backend icon indicating copy to clipboard operation
backend copied to clipboard
verified publisher icon ooni

Upgrade pattern for handling blackbox exporter CA in older hosts

Open hellais opened this issue 2 years ago • 1 comments

Older hosts are using ooca_ca to generate the certificates used by the prometheus scraper to collect blackbox exported metrics.

Newer hosts are handling this "on the fly", like this: https://github.com/ooni/sysadmin/blob/master/ansible/roles/base-bullseye/tasks/main.yml#L219.

https://github.com/ooni/sysadmin/blob/master/ansible/roles/base-bullseye/tasks/main.yml#L229 <--- this deploys the updated cert to all hosts sending data to vector without running a full host bootstrap

We should update the old hosts to make use of this new pattern.

hellais avatar Oct 12 '23 08:10 hellais

This was leading to the following error when running the node exporter scrape: Screenshot 2023-10-16 at 17 33 22

As a hotfix we just put in the tls_config section the following:

    tls_config:
      # XXX this is a hotfix to https://github.com/ooni/backend/issues/747
      insecure_skip_verify: true

hellais avatar Oct 16 '23 15:10 hellais