Add support for new SSL configuration to mongodb (#2522)

closes #2519
This commit is contained in:
Daniel Nelson 2017-03-10 11:27:55 -08:00 committed by GitHub
parent 13f314a507
commit 7a5d857846
3 changed files with 37 additions and 2 deletions

View File

@ -57,6 +57,7 @@ be deprecated eventually.
- [#2071](https://github.com/influxdata/telegraf/issues/2071): Use official docker SDK. - [#2071](https://github.com/influxdata/telegraf/issues/2071): Use official docker SDK.
- [#1678](https://github.com/influxdata/telegraf/pull/1678): Add AMQP consumer input plugin - [#1678](https://github.com/influxdata/telegraf/pull/1678): Add AMQP consumer input plugin
- [#2501](https://github.com/influxdata/telegraf/pull/2501): Support DEAD(X) state in system input plugin. - [#2501](https://github.com/influxdata/telegraf/pull/2501): Support DEAD(X) state in system input plugin.
- [#2522](https://github.com/influxdata/telegraf/pull/2522): Add support for mongodb client certificates.
### Bugfixes ### Bugfixes

View File

@ -11,9 +11,16 @@
## 10.0.0.1:10000, etc. ## 10.0.0.1:10000, etc.
servers = ["127.0.0.1:27017"] servers = ["127.0.0.1:27017"]
gather_perdb_stats = false gather_perdb_stats = false
## Optional SSL Config
# ssl_ca = "/etc/telegraf/ca.pem"
# ssl_cert = "/etc/telegraf/cert.pem"
# ssl_key = "/etc/telegraf/key.pem"
## Use SSL but skip chain & host verification
# insecure_skip_verify = false
``` ```
For authenticated mongodb istances use connection mongdb connection URI For authenticated mongodb instances use `mongodb://` connection URI
```toml ```toml
[[inputs.mongodb]] [[inputs.mongodb]]

View File

@ -10,6 +10,7 @@ import (
"time" "time"
"github.com/influxdata/telegraf" "github.com/influxdata/telegraf"
"github.com/influxdata/telegraf/internal"
"github.com/influxdata/telegraf/internal/errchan" "github.com/influxdata/telegraf/internal/errchan"
"github.com/influxdata/telegraf/plugins/inputs" "github.com/influxdata/telegraf/plugins/inputs"
"gopkg.in/mgo.v2" "gopkg.in/mgo.v2"
@ -20,6 +21,15 @@ type MongoDB struct {
Ssl Ssl Ssl Ssl
mongos map[string]*Server mongos map[string]*Server
GatherPerdbStats bool GatherPerdbStats bool
// Path to CA file
SSLCA string `toml:"ssl_ca"`
// Path to host cert file
SSLCert string `toml:"ssl_cert"`
// Path to cert key file
SSLKey string `toml:"ssl_key"`
// Use SSL but skip chain & host verification
InsecureSkipVerify bool
} }
type Ssl struct { type Ssl struct {
@ -35,6 +45,13 @@ var sampleConfig = `
## 10.0.0.1:10000, etc. ## 10.0.0.1:10000, etc.
servers = ["127.0.0.1:27017"] servers = ["127.0.0.1:27017"]
gather_perdb_stats = false gather_perdb_stats = false
## Optional SSL Config
# ssl_ca = "/etc/telegraf/ca.pem"
# ssl_cert = "/etc/telegraf/cert.pem"
# ssl_key = "/etc/telegraf/key.pem"
## Use SSL but skip chain & host verification
# insecure_skip_verify = false
` `
func (m *MongoDB) SampleConfig() string { func (m *MongoDB) SampleConfig() string {
@ -105,8 +122,11 @@ func (m *MongoDB) gatherServer(server *Server, acc telegraf.Accumulator) error {
dialInfo.Direct = true dialInfo.Direct = true
dialInfo.Timeout = 5 * time.Second dialInfo.Timeout = 5 * time.Second
var tlsConfig *tls.Config
if m.Ssl.Enabled { if m.Ssl.Enabled {
tlsConfig := &tls.Config{} // Deprecated SSL config
tlsConfig = &tls.Config{}
if len(m.Ssl.CaCerts) > 0 { if len(m.Ssl.CaCerts) > 0 {
roots := x509.NewCertPool() roots := x509.NewCertPool()
for _, caCert := range m.Ssl.CaCerts { for _, caCert := range m.Ssl.CaCerts {
@ -119,6 +139,13 @@ func (m *MongoDB) gatherServer(server *Server, acc telegraf.Accumulator) error {
} else { } else {
tlsConfig.InsecureSkipVerify = true tlsConfig.InsecureSkipVerify = true
} }
} else {
tlsConfig, err = internal.GetTLSConfig(
m.SSLCert, m.SSLKey, m.SSLCA, m.InsecureSkipVerify)
}
// If configured to use TLS, add a dial function
if tlsConfig != nil {
dialInfo.DialServer = func(addr *mgo.ServerAddr) (net.Conn, error) { dialInfo.DialServer = func(addr *mgo.ServerAddr) (net.Conn, error) {
conn, err := tls.Dial("tcp", addr.String(), tlsConfig) conn, err := tls.Dial("tcp", addr.String(), tlsConfig)
if err != nil { if err != nil {