Add input plugin for OpenLDAP (#2612)
This commit is contained in:
parent
06a285bb5e
commit
9fb8cf6319
2
Godeps
2
Godeps
|
@ -59,8 +59,10 @@ github.com/zensqlmonitor/go-mssqldb ffe5510c6fa5e15e6d983210ab501c815b56b363
|
|||
golang.org/x/crypto dc137beb6cce2043eb6b5f223ab8bf51c32459f4
|
||||
golang.org/x/net f2499483f923065a842d38eb4c7f1927e6fc6e6d
|
||||
golang.org/x/text 506f9d5c962f284575e88337e7d9296d27e729d3
|
||||
gopkg.in/asn1-ber.v1 4e86f4367175e39f69d9358a5f17b4dda270378d
|
||||
gopkg.in/fatih/pool.v2 6e328e67893eb46323ad06f0e92cb9536babbabc
|
||||
gopkg.in/gorethink/gorethink.v3 7ab832f7b65573104a555d84a27992ae9ea1f659
|
||||
gopkg.in/ldap.v2 8168ee085ee43257585e50c6441aadf54ecb2c9f
|
||||
gopkg.in/mgo.v2 3f83fa5005286a7fe593b055f0d7771a7dce4655
|
||||
gopkg.in/olivere/elastic.v5 3113f9b9ad37509fe5f8a0e5e91c96fdc4435e26
|
||||
gopkg.in/yaml.v2 4c78c975fe7c825c6d1466c42be594d1d6f3aba6
|
||||
|
|
14
Makefile
14
Makefile
|
@ -70,6 +70,11 @@ docker-run:
|
|||
docker run --name mqtt -p "1883:1883" -d ncarlier/mqtt
|
||||
docker run --name riemann -p "5555:5555" -d stealthly/docker-riemann
|
||||
docker run --name nats -p "4222:4222" -d nats
|
||||
docker run --name openldap \
|
||||
-e SLAPD_CONFIG_ROOTDN="cn=manager,cn=config" \
|
||||
-e SLAPD_CONFIG_ROOTPW="secret" \
|
||||
-p "389:389" -p "636:636" \
|
||||
-d cobaugh/openldap-alpine
|
||||
|
||||
# Run docker containers necessary for CircleCI unit tests
|
||||
docker-run-circle:
|
||||
|
@ -88,11 +93,16 @@ docker-run-circle:
|
|||
docker run --name mqtt -p "1883:1883" -d ncarlier/mqtt
|
||||
docker run --name riemann -p "5555:5555" -d stealthly/docker-riemann
|
||||
docker run --name nats -p "4222:4222" -d nats
|
||||
docker run --name openldap \
|
||||
-e SLAPD_CONFIG_ROOTDN="cn=manager,cn=config" \
|
||||
-e SLAPD_CONFIG_ROOTPW="secret" \
|
||||
-p "389:389" -p "636:636" \
|
||||
-d cobaugh/openldap-alpine
|
||||
|
||||
# Kill all docker containers, ignore errors
|
||||
docker-kill:
|
||||
-docker kill nsq aerospike redis rabbitmq postgres memcached mysql zookeeper kafka mqtt riemann nats elasticsearch
|
||||
-docker rm nsq aerospike redis rabbitmq postgres memcached mysql zookeeper kafka mqtt riemann nats elasticsearch
|
||||
-docker kill nsq aerospike redis rabbitmq postgres memcached mysql zookeeper kafka mqtt riemann nats elasticsearch openldap
|
||||
-docker rm nsq aerospike redis rabbitmq postgres memcached mysql zookeeper kafka mqtt riemann nats elasticsearch openldap
|
||||
|
||||
# Run full unit tests using docker containers (includes setup and teardown)
|
||||
test: vet docker-kill docker-run
|
||||
|
|
|
@ -76,8 +76,10 @@ works:
|
|||
- golang.org/x/crypto [BSD](https://github.com/golang/crypto/blob/master/LICENSE)
|
||||
- golang.org/x/net [BSD](https://go.googlesource.com/net/+/master/LICENSE)
|
||||
- golang.org/x/text [BSD](https://go.googlesource.com/text/+/master/LICENSE)
|
||||
- gopkg.in/asn1-ber.v1 [MIT](https://github.com/go-asn1-ber/asn1-ber/blob/v1.2/LICENSE)
|
||||
- gopkg.in/dancannon/gorethink.v1 [APACHE](https://github.com/dancannon/gorethink/blob/v1.1.2/LICENSE)
|
||||
- gopkg.in/fatih/pool.v2 [MIT](https://github.com/fatih/pool/blob/v2.0.0/LICENSE)
|
||||
- gopkg.in/ldap.v2 [MIT](https://github.com/go-ldap/ldap/blob/v2.5.0/LICENSE)
|
||||
- gopkg.in/mgo.v2 [BSD](https://github.com/go-mgo/mgo/blob/v2/LICENSE)
|
||||
- gopkg.in/olivere/elastic.v5 [MIT](https://github.com/olivere/elastic/blob/v5.0.38/LICENSE)
|
||||
- gopkg.in/yaml.v2 [APACHE](https://github.com/go-yaml/yaml/blob/v2/LICENSE)
|
||||
|
|
|
@ -57,6 +57,7 @@ import (
|
|||
_ "github.com/influxdata/telegraf/plugins/inputs/nsq_consumer"
|
||||
_ "github.com/influxdata/telegraf/plugins/inputs/nstat"
|
||||
_ "github.com/influxdata/telegraf/plugins/inputs/ntpq"
|
||||
_ "github.com/influxdata/telegraf/plugins/inputs/openldap"
|
||||
_ "github.com/influxdata/telegraf/plugins/inputs/passenger"
|
||||
_ "github.com/influxdata/telegraf/plugins/inputs/phpfpm"
|
||||
_ "github.com/influxdata/telegraf/plugins/inputs/ping"
|
||||
|
|
|
@ -0,0 +1,82 @@
|
|||
# Openldap Input Plugin
|
||||
|
||||
This plugin gathers metrics from OpenLDAP's cn=Monitor backend.
|
||||
|
||||
### Configuration:
|
||||
|
||||
```toml
|
||||
[[inputs.openldap]]
|
||||
host = "localhost"
|
||||
port = 389
|
||||
|
||||
# ldaps, starttls, or no encryption. default is an empty string, disabling all encryption.
|
||||
# note that port will likely need to be changed to 636 for ldaps
|
||||
# valid options: "" | "starttls" | "ldaps"
|
||||
ssl = ""
|
||||
|
||||
# skip peer certificate verification. Default is false.
|
||||
insecure_skip_verify = false
|
||||
|
||||
# Path to PEM-encoded Root certificate to use to verify server certificate
|
||||
ssl_ca = "/etc/ssl/certs.pem"
|
||||
|
||||
# dn/password to bind with. If bind_dn is empty, an anonymous bind is performed.
|
||||
bind_dn = ""
|
||||
bind_password = ""
|
||||
```
|
||||
|
||||
### Measurements & Fields:
|
||||
|
||||
All **monitorCounter**, **monitorOpInitiated**, and **monitorOpCompleted** attributes are gathered based on this LDAP query:
|
||||
|
||||
```(|(objectClass=monitorCounterObject)(objectClass=monitorOperation))```
|
||||
|
||||
Metric names are based on their entry DN.
|
||||
|
||||
Metrics for the **monitorOp*** attributes have **_initiated** and **_completed** added to the base name.
|
||||
|
||||
An OpenLDAP 2.4 server will provide these metrics:
|
||||
|
||||
- openldap
|
||||
- max_file_descriptors_connections
|
||||
- current_connections
|
||||
- total_connections
|
||||
- abandon_operations_completed
|
||||
- abandon_operations_initiated
|
||||
- add_operations_completed
|
||||
- add_operations_initiated
|
||||
- bind_operations_completed
|
||||
- bind_operations_initiated
|
||||
- compare_operations_completed
|
||||
- compare_operations_initiated
|
||||
- delete_operations_completed
|
||||
- delete_operations_initiated
|
||||
- extended_operations_completed
|
||||
- extended_operations_initiated
|
||||
- modify_operations_completed
|
||||
- modify_operations_initiated
|
||||
- modrdn_operations_completed
|
||||
- modrdn_operations_initiated
|
||||
- search_operations_completed
|
||||
- search_operations_initiated
|
||||
- unbind_operations_completed
|
||||
- unbind_operations_initiated
|
||||
- bytes_statistics
|
||||
- entries_statistics
|
||||
- pdu_statistics
|
||||
- referrals_statistics
|
||||
- read_waiters
|
||||
- write_waiters
|
||||
|
||||
### Tags:
|
||||
|
||||
- server= # value from config
|
||||
- port= # value from config
|
||||
|
||||
### Example Output:
|
||||
|
||||
```
|
||||
$ telegraf -config telegraf.conf -input-filter openldap -test --debug
|
||||
* Plugin: inputs.openldap, Collection 1
|
||||
> openldap,server=localhost,port=389,host=zirzla search_operations_completed=2i,delete_operations_completed=0i,read_waiters=1i,total_connections=1004i,bind_operations_completed=3i,unbind_operations_completed=3i,referrals_statistics=0i,current_connections=1i,bind_operations_initiated=3i,compare_operations_completed=0i,add_operations_completed=2i,delete_operations_initiated=0i,unbind_operations_initiated=3i,search_operations_initiated=3i,add_operations_initiated=2i,max_file_descriptors_connections=4096i,abandon_operations_initiated=0i,write_waiters=0i,modrdn_operations_completed=0i,abandon_operations_completed=0i,pdu_statistics=23i,modify_operations_initiated=0i,bytes_statistics=1660i,entries_statistics=17i,compare_operations_initiated=0i,modrdn_operations_initiated=0i,extended_operations_completed=0i,modify_operations_completed=0i,extended_operations_initiated=0i 1499990455000000000
|
||||
```
|
|
@ -0,0 +1,178 @@
|
|||
package openldap
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
"gopkg.in/ldap.v2"
|
||||
|
||||
"github.com/influxdata/telegraf"
|
||||
"github.com/influxdata/telegraf/internal"
|
||||
"github.com/influxdata/telegraf/plugins/inputs"
|
||||
)
|
||||
|
||||
type Openldap struct {
|
||||
Host string
|
||||
Port int
|
||||
Ssl string
|
||||
InsecureSkipVerify bool
|
||||
SslCa string
|
||||
BindDn string
|
||||
BindPassword string
|
||||
}
|
||||
|
||||
const sampleConfig string = `
|
||||
host = "localhost"
|
||||
port = 389
|
||||
|
||||
# ldaps, starttls, or no encryption. default is an empty string, disabling all encryption.
|
||||
# note that port will likely need to be changed to 636 for ldaps
|
||||
# valid options: "" | "starttls" | "ldaps"
|
||||
ssl = ""
|
||||
|
||||
# skip peer certificate verification. Default is false.
|
||||
insecure_skip_verify = false
|
||||
|
||||
# Path to PEM-encoded Root certificate to use to verify server certificate
|
||||
ssl_ca = "/etc/ssl/certs.pem"
|
||||
|
||||
# dn/password to bind with. If bind_dn is empty, an anonymous bind is performed.
|
||||
bind_dn = ""
|
||||
bind_password = ""
|
||||
`
|
||||
|
||||
var searchBase = "cn=Monitor"
|
||||
var searchFilter = "(|(objectClass=monitorCounterObject)(objectClass=monitorOperation))"
|
||||
var searchAttrs = []string{"monitorCounter", "monitorOpInitiated", "monitorOpCompleted"}
|
||||
var attrTranslate = map[string]string{
|
||||
"monitorCounter": "",
|
||||
"monitorOpInitiated": "_initiated",
|
||||
"monitorOpCompleted": "_completed",
|
||||
}
|
||||
|
||||
func (o *Openldap) SampleConfig() string {
|
||||
return sampleConfig
|
||||
}
|
||||
|
||||
func (o *Openldap) Description() string {
|
||||
return "OpenLDAP cn=Monitor plugin"
|
||||
}
|
||||
|
||||
// return an initialized Openldap
|
||||
func NewOpenldap() *Openldap {
|
||||
return &Openldap{
|
||||
Host: "localhost",
|
||||
Port: 389,
|
||||
Ssl: "",
|
||||
InsecureSkipVerify: false,
|
||||
SslCa: "",
|
||||
BindDn: "",
|
||||
BindPassword: "",
|
||||
}
|
||||
}
|
||||
|
||||
// gather metrics
|
||||
func (o *Openldap) Gather(acc telegraf.Accumulator) error {
|
||||
var err error
|
||||
var l *ldap.Conn
|
||||
if o.Ssl != "" {
|
||||
// build tls config
|
||||
tlsConfig, err := internal.GetTLSConfig("", "", o.SslCa, o.InsecureSkipVerify)
|
||||
if err != nil {
|
||||
acc.AddError(err)
|
||||
return nil
|
||||
}
|
||||
if o.Ssl == "ldaps" {
|
||||
l, err = ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", o.Host, o.Port), tlsConfig)
|
||||
if err != nil {
|
||||
acc.AddError(err)
|
||||
return nil
|
||||
}
|
||||
} else if o.Ssl == "starttls" {
|
||||
l, err = ldap.Dial("tcp", fmt.Sprintf("%s:%d", o.Host, o.Port))
|
||||
if err != nil {
|
||||
acc.AddError(err)
|
||||
return nil
|
||||
}
|
||||
err = l.StartTLS(tlsConfig)
|
||||
} else {
|
||||
acc.AddError(fmt.Errorf("Invalid setting for ssl: %s", o.Ssl))
|
||||
return nil
|
||||
}
|
||||
} else {
|
||||
l, err = ldap.Dial("tcp", fmt.Sprintf("%s:%d", o.Host, o.Port))
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
acc.AddError(err)
|
||||
return nil
|
||||
}
|
||||
defer l.Close()
|
||||
|
||||
// username/password bind
|
||||
if o.BindDn != "" && o.BindPassword != "" {
|
||||
err = l.Bind(o.BindDn, o.BindPassword)
|
||||
if err != nil {
|
||||
acc.AddError(err)
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
searchRequest := ldap.NewSearchRequest(
|
||||
searchBase,
|
||||
ldap.ScopeWholeSubtree,
|
||||
ldap.NeverDerefAliases,
|
||||
0,
|
||||
0,
|
||||
false,
|
||||
searchFilter,
|
||||
searchAttrs,
|
||||
nil,
|
||||
)
|
||||
|
||||
sr, err := l.Search(searchRequest)
|
||||
if err != nil {
|
||||
acc.AddError(err)
|
||||
return nil
|
||||
}
|
||||
|
||||
gatherSearchResult(sr, o, acc)
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func gatherSearchResult(sr *ldap.SearchResult, o *Openldap, acc telegraf.Accumulator) {
|
||||
fields := map[string]interface{}{}
|
||||
tags := map[string]string{
|
||||
"server": o.Host,
|
||||
"port": strconv.Itoa(o.Port),
|
||||
}
|
||||
for _, entry := range sr.Entries {
|
||||
metricName := dnToMetric(entry.DN, searchBase)
|
||||
for _, attr := range entry.Attributes {
|
||||
if len(attr.Values[0]) >= 1 {
|
||||
if v, err := strconv.ParseInt(attr.Values[0], 10, 64); err == nil {
|
||||
fields[metricName+attrTranslate[attr.Name]] = v
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
acc.AddFields("openldap", fields, tags)
|
||||
return
|
||||
}
|
||||
|
||||
// Convert a DN to metric name, eg cn=Read,cn=Waiters,cn=Monitor to read_waiters
|
||||
func dnToMetric(dn, searchBase string) string {
|
||||
metricName := strings.Trim(dn, " ")
|
||||
metricName = strings.Replace(metricName, " ", "_", -1)
|
||||
metricName = strings.ToLower(metricName)
|
||||
metricName = strings.TrimPrefix(metricName, "cn=")
|
||||
metricName = strings.Replace(metricName, strings.ToLower(searchBase), "", -1)
|
||||
metricName = strings.Replace(metricName, "cn=", "_", -1)
|
||||
return strings.Replace(metricName, ",", "", -1)
|
||||
}
|
||||
|
||||
func init() {
|
||||
inputs.Add("openldap", func() telegraf.Input { return NewOpenldap() })
|
||||
}
|
|
@ -0,0 +1,150 @@
|
|||
package openldap
|
||||
|
||||
import (
|
||||
"gopkg.in/ldap.v2"
|
||||
"strconv"
|
||||
"testing"
|
||||
|
||||
"github.com/influxdata/telegraf/testutil"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
func TestOpenldapMockResult(t *testing.T) {
|
||||
var acc testutil.Accumulator
|
||||
|
||||
mockSearchResult := ldap.SearchResult{
|
||||
Entries: []*ldap.Entry{
|
||||
{
|
||||
DN: "cn=Total,cn=Connections,cn=Monitor",
|
||||
Attributes: []*ldap.EntryAttribute{{Name: "monitorCounter", Values: []string{"1"}}},
|
||||
},
|
||||
},
|
||||
Referrals: []string{},
|
||||
Controls: []ldap.Control{},
|
||||
}
|
||||
|
||||
o := &Openldap{
|
||||
Host: "localhost",
|
||||
Port: 389,
|
||||
}
|
||||
|
||||
gatherSearchResult(&mockSearchResult, o, &acc)
|
||||
commonTests(t, o, &acc)
|
||||
}
|
||||
|
||||
func TestOpenldapNoConnection(t *testing.T) {
|
||||
if testing.Short() {
|
||||
t.Skip("Skipping integration test in short mode")
|
||||
}
|
||||
|
||||
o := &Openldap{
|
||||
Host: "nosuchhost",
|
||||
Port: 389,
|
||||
}
|
||||
|
||||
var acc testutil.Accumulator
|
||||
err := o.Gather(&acc)
|
||||
require.NoError(t, err) // test that we didn't return an error
|
||||
assert.Zero(t, acc.NFields()) // test that we didn't return any fields
|
||||
assert.NotEmpty(t, acc.Errors) // test that we set an error
|
||||
}
|
||||
|
||||
func TestOpenldapGeneratesMetrics(t *testing.T) {
|
||||
if testing.Short() {
|
||||
t.Skip("Skipping integration test in short mode")
|
||||
}
|
||||
|
||||
o := &Openldap{
|
||||
Host: testutil.GetLocalHost(),
|
||||
Port: 389,
|
||||
}
|
||||
|
||||
var acc testutil.Accumulator
|
||||
err := o.Gather(&acc)
|
||||
require.NoError(t, err)
|
||||
commonTests(t, o, &acc)
|
||||
}
|
||||
|
||||
func TestOpenldapStartTLS(t *testing.T) {
|
||||
if testing.Short() {
|
||||
t.Skip("Skipping integration test in short mode")
|
||||
}
|
||||
|
||||
o := &Openldap{
|
||||
Host: testutil.GetLocalHost(),
|
||||
Port: 389,
|
||||
Ssl: "starttls",
|
||||
InsecureSkipVerify: true,
|
||||
}
|
||||
|
||||
var acc testutil.Accumulator
|
||||
err := o.Gather(&acc)
|
||||
require.NoError(t, err)
|
||||
commonTests(t, o, &acc)
|
||||
}
|
||||
|
||||
func TestOpenldapLDAPS(t *testing.T) {
|
||||
if testing.Short() {
|
||||
t.Skip("Skipping integration test in short mode")
|
||||
}
|
||||
|
||||
o := &Openldap{
|
||||
Host: testutil.GetLocalHost(),
|
||||
Port: 636,
|
||||
Ssl: "ldaps",
|
||||
InsecureSkipVerify: true,
|
||||
}
|
||||
|
||||
var acc testutil.Accumulator
|
||||
err := o.Gather(&acc)
|
||||
require.NoError(t, err)
|
||||
commonTests(t, o, &acc)
|
||||
}
|
||||
|
||||
func TestOpenldapInvalidSSL(t *testing.T) {
|
||||
if testing.Short() {
|
||||
t.Skip("Skipping integration test in short mode")
|
||||
}
|
||||
|
||||
o := &Openldap{
|
||||
Host: testutil.GetLocalHost(),
|
||||
Port: 636,
|
||||
Ssl: "invalid",
|
||||
InsecureSkipVerify: true,
|
||||
}
|
||||
|
||||
var acc testutil.Accumulator
|
||||
err := o.Gather(&acc)
|
||||
require.NoError(t, err) // test that we didn't return an error
|
||||
assert.Zero(t, acc.NFields()) // test that we didn't return any fields
|
||||
assert.NotEmpty(t, acc.Errors) // test that we set an error
|
||||
}
|
||||
|
||||
func TestOpenldapBind(t *testing.T) {
|
||||
if testing.Short() {
|
||||
t.Skip("Skipping integration test in short mode")
|
||||
}
|
||||
|
||||
o := &Openldap{
|
||||
Host: testutil.GetLocalHost(),
|
||||
Port: 389,
|
||||
Ssl: "",
|
||||
InsecureSkipVerify: true,
|
||||
BindDn: "cn=manager,cn=config",
|
||||
BindPassword: "secret",
|
||||
}
|
||||
|
||||
var acc testutil.Accumulator
|
||||
err := o.Gather(&acc)
|
||||
require.NoError(t, err)
|
||||
commonTests(t, o, &acc)
|
||||
}
|
||||
|
||||
func commonTests(t *testing.T, o *Openldap, acc *testutil.Accumulator) {
|
||||
assert.Empty(t, acc.Errors, "accumulator had no errors")
|
||||
assert.True(t, acc.HasMeasurement("openldap"), "Has a measurement called 'openldap'")
|
||||
assert.Equal(t, o.Host, acc.TagValue("openldap", "server"), "Has a tag value of server=o.Host")
|
||||
assert.Equal(t, strconv.Itoa(o.Port), acc.TagValue("openldap", "port"), "Has a tag value of port=o.Port")
|
||||
assert.True(t, acc.HasInt64Field("openldap", "total_connections"), "Has an integer field called total_connections")
|
||||
}
|
Loading…
Reference in New Issue