From b3ddde5a6f5f3063b8e4c871aa91ba2715a5227d Mon Sep 17 00:00:00 2001 From: AntonBazhal Date: Tue, 22 Mar 2016 13:21:58 -0400 Subject: [PATCH] Added support for TLS-enabled Docker daemon --- plugins/inputs/docker/README.md | 5 +++++ plugins/inputs/docker/docker.go | 34 ++++++++++++++++++++++++++++++++- 2 files changed, 38 insertions(+), 1 deletion(-) diff --git a/plugins/inputs/docker/README.md b/plugins/inputs/docker/README.md index 97450e2aa..5a3b02aa3 100644 --- a/plugins/inputs/docker/README.md +++ b/plugins/inputs/docker/README.md @@ -20,6 +20,11 @@ for the stat structure can be found # To use TCP, set endpoint = "tcp://[ip]:[port]" # To use environment variables (ie, docker-machine), set endpoint = "ENV" endpoint = "unix:///var/run/docker.sock" + # To collect metrics from TLS-enabled daemon + # tls_enabled = true + # tls_ca = "~/certificates_path/ca.pem" + # tls_cert = "~/certificates_path/cert.pem" + # tls_key = "~/certificates_path/key.pem" # Only collect metrics for these containers, collect all if empty container_names = [] ``` diff --git a/plugins/inputs/docker/docker.go b/plugins/inputs/docker/docker.go index cdc8ec1e5..33fdf0416 100644 --- a/plugins/inputs/docker/docker.go +++ b/plugins/inputs/docker/docker.go @@ -14,12 +14,22 @@ import ( "github.com/influxdata/telegraf/plugins/inputs" "github.com/fsouza/go-dockerclient" + "errors" ) type Docker struct { Endpoint string ContainerNames []string + // Enables TLS + TLSEnabled bool `toml:"tls_enabled"` + // Path to CA file + TLSCA string `toml:"tls_ca"` + // Path to cert file + TLSCert string `toml:"tls_cert"` + // Path to cert key file + TLSKey string `toml:"tls_key"` + client DockerClient } @@ -48,6 +58,11 @@ var sampleConfig = ` ## To use TCP, set endpoint = "tcp://[ip]:[port]" ## To use environment variables (ie, docker-machine), set endpoint = "ENV" endpoint = "unix:///var/run/docker.sock" + ## To collect metrics from TLS-enabled daemon + # tls_enabled = true + # tls_ca = "~/certificates_path/ca.pem" + # tls_cert = "~/certificates_path/cert.pem" + # tls_key = "~/certificates_path/key.pem" ## Only collect metrics for these containers, collect all if empty container_names = [] ` @@ -73,7 +88,24 @@ func (d *Docker) Gather(acc telegraf.Accumulator) error { return err } } else { - c, err = docker.NewClient(d.Endpoint) + if !d.TLSEnabled { + c, err = docker.NewClient(d.Endpoint) + } else { + if d.TLSCert == "" { + return errors.New("tls_cert must be configured when tls_enable is set to true"); + } + + if d.TLSKey == "" { + return errors.New("tls_key must be configured when tls_enable is set to true"); + } + + if d.TLSCA == "" { + return errors.New("tls_ca must be configured when tls_enable is set to true"); + } + + c, err = docker.NewTLSClient(d.Endpoint, d.TLSCert, d.TLSKey, d.TLSCA) + } + if err != nil { return err }