add prometheus monitoring for some ssl certificates

2 files changed, 23 insertions, 0 deletions

diff --git a/inventory/host_vars/ch-apps/vars.yml b/inventory/host_vars/ch-apps/vars.yml
index 2dc0877b..36ca183d 100644
--- a/inventory/host_vars/ch-apps/vars.yml
+++ b/inventory/host_vars/ch-apps/vars.yml
@@ -61,6 +61,7 @@ ssh_keys_root_extra:
 
 prometheus_exporters_extra:
   - standalone-kubelet
+  - ssl
 
 prometheus_job_multitarget_blackbox__probe:
   ch-mon:
@@ -68,6 +69,18 @@ prometheus_job_multitarget_blackbox__probe:
     target: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}:{{ ansible_port | default(22) }}"
     module: ssh_banner
 
+prometheus_job_multitarget_ssl__probe:
+  ch-apps:
+  - instance: "sslcert-standalone-kubelet-{{ inventory_hostname }}"
+    target: "/etc/ssl/standalone-kubelet/*.pem"
+    module: file
+  - instance: "sslcert-node-red-{{ inventory_hostname }}"
+    target: "/etc/ssl/node-red-*/*.pem"
+    module: file
+  - instance: "sslcert-whawty-auth-{{ inventory_hostname }}"
+    target: "/etc/ssl/whawty-auth-*/*.pem"
+    module: file
+
 
 zfs_arc_size:
   min: 512MB
diff --git a/inventory/host_vars/ch-http-proxy.yml b/inventory/host_vars/ch-http-proxy.yml
index 5be067ec..53c3cfce 100644
--- a/inventory/host_vars/ch-http-proxy.yml
+++ b/inventory/host_vars/ch-http-proxy.yml
@@ -43,6 +43,10 @@ spreadspace_apt_repo_components:
   - main
   - prometheus
 
+
+prometheus_exporters_extra:
+  - ssl
+
 prometheus_job_multitarget_blackbox__probe:
   ch-mon:
   - instance: "ssh-{{ inventory_hostname }}"
@@ -53,6 +57,12 @@ prometheus_job_multitarget_blackbox__probe:
     module: "http_tls_2xx"
     hostname: "login.chaos-at-home.org"
 
+prometheus_job_multitarget_ssl__probe:
+  ch-http-proxy:
+  - instance: "sslcert-apps-publish-{{ inventory_hostname }}"
+    target: "/etc/ssl/apps-publish-*/*.pem"
+    module: file
+
 
 whawty_auth_store_instances:
   chaos-at-home: