4

docker 和 prometheus 的新手,所以请指出我的配置中的任何明显错误...我使用 blackbox_exporter 和 prometheus 作为 docker 容器,并希望能够对一些内部主机运行 ICMP 检查,但我level=error msg="Error listening to socket" err="listen ip4:icmp 0.0.0.0: socket: operation not permitted"在我的调试日志。 

Logs for the probe:
ts=2019-12-03T01:06:30.123951892Z caller=main.go:304 module=icmp_ipv4 target=xxx-xxx.xxx.xxx.xxx level=info msg="Beginning probe" probe=icmp timeout_seconds=119.5
ts=2019-12-03T01:06:30.124146658Z caller=icmp.go:82 module=icmp_ipv4 target=target=xxx-xxx.xxx.xxx.xxx level=info msg="Resolving target address" ip_protocol=ip4
ts=2019-12-03T01:06:30.126789265Z caller=icmp.go:82 module=icmp_ipv4 target=target=xxx-xxx.xxx.xxx.xxx level=info msg="Resolved target address" ip=xx.xx.xx.xx
ts=2019-12-03T01:06:30.126843711Z caller=main.go:119 module=icmp_ipv4 target=target=xxx-xxx.xxx.xxx.xxx level=info msg="Creating socket"
ts=2019-12-03T01:06:30.126891056Z caller=main.go:119 module=icmp_ipv4 target=target=xxx-xxx.xxx.xxx.xxx level=error msg="Error listening to socket" err="listen ip4:icmp 0.0.0.0: socket: operation not permitted"
ts=2019-12-03T01:06:30.126911365Z caller=main.go:304 module=icmp_ipv4 target=target=xxx-xxx.xxx.xxx.xxx level=error msg="Probe failed" duration_seconds=0.002888775



Metrics that would have been returned:
# HELP probe_dns_lookup_time_seconds Returns the time taken for probe dns lookup in seconds
# TYPE probe_dns_lookup_time_seconds gauge
probe_dns_lookup_time_seconds 0.002667264
# HELP probe_duration_seconds Returns how long the probe took to complete in seconds
# TYPE probe_duration_seconds gauge
probe_duration_seconds 0.002888775
# HELP probe_icmp_duration_seconds Duration of icmp request by phase
# TYPE probe_icmp_duration_seconds gauge
probe_icmp_duration_seconds{phase="resolve"} 0.002667264
probe_icmp_duration_seconds{phase="rtt"} 0
probe_icmp_duration_seconds{phase="setup"} 0
# HELP probe_ip_protocol Specifies whether probe ip protocol is IP4 or IP6
# TYPE probe_ip_protocol gauge
probe_ip_protocol 4
# HELP probe_success Displays whether or not the probe was a success
# TYPE probe_success gauge
probe_success 0



Module configuration:
prober: icmp
http:
    ip_protocol_fallback: true
tcp:
    ip_protocol_fallback: true
icmp:
    preferred_ip_protocol: ip4
    ip_protocol_fallback: true
dns:
    ip_protocol_fallback: true

HTTP 和 HTTPS 似乎工作得很好。主机已启动并可按名称 ping 通。我尝试以特权身份运行 blackbox_exporter 容器并设置上限。将 blackbox.yml 中的源 IP 设置为172.xx.xx.xx地址也无济于事

docker run -d --rm --name=blackbox --privileged --user 65534 -p 9115:9115 -v /opt/blackbox_exporter/conf:/etc/blackbox_exporter prom/blackbox-exporter:latest --config.file=/etc/blackbox_exporter/blackbox.yml

docker run -d --rm --name=blackbox --cap-add CAP_NET_RAW --user 65534 -p 9115:9115 -v /opt/blackbox_exporter/conf:/etc/blackbox_exporter prom/blackbox-exporter:latest --config.file=/etc/blackbox_exporter/blackbox.yml

普罗米修斯.yml

# my global config
global:
  scrape_interval:     15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
  evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.
  # scrape_timeout is set to the global default (10s).

# Alertmanager configuration
alerting:
  alertmanagers:
  - static_configs:
    - targets:
      # - alertmanager:9093

# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
rule_files:
  # - "first_rules.yml"
  # - "second_rules.yml"

# A scrape configuration containing exactly one endpoint to scrape:
# Here it's Prometheus itself.
scrape_configs:
  # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
  - job_name: 'prometheus'

    # metrics_path defaults to '/metrics'
    # scheme defaults to 'http'.

    static_configs:
    - targets: ['localhost:9090']

  - job_name: 'blackbox'
    metrics_path: /probe
    file_sd_configs:
      - files:
         - '/etc/prometheus/blackbox/targets/*.yml'
    relabel_configs:
      - source_labels: [__address__]
        target_label: __param_target
      - source_labels: [module]
        target_label: __param_module
      - source_labels: [__param_target]
        target_label: instance
      - target_label: __address__
        replacement: 172.XX.X.XX:9115 #Actual IP of my host

icmp_ipv4.yml

- labels:
    module: icmp_ipv4
  targets:
  - xxx.xxx.xxx.xxx
  - xxx.xxx.xxx.xxx
  - xxx.xxx.xxx.xxx

黑盒.yml

modules:
  https_2xx:
    prober: http
    timeout: 5s
    http:
      valid_status_codes: []
      method: GET
      no_follow_redirects: true
      fail_if_ssl: false
      fail_if_not_ssl: true
      preferred_ip_protocol: "ip4"
      tls_config:
        insecure_skip_verify: true
  http_2xx:
    prober: http
    timeout: 5s
    http:
      valid_status_codes: []
      method: GET
      no_follow_redirects: true
      fail_if_ssl: true
      fail_if_not_ssl: false
      preferred_ip_protocol: "ip4"
  http_post_2xx:
    prober: http
    http:
      method: POST
  tcp_connect:
    prober: tcp
  pop3s_banner:
    prober: tcp
    tcp:
      query_response:
      - expect: "^+OK"
      tls: true
      tls_config:
        insecure_skip_verify: false
  ssh_banner:
    prober: tcp
    tcp:
      query_response:
      - expect: "^SSH-2.0-"
  icmp_ipv4:
    prober: icmp
    icmp:
      preferred_ip_protocol: "ip4"
4

0 回答 0