mirror of
https://github.com/prometheus/node_exporter.git
synced 2024-12-26 06:04:20 -08:00
Add mitigation information to the linux vulnerabilities collector (#2806)
While the CPU vulnerabilities collector has been added in https://github.com/prometheus/node_exporter/pull/2721 , it's currently not including information regarding the mitigation strategy used for a given vulnerability. This information can be quite valuable, as often times different mitigation strategies come with a different performance impact. This commit adds a third label to the cpu_vulnerabilities_info metric, to include the "mitigation" used for a given vulnerability - if a given vulnerability is not affecting a node or the node is still vulnerable, the mitigation is expected to be empty. Signed-off-by: João Lima <jlima@cloudflare.com>
This commit is contained in:
parent
c2dcc798d5
commit
16f7122d31
|
@ -29,7 +29,7 @@ var (
|
|||
vulnerabilityDesc = prometheus.NewDesc(
|
||||
prometheus.BuildFQName(namespace, cpuVulerabilitiesCollector, "info"),
|
||||
"Details of each CPU vulnerability reported by sysfs. The value of the series is an int encoded state of the vulnerability. The same state is stored as a string in the label",
|
||||
[]string{"codename", "state"},
|
||||
[]string{"codename", "state", "mitigation"},
|
||||
nil,
|
||||
)
|
||||
)
|
||||
|
@ -62,6 +62,7 @@ func (v *cpuVulnerabilitiesCollector) Update(ch chan<- prometheus.Metric) error
|
|||
1.0,
|
||||
vulnerability.CodeName,
|
||||
sysfs.VulnerabilityHumanEncoding[vulnerability.State],
|
||||
vulnerability.Mitigation,
|
||||
)
|
||||
}
|
||||
return nil
|
||||
|
|
|
@ -404,11 +404,11 @@ node_cpu_seconds_total{cpu="7",mode="system"} 101.64
|
|||
node_cpu_seconds_total{cpu="7",mode="user"} 290.98
|
||||
# HELP node_cpu_vulnerabilities_info Details of each CPU vulnerability reported by sysfs. The value of the series is an int encoded state of the vulnerability. The same state is stored as a string in the label
|
||||
# TYPE node_cpu_vulnerabilities_info gauge
|
||||
node_cpu_vulnerabilities_info{codename="itlb_multihit",state="not affected"} 1
|
||||
node_cpu_vulnerabilities_info{codename="mds",state="vulnerable"} 1
|
||||
node_cpu_vulnerabilities_info{codename="retbleed",state="mitigation"} 1
|
||||
node_cpu_vulnerabilities_info{codename="spectre_v1",state="mitigation"} 1
|
||||
node_cpu_vulnerabilities_info{codename="spectre_v2",state="mitigation"} 1
|
||||
node_cpu_vulnerabilities_info{codename="itlb_multihit",mitigation="",state="not affected"} 1
|
||||
node_cpu_vulnerabilities_info{codename="mds",mitigation="",state="vulnerable"} 1
|
||||
node_cpu_vulnerabilities_info{codename="retbleed",mitigation="untrained return thunk; SMT enabled with STIBP protection",state="mitigation"} 1
|
||||
node_cpu_vulnerabilities_info{codename="spectre_v1",mitigation="usercopy/swapgs barriers and __user pointer sanitization",state="mitigation"} 1
|
||||
node_cpu_vulnerabilities_info{codename="spectre_v2",mitigation="Retpolines, IBPB: conditional, STIBP: always-on, RSB filling, PBRSB-eIBRS: Not affected",state="mitigation"} 1
|
||||
# HELP node_disk_ata_rotation_rate_rpm ATA disk rotation rate in RPMs (0 for SSDs).
|
||||
# TYPE node_disk_ata_rotation_rate_rpm gauge
|
||||
node_disk_ata_rotation_rate_rpm{device="sda"} 7200
|
||||
|
|
|
@ -426,11 +426,11 @@ node_cpu_seconds_total{cpu="7",mode="system"} 101.64
|
|||
node_cpu_seconds_total{cpu="7",mode="user"} 290.98
|
||||
# HELP node_cpu_vulnerabilities_info Details of each CPU vulnerability reported by sysfs. The value of the series is an int encoded state of the vulnerability. The same state is stored as a string in the label
|
||||
# TYPE node_cpu_vulnerabilities_info gauge
|
||||
node_cpu_vulnerabilities_info{codename="itlb_multihit",state="not affected"} 1
|
||||
node_cpu_vulnerabilities_info{codename="mds",state="vulnerable"} 1
|
||||
node_cpu_vulnerabilities_info{codename="retbleed",state="mitigation"} 1
|
||||
node_cpu_vulnerabilities_info{codename="spectre_v1",state="mitigation"} 1
|
||||
node_cpu_vulnerabilities_info{codename="spectre_v2",state="mitigation"} 1
|
||||
node_cpu_vulnerabilities_info{codename="itlb_multihit",mitigation="",state="not affected"} 1
|
||||
node_cpu_vulnerabilities_info{codename="mds",mitigation="",state="vulnerable"} 1
|
||||
node_cpu_vulnerabilities_info{codename="retbleed",mitigation="untrained return thunk; SMT enabled with STIBP protection",state="mitigation"} 1
|
||||
node_cpu_vulnerabilities_info{codename="spectre_v1",mitigation="usercopy/swapgs barriers and __user pointer sanitization",state="mitigation"} 1
|
||||
node_cpu_vulnerabilities_info{codename="spectre_v2",mitigation="Retpolines, IBPB: conditional, STIBP: always-on, RSB filling, PBRSB-eIBRS: Not affected",state="mitigation"} 1
|
||||
# HELP node_disk_ata_rotation_rate_rpm ATA disk rotation rate in RPMs (0 for SSDs).
|
||||
# TYPE node_disk_ata_rotation_rate_rpm gauge
|
||||
node_disk_ata_rotation_rate_rpm{device="sda"} 7200
|
||||
|
|
Loading…
Reference in a new issue