Merge pull request #1 from CanTireInnovations/abazhal/docker-tls
Added support for a TLS-enabled Docker daemon
This commit is contained in:
commit
5e2343ccfa
|
@ -20,6 +20,11 @@ for the stat structure can be found
|
||||||
# To use TCP, set endpoint = "tcp://[ip]:[port]"
|
# To use TCP, set endpoint = "tcp://[ip]:[port]"
|
||||||
# To use environment variables (ie, docker-machine), set endpoint = "ENV"
|
# To use environment variables (ie, docker-machine), set endpoint = "ENV"
|
||||||
endpoint = "unix:///var/run/docker.sock"
|
endpoint = "unix:///var/run/docker.sock"
|
||||||
|
# To collect metrics from a TLS-enabled daemon
|
||||||
|
# tls_enabled = true
|
||||||
|
# tls_ca = "~/certificates_path/ca.pem"
|
||||||
|
# tls_cert = "~/certificates_path/cert.pem"
|
||||||
|
# tls_key = "~/certificates_path/key.pem"
|
||||||
# Only collect metrics for these containers, collect all if empty
|
# Only collect metrics for these containers, collect all if empty
|
||||||
container_names = []
|
container_names = []
|
||||||
```
|
```
|
||||||
|
|
|
@ -2,6 +2,7 @@ package system
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"log"
|
"log"
|
||||||
"regexp"
|
"regexp"
|
||||||
|
@ -20,6 +21,15 @@ type Docker struct {
|
||||||
Endpoint string
|
Endpoint string
|
||||||
ContainerNames []string
|
ContainerNames []string
|
||||||
|
|
||||||
|
// Enables TLS
|
||||||
|
TLSEnabled bool `toml:"tls_enabled"`
|
||||||
|
// Path to CA file
|
||||||
|
TLSCA string `toml:"tls_ca"`
|
||||||
|
// Path to cert file
|
||||||
|
TLSCert string `toml:"tls_cert"`
|
||||||
|
// Path to cert key file
|
||||||
|
TLSKey string `toml:"tls_key"`
|
||||||
|
|
||||||
client DockerClient
|
client DockerClient
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -48,6 +58,11 @@ var sampleConfig = `
|
||||||
## To use TCP, set endpoint = "tcp://[ip]:[port]"
|
## To use TCP, set endpoint = "tcp://[ip]:[port]"
|
||||||
## To use environment variables (ie, docker-machine), set endpoint = "ENV"
|
## To use environment variables (ie, docker-machine), set endpoint = "ENV"
|
||||||
endpoint = "unix:///var/run/docker.sock"
|
endpoint = "unix:///var/run/docker.sock"
|
||||||
|
## To collect metrics from a TLS-enabled daemon
|
||||||
|
# tls_enabled = true
|
||||||
|
# tls_ca = "~/certificates_path/ca.pem"
|
||||||
|
# tls_cert = "~/certificates_path/cert.pem"
|
||||||
|
# tls_key = "~/certificates_path/key.pem"
|
||||||
## Only collect metrics for these containers, collect all if empty
|
## Only collect metrics for these containers, collect all if empty
|
||||||
container_names = []
|
container_names = []
|
||||||
`
|
`
|
||||||
|
@ -73,7 +88,24 @@ func (d *Docker) Gather(acc telegraf.Accumulator) error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
c, err = docker.NewClient(d.Endpoint)
|
if !d.TLSEnabled {
|
||||||
|
c, err = docker.NewClient(d.Endpoint)
|
||||||
|
} else {
|
||||||
|
if d.TLSCert == "" {
|
||||||
|
return errors.New("tls_cert must be configured when tls_enable is set to true");
|
||||||
|
}
|
||||||
|
|
||||||
|
if d.TLSKey == "" {
|
||||||
|
return errors.New("tls_key must be configured when tls_enable is set to true");
|
||||||
|
}
|
||||||
|
|
||||||
|
if d.TLSCA == "" {
|
||||||
|
return errors.New("tls_ca must be configured when tls_enable is set to true");
|
||||||
|
}
|
||||||
|
|
||||||
|
c, err = docker.NewTLSClient(d.Endpoint, d.TLSCert, d.TLSKey, d.TLSCA)
|
||||||
|
}
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue