x509 certs authentication now supported for Prometheus input plugin (#1396)
This commit is contained in:
parent
b18134a4e3
commit
50ea7f4a9d
|
@ -56,6 +56,7 @@ should now look like:
|
|||
- [#1335](https://github.com/influxdata/telegraf/issues/1335): Fix overall ping timeout to be calculated based on per-ping timeout.
|
||||
- [#1374](https://github.com/influxdata/telegraf/pull/1374): Change "default" retention policy to "".
|
||||
- [#1377](https://github.com/influxdata/telegraf/issues/1377): Graphite output mangling '%' character.
|
||||
- [#1396](https://github.com/influxdata/telegraf/pull/1396): Prometheus input plugin now supports x509 certs authentication
|
||||
|
||||
## v1.0 beta 1 [2016-06-07]
|
||||
|
||||
|
|
|
@ -30,6 +30,26 @@ to filter and some tags
|
|||
kubeservice = "kube-apiserver"
|
||||
```
|
||||
|
||||
```toml
|
||||
# Authorize with a bearer token skipping cert verification
|
||||
[[inputs.prometheus]]
|
||||
# An array of urls to scrape metrics from.
|
||||
urls = ["http://my-kube-apiserver:8080/metrics"]
|
||||
bearer_token = '/path/to/bearer/token'
|
||||
insecure_skip_verify = true
|
||||
```
|
||||
|
||||
```toml
|
||||
# Authorize using x509 certs
|
||||
[[inputs.prometheus]]
|
||||
# An array of urls to scrape metrics from.
|
||||
urls = ["https://my-kube-apiserver:8080/metrics"]
|
||||
|
||||
ssl_ca = '/path/to/cafile'
|
||||
ssl_cert = '/path/to/certfile'
|
||||
ssl_key = '/path/to/keyfile'
|
||||
```
|
||||
|
||||
### Measurements & Fields & Tags:
|
||||
|
||||
Measurements and fields could be any thing.
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
package prometheus
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"errors"
|
||||
"fmt"
|
||||
"github.com/influxdata/telegraf"
|
||||
"github.com/influxdata/telegraf/internal"
|
||||
"github.com/influxdata/telegraf/plugins/inputs"
|
||||
"io/ioutil"
|
||||
"net"
|
||||
|
@ -16,20 +16,32 @@ import (
|
|||
type Prometheus struct {
|
||||
Urls []string
|
||||
|
||||
// Use SSL but skip chain & host verification
|
||||
InsecureSkipVerify bool
|
||||
// Bearer Token authorization file path
|
||||
BearerToken string `toml:"bearer_token"`
|
||||
|
||||
// Path to CA file
|
||||
SSLCA string `toml:"ssl_ca"`
|
||||
// Path to host cert file
|
||||
SSLCert string `toml:"ssl_cert"`
|
||||
// Path to cert key file
|
||||
SSLKey string `toml:"ssl_key"`
|
||||
// Use SSL but skip chain & host verification
|
||||
InsecureSkipVerify bool
|
||||
}
|
||||
|
||||
var sampleConfig = `
|
||||
## An array of urls to scrape metrics from.
|
||||
urls = ["http://localhost:9100/metrics"]
|
||||
|
||||
## Use SSL but skip chain & host verification
|
||||
# insecure_skip_verify = false
|
||||
## Use bearer token for authorization
|
||||
# bearer_token = /path/to/bearer/token
|
||||
|
||||
## Optional SSL Config
|
||||
# ssl_ca = /path/to/cafile
|
||||
# ssl_cert = /path/to/certfile
|
||||
# ssl_key = /path/to/keyfile
|
||||
## Use SSL but skip chain & host verification
|
||||
# insecure_skip_verify = false
|
||||
`
|
||||
|
||||
func (p *Prometheus) SampleConfig() string {
|
||||
|
@ -78,15 +90,19 @@ func (p *Prometheus) gatherURL(url string, acc telegraf.Accumulator) error {
|
|||
var token []byte
|
||||
var resp *http.Response
|
||||
|
||||
tlsCfg, err := internal.GetTLSConfig(
|
||||
p.SSLCert, p.SSLKey, p.SSLCA, p.InsecureSkipVerify)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
var rt http.RoundTripper = &http.Transport{
|
||||
Dial: (&net.Dialer{
|
||||
Timeout: 5 * time.Second,
|
||||
KeepAlive: 30 * time.Second,
|
||||
}).Dial,
|
||||
TLSHandshakeTimeout: 5 * time.Second,
|
||||
TLSClientConfig: &tls.Config{
|
||||
InsecureSkipVerify: p.InsecureSkipVerify,
|
||||
},
|
||||
TLSClientConfig: tlsCfg,
|
||||
ResponseHeaderTimeout: time.Duration(3 * time.Second),
|
||||
DisableKeepAlives: true,
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue