测试人社区

node-exporter :cannot validate certificate for <ipaddress> because it doesn't contain any IP SANs

问题:
访问prometheus 的 node_exporter 提示 cannot validate certificate for because it doesn’t contain any IP SANs
截图如下:

环境:
centos7
node_exporter 版本:1.0.1

配置文件prometheus.yml :

[root@localhost prometheus-tls]# cat prometheus.yml 
global:
  scrape_interval:     15s
  evaluation_interval: 15s
scrape_configs:
  - job_name: 'prometheus'
    static_configs:
    - targets: ['192.168.160.168:9090']
  - job_name: 'node_exporter'
    scheme: https
    tls_config:
      ca_file: node_exporter.crt
    static_configs:
    - targets: ['192.168.160.168:9100']

解决方案:
在配置文件中prometheus.yml 添加server_name 参数;
文件如下:

global:
  scrape_interval:     15s
  evaluation_interval: 15s
scrape_configs:
  - job_name: 'prometheus'
    static_configs:
    - targets: ['192.168.160.128:9090']
  - job_name: 'node_exporter'
    scheme: https
    tls_config:
      ca_file: node_exporter.crt
      server_name: 'localhost'
    static_configs:
    - targets: ['192.168.160.128:9100']

备注:我的 server_name 的值 与生成证书中的CN参数的值是保持一致的;
我的生成证书的命令:

openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout node_exporter.key -out node_exporter.crt -subj "/C=CN/ST=Beijing/L=Beijing/O=Moelove.info/CN=localhost"

其他解决方案:

1 Like