x509 certs authentication now supported for Prometheus input plugin (#1396)

This commit is contained in:
Victor Garcia 2016-06-23 09:59:44 +02:00 committed by Cameron Sparr
parent b18134a4e3
commit 50ea7f4a9d
3 changed files with 46 additions and 9 deletions

View File

@ -56,6 +56,7 @@ should now look like:
- [#1335](https://github.com/influxdata/telegraf/issues/1335): Fix overall ping timeout to be calculated based on per-ping timeout. - [#1335](https://github.com/influxdata/telegraf/issues/1335): Fix overall ping timeout to be calculated based on per-ping timeout.
- [#1374](https://github.com/influxdata/telegraf/pull/1374): Change "default" retention policy to "". - [#1374](https://github.com/influxdata/telegraf/pull/1374): Change "default" retention policy to "".
- [#1377](https://github.com/influxdata/telegraf/issues/1377): Graphite output mangling '%' character. - [#1377](https://github.com/influxdata/telegraf/issues/1377): Graphite output mangling '%' character.
- [#1396](https://github.com/influxdata/telegraf/pull/1396): Prometheus input plugin now supports x509 certs authentication
## v1.0 beta 1 [2016-06-07] ## v1.0 beta 1 [2016-06-07]

View File

@ -30,6 +30,26 @@ to filter and some tags
kubeservice = "kube-apiserver" kubeservice = "kube-apiserver"
``` ```
```toml
# Authorize with a bearer token skipping cert verification
[[inputs.prometheus]]
# An array of urls to scrape metrics from.
urls = ["http://my-kube-apiserver:8080/metrics"]
bearer_token = '/path/to/bearer/token'
insecure_skip_verify = true
```
```toml
# Authorize using x509 certs
[[inputs.prometheus]]
# An array of urls to scrape metrics from.
urls = ["https://my-kube-apiserver:8080/metrics"]
ssl_ca = '/path/to/cafile'
ssl_cert = '/path/to/certfile'
ssl_key = '/path/to/keyfile'
```
### Measurements & Fields & Tags: ### Measurements & Fields & Tags:
Measurements and fields could be any thing. Measurements and fields could be any thing.

View File

@ -1,10 +1,10 @@
package prometheus package prometheus
import ( import (
"crypto/tls"
"errors" "errors"
"fmt" "fmt"
"github.com/influxdata/telegraf" "github.com/influxdata/telegraf"
"github.com/influxdata/telegraf/internal"
"github.com/influxdata/telegraf/plugins/inputs" "github.com/influxdata/telegraf/plugins/inputs"
"io/ioutil" "io/ioutil"
"net" "net"
@ -16,20 +16,32 @@ import (
type Prometheus struct { type Prometheus struct {
Urls []string Urls []string
// Use SSL but skip chain & host verification
InsecureSkipVerify bool
// Bearer Token authorization file path // Bearer Token authorization file path
BearerToken string `toml:"bearer_token"` BearerToken string `toml:"bearer_token"`
// Path to CA file
SSLCA string `toml:"ssl_ca"`
// Path to host cert file
SSLCert string `toml:"ssl_cert"`
// Path to cert key file
SSLKey string `toml:"ssl_key"`
// Use SSL but skip chain & host verification
InsecureSkipVerify bool
} }
var sampleConfig = ` var sampleConfig = `
## An array of urls to scrape metrics from. ## An array of urls to scrape metrics from.
urls = ["http://localhost:9100/metrics"] urls = ["http://localhost:9100/metrics"]
## Use SSL but skip chain & host verification
# insecure_skip_verify = false
## Use bearer token for authorization ## Use bearer token for authorization
# bearer_token = /path/to/bearer/token # bearer_token = /path/to/bearer/token
## Optional SSL Config
# ssl_ca = /path/to/cafile
# ssl_cert = /path/to/certfile
# ssl_key = /path/to/keyfile
## Use SSL but skip chain & host verification
# insecure_skip_verify = false
` `
func (p *Prometheus) SampleConfig() string { func (p *Prometheus) SampleConfig() string {
@ -78,15 +90,19 @@ func (p *Prometheus) gatherURL(url string, acc telegraf.Accumulator) error {
var token []byte var token []byte
var resp *http.Response var resp *http.Response
tlsCfg, err := internal.GetTLSConfig(
p.SSLCert, p.SSLKey, p.SSLCA, p.InsecureSkipVerify)
if err != nil {
return err
}
var rt http.RoundTripper = &http.Transport{ var rt http.RoundTripper = &http.Transport{
Dial: (&net.Dialer{ Dial: (&net.Dialer{
Timeout: 5 * time.Second, Timeout: 5 * time.Second,
KeepAlive: 30 * time.Second, KeepAlive: 30 * time.Second,
}).Dial, }).Dial,
TLSHandshakeTimeout: 5 * time.Second, TLSHandshakeTimeout: 5 * time.Second,
TLSClientConfig: &tls.Config{ TLSClientConfig: tlsCfg,
InsecureSkipVerify: p.InsecureSkipVerify,
},
ResponseHeaderTimeout: time.Duration(3 * time.Second), ResponseHeaderTimeout: time.Duration(3 * time.Second),
DisableKeepAlives: true, DisableKeepAlives: true,
} }