Merge pull request #1 from CanTireInnovations/abazhal/docker-tls

Added support for a TLS-enabled Docker daemon
2016-03-22 13:43:24 -04:00 · 2016-03-22 13:43:24 -04:00 · 5e2343ccfa
parent f543dbb42f 5bd8572b56
commit 5e2343ccfa
2 changed files with 38 additions and 1 deletions
--- a/plugins/inputs/docker/README.md
+++ b/plugins/inputs/docker/README.md
@ -20,6 +20,11 @@ for the stat structure can be found
  #   To use TCP, set endpoint = "tcp://[ip]:[port]"
  #   To use environment variables (ie, docker-machine), set endpoint = "ENV"
  endpoint = "unix:///var/run/docker.sock"
+  # To collect metrics from a TLS-enabled daemon
+  # tls_enabled = true
+  # tls_ca = "~/certificates_path/ca.pem"
+  # tls_cert = "~/certificates_path/cert.pem"
+  # tls_key = "~/certificates_path/key.pem"
  # Only collect metrics for these containers, collect all if empty
  container_names = []
 ```
--- a/plugins/inputs/docker/docker.go
+++ b/plugins/inputs/docker/docker.go
@ -2,6 +2,7 @@ package system

 import (
 	"encoding/json"
+	"errors"
 	"fmt"
 	"log"
 	"regexp"
@ -20,6 +21,15 @@ type Docker struct {
 	Endpoint       string
 	ContainerNames []string

+	// Enables TLS
+	TLSEnabled bool `toml:"tls_enabled"`
+	// Path to CA file
+	TLSCA string `toml:"tls_ca"`
+	// Path to cert file
+	TLSCert string `toml:"tls_cert"`
+	// Path to cert key file
+	TLSKey string `toml:"tls_key"`
+
 	client DockerClient
 }

@ -48,6 +58,11 @@ var sampleConfig = `
  ##   To use TCP, set endpoint = "tcp://[ip]:[port]"
  ##   To use environment variables (ie, docker-machine), set endpoint = "ENV"
  endpoint = "unix:///var/run/docker.sock"
+  ## To collect metrics from a TLS-enabled daemon
+  # tls_enabled = true
+  # tls_ca = "~/certificates_path/ca.pem"
+  # tls_cert = "~/certificates_path/cert.pem"
+  # tls_key = "~/certificates_path/key.pem"
  ## Only collect metrics for these containers, collect all if empty
  container_names = []
 `
@ -73,7 +88,24 @@ func (d *Docker) Gather(acc telegraf.Accumulator) error {
 				return err
 			}
 		} else {
-			c, err = docker.NewClient(d.Endpoint)
+			if !d.TLSEnabled {
+				c, err = docker.NewClient(d.Endpoint)
+			} else {
+				if d.TLSCert == "" {
+					return errors.New("tls_cert must be configured when tls_enable is set to true");
+				}
+
+				if d.TLSKey == "" {
+					return errors.New("tls_key must be configured when tls_enable is set to true");
+				}
+
+				if d.TLSCA == "" {
+					return errors.New("tls_ca must be configured when tls_enable is set to true");
+				}
+
+				c, err = docker.NewTLSClient(d.Endpoint, d.TLSCert, d.TLSKey, d.TLSCA)
+			}
+
 			if err != nil {
 				return err
 			}