prometheus alert rule for online key expiry

Question

prometheus alert rule for online key expiry

appliedprivacy opened this issue a year ago · 4 comments

https://gitlab.torproject.org/tpo/core/tor/-/issues/40546 is in tor since version 0.4.8.1-alpha:
https://lists.torproject.org/pipermail/tor-announce/2023-June/000271.html

o Minor feature (MetricsPort, relay):

Expose time until online keys expires on the MetricsPort. Closes
ticket 40546.

would be nice to have a default alert rule shipped to alert operators of expiring keys.

Answer 1 · 2023-08-23T20:10:10.000Z

Hi, could you test the alert rules in this commit 0fe324d and maybe increase the counter in the expr line to trigger an alert even if your certificates do not expire within 21 days. kind regards, nusenu

Answer 2 · 2023-08-23T21:28:38.000Z

Thanks for working on this.

It fails with the following error:

TASK [ansible-relayor : Ensure prometheus alert rules are in place] ************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ansible.errors.AnsibleError: An unhandled exception occurred while templating ..... Error was a <class 'ansible.errors.AnsibleError'>, original message: template error while templating string: unexpected char '$' at 2. String: {{$labels.id}}'s key certificate will expire in less than 21 days, on {{ .Value | humanizeTimestamp }}. unexpected char '$' at 2"}

it helps to add these around the descriptions

{% raw %}...{% endraw %}

but the {{ .Value | humanizeTimestamp }} displays:

36.7s

it the key expires in 36.7 days.

Answer 3 · 2023-08-24T18:39:59.000Z

Thank you for your feedback. I've pushed an update to the branch that should address these points: 4c3497f

Answer 4 · 2023-08-24T19:36:48.000Z

A final improved version is now merged into master. 26d6200