commit
d1a1504778
5 changed files with 148 additions and 0 deletions
@ -0,0 +1,32 @@ |
|||
kind: pipeline |
|||
name: default |
|||
|
|||
steps: |
|||
- name: build |
|||
pull: if-not-exists |
|||
image: docker.registry.bksp.space/common-runner |
|||
commands: |
|||
- echo "$${SSH_KEY}" > /tmp/key |
|||
- chmod 600 /tmp/key |
|||
- mkdir -p rules |
|||
- cd rules && for f in *; do cp "$f" "${DRONE_REPO_OWNER}-${DRONE_REPO_NAME}-$f"; done && cd - |
|||
- promtool check rules rules/* |
|||
- mkdir -p discovery |
|||
- [ -f discovery.conf.d/dns.yaml ] && generate-dns-sd.py discovery.conf.d/dns.yaml > discovery/dns-${DRONE_REPO_OWNER}-${DRONE_REPO_NAME}.yaml |
|||
- scp -P ${{REMOTE_PORT}} -i /tmp/key rules discovery $${REMOTE_USER}@$${REMOTE_HOST}:/var/lib/prometheus |
|||
- ssh -p ${{REMOTE_PORT}} -i /tmp/key $${REMOTE_USER}@$${REMOTE_HOST} killall -s SIGHUP prometheus |
|||
environment: |
|||
SSH_KEY: |
|||
from_secret: ssh_key |
|||
SECRET_KEY: |
|||
from_secret: secret_key |
|||
REMOTE_HOST: |
|||
from_secret: remote_host |
|||
REMOTE_PORT: |
|||
from_secret: remote_port |
|||
REMOTE_USER: |
|||
from_secret: remote_user |
|||
|
|||
|
|||
image_pull_secrets: |
|||
- dockerconfig |
|||
@ -0,0 +1,26 @@ |
|||
- zones: |
|||
- bksp.space |
|||
- evinamuller.fr |
|||
- expressifs.com |
|||
ns: |
|||
- ns1.bksp.space |
|||
- ns2.bksp.space |
|||
host: bksp.space |
|||
|
|||
- zones: |
|||
- fede.re |
|||
- ppsfleet.navy |
|||
ns: |
|||
- ns1.ppsfleet.navy |
|||
- ns2.ppsfleet.navy |
|||
- ns3.ppsfleet.navy |
|||
host: ppsfleet.navy |
|||
|
|||
- zones: |
|||
- fede.re |
|||
- ppsfleet.navy |
|||
ns: |
|||
- ns1.ppsfleet.navy |
|||
- ns2.ppsfleet.navy |
|||
- ns3.ppsfleet.navy |
|||
host: ppsfleet.navy |
|||
@ -0,0 +1,20 @@ |
|||
groups: |
|||
- name: dns |
|||
rules: |
|||
- alert: NsMismatch |
|||
expr: |
|||
count by (Name, Target, host, job) (dns_lg_answer_section_rr_info{Type="NS"}) != on (Name) group_left count by (Name) (group by (instance, Name) (dns_lg_answer_section_rr_info{Type="NS"})) |
|||
labels: |
|||
severity: critical |
|||
annotations: |
|||
summary: NS not found in all name severs |
|||
description: The NS {{ $labels.Target }} has not been found on all name servers of zone {{ $labels.Name }} |
|||
|
|||
- alert: SerialMismatch |
|||
expr: |
|||
count by (Name, host, job) (group by(Name, Serial) (dns_lg_answer_section_rr_info{Type="SOA"})) > 1 |
|||
labels: |
|||
severity: critical |
|||
annotations: |
|||
summary: Serial out of sync |
|||
description: Name servers for zone {{ $labels.Name }} are serving {{ $value }} different values of the serial |
|||
@ -0,0 +1,22 @@ |
|||
groups: |
|||
- name: website |
|||
rules: |
|||
- alert: WebsiteStatus |
|||
expr: |
|||
probe_http_status_code >= 500 |
|||
for: 5m |
|||
labels: |
|||
severity: critical |
|||
annotations: |
|||
summary: Website experienced a lot of 5xx |
|||
description: "{{ $labels.instance }} has been serving {{ $value }} errors for the past 5m" |
|||
|
|||
- alert: WebsiteConnectivity |
|||
expr: |
|||
probe_http_status_code == 0 |
|||
for: 5m |
|||
labels: |
|||
severity: critical |
|||
annotations: |
|||
summary: Website connectivity problem |
|||
description: The probe has been unable to connect to {{ $labels.instance }} for the past 5m. |
|||
@ -0,0 +1,48 @@ |
|||
groups: |
|||
- name: backups |
|||
rules: |
|||
- alert: BackupFailed |
|||
expr: max by (host) (borg_backup_time_seconds) == max by (host) (borg_backup_time_seconds{action="error"}) |
|||
labels: |
|||
severity: warning |
|||
annotations: |
|||
summary: The backup has failed |
|||
description: The last backup of host {{ $labels.host }} has failed. |
|||
|
|||
- alert: BackupNotDone |
|||
expr: (time() - max by (host) (borg_backup_time_seconds{action!="error"})) / 3600 > 24 |
|||
for: 4h |
|||
labels: |
|||
severity: warning |
|||
annotations: |
|||
summary: No backup has been done in the last 24h |
|||
description: The last recorded backup for host {{ $labels.host }} has been done {{ $value }} hours ago. |
|||
|
|||
- name: hosts |
|||
rules: |
|||
- alert: HostAvailability |
|||
expr: label_replace(up{job="node"}, "host", "$1", "instance", "(.+):.+") < 1 |
|||
for: 5m |
|||
labels: |
|||
severity: critical |
|||
annotations: |
|||
summary: Host availability |
|||
description: The node exporter for host {{ $labels.host }} has been down for 5m. |
|||
|
|||
- alert: HostHighMemory |
|||
expr: (1 - (node_memory_MemAvailable_bytes / node_memory_MemTotal_bytes)) * 100 > 80 |
|||
for: 5m |
|||
labels: |
|||
severity: critical |
|||
annotations: |
|||
summary: High memory usage |
|||
description: The memory usage of the host {{ $labels.host }} is above 80% for the last 5m, current value {{ $value }}%. |
|||
|
|||
- alert: SystemdServiceFailed |
|||
expr: node_systemd_unit_state{state="failed"} == 1 |
|||
for: 5m |
|||
labels: |
|||
severity: critical |
|||
annotations: |
|||
summary: Systemd service is in failed state |
|||
description: The service {{ $labels.name }} has been in failed state for more than 5min. |
|||
Loading…
Reference in new issue