问题:
访问prometheus 的 node_exporter 提示 cannot validate certificate for because it doesn’t contain any IP SANs
截图如下:
环境:
centos7
node_exporter 版本:1.0.1
配置文件prometheus.yml :
[root@localhost prometheus-tls]# cat prometheus.yml
global:
scrape_interval: 15s
evaluation_interval: 15s
scrape_configs:
- job_name: 'prometheus'
static_configs:
- targets: ['192.168.160.168:9090']
- job_name: 'node_exporter'
scheme: https
tls_config:
ca_file: node_exporter.crt
static_configs:
- targets: ['192.168.160.168:9100']
解决方案:
在配置文件中prometheus.yml 添加server_name 参数;
文件如下:
global:
scrape_interval: 15s
evaluation_interval: 15s
scrape_configs:
- job_name: 'prometheus'
static_configs:
- targets: ['192.168.160.128:9090']
- job_name: 'node_exporter'
scheme: https
tls_config:
ca_file: node_exporter.crt
server_name: 'localhost'
static_configs:
- targets: ['192.168.160.128:9100']
备注:我的 server_name 的值 与生成证书中的CN参数的值是保持一致的;
我的生成证书的命令:
openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout node_exporter.key -out node_exporter.crt -subj "/C=CN/ST=Beijing/L=Beijing/O=Moelove.info/CN=localhost"
其他解决方案:
https://github.com/prometheus/prometheus/issues/1654
1 个赞
