etc/prometheus/ssl/prom_node_cert.pem
>   tlsKeyPath: /etc/prometheus/ssl/prom_node_key.pem
>
>   clientAuth: RequireAndVerifyClientCert
>   clientCAs: /etc/prometheus/ssl/prometheus_cert.pem
>
> Restart node_exporter.
>
> 7. Now re-run the *exact* same curl command as you did before:
>
> curl --cacert /etc/prometheus/ssl/prom_node_cert.pem --resolve 
> prom_node:9100:127.0.0.1 -v https://prom_node:9100/metrics
>
> This time you should see an error:
>
> curl: (35) gnutls_handshake() failed: Certificate is bad
>
> This is because the client isn't presenting a certificate to the server to 
> identify itself.
>
> We now need to give a longer curl line (split for clarity):
>
> curl --cert /etc/prometheus/ssl/prometheus_cert.pem \
>  --key /etc/prometheus/ssl/prometheus_key.pem \
>  --cacert /etc/prometheus/ssl/pr

Re: [prometheus-users] Node exporter use tls will arise msg="collector failed"

2020-03-22 Thread Jack Chew 
Hi Ben Kochie,

My kernel is 3.10.0-693.el7.x86_64. 

在 2020年3月19日星期四 UTC+8下午9:25:19,Ben Kochie写道:
>
> The schestat error is very strange, that file has existed in the kernel 
> since 2.6.20, which is from 2007. What Linux kernel version are you using?
>
> On Thu, Mar 19, 2020 at 12:05 PM Jack Chew  > wrote:
>
>> Hi team,
>>
>> When i use node_exporter web-config.yml for TLS setting will arsie the 
>> screenshot error. I try to different node_exporter server also same 
>> promble, but i cancel web-config is no promblem.
>>
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Prometheus Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to promethe...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/prometheus-users/c9942705-3267-4fde-b5de-536c8018abfd%40googlegroups.com
>>  
>> <https://groups.google.com/d/msgid/prometheus-users/c9942705-3267-4fde-b5de-536c8018abfd%40googlegroups.com?utm_medium=email_source=footer>
>> .
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Prometheus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to prometheus-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/prometheus-users/cd6d44a2-2801-4979-94c4-1b922bfafbc2%40googlegroups.com.

[prometheus-users] Get https://ip/metrics: x509: cannot validate certificate for ip because it doesn't contain any IP SANs

2020-03-18 Thread Jack Chew 
Hi team,


I config prometheus configere file TLS path will arise  Get 
https://ip:9100/metrics: x509: cannot validate certificate for ip because 
it doesn't contain any IP SANs, But i try use curl is work. 

-- 
You received this message because you are subscribed to the Google Groups 
"Prometheus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to prometheus-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/prometheus-users/577749e3-a177-46d2-b05f-a2c8b3697dbc%40googlegroups.com.

[prometheus-users] prometheus promsql will not auto clean more than 5 day data

2020-03-14 Thread Jack Chew 
Hi team.

I have configer prometheus --storage.tsdb.retention.time=5d  storage is 
5day, But data will keep more that 5 day. How about do ?










[image: QQ截图20200315054800.png] 

-- 
You received this message because you are subscribed to the Google Groups 
"Prometheus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to prometheus-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/prometheus-users/cc8dc5ee-533d-4f3b-8e35-6af91c33a8e9%40googlegroups.com.

[prometheus-users] version 0.18.1 node_exporter add https package

2020-02-16 Thread Jack Chew 
Hey guys,


I seen node_exporter can use https package,but Prometheus team will release 
from node_exporter vesion 1.0 or 0.19. So, how i manaul and the https 
package to my node_exporter. Before i have reseach many git hub solution 
for the issue,but nothing.

Thank
Jack

-- 
You received this message because you are subscribed to the Google Groups 
"Prometheus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to prometheus-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/prometheus-users/46997a40-b576-4f8b-9dcb-f59bb9994bb2%40googlegroups.com.