prometheus: monitor HTTPS records for Geo domains

Check the HTTPS DNS records of the following Geo domains: - geo.mirror.pkgbuild.com - riscv.mirror.pkgbuild.com Ensure they return: "1 . alpn=h2,h3 ipv4hint=... ipv6hint=..." Ref #606

prometheus: monitor HTTPS records for Geo domains
84421e62 · Evangelos Foutras · f5475cae · 84421e62 · 84421e62
Verified Commit 84421e62 authored 5 months ago by Evangelos Foutras
--- a/roles/prometheus/defaults/main.yml
+++ b/roles/prometheus/defaults/main.yml
@@ -97,8 +97,10 @@ blackbox_targets:
    - lists.archlinux.org:25
  geo_dns_geo.mirror.pkgbuild.com_a: "{{ groups['geo_mirrors'] }}"
  geo_dns_geo.mirror.pkgbuild.com_aaaa: "{{ groups['geo_mirrors'] }}"
+  geo_dns_geo.mirror.pkgbuild.com_https: "{{ groups['geo_mirrors'] }}"
  geo_dns_riscv.mirror.pkgbuild.com_a: "{{ groups['geo_mirrors'] }}"
  geo_dns_riscv.mirror.pkgbuild.com_aaaa: "{{ groups['geo_mirrors'] }}"
+  geo_dns_riscv.mirror.pkgbuild.com_https: "{{ groups['geo_mirrors'] }}"
 matrix_metrics_endpoints:
  - homeserver
  - appservice

--- a/roles/prometheus_exporters/templates/blackbox.yml.j2
+++ b/roles/prometheus_exporters/templates/blackbox.yml.j2
@@ -47,4 +47,13 @@ modules:
      validate_answer_rrs:
        fail_if_not_matches_regexp:
          - {{ domain | replace('.', '\.') }}\.\t.*\tIN\tAAAA\t({{ hosts | map('extract', hostvars, ['ipv6_address']) | join('|') }})
+  geo_dns_{{ domain }}_https:
+    prober: dns
+    timeout: 5s
+    dns:
+      query_name: {{ domain }}
+      query_type: HTTPS
+      validate_answer_rrs:
+        fail_if_not_matches_regexp:
+          - {{ domain | replace('.', '\.') }}\.\t.*\tIN\tHTTPS\t1 \. alpn="h2,h3" ipv4hint="({{ hosts | map('extract', hostvars, ['ipv4_address']) | join('|') | replace('.', '\.') }})" ipv6hint="({{ hosts | map('extract', hostvars, ['ipv6_address']) | join('|') }})"
  {% endfor %}