Add support for SSL settings to ElasticSearch output plugin (#3406)

2017-10-31 02:22:40 +05:30 · 2017-10-31 02:22:40 +05:30 · 78df21d6a2
parent f205c1b5e1
commit 78df21d6a2
2 changed files with 37 additions and 5 deletions
--- a/plugins/outputs/elasticsearch/README.md
+++ b/plugins/outputs/elasticsearch/README.md
@ -174,6 +174,13 @@ This plugin will format the events in the following way:
  # %H - hour (00..23)
  index_name = "telegraf-%Y.%m.%d" # required.

+  ## Optional SSL Config
+  # ssl_ca = "/etc/telegraf/ca.pem"
+  # ssl_cert = "/etc/telegraf/cert.pem"
+  # ssl_key = "/etc/telegraf/key.pem"
+  ## Use SSL but skip chain & host verification
+  # insecure_skip_verify = false
+
  ## Template Config
  ## Set to true if you want telegraf to manage its index template.
  ## If enabled it will create a recommended index template for telegraf indexes
--- a/plugins/outputs/elasticsearch/elasticsearch.go
+++ b/plugins/outputs/elasticsearch/elasticsearch.go
@ -3,15 +3,15 @@ package elasticsearch
 import (
 	"context"
 	"fmt"
-	"log"
-	"strconv"
-	"strings"
-	"time"
-
 	"github.com/influxdata/telegraf"
 	"github.com/influxdata/telegraf/internal"
 	"github.com/influxdata/telegraf/plugins/outputs"
 	"gopkg.in/olivere/elastic.v5"
+	"log"
+	"net/http"
+	"strconv"
+	"strings"
+	"time"
 )

 type Elasticsearch struct {
@ -25,6 +25,10 @@ type Elasticsearch struct {
 	ManageTemplate      bool
 	TemplateName        string
 	OverwriteTemplate   bool
+	SSLCA               string `toml:"ssl_ca"`   // Path to CA file
+	SSLCert             string `toml:"ssl_cert"` // Path to host cert file
+	SSLKey              string `toml:"ssl_key"`  // Path to cert key file
+	InsecureSkipVerify  bool   // Use SSL but skip chain & host verification
 	Client              *elastic.Client
 }

@ -56,6 +60,13 @@ var sampleConfig = `
  # %H - hour (00..23)
  index_name = "telegraf-%Y.%m.%d" # required.

+  ## Optional SSL Config
+  # ssl_ca = "/etc/telegraf/ca.pem"
+  # ssl_cert = "/etc/telegraf/cert.pem"
+  # ssl_key = "/etc/telegraf/key.pem"
+  ## Use SSL but skip chain & host verification
+  # insecure_skip_verify = false
+
  ## Template Config
  ## Set to true if you want telegraf to manage its index template.
  ## If enabled it will create a recommended index template for telegraf indexes
@ -76,7 +87,21 @@ func (a *Elasticsearch) Connect() error {

 	var clientOptions []elastic.ClientOptionFunc

+	tlsCfg, err := internal.GetTLSConfig(a.SSLCert, a.SSLKey, a.SSLCA, a.InsecureSkipVerify)
+	if err != nil {
+		return err
+	}
+	tr := &http.Transport{
+		TLSClientConfig: tlsCfg,
+	}
+
+	httpclient := &http.Client{
+		Transport: tr,
+		Timeout:   a.Timeout.Duration,
+	}
+
 	clientOptions = append(clientOptions,
+		elastic.SetHttpClient(httpclient),
 		elastic.SetSniff(a.EnableSniffer),
 		elastic.SetURL(a.URLs...),
 		elastic.SetHealthcheckInterval(a.HealthCheckInterval.Duration),