Add SSL/TLS support to nginx input plugin (#2883)

This commit is contained in:
Bob Shannon 2017-06-07 20:52:10 -04:00 committed by Daniel Nelson
parent 5f274f1a8e
commit 8e309f864a
3 changed files with 65 additions and 9 deletions

View File

@ -6,6 +6,7 @@
- [#2773](https://github.com/influxdata/telegraf/pull/2773): Add support for self-signed certs to InfluxDB input plugin - [#2773](https://github.com/influxdata/telegraf/pull/2773): Add support for self-signed certs to InfluxDB input plugin
- [#2581](https://github.com/influxdata/telegraf/pull/2581): Add Docker container environment variables as tags. Only whitelisted - [#2581](https://github.com/influxdata/telegraf/pull/2581): Add Docker container environment variables as tags. Only whitelisted
- [#2817](https://github.com/influxdata/telegraf/pull/2817): Added timeout option to IPMI sensor plugin - [#2817](https://github.com/influxdata/telegraf/pull/2817): Added timeout option to IPMI sensor plugin
- [#2883](https://github.com/influxdata/telegraf/pull/2883): Add support for an optional SSL/TLS configuration to nginx input plugin
- [#2882](https://github.com/influxdata/telegraf/pull/2882): Add timezone support for logparser timestamps. - [#2882](https://github.com/influxdata/telegraf/pull/2882): Add timezone support for logparser timestamps.
- [#2814](https://github.com/influxdata/telegraf/pull/2814): Add result_type field for http_response input. - [#2814](https://github.com/influxdata/telegraf/pull/2814): Add result_type field for http_response input.

View File

@ -7,6 +7,16 @@
[[inputs.nginx]] [[inputs.nginx]]
## An array of Nginx stub_status URI to gather stats. ## An array of Nginx stub_status URI to gather stats.
urls = ["http://localhost/server_status"] urls = ["http://localhost/server_status"]
## Optional SSL Config
# ssl_ca = "/etc/telegraf/ca.pem"
# ssl_cert = "/etc/telegraf/cert.pem"
# ssl_key = "/etc/telegraf/key.pem"
## Use SSL but skip chain & host verification
# insecure_skip_verify = false
## HTTP response timeout (default: 5s)
response_timeout = "5s"
``` ```
### Measurements & Fields: ### Measurements & Fields:

View File

@ -12,16 +12,39 @@ import (
"time" "time"
"github.com/influxdata/telegraf" "github.com/influxdata/telegraf"
"github.com/influxdata/telegraf/internal"
"github.com/influxdata/telegraf/plugins/inputs" "github.com/influxdata/telegraf/plugins/inputs"
) )
type Nginx struct { type Nginx struct {
// List of status URLs
Urls []string Urls []string
// Path to CA file
SSLCA string `toml:"ssl_ca"`
// Path to client cert file
SSLCert string `toml:"ssl_cert"`
// Path to cert key file
SSLKey string `toml:"ssl_key"`
// Use SSL but skip chain & host verification
InsecureSkipVerify bool
// HTTP client
client *http.Client
// Response timeout
ResponseTimeout internal.Duration
} }
var sampleConfig = ` var sampleConfig = `
## An array of Nginx stub_status URI to gather stats. # An array of Nginx stub_status URI to gather stats.
urls = ["http://localhost/status"] urls = ["http://localhost/server_status"]
# TLS/SSL configuration
ssl_ca = "/etc/telegraf/ca.pem"
ssl_cert = "/etc/telegraf/cert.cer"
ssl_key = "/etc/telegraf/key.key"
insecure_skip_verify = false
# HTTP response timeout (default: 5s)
response_timeout = "5s"
` `
func (n *Nginx) SampleConfig() string { func (n *Nginx) SampleConfig() string {
@ -35,6 +58,16 @@ func (n *Nginx) Description() string {
func (n *Nginx) Gather(acc telegraf.Accumulator) error { func (n *Nginx) Gather(acc telegraf.Accumulator) error {
var wg sync.WaitGroup var wg sync.WaitGroup
// Create an HTTP client that is re-used for each
// collection interval
if n.client == nil {
client, err := n.createHttpClient()
if err != nil {
return err
}
n.client = client
}
for _, u := range n.Urls { for _, u := range n.Urls {
addr, err := url.Parse(u) addr, err := url.Parse(u)
if err != nil { if err != nil {
@ -52,17 +85,29 @@ func (n *Nginx) Gather(acc telegraf.Accumulator) error {
return nil return nil
} }
var tr = &http.Transport{ func (n *Nginx) createHttpClient() (*http.Client, error) {
ResponseHeaderTimeout: time.Duration(3 * time.Second), tlsCfg, err := internal.GetTLSConfig(
n.SSLCert, n.SSLKey, n.SSLCA, n.InsecureSkipVerify)
if err != nil {
return nil, err
} }
var client = &http.Client{ if n.ResponseTimeout.Duration < time.Second {
Transport: tr, n.ResponseTimeout.Duration = time.Second * 5
Timeout: time.Duration(4 * time.Second), }
client := &http.Client{
Transport: &http.Transport{
TLSClientConfig: tlsCfg,
},
Timeout: n.ResponseTimeout.Duration,
}
return client, nil
} }
func (n *Nginx) gatherUrl(addr *url.URL, acc telegraf.Accumulator) error { func (n *Nginx) gatherUrl(addr *url.URL, acc telegraf.Accumulator) error {
resp, err := client.Get(addr.String()) resp, err := n.client.Get(addr.String())
if err != nil { if err != nil {
return fmt.Errorf("error making HTTP request to %s: %s", addr.String(), err) return fmt.Errorf("error making HTTP request to %s: %s", addr.String(), err)
} }