Add TLS mutual auth supoort to jti_openconfig_telemetry plugin (#6027)
This commit is contained in:
parent
773ed5e622
commit
131f85db73
|
@ -4772,9 +4772,12 @@
|
|||
# "/interfaces",
|
||||
# ]
|
||||
#
|
||||
# ## x509 Certificate to use with TLS connection. If it is not provided, an insecure
|
||||
# ## channel will be opened with server
|
||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
||||
# ## Optional TLS Config
|
||||
# tls_ca = "/etc/telegraf/ca.pem"
|
||||
# tls_cert = "/etc/telegraf/cert.pem"
|
||||
# tls_key = "/etc/telegraf/key.pem"
|
||||
# ## Use TLS but skip chain & host verification
|
||||
# insecure_skip_verify = false
|
||||
#
|
||||
# ## Delay between retry attempts of failed RPC calls or streams. Defaults to 1000ms.
|
||||
# ## Failed streams/calls will not be retried if 0 is provided
|
||||
|
|
|
@ -41,9 +41,12 @@ This plugin reads Juniper Networks implementation of OpenConfig telemetry data f
|
|||
"/interfaces",
|
||||
]
|
||||
|
||||
## x509 Certificate to use with TLS connection. If it is not provided, an insecure
|
||||
## channel will be opened with server
|
||||
ssl_cert = "/etc/telegraf/cert.pem"
|
||||
## Optional TLS Config
|
||||
# tls_ca = "/etc/telegraf/ca.pem"
|
||||
# tls_cert = "/etc/telegraf/cert.pem"
|
||||
# tls_key = "/etc/telegraf/key.pem"
|
||||
## Use TLS but skip chain & host verification
|
||||
# insecure_skip_verify = false
|
||||
|
||||
## Delay between retry attempts of failed RPC calls or streams. Defaults to 1000ms.
|
||||
## Failed streams/calls will not be retried if 0 is provided
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
package jti_openconfig_telemetry
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"fmt"
|
||||
"log"
|
||||
"net"
|
||||
|
@ -11,6 +12,7 @@ import (
|
|||
|
||||
"github.com/influxdata/telegraf"
|
||||
"github.com/influxdata/telegraf/internal"
|
||||
internaltls "github.com/influxdata/telegraf/internal/tls"
|
||||
"github.com/influxdata/telegraf/plugins/inputs"
|
||||
"github.com/influxdata/telegraf/plugins/inputs/jti_openconfig_telemetry/auth"
|
||||
"github.com/influxdata/telegraf/plugins/inputs/jti_openconfig_telemetry/oc"
|
||||
|
@ -28,13 +30,17 @@ type OpenConfigTelemetry struct {
|
|||
Password string
|
||||
ClientID string `toml:"client_id"`
|
||||
SampleFrequency internal.Duration `toml:"sample_frequency"`
|
||||
SSLCert string `toml:"ssl_cert"`
|
||||
StrAsTags bool `toml:"str_as_tags"`
|
||||
RetryDelay internal.Duration `toml:"retry_delay"`
|
||||
|
||||
sensorsConfig []sensorConfig
|
||||
sensorsConfig []sensorConfig
|
||||
|
||||
// GRPC settings
|
||||
grpcClientConns []*grpc.ClientConn
|
||||
wg *sync.WaitGroup
|
||||
EnableTLS bool `toml:"enable_tls"`
|
||||
internaltls.ClientConfig
|
||||
|
||||
wg *sync.WaitGroup
|
||||
}
|
||||
|
||||
var (
|
||||
|
@ -74,9 +80,12 @@ var (
|
|||
"/interfaces",
|
||||
]
|
||||
|
||||
## x509 Certificate to use with TLS connection. If it is not provided, an insecure
|
||||
## channel will be opened with server
|
||||
ssl_cert = "/etc/telegraf/cert.pem"
|
||||
## Optional TLS Config
|
||||
# tls_ca = "/etc/telegraf/ca.pem"
|
||||
# tls_cert = "/etc/telegraf/cert.pem"
|
||||
# tls_key = "/etc/telegraf/key.pem"
|
||||
## Use TLS but skip chain & host verification
|
||||
# insecure_skip_verify = false
|
||||
|
||||
## Delay between retry attempts of failed RPC calls or streams. Defaults to 1000ms.
|
||||
## Failed streams/calls will not be retried if 0 is provided
|
||||
|
@ -343,21 +352,27 @@ func (m *OpenConfigTelemetry) collectData(ctx context.Context,
|
|||
}
|
||||
|
||||
func (m *OpenConfigTelemetry) Start(acc telegraf.Accumulator) error {
|
||||
|
||||
var tlscfg *tls.Config
|
||||
var opts []grpc.DialOption
|
||||
var err error
|
||||
|
||||
// Build sensors config
|
||||
if m.splitSensorConfig() == 0 {
|
||||
return fmt.Errorf("E! No valid sensor configuration available")
|
||||
}
|
||||
|
||||
// If SSL certificate is provided, use transport credentials
|
||||
var err error
|
||||
var transportCredentials credentials.TransportCredentials
|
||||
if m.SSLCert != "" {
|
||||
transportCredentials, err = credentials.NewClientTLSFromFile(m.SSLCert, "")
|
||||
if err != nil {
|
||||
return fmt.Errorf("E! Failed to read certificate: %v", err)
|
||||
// Parse TLS config
|
||||
if m.EnableTLS {
|
||||
if tlscfg, err = m.ClientConfig.TLSConfig(); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
if tlscfg != nil {
|
||||
opts = append(opts, grpc.WithTransportCredentials(credentials.NewTLS(tlscfg)))
|
||||
} else {
|
||||
transportCredentials = nil
|
||||
opts = append(opts, grpc.WithInsecure())
|
||||
}
|
||||
|
||||
// Connect to given list of servers and start collecting data
|
||||
|
@ -373,12 +388,7 @@ func (m *OpenConfigTelemetry) Start(acc telegraf.Accumulator) error {
|
|||
continue
|
||||
}
|
||||
|
||||
// If a certificate is provided, open a secure channel. Else open insecure one
|
||||
if transportCredentials != nil {
|
||||
grpcClientConn, err = grpc.Dial(server, grpc.WithTransportCredentials(transportCredentials))
|
||||
} else {
|
||||
grpcClientConn, err = grpc.Dial(server, grpc.WithInsecure())
|
||||
}
|
||||
grpcClientConn, err = grpc.Dial(server, opts...)
|
||||
if err != nil {
|
||||
log.Printf("E! Failed to connect to %s: %v", server, err)
|
||||
} else {
|
||||
|
|
Loading…
Reference in New Issue