How are folks monitoring / alerting TLS certificate expiry for MariaDB / MySQL ?
We typically do this via the blackbox_exporter as we have common alerts across all systems that leverage the TLS metrics this exposes, but MariaDB requires an initial plain text greeting from the server and a specific SSL Request response from the client before a TLS session is established: Connecting | Server | MariaDB Documentation .
Has anyone successfully coerced the blackbox_exporter TCP probe’s query_response logic to handle this?
Certificate dates are available via the GLOBAL STATUS query and the mysqld_exporter had some functionality added to include this information as metrics: Feature request: include collection of SSL expiration from SHOW GLOBAL STATUS output · Issue #457 · prometheus/mysqld_exporter · GitHub . We are using this exporter but the certificate date metrics don’t show up, similar to the last comment in that issue.
Other options include:
- SSL Exporter
- cert-exporter
- text_file exporter
How are folks solving this?