Add hostname parameter support to tcp prober

[topical]

Host operating system: output of uname -a

FreeBSD prom.xxx 13.1-RELEASE-p3 FreeBSD 13.1-RELEASE-p3 GENERIC amd64

blackbox_exporter version: output of blackbox_exporter --version

blackbox_exporter, version (branch: , revision: )
build user:
build date:
go version: go1.19.2
platform: freebsd/amd64

Installed as FreeBSD port:

blackbox_exporter-0.22.0_3
Name : blackbox_exporter
Version : 0.22.0_3

What is the blackbox.yml module config.

modules:
  ssl:
    prober: tcp
    timeout: 5s
    tcp:
      tls: true

What is the prometheus.yml scrape config.

- job_name: ldaps
  metrics_path: /probe
  params:
    module:
    - ssl
  relabel_configs:
  - source_labels:
    - __address__
    target_label: __param_target
  - source_labels:
    - __param_target
    target_label: instance
  - replacement: 127.0.0.1:9115
    target_label: __address__
  static_configs:
  - labels:
      node: dc1
    targets:
    - domain.example.org:636
  - labels:
      node: dc2
    targets:
    - domain.example.org:636

What logging output did you get from adding &debug=true to the probe URL?

# HELP probe_dns_lookup_time_seconds Returns the time taken for probe dns lookup in seconds
# TYPE probe_dns_lookup_time_seconds gauge
probe_dns_lookup_time_seconds 0.000542186
# HELP probe_duration_seconds Returns how long the probe took to complete in seconds
# TYPE probe_duration_seconds gauge
probe_duration_seconds 0.0070028
# HELP probe_failed_due_to_regex Indicates if probe failed due to regex
# TYPE probe_failed_due_to_regex gauge
probe_failed_due_to_regex 0
# HELP probe_ip_addr_hash Specifies the hash of IP address. It's useful to detect if the IP address changes.
# TYPE probe_ip_addr_hash gauge
probe_ip_addr_hash 2.550694076e+09
# HELP probe_ip_protocol Specifies whether probe ip protocol is IP4 or IP6
# TYPE probe_ip_protocol gauge
probe_ip_protocol 6
# HELP probe_ssl_earliest_cert_expiry Returns earliest SSL cert expiry date
# TYPE probe_ssl_earliest_cert_expiry gauge
probe_ssl_earliest_cert_expiry 1.693942767e+09
# HELP probe_ssl_last_chain_expiry_timestamp_seconds Returns last SSL chain expiry in unixtime
# TYPE probe_ssl_last_chain_expiry_timestamp_seconds gauge
probe_ssl_last_chain_expiry_timestamp_seconds 1.693942767e+09
# HELP probe_ssl_last_chain_info Contains SSL leaf certificate information
# TYPE probe_ssl_last_chain_info gauge
probe_ssl_last_chain_info{fingerprint_sha256="0d4f1e92596770d32e8233a2e9da5fd242f933cffa421b46ccd8ecefde933431"} 1
# HELP probe_success Displays whether or not the probe was a success
# TYPE probe_success gauge
probe_success 1
# HELP probe_tls_version_info Returns the TLS version used, or NaN when unknown
# TYPE probe_tls_version_info gauge
probe_tls_version_info{version="TLS 1.2"} 1

Problem to solve

Each domain controller has its own certificate for Kerberos and ldaps. I need to check each domain controller independently.

The problem is the DNS name: all domain controller have the same DNS name "domain.example.org". Each controller has its own certificate, but they all share the same name for easy AD failover.

Thus, both target hosts (dc1 and dc2) have the same probe URL:

http://prom.xxxx:9115/probe?module=ssl&target=domain.example.org%3A636&debug=true"

So, testing "domain.example.org" means testing an arbitrary domain controller. What I need is to specify the domain controller by IP address.

The http probe supports an additional parameter "hostname", so you can specify

• target: IP-Address:Port
• hostname: DNS name (SAN in certificate)

But the tcp probe doesn't support "hostname"!

Specifying only

• target: IP-Address:Port

always fails, as the certificate of the domain server has no IP address in its SAN. I tried to add IP to the DC certificate that, but the Windows CA does not provide an automatism for that.

Request

Please support "hostname" as a parameter of the tcp prober.

[electron0zero]

checkout #981, we have build artifacts from this PR that you can use and test #981 in your env.