mqtt output: cleanup, implement TLS
Also normalize TLS config across all output plugins and normalize comment strings as well.
This commit is contained in:
Cameron Sparr
@@ -2,15 +2,13 @@ package amqp
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"log"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
"github.com/influxdata/telegraf"
|
||||
"github.com/influxdata/telegraf/internal"
|
||||
"github.com/influxdata/telegraf/plugins/outputs"
|
||||
"github.com/streadway/amqp"
|
||||
)
|
||||
@@ -20,12 +18,6 @@ type AMQP struct {
|
||||
URL string
|
||||
// AMQP exchange
|
||||
Exchange string
|
||||
// path to CA file
|
||||
SslCa string
|
||||
// path to host cert file
|
||||
SslCert string
|
||||
// path to cert key file
|
||||
SslKey string
|
||||
// Routing Key Tag
|
||||
RoutingTag string `toml:"routing_tag"`
|
||||
// InfluxDB database
|
||||
@@ -35,6 +27,15 @@ type AMQP struct {
|
||||
// InfluxDB precision
|
||||
Precision string
|
||||
|
||||
// Path to CA file
|
||||
SSLCA string `toml:"ssl_ca"`
|
||||
// Path to host cert file
|
||||
SSLCert string `toml:"ssl_cert"`
|
||||
// Path to cert key file
|
||||
SSLKey string `toml:"ssl_key"`
|
||||
// Use SSL but skip chain & host verification
|
||||
InsecureSkipVerify bool
|
||||
|
||||
channel *amqp.Channel
|
||||
sync.Mutex
|
||||
headers amqp.Table
|
||||
@@ -47,25 +48,27 @@ const (
|
||||
)
|
||||
|
||||
var sampleConfig = `
|
||||
# AMQP url
|
||||
### AMQP url
|
||||
url = "amqp://localhost:5672/influxdb"
|
||||
# AMQP exchange
|
||||
### AMQP exchange
|
||||
exchange = "telegraf"
|
||||
# Telegraf tag to use as a routing key
|
||||
# ie, if this tag exists, it's value will be used as the routing key
|
||||
### Telegraf tag to use as a routing key
|
||||
### ie, if this tag exists, it's value will be used as the routing key
|
||||
routing_tag = "host"
|
||||
|
||||
# Use ssl
|
||||
#ssl_ca = "/etc/telegraf/ca.pem"
|
||||
#ssl_cert = "/etc/telegraf/cert.pem"
|
||||
#ssl_key = "/etc/telegraf/key.pem"
|
||||
### InfluxDB retention policy
|
||||
# retention_policy = "default"
|
||||
### InfluxDB database
|
||||
# database = "telegraf"
|
||||
### InfluxDB precision
|
||||
# precision = "s"
|
||||
|
||||
# InfluxDB retention policy
|
||||
#retention_policy = "default"
|
||||
# InfluxDB database
|
||||
#database = "telegraf"
|
||||
# InfluxDB precision
|
||||
#precision = "s"
|
||||
### Optional SSL Config
|
||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
||||
# ssl_key = "/etc/telegraf/key.pem"
|
||||
### Use SSL but skip chain & host verification
|
||||
# insecure_skip_verify = false
|
||||
`
|
||||
|
||||
func (q *AMQP) Connect() error {
|
||||
@@ -79,28 +82,15 @@ func (q *AMQP) Connect() error {
|
||||
}
|
||||
|
||||
var connection *amqp.Connection
|
||||
var err error
|
||||
if q.SslCert != "" && q.SslKey != "" {
|
||||
// make new tls config
|
||||
cfg := new(tls.Config)
|
||||
if q.SslCa != "" {
|
||||
// create ca pool
|
||||
cfg.RootCAs = x509.NewCertPool()
|
||||
|
||||
// add self-signed cert
|
||||
if ca, err := ioutil.ReadFile(q.SslCa); err == nil {
|
||||
cfg.RootCAs.AppendCertsFromPEM(ca)
|
||||
} else {
|
||||
log.Println(err)
|
||||
}
|
||||
}
|
||||
if cert, err := tls.LoadX509KeyPair(q.SslCert, q.SslKey); err == nil {
|
||||
cfg.Certificates = append(cfg.Certificates, cert)
|
||||
} else {
|
||||
log.Println(err)
|
||||
}
|
||||
connection, err = amqp.DialTLS(q.URL, cfg)
|
||||
// make new tls config
|
||||
tls, err := internal.GetTLSConfig(
|
||||
q.SSLCert, q.SSLKey, q.SSLCA, q.InsecureSkipVerify)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if tls != nil {
|
||||
connection, err = amqp.DialTLS(q.URL, tls)
|
||||
} else {
|
||||
connection, err = amqp.Dial(q.URL)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user