+ - name: network
+ rules:
+ - alert: interface transmit rate
+ expr: rate(node_network_transmit_bytes_total[1m]) / node_network_speed_bytes > 0.98
+ for: 5m
+ labels:
+ alertgroup: "{{ $labels.instance }}"
+ annotations:
+ bandwidth_used: "{{ $value | humanizePercentage }}"
+ - alert: interface receive rate
+ expr: rate(node_network_receive_bytes_total[1m]) / node_network_speed_bytes > 0.98
+ for: 5m
+ labels:
+ alertgroup: "{{ $labels.instance }}"
+ annotations:
+ bandwidth_used: "{{ $value | humanizePercentage }}"
+ - alert: interface transmit errors
+ expr: rate(node_network_transmit_errs_total{device!~"wg.*"}[1m]) / rate(node_network_transmit_packets_total{device!~"wg.*"}[1m]) > 0.01
+ for: 5m
+ labels:
+ alertgroup: "{{ $labels.instance }}"
+ annotations:
+ error_rate: "{{ $value | humanizePercentage }}"
+ - alert: interface transmit errors
+ expr: rate(node_network_transmit_errs_total{device=~"wg.*"}[1m]) / rate(node_network_transmit_packets_total{device=~"wg.*"}[1m]) > 0.05
+ for: 1h
+ labels:
+ alertgroup: "{{ $labels.instance }}"
+ annotations:
+ error_rate: "{{ $value | humanizePercentage }}"
+ - alert: interface receive errors
+ expr: rate(node_network_receive_errs_total[1m]) / rate(node_network_receive_packets_total[1m]) > 0.01
+ for: 5m
+ labels:
+ alertgroup: "{{ $labels.instance }}"
+ annotations:
+ error_rate: "{{ $value | humanizePercentage }}"
+ - alert: conntrack entries
+ expr: node_nf_conntrack_entries / node_nf_conntrack_entries_limit > 0.8
+ for: 5m
+ labels:
+ alertgroup: "{{ $labels.instance }}"
+ annotations:
+ entries_used: "{{ $value | humanizePercentage }}"
+ - name: planet
+ rules:
+ - alert: planet dump overdue
+ expr: time() - file_stat_modif_time_seconds{path=~"/store/planet/(pbf|planet)/.*"} > 7 * 86400 and ignoring (job, name, path) chef_role{name="planetdump"} == 1
+ for: 24h
+ labels:
+ alertgroup: planet
+ annotations:
+ overdue_by: "{{ $value | humanizeDuration }}"
+ - alert: notes dump overdue
+ expr: time() - file_stat_modif_time_seconds{path=~"/store/planet/notes/.*"} > 86400 and ignoring (job, name, path) chef_role{name="planetdump"} == 1
+ for: 6h
+ labels:
+ alertgroup: planet
+ annotations:
+ overdue_by: "{{ $value | humanizeDuration }}"
+ - alert: daily replication feed delayed
+ expr: time() - file_stat_modif_time_seconds{path=~"/store/planet/replication/day/.*"} > 86400 and ignoring (job, name, path) chef_role{name="planetdump"} == 1
+ for: 3h
+ labels:
+ alertgroup: planet
+ annotations:
+ delayed_by: "{{ $value | humanizeDuration }}"
+ - alert: hourly replication feed delayed
+ expr: time() - file_stat_modif_time_seconds{path=~"/store/planet/replication/hour/.*"} > 3600 and ignoring (job, name, path) chef_role{name="planetdump"} == 1
+ for: 30m
+ labels:
+ alertgroup: planet
+ annotations:
+ delayed_by: "{{ $value | humanizeDuration }}"
+ - alert: minutely replication feed delayed
+ expr: time() - file_stat_modif_time_seconds{path=~"/store/planet/replication/minute/.*"} > 60 and ignoring (job, name, path) chef_role{name="planetdump"} == 1
+ for: 5m
+ labels:
+ alertgroup: planet
+ annotations:
+ delayed_by: "{{ $value | humanizeDuration }}"
+ - alert: changeset replication feed delayed
+ expr: time() - file_stat_modif_time_seconds{path=~"/store/planet/replication/changesets/.*"} > 60 and ignoring (job, name, path) chef_role{name="planetdump"} == 1
+ for: 5m
+ labels:
+ alertgroup: planet
+ annotations:
+ delayed_by: "{{ $value | humanizeDuration }}"
+ - name: postgresql
+ rules:
+ - alert: postgresql down
+ expr: pg_up == 0
+ for: 1m
+ labels:
+ alertgroup: "{{ $labels.instance }}"
+ - alert: postgresql replication delay
+ expr: pg_replication_lag_seconds > 5
+ for: 1m
+ labels:
+ alertgroup: "{{ $labels.instance }}"
+ annotations:
+ delay: "{{ $value | humanizeDuration }}"
+ - alert: postgresql connection limit
+ expr: sum (pg_stat_activity_count) by (instance, server) / sum (pg_settings_max_connections) by (instance, server) > 0.8
+ for: 1m
+ labels:
+ alertgroup: "{{ $labels.instance }}"
+ annotations:
+ connections_used: "{{ $value | humanizePercentage }}"
+ - alert: postgresql deadlocks
+ expr: increase(pg_stat_database_deadlocks{datname!="nominatim"}[1m]) > 5
+ for: 0m
+ labels:
+ alertgroup: "{{ $labels.instance }}"
+ annotations:
+ new_deadlocks: "{{ $value }}"
+ - alert: postgresql slow queries
+ expr: pg_slow_queries > 0
+ for: 5m
+ labels:
+ alertgroup: "{{ $labels.instance }}"
+ annotations:
+ queries: "{{ $value }}"
+ - name: prometheus
+ rules:
+ - alert: prometheus configuration error
+ expr: prometheus_config_last_reload_successful == 0
+ for: 10m
+ labels:
+ alertgroup: "prometheus"
+ - alert: prometheus target missing
+ expr: up == 0
+ for: 10m
+ labels:
+ alertgroup: "prometheus"
+ - name: raid
+ rules:
+ - alert: raid array degraded
+ expr: ohai_array_info{status="degraded"} > 0
+ for: 5m
+ labels:
+ alertgroup: "{{ $labels.instance }}"
+ - alert: raid disk failed
+ expr: ohai_disk_info{status="failed"} > 0
+ for: 5m
+ labels:
+ alertgroup: "{{ $labels.instance }}"
+ - name: rasdaemon
+ rules:
+ - alert: memory controller errors
+ expr: increase(rasdaemon_mc_events_total[1m]) > 0
+ for: 0m
+ labels:
+ alertgroup: "{{ $labels.instance }}"
+ annotations:
+ new_errors: "{{ $value }}"
+ - alert: pcie aer errors
+ expr: increase(rasdaemon_aer_events_total[1m]) > 0
+ for: 0m
+ labels:
+ alertgroup: "{{ $labels.instance }}"
+ annotations:
+ new_ercrors: "{{ $value }}"
+ - name: smart
+ rules:
+ - alert: smart failure
+ expr: smart_health_status == 0
+ for: 60m
+ labels:
+ alertgroup: "{{ $labels.instance }}"
+ - alert: smart ssd wearout approaching
+ expr: smart_percentage_used >= 80
+ for: 60m
+ labels:
+ alertgroup: "{{ $labels.instance }}"
+ annotations:
+ percentage_used: "{{ $value | humanizePercentage }}"
+ - name: ssl
+ rules:
+ - alert: ssl certificate probe failed
+ expr: ssl_probe_success == 0
+ for: 60m
+ labels:
+ alertgroup: ssl
+ - alert: ssl certificate expiry
+ expr: ssl_verified_cert_not_after{chain_no="0"} - time() < 86400 * 14
+ for: 0m
+ labels:
+ alertgroup: ssl
+ annotations:
+ expires_in: "{{ $value | humanizeDuration }}"
+ - alert: ssl certificate revoked
+ expr: ssl_ocsp_response_status == 1
+ for: 0m
+ labels:
+ alertgroup: ssl
+ - alert: ocsp status unknown
+ expr: ssl_ocsp_response_status == 1
+ for: 0m
+ labels:
+ alertgroup: ssl
+ - name: statuscake
+ rules:
+ - alert: statuscake uptime check failing
+ expr: statuscake_uptime{status="down",paused="false"} > 0
+ for: 10m
+ labels:
+ alertgroup: statuscake
+ - name: systemd
+ rules:
+ - alert: systemd failed service
+ expr: node_systemd_unit_state{state="failed",name!="chef-client.service"} == 1
+ for: 5m
+ labels:
+ alertgroup: "{{ $labels.instance }}"
+ - alert: systemd failed service
+ expr: node_systemd_unit_state{state="failed",name="chef-client.service"} == 1
+ for: 6h
+ labels:
+ alertgroup: "{{ $labels.instance }}"