Simplify testing with TLS (#4095)
This commit is contained in:
parent
b2bb44363a
commit
de355b76d6
|
@ -7,6 +7,10 @@
|
||||||
an [example configuration](./plugins/inputs/jolokia2/examples) to help you
|
an [example configuration](./plugins/inputs/jolokia2/examples) to help you
|
||||||
get started.
|
get started.
|
||||||
|
|
||||||
|
- For plugins supporting TLS, you can now specify the certificate and keys
|
||||||
|
using `tls_ca`, `tls_cert`, `tls_key`. These options behave the same as
|
||||||
|
the, now deprecated, `ssl` forms.
|
||||||
|
|
||||||
### New Inputs
|
### New Inputs
|
||||||
|
|
||||||
- [fibaro](./plugins/inputs/fibaro/README.md) - Contributed by @dynek
|
- [fibaro](./plugins/inputs/fibaro/README.md) - Contributed by @dynek
|
||||||
|
|
|
@ -121,11 +121,11 @@
|
||||||
## UDP payload size is the maximum packet size to send.
|
## UDP payload size is the maximum packet size to send.
|
||||||
# udp_payload = 512
|
# udp_payload = 512
|
||||||
|
|
||||||
## Optional SSL Config for use on HTTP connections.
|
## Optional TLS Config for use on HTTP connections.
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## HTTP Proxy override, if unset values the standard proxy environment
|
## HTTP Proxy override, if unset values the standard proxy environment
|
||||||
|
@ -184,11 +184,11 @@
|
||||||
# ## to 5s. 0s means no timeout (not recommended).
|
# ## to 5s. 0s means no timeout (not recommended).
|
||||||
# # timeout = "5s"
|
# # timeout = "5s"
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
#
|
#
|
||||||
# ## Data format to output.
|
# ## Data format to output.
|
||||||
|
@ -284,11 +284,11 @@
|
||||||
# # default_tag_value = "none"
|
# # default_tag_value = "none"
|
||||||
# index_name = "telegraf-%Y.%m.%d" # required.
|
# index_name = "telegraf-%Y.%m.%d" # required.
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
#
|
#
|
||||||
# ## Template Config
|
# ## Template Config
|
||||||
|
@ -327,11 +327,11 @@
|
||||||
# ## timeout in seconds for the write connection to graphite
|
# ## timeout in seconds for the write connection to graphite
|
||||||
# timeout = 2
|
# timeout = 2
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
|
|
||||||
|
|
||||||
|
@ -420,11 +420,11 @@
|
||||||
# ## The total number of times to retry sending a message
|
# ## The total number of times to retry sending a message
|
||||||
# max_retry = 3
|
# max_retry = 3
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
#
|
#
|
||||||
# ## Optional SASL Config
|
# ## Optional SASL Config
|
||||||
|
@ -536,11 +536,11 @@
|
||||||
# ## client ID, if not set a random ID is generated
|
# ## client ID, if not set a random ID is generated
|
||||||
# # client_id = ""
|
# # client_id = ""
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
#
|
#
|
||||||
# ## Data format to output.
|
# ## Data format to output.
|
||||||
|
@ -560,11 +560,11 @@
|
||||||
# ## NATS subject for producer messages
|
# ## NATS subject for producer messages
|
||||||
# subject = "telegraf"
|
# subject = "telegraf"
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
#
|
#
|
||||||
# ## Data format to output.
|
# ## Data format to output.
|
||||||
|
@ -695,11 +695,11 @@
|
||||||
# # address = "unix:///tmp/telegraf.sock"
|
# # address = "unix:///tmp/telegraf.sock"
|
||||||
# # address = "unixgram:///tmp/telegraf.sock"
|
# # address = "unixgram:///tmp/telegraf.sock"
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
#
|
#
|
||||||
# ## Period between keep alive probes.
|
# ## Period between keep alive probes.
|
||||||
|
@ -928,11 +928,11 @@
|
||||||
# ## Maximum time to receive response.
|
# ## Maximum time to receive response.
|
||||||
# # response_timeout = "5s"
|
# # response_timeout = "5s"
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
|
|
||||||
|
|
||||||
|
@ -1112,11 +1112,11 @@
|
||||||
# ## Data centre to query the health checks from
|
# ## Data centre to query the health checks from
|
||||||
# # datacentre = ""
|
# # datacentre = ""
|
||||||
#
|
#
|
||||||
# ## SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## If false, skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = true
|
# # insecure_skip_verify = true
|
||||||
|
|
||||||
|
|
||||||
|
@ -1173,10 +1173,10 @@
|
||||||
# ## Maximum time to receive a response from cluster.
|
# ## Maximum time to receive a response from cluster.
|
||||||
# # response_timeout = "20s"
|
# # response_timeout = "20s"
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## If false, skip chain & host verification
|
# ## If false, skip chain & host verification
|
||||||
# # insecure_skip_verify = true
|
# # insecure_skip_verify = true
|
||||||
#
|
#
|
||||||
|
@ -1261,11 +1261,11 @@
|
||||||
# docker_label_include = []
|
# docker_label_include = []
|
||||||
# docker_label_exclude = []
|
# docker_label_exclude = []
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
|
|
||||||
|
|
||||||
|
@ -1317,11 +1317,11 @@
|
||||||
# ## "breaker". Per default, all stats are gathered.
|
# ## "breaker". Per default, all stats are gathered.
|
||||||
# # node_stats = ["jvm", "http"]
|
# # node_stats = ["jvm", "http"]
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
|
|
||||||
|
|
||||||
|
@ -1428,11 +1428,11 @@
|
||||||
# username = ""
|
# username = ""
|
||||||
# password = ""
|
# password = ""
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
|
|
||||||
|
|
||||||
|
@ -1456,11 +1456,11 @@
|
||||||
# ## field names.
|
# ## field names.
|
||||||
# # keep_field_names = false
|
# # keep_field_names = false
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
|
|
||||||
|
|
||||||
|
@ -1497,11 +1497,11 @@
|
||||||
# ## Tag all metrics with the url
|
# ## Tag all metrics with the url
|
||||||
# # tag_url = true
|
# # tag_url = true
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
#
|
#
|
||||||
# ## Amount of time allowed to complete the HTTP request
|
# ## Amount of time allowed to complete the HTTP request
|
||||||
|
@ -1541,11 +1541,11 @@
|
||||||
# # response_string_match = "ok"
|
# # response_string_match = "ok"
|
||||||
# # response_string_match = "\".*_status\".?:.?\"up\""
|
# # response_string_match = "\".*_status\".?:.?\"up\""
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
#
|
#
|
||||||
# ## HTTP Request Headers (all values must be strings)
|
# ## HTTP Request Headers (all values must be strings)
|
||||||
|
@ -1581,11 +1581,11 @@
|
||||||
# # "my_tag_2"
|
# # "my_tag_2"
|
||||||
# # ]
|
# # ]
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
#
|
#
|
||||||
# ## HTTP parameters (all values must be strings). For "GET" requests, data
|
# ## HTTP parameters (all values must be strings). For "GET" requests, data
|
||||||
|
@ -1613,11 +1613,11 @@
|
||||||
# "http://localhost:8086/debug/vars"
|
# "http://localhost:8086/debug/vars"
|
||||||
# ]
|
# ]
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
#
|
#
|
||||||
# ## http request & header timeout
|
# ## http request & header timeout
|
||||||
|
@ -1771,10 +1771,10 @@
|
||||||
# # password = ""
|
# # password = ""
|
||||||
# # response_timeout = "5s"
|
# # response_timeout = "5s"
|
||||||
#
|
#
|
||||||
# ## Optional SSL config
|
# ## Optional TLS config
|
||||||
# # ssl_ca = "/var/private/ca.pem"
|
# # tls_ca = "/var/private/ca.pem"
|
||||||
# # ssl_cert = "/var/private/client.pem"
|
# # tls_cert = "/var/private/client.pem"
|
||||||
# # ssl_key = "/var/private/client-key.pem"
|
# # tls_key = "/var/private/client-key.pem"
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
#
|
#
|
||||||
# ## Add metrics to read
|
# ## Add metrics to read
|
||||||
|
@ -1796,10 +1796,10 @@
|
||||||
# # password = ""
|
# # password = ""
|
||||||
# # response_timeout = "5s"
|
# # response_timeout = "5s"
|
||||||
#
|
#
|
||||||
# ## Optional SSL config
|
# ## Optional TLS config
|
||||||
# # ssl_ca = "/var/private/ca.pem"
|
# # tls_ca = "/var/private/ca.pem"
|
||||||
# # ssl_cert = "/var/private/client.pem"
|
# # tls_cert = "/var/private/client.pem"
|
||||||
# # ssl_key = "/var/private/client-key.pem"
|
# # tls_key = "/var/private/client-key.pem"
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
#
|
#
|
||||||
# ## Add proxy targets to query
|
# ## Add proxy targets to query
|
||||||
|
@ -1828,11 +1828,11 @@
|
||||||
# ## Time limit for http requests
|
# ## Time limit for http requests
|
||||||
# timeout = "5s"
|
# timeout = "5s"
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
|
|
||||||
|
|
||||||
|
@ -1852,11 +1852,11 @@
|
||||||
# ## Set response_timeout (default 5 seconds)
|
# ## Set response_timeout (default 5 seconds)
|
||||||
# # response_timeout = "5s"
|
# # response_timeout = "5s"
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = /path/to/cafile
|
# # tls_ca = /path/to/cafile
|
||||||
# # ssl_cert = /path/to/certfile
|
# # tls_cert = /path/to/certfile
|
||||||
# # ssl_key = /path/to/keyfile
|
# # tls_key = /path/to/keyfile
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
|
|
||||||
|
|
||||||
|
@ -1948,11 +1948,11 @@
|
||||||
# # "messages",
|
# # "messages",
|
||||||
# # ]
|
# # ]
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
|
|
||||||
|
|
||||||
|
@ -1978,11 +1978,11 @@
|
||||||
# ## When true, collect per database stats
|
# ## When true, collect per database stats
|
||||||
# # gather_perdb_stats = false
|
# # gather_perdb_stats = false
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
|
|
||||||
|
|
||||||
|
@ -2061,10 +2061,12 @@
|
||||||
# ## Some queries we may want to run less often (such as SHOW GLOBAL VARIABLES)
|
# ## Some queries we may want to run less often (such as SHOW GLOBAL VARIABLES)
|
||||||
# interval_slow = "30m"
|
# interval_slow = "30m"
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config (will be used if tls=custom parameter specified in server uri)
|
# ## Optional TLS Config (will be used if tls=custom parameter specified in server uri)
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
|
# ## Use TLS but skip chain & host verification
|
||||||
|
# # insecure_skip_verify = false
|
||||||
|
|
||||||
|
|
||||||
# # Provides metrics about the state of a NATS server
|
# # Provides metrics about the state of a NATS server
|
||||||
|
@ -2124,10 +2126,11 @@
|
||||||
# # An array of Nginx stub_status URI to gather stats.
|
# # An array of Nginx stub_status URI to gather stats.
|
||||||
# urls = ["http://localhost/server_status"]
|
# urls = ["http://localhost/server_status"]
|
||||||
#
|
#
|
||||||
# # TLS/SSL configuration
|
# ## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.cer"
|
# tls_cert = "/etc/telegraf/cert.cer"
|
||||||
# ssl_key = "/etc/telegraf/key.key"
|
# tls_key = "/etc/telegraf/key.key"
|
||||||
|
# ## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
#
|
#
|
||||||
# # HTTP response timeout (default: 5s)
|
# # HTTP response timeout (default: 5s)
|
||||||
|
@ -2190,7 +2193,7 @@
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
#
|
#
|
||||||
# # Path to PEM-encoded Root certificate to use to verify server certificate
|
# # Path to PEM-encoded Root certificate to use to verify server certificate
|
||||||
# ssl_ca = "/etc/ssl/certs.pem"
|
# tls_ca = "/etc/ssl/certs.pem"
|
||||||
#
|
#
|
||||||
# # dn/password to bind with. If bind_dn is empty, an anonymous bind is performed.
|
# # dn/password to bind with. If bind_dn is empty, an anonymous bind is performed.
|
||||||
# bind_dn = ""
|
# bind_dn = ""
|
||||||
|
@ -2341,11 +2344,11 @@
|
||||||
# ## Specify timeout duration for slower prometheus clients (default is 3s)
|
# ## Specify timeout duration for slower prometheus clients (default is 3s)
|
||||||
# # response_timeout = "3s"
|
# # response_timeout = "3s"
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = /path/to/cafile
|
# # tls_ca = /path/to/cafile
|
||||||
# # ssl_cert = /path/to/certfile
|
# # tls_cert = /path/to/certfile
|
||||||
# # ssl_key = /path/to/keyfile
|
# # tls_key = /path/to/keyfile
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
|
|
||||||
|
|
||||||
|
@ -2365,11 +2368,11 @@
|
||||||
# # username = "guest"
|
# # username = "guest"
|
||||||
# # password = "guest"
|
# # password = "guest"
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
#
|
#
|
||||||
# ## Optional request timeouts
|
# ## Optional request timeouts
|
||||||
|
@ -2798,11 +2801,11 @@
|
||||||
# ## Request timeout
|
# ## Request timeout
|
||||||
# # timeout = "5s"
|
# # timeout = "5s"
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
|
|
||||||
|
|
||||||
|
@ -2886,11 +2889,11 @@
|
||||||
# ## Timeout for metric collections from all servers. Minimum timeout is "1s".
|
# ## Timeout for metric collections from all servers. Minimum timeout is "1s".
|
||||||
# # timeout = "5s"
|
# # timeout = "5s"
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # enable_ssl = true
|
# # enable_tls = true
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## If false, skip chain & host verification
|
# ## If false, skip chain & host verification
|
||||||
# # insecure_skip_verify = true
|
# # insecure_skip_verify = true
|
||||||
|
|
||||||
|
@ -2919,11 +2922,11 @@
|
||||||
# ## described here: https://www.rabbitmq.com/plugins.html
|
# ## described here: https://www.rabbitmq.com/plugins.html
|
||||||
# # auth_method = "PLAIN"
|
# # auth_method = "PLAIN"
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
#
|
#
|
||||||
# ## Data format to consume.
|
# ## Data format to consume.
|
||||||
|
@ -2994,11 +2997,11 @@
|
||||||
# ## topic(s) to consume
|
# ## topic(s) to consume
|
||||||
# topics = ["telegraf"]
|
# topics = ["telegraf"]
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
#
|
#
|
||||||
# ## Optional SASL Config
|
# ## Optional SASL Config
|
||||||
|
@ -3124,11 +3127,11 @@
|
||||||
# # username = "telegraf"
|
# # username = "telegraf"
|
||||||
# # password = "metricsmetricsmetricsmetrics"
|
# # password = "metricsmetricsmetricsmetrics"
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
#
|
#
|
||||||
# ## Data format to consume.
|
# ## Data format to consume.
|
||||||
|
|
|
@ -4,11 +4,7 @@ import (
|
||||||
"bufio"
|
"bufio"
|
||||||
"bytes"
|
"bytes"
|
||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
"crypto/tls"
|
|
||||||
"crypto/x509"
|
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
|
||||||
"io/ioutil"
|
|
||||||
"log"
|
"log"
|
||||||
"math/big"
|
"math/big"
|
||||||
"os"
|
"os"
|
||||||
|
@ -112,94 +108,6 @@ func RandomString(n int) string {
|
||||||
return string(bytes)
|
return string(bytes)
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetTLSConfig gets a tls.Config object from the given certs, key, and CA files
|
|
||||||
// for use with a client.
|
|
||||||
// The full path to each file must be provided.
|
|
||||||
// Returns a nil pointer if all files are blank and InsecureSkipVerify=false.
|
|
||||||
func GetTLSConfig(
|
|
||||||
SSLCert, SSLKey, SSLCA string,
|
|
||||||
InsecureSkipVerify bool,
|
|
||||||
) (*tls.Config, error) {
|
|
||||||
if SSLCert == "" && SSLKey == "" && SSLCA == "" && !InsecureSkipVerify {
|
|
||||||
return nil, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
t := &tls.Config{
|
|
||||||
InsecureSkipVerify: InsecureSkipVerify,
|
|
||||||
}
|
|
||||||
|
|
||||||
if SSLCA != "" {
|
|
||||||
caCert, err := ioutil.ReadFile(SSLCA)
|
|
||||||
if err != nil {
|
|
||||||
return nil, errors.New(fmt.Sprintf("Could not load TLS CA: %s",
|
|
||||||
err))
|
|
||||||
}
|
|
||||||
|
|
||||||
caCertPool := x509.NewCertPool()
|
|
||||||
caCertPool.AppendCertsFromPEM(caCert)
|
|
||||||
t.RootCAs = caCertPool
|
|
||||||
}
|
|
||||||
|
|
||||||
if SSLCert != "" && SSLKey != "" {
|
|
||||||
cert, err := tls.LoadX509KeyPair(SSLCert, SSLKey)
|
|
||||||
if err != nil {
|
|
||||||
return nil, errors.New(fmt.Sprintf(
|
|
||||||
"Could not load TLS client key/certificate from %s:%s: %s",
|
|
||||||
SSLKey, SSLCert, err))
|
|
||||||
}
|
|
||||||
|
|
||||||
t.Certificates = []tls.Certificate{cert}
|
|
||||||
t.BuildNameToCertificate()
|
|
||||||
}
|
|
||||||
|
|
||||||
// will be nil by default if nothing is provided
|
|
||||||
return t, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// GetServerTLSConfig gets a tls.Config object from the given certs, key, and one or more CA files
|
|
||||||
// for use with a server.
|
|
||||||
// The full path to each file must be provided.
|
|
||||||
// Returns a nil pointer if all files are blank.
|
|
||||||
func GetServerTLSConfig(
|
|
||||||
TLSCert, TLSKey string,
|
|
||||||
TLSAllowedCACerts []string,
|
|
||||||
) (*tls.Config, error) {
|
|
||||||
if TLSCert == "" && TLSKey == "" && len(TLSAllowedCACerts) == 0 {
|
|
||||||
return nil, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
t := &tls.Config{}
|
|
||||||
|
|
||||||
if len(TLSAllowedCACerts) != 0 {
|
|
||||||
caCertPool := x509.NewCertPool()
|
|
||||||
for _, cert := range TLSAllowedCACerts {
|
|
||||||
c, err := ioutil.ReadFile(cert)
|
|
||||||
if err != nil {
|
|
||||||
return nil, errors.New(fmt.Sprintf("Could not load TLS CA: %s",
|
|
||||||
err))
|
|
||||||
}
|
|
||||||
caCertPool.AppendCertsFromPEM(c)
|
|
||||||
}
|
|
||||||
t.ClientCAs = caCertPool
|
|
||||||
t.ClientAuth = tls.RequireAndVerifyClientCert
|
|
||||||
}
|
|
||||||
|
|
||||||
if TLSCert != "" && TLSKey != "" {
|
|
||||||
cert, err := tls.LoadX509KeyPair(TLSCert, TLSKey)
|
|
||||||
if err != nil {
|
|
||||||
return nil, errors.New(fmt.Sprintf(
|
|
||||||
"Could not load TLS client key/certificate from %s:%s: %s",
|
|
||||||
TLSKey, TLSCert, err))
|
|
||||||
}
|
|
||||||
|
|
||||||
t.Certificates = []tls.Certificate{cert}
|
|
||||||
}
|
|
||||||
|
|
||||||
t.BuildNameToCertificate()
|
|
||||||
|
|
||||||
return t, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// SnakeCase converts the given string to snake case following the Golang format:
|
// SnakeCase converts the given string to snake case following the Golang format:
|
||||||
// acronyms are converted to lower-case and preceded by an underscore.
|
// acronyms are converted to lower-case and preceded by an underscore.
|
||||||
func SnakeCase(in string) string {
|
func SnakeCase(in string) string {
|
||||||
|
|
|
@ -0,0 +1,130 @@
|
||||||
|
package tls
|
||||||
|
|
||||||
|
import (
|
||||||
|
"crypto/tls"
|
||||||
|
"crypto/x509"
|
||||||
|
"fmt"
|
||||||
|
"io/ioutil"
|
||||||
|
)
|
||||||
|
|
||||||
|
// ClientConfig represents the standard client TLS config.
|
||||||
|
type ClientConfig struct {
|
||||||
|
TLSCA string `toml:"tls_ca"`
|
||||||
|
TLSCert string `toml:"tls_cert"`
|
||||||
|
TLSKey string `toml:"tls_key"`
|
||||||
|
InsecureSkipVerify bool `toml:"insecure_skip_verify"`
|
||||||
|
|
||||||
|
// Deprecated in 1.7; use TLS variables above
|
||||||
|
SSLCA string `toml:"ssl_ca"`
|
||||||
|
SSLCert string `toml:"ssl_cert"`
|
||||||
|
SSLKey string `toml:"ssl_ca"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// ServerConfig represents the standard server TLS config.
|
||||||
|
type ServerConfig struct {
|
||||||
|
TLSCert string `toml:"tls_cert"`
|
||||||
|
TLSKey string `toml:"tls_key"`
|
||||||
|
TLSAllowedCACerts []string `toml:"tls_allowed_cacerts"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// TLSConfig returns a tls.Config, may be nil without error if TLS is not
|
||||||
|
// configured.
|
||||||
|
func (c *ClientConfig) TLSConfig() (*tls.Config, error) {
|
||||||
|
// Support deprecated variable names
|
||||||
|
if c.TLSCA == "" && c.SSLCA != "" {
|
||||||
|
c.TLSCA = c.SSLCA
|
||||||
|
}
|
||||||
|
if c.TLSCert == "" && c.SSLCert != "" {
|
||||||
|
c.TLSCert = c.SSLCert
|
||||||
|
}
|
||||||
|
if c.TLSKey == "" && c.SSLKey != "" {
|
||||||
|
c.TLSKey = c.SSLKey
|
||||||
|
}
|
||||||
|
|
||||||
|
// TODO: return default tls.Config; plugins should not call if they don't
|
||||||
|
// want TLS, this will require using another option to determine. In the
|
||||||
|
// case of an HTTP plugin, you could use `https`. Other plugins may need
|
||||||
|
// the dedicated option `TLSEnable`.
|
||||||
|
if c.TLSCA == "" && c.TLSKey == "" && c.TLSCert == "" && !c.InsecureSkipVerify {
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
tlsConfig := &tls.Config{
|
||||||
|
InsecureSkipVerify: c.InsecureSkipVerify,
|
||||||
|
Renegotiation: tls.RenegotiateNever,
|
||||||
|
}
|
||||||
|
|
||||||
|
if c.TLSCA != "" {
|
||||||
|
pool, err := makeCertPool([]string{c.TLSCA})
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
tlsConfig.RootCAs = pool
|
||||||
|
}
|
||||||
|
|
||||||
|
if c.TLSCert != "" && c.TLSKey != "" {
|
||||||
|
err := loadCertificate(tlsConfig, c.TLSCert, c.TLSKey)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return tlsConfig, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// TLSConfig returns a tls.Config, may be nil without error if TLS is not
|
||||||
|
// configured.
|
||||||
|
func (c *ServerConfig) TLSConfig() (*tls.Config, error) {
|
||||||
|
if c.TLSCert == "" && c.TLSKey == "" && len(c.TLSAllowedCACerts) == 0 {
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
tlsConfig := &tls.Config{}
|
||||||
|
|
||||||
|
if len(c.TLSAllowedCACerts) != 0 {
|
||||||
|
pool, err := makeCertPool(c.TLSAllowedCACerts)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
tlsConfig.ClientCAs = pool
|
||||||
|
tlsConfig.ClientAuth = tls.RequireAndVerifyClientCert
|
||||||
|
}
|
||||||
|
|
||||||
|
if c.TLSCert != "" && c.TLSKey != "" {
|
||||||
|
err := loadCertificate(tlsConfig, c.TLSCert, c.TLSKey)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return tlsConfig, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func makeCertPool(certFiles []string) (*x509.CertPool, error) {
|
||||||
|
pool := x509.NewCertPool()
|
||||||
|
for _, certFile := range certFiles {
|
||||||
|
pem, err := ioutil.ReadFile(certFile)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf(
|
||||||
|
"could not read certificate %q: %v", certFile, err)
|
||||||
|
}
|
||||||
|
ok := pool.AppendCertsFromPEM(pem)
|
||||||
|
if !ok {
|
||||||
|
return nil, fmt.Errorf(
|
||||||
|
"could not parse any PEM certificates %q: %v", certFile, err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return pool, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func loadCertificate(config *tls.Config, certFile, keyFile string) error {
|
||||||
|
cert, err := tls.LoadX509KeyPair(certFile, keyFile)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf(
|
||||||
|
"could not load keypair %s:%s: %v", certFile, keyFile, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
config.Certificates = []tls.Certificate{cert}
|
||||||
|
config.BuildNameToCertificate()
|
||||||
|
return nil
|
||||||
|
}
|
|
@ -0,0 +1,226 @@
|
||||||
|
package tls_test
|
||||||
|
|
||||||
|
import (
|
||||||
|
"net/http"
|
||||||
|
"net/http/httptest"
|
||||||
|
"testing"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
|
"github.com/influxdata/telegraf/testutil"
|
||||||
|
"github.com/stretchr/testify/require"
|
||||||
|
)
|
||||||
|
|
||||||
|
var pki = testutil.NewPKI("../../testutil/pki")
|
||||||
|
|
||||||
|
func TestClientConfig(t *testing.T) {
|
||||||
|
tests := []struct {
|
||||||
|
name string
|
||||||
|
client tls.ClientConfig
|
||||||
|
expNil bool
|
||||||
|
expErr bool
|
||||||
|
}{
|
||||||
|
{
|
||||||
|
name: "unset",
|
||||||
|
client: tls.ClientConfig{},
|
||||||
|
expNil: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "success",
|
||||||
|
client: tls.ClientConfig{
|
||||||
|
TLSCA: pki.CACertPath(),
|
||||||
|
TLSCert: pki.ClientCertPath(),
|
||||||
|
TLSKey: pki.ClientKeyPath(),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "invalid ca",
|
||||||
|
client: tls.ClientConfig{
|
||||||
|
TLSCA: pki.ClientKeyPath(),
|
||||||
|
TLSCert: pki.ClientCertPath(),
|
||||||
|
TLSKey: pki.ClientKeyPath(),
|
||||||
|
},
|
||||||
|
expNil: true,
|
||||||
|
expErr: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "missing ca is okay",
|
||||||
|
client: tls.ClientConfig{
|
||||||
|
TLSCert: pki.ClientCertPath(),
|
||||||
|
TLSKey: pki.ClientKeyPath(),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "invalid cert",
|
||||||
|
client: tls.ClientConfig{
|
||||||
|
TLSCA: pki.CACertPath(),
|
||||||
|
TLSCert: pki.ClientKeyPath(),
|
||||||
|
TLSKey: pki.ClientKeyPath(),
|
||||||
|
},
|
||||||
|
expNil: true,
|
||||||
|
expErr: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "missing cert skips client keypair",
|
||||||
|
client: tls.ClientConfig{
|
||||||
|
TLSCA: pki.CACertPath(),
|
||||||
|
TLSKey: pki.ClientKeyPath(),
|
||||||
|
},
|
||||||
|
expNil: false,
|
||||||
|
expErr: false,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "missing key skips client keypair",
|
||||||
|
client: tls.ClientConfig{
|
||||||
|
TLSCA: pki.CACertPath(),
|
||||||
|
TLSCert: pki.ClientCertPath(),
|
||||||
|
},
|
||||||
|
expNil: false,
|
||||||
|
expErr: false,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "support deprecated ssl field names",
|
||||||
|
client: tls.ClientConfig{
|
||||||
|
SSLCA: pki.CACertPath(),
|
||||||
|
SSLCert: pki.ClientCertPath(),
|
||||||
|
SSLKey: pki.ClientKeyPath(),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
for _, tt := range tests {
|
||||||
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
|
tlsConfig, err := tt.client.TLSConfig()
|
||||||
|
if !tt.expNil {
|
||||||
|
require.NotNil(t, tlsConfig)
|
||||||
|
} else {
|
||||||
|
require.Nil(t, tlsConfig)
|
||||||
|
}
|
||||||
|
|
||||||
|
if !tt.expErr {
|
||||||
|
require.NoError(t, err)
|
||||||
|
} else {
|
||||||
|
require.Error(t, err)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestServerConfig(t *testing.T) {
|
||||||
|
tests := []struct {
|
||||||
|
name string
|
||||||
|
server tls.ServerConfig
|
||||||
|
expNil bool
|
||||||
|
expErr bool
|
||||||
|
}{
|
||||||
|
{
|
||||||
|
name: "unset",
|
||||||
|
server: tls.ServerConfig{},
|
||||||
|
expNil: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "success",
|
||||||
|
server: tls.ServerConfig{
|
||||||
|
TLSCert: pki.ServerCertPath(),
|
||||||
|
TLSKey: pki.ServerKeyPath(),
|
||||||
|
TLSAllowedCACerts: []string{pki.CACertPath()},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "invalid ca",
|
||||||
|
server: tls.ServerConfig{
|
||||||
|
TLSCert: pki.ServerCertPath(),
|
||||||
|
TLSKey: pki.ServerKeyPath(),
|
||||||
|
TLSAllowedCACerts: []string{pki.ServerKeyPath()},
|
||||||
|
},
|
||||||
|
expNil: true,
|
||||||
|
expErr: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "missing allowed ca is okay",
|
||||||
|
server: tls.ServerConfig{
|
||||||
|
TLSCert: pki.ServerCertPath(),
|
||||||
|
TLSKey: pki.ServerKeyPath(),
|
||||||
|
},
|
||||||
|
expNil: true,
|
||||||
|
expErr: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "invalid cert",
|
||||||
|
server: tls.ServerConfig{
|
||||||
|
TLSCert: pki.ServerKeyPath(),
|
||||||
|
TLSKey: pki.ServerKeyPath(),
|
||||||
|
TLSAllowedCACerts: []string{pki.CACertPath()},
|
||||||
|
},
|
||||||
|
expNil: true,
|
||||||
|
expErr: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "missing cert",
|
||||||
|
server: tls.ServerConfig{
|
||||||
|
TLSKey: pki.ServerKeyPath(),
|
||||||
|
TLSAllowedCACerts: []string{pki.CACertPath()},
|
||||||
|
},
|
||||||
|
expNil: true,
|
||||||
|
expErr: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "missing key",
|
||||||
|
server: tls.ServerConfig{
|
||||||
|
TLSCert: pki.ServerCertPath(),
|
||||||
|
TLSAllowedCACerts: []string{pki.CACertPath()},
|
||||||
|
},
|
||||||
|
expNil: true,
|
||||||
|
expErr: true,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
for _, tt := range tests {
|
||||||
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
|
tlsConfig, err := tt.server.TLSConfig()
|
||||||
|
if !tt.expNil {
|
||||||
|
require.NotNil(t, tlsConfig)
|
||||||
|
}
|
||||||
|
if !tt.expErr {
|
||||||
|
require.NoError(t, err)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestConnect(t *testing.T) {
|
||||||
|
clientConfig := tls.ClientConfig{
|
||||||
|
TLSCA: pki.CACertPath(),
|
||||||
|
TLSCert: pki.ClientCertPath(),
|
||||||
|
TLSKey: pki.ClientKeyPath(),
|
||||||
|
}
|
||||||
|
|
||||||
|
serverConfig := tls.ServerConfig{
|
||||||
|
TLSCert: pki.ServerCertPath(),
|
||||||
|
TLSKey: pki.ServerKeyPath(),
|
||||||
|
TLSAllowedCACerts: []string{pki.CACertPath()},
|
||||||
|
}
|
||||||
|
|
||||||
|
serverTLSConfig, err := serverConfig.TLSConfig()
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
ts := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
w.WriteHeader(http.StatusOK)
|
||||||
|
}))
|
||||||
|
ts.TLS = serverTLSConfig
|
||||||
|
|
||||||
|
ts.StartTLS()
|
||||||
|
defer ts.Close()
|
||||||
|
|
||||||
|
clientTLSConfig, err := clientConfig.TLSConfig()
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
client := http.Client{
|
||||||
|
Transport: &http.Transport{
|
||||||
|
TLSClientConfig: clientTLSConfig,
|
||||||
|
},
|
||||||
|
Timeout: 10 * time.Second,
|
||||||
|
}
|
||||||
|
|
||||||
|
resp, err := client.Get(ts.URL)
|
||||||
|
require.NoError(t, err)
|
||||||
|
require.Equal(t, 200, resp.StatusCode)
|
||||||
|
}
|
|
@ -32,11 +32,11 @@ The following defaults are known to work with RabbitMQ:
|
||||||
## Using EXTERNAL requires enabling the rabbitmq_auth_mechanism_ssl plugin as
|
## Using EXTERNAL requires enabling the rabbitmq_auth_mechanism_ssl plugin as
|
||||||
## described here: https://www.rabbitmq.com/plugins.html
|
## described here: https://www.rabbitmq.com/plugins.html
|
||||||
# auth_method = "PLAIN"
|
# auth_method = "PLAIN"
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Data format to consume.
|
## Data format to consume.
|
||||||
|
|
|
@ -10,7 +10,7 @@ import (
|
||||||
"github.com/streadway/amqp"
|
"github.com/streadway/amqp"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
"github.com/influxdata/telegraf/plugins/parsers"
|
"github.com/influxdata/telegraf/plugins/parsers"
|
||||||
)
|
)
|
||||||
|
@ -31,14 +31,7 @@ type AMQPConsumer struct {
|
||||||
|
|
||||||
// AMQP Auth method
|
// AMQP Auth method
|
||||||
AuthMethod string
|
AuthMethod string
|
||||||
// Path to CA file
|
tls.ClientConfig
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
parser parsers.Parser
|
parser parsers.Parser
|
||||||
conn *amqp.Connection
|
conn *amqp.Connection
|
||||||
|
@ -78,11 +71,11 @@ func (a *AMQPConsumer) SampleConfig() string {
|
||||||
## described here: https://www.rabbitmq.com/plugins.html
|
## described here: https://www.rabbitmq.com/plugins.html
|
||||||
# auth_method = "PLAIN"
|
# auth_method = "PLAIN"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Data format to consume.
|
## Data format to consume.
|
||||||
|
@ -108,8 +101,7 @@ func (a *AMQPConsumer) Gather(_ telegraf.Accumulator) error {
|
||||||
|
|
||||||
func (a *AMQPConsumer) createConfig() (*amqp.Config, error) {
|
func (a *AMQPConsumer) createConfig() (*amqp.Config, error) {
|
||||||
// make new tls config
|
// make new tls config
|
||||||
tls, err := internal.GetTLSConfig(
|
tls, err := a.ClientConfig.TLSConfig()
|
||||||
a.SSLCert, a.SSLKey, a.SSLCA, a.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -21,11 +21,11 @@ Typically, the `mod_status` module is configured to expose a page at the `/serve
|
||||||
## Maximum time to receive response.
|
## Maximum time to receive response.
|
||||||
# response_timeout = "5s"
|
# response_timeout = "5s"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -13,6 +13,7 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -21,14 +22,7 @@ type Apache struct {
|
||||||
Username string
|
Username string
|
||||||
Password string
|
Password string
|
||||||
ResponseTimeout internal.Duration
|
ResponseTimeout internal.Duration
|
||||||
// Path to CA file
|
tls.ClientConfig
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
client *http.Client
|
client *http.Client
|
||||||
}
|
}
|
||||||
|
@ -46,11 +40,11 @@ var sampleConfig = `
|
||||||
## Maximum time to receive response.
|
## Maximum time to receive response.
|
||||||
# response_timeout = "5s"
|
# response_timeout = "5s"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
`
|
`
|
||||||
|
|
||||||
|
@ -98,8 +92,7 @@ func (n *Apache) Gather(acc telegraf.Accumulator) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (n *Apache) createHttpClient() (*http.Client, error) {
|
func (n *Apache) createHttpClient() (*http.Client, error) {
|
||||||
tlsCfg, err := internal.GetTLSConfig(
|
tlsCfg, err := n.ClientConfig.TLSConfig()
|
||||||
n.SSLCert, n.SSLKey, n.SSLCA, n.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -27,11 +27,11 @@ report those stats already using StatsD protocol if needed.
|
||||||
## Data centre to query the health checks from
|
## Data centre to query the health checks from
|
||||||
# datacentre = ""
|
# datacentre = ""
|
||||||
|
|
||||||
## SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## If false, skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = true
|
# insecure_skip_verify = true
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -5,7 +5,7 @@ import (
|
||||||
|
|
||||||
"github.com/hashicorp/consul/api"
|
"github.com/hashicorp/consul/api"
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -16,15 +16,7 @@ type Consul struct {
|
||||||
Username string
|
Username string
|
||||||
Password string
|
Password string
|
||||||
Datacentre string
|
Datacentre string
|
||||||
|
tls.ClientConfig
|
||||||
// Path to CA file
|
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
// client used to connect to Consul agnet
|
// client used to connect to Consul agnet
|
||||||
client *api.Client
|
client *api.Client
|
||||||
|
@ -47,11 +39,11 @@ var sampleConfig = `
|
||||||
## Data centre to query the health checks from
|
## Data centre to query the health checks from
|
||||||
# datacentre = ""
|
# datacentre = ""
|
||||||
|
|
||||||
## SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## If false, skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = true
|
# insecure_skip_verify = true
|
||||||
`
|
`
|
||||||
|
|
||||||
|
@ -89,9 +81,7 @@ func (c *Consul) createAPIClient() (*api.Client, error) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
tlsCfg, err := internal.GetTLSConfig(
|
tlsCfg, err := c.ClientConfig.TLSConfig()
|
||||||
c.SSLCert, c.SSLKey, c.SSLCA, c.InsecureSkipVerify)
|
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -54,10 +54,10 @@ your database.
|
||||||
## Maximum time to receive a response from cluster.
|
## Maximum time to receive a response from cluster.
|
||||||
# response_timeout = "20s"
|
# response_timeout = "20s"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## If false, skip chain & host verification
|
## If false, skip chain & host verification
|
||||||
# insecure_skip_verify = true
|
# insecure_skip_verify = true
|
||||||
|
|
||||||
|
|
|
@ -9,26 +9,11 @@ import (
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
jwt "github.com/dgrijalva/jwt-go"
|
jwt "github.com/dgrijalva/jwt-go"
|
||||||
|
"github.com/influxdata/telegraf/testutil"
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
var privateKey = testutil.NewPKI("../../../testutil/pki").ReadServerKey()
|
||||||
privateKey = `-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIICXQIBAAKBgQCwlGyzVp9cqtwiNCgCnaR0kilPZhr4xFBcnXxvQ8/uzOHaWKxj
|
|
||||||
XWR38cKR3gPh5+4iSmzMdo3HDJM5ks6imXGnp+LPOA5iNewnpLNs7UxA2arwKH/6
|
|
||||||
4qIaAXAtf5jE46wZIMgc2EW9wGL3dxC0JY8EXPpBFB/3J8gADkorFR8lwwIDAQAB
|
|
||||||
AoGBAJaFHxfMmjHK77U0UnrQWFSKFy64cftmlL4t/Nl3q7L68PdIKULWZIMeEWZ4
|
|
||||||
I0UZiFOwr4em83oejQ1ByGSwekEuiWaKUI85IaHfcbt+ogp9hY/XbOEo56OPQUAd
|
|
||||||
bEZv1JqJOqta9Ug1/E1P9LjEEyZ5F5ubx7813rxAE31qKtKJAkEA1zaMlCWIr+Rj
|
|
||||||
hGvzv5rlHH3wbOB4kQFXO4nqj3J/ttzR5QiJW24STMDcbNngFlVcDVju56LrNTiD
|
|
||||||
dPh9qvl7nwJBANILguR4u33OMksEZTYB7nQZSurqXsq6382zH7pTl29ANQTROHaM
|
|
||||||
PKC8dnDWq8RGTqKuvWblIzzGIKqIMovZo10CQC96T0UXirITFolOL3XjvAuvFO1Q
|
|
||||||
EAkdXJs77805m0dCK+P1IChVfiAEpBw3bKJArpAbQIlFfdI953JUp5SieU0CQEub
|
|
||||||
BSSEKMjh/cxu6peEHnb/262vayuCFKkQPu1sxWewLuVrAe36EKCy9dcsDmv5+rgo
|
|
||||||
Odjdxc9Madm4aKlaT6kCQQCpAgeblDrrxTrNQ+Typzo37PlnQrvI+0EceAUuJ72G
|
|
||||||
P0a+YZUeHNRqT2pPN9lMTAZGGi3CtcF2XScbLNEBeXge
|
|
||||||
-----END RSA PRIVATE KEY-----`
|
|
||||||
)
|
|
||||||
|
|
||||||
func TestLogin(t *testing.T) {
|
func TestLogin(t *testing.T) {
|
||||||
ts := httptest.NewServer(http.NotFoundHandler())
|
ts := httptest.NewServer(http.NotFoundHandler())
|
||||||
|
|
|
@ -13,6 +13,7 @@ import (
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/filter"
|
"github.com/influxdata/telegraf/filter"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -56,11 +57,7 @@ type DCOS struct {
|
||||||
|
|
||||||
MaxConnections int
|
MaxConnections int
|
||||||
ResponseTimeout internal.Duration
|
ResponseTimeout internal.Duration
|
||||||
|
tls.ClientConfig
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
InsecureSkipVerify bool `toml:"insecure_skip_verify"`
|
|
||||||
|
|
||||||
client Client
|
client Client
|
||||||
creds Credentials
|
creds Credentials
|
||||||
|
@ -107,10 +104,10 @@ var sampleConfig = `
|
||||||
## Maximum time to receive a response from cluster.
|
## Maximum time to receive a response from cluster.
|
||||||
# response_timeout = "20s"
|
# response_timeout = "20s"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## If false, skip chain & host verification
|
## If false, skip chain & host verification
|
||||||
# insecure_skip_verify = true
|
# insecure_skip_verify = true
|
||||||
|
|
||||||
|
@ -351,8 +348,7 @@ func (d *DCOS) init() error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (d *DCOS) createClient() (Client, error) {
|
func (d *DCOS) createClient() (Client, error) {
|
||||||
tlsCfg, err := internal.GetTLSConfig(
|
tlsCfg, err := d.ClientConfig.TLSConfig()
|
||||||
d.SSLCert, d.SSLKey, d.SSLCA, d.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -53,11 +53,11 @@ to gather stats from the [Engine API](https://docs.docker.com/engine/api/v1.24/)
|
||||||
## Which environment variables should we use as a tag
|
## Which environment variables should we use as a tag
|
||||||
tag_env = ["JAVA_HOME", "HEAP_SIZE"]
|
tag_env = ["JAVA_HOME", "HEAP_SIZE"]
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -20,6 +20,7 @@ import (
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/filter"
|
"github.com/influxdata/telegraf/filter"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
tlsint "github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -43,10 +44,7 @@ type Docker struct {
|
||||||
ContainerStateInclude []string `toml:"container_state_include"`
|
ContainerStateInclude []string `toml:"container_state_include"`
|
||||||
ContainerStateExclude []string `toml:"container_state_exclude"`
|
ContainerStateExclude []string `toml:"container_state_exclude"`
|
||||||
|
|
||||||
SSLCA string `toml:"ssl_ca"`
|
tlsint.ClientConfig
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
newEnvClient func() (Client, error)
|
newEnvClient func() (Client, error)
|
||||||
newClient func(string, *tls.Config) (Client, error)
|
newClient func(string, *tls.Config) (Client, error)
|
||||||
|
@ -115,11 +113,11 @@ var sampleConfig = `
|
||||||
docker_label_include = []
|
docker_label_include = []
|
||||||
docker_label_exclude = []
|
docker_label_exclude = []
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
`
|
`
|
||||||
|
|
||||||
|
@ -136,8 +134,7 @@ func (d *Docker) Gather(acc telegraf.Accumulator) error {
|
||||||
if d.Endpoint == "ENV" {
|
if d.Endpoint == "ENV" {
|
||||||
c, err = d.newEnvClient()
|
c, err = d.newEnvClient()
|
||||||
} else {
|
} else {
|
||||||
tlsConfig, err := internal.GetTLSConfig(
|
tlsConfig, err := d.ClientConfig.TLSConfig()
|
||||||
d.SSLCert, d.SSLKey, d.SSLCA, d.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -38,11 +38,11 @@ or [cluster-stats](https://www.elastic.co/guide/en/elasticsearch/reference/curre
|
||||||
## "breaker". Per default, all stats are gathered.
|
## "breaker". Per default, all stats are gathered.
|
||||||
# node_stats = ["jvm", "http"]
|
# node_stats = ["jvm", "http"]
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -3,16 +3,18 @@ package elasticsearch
|
||||||
import (
|
import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
"github.com/influxdata/telegraf"
|
|
||||||
"github.com/influxdata/telegraf/internal"
|
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
|
||||||
jsonparser "github.com/influxdata/telegraf/plugins/parsers/json"
|
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"net/http"
|
"net/http"
|
||||||
"regexp"
|
"regexp"
|
||||||
"strings"
|
"strings"
|
||||||
"sync"
|
"sync"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/influxdata/telegraf"
|
||||||
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
|
jsonparser "github.com/influxdata/telegraf/plugins/parsers/json"
|
||||||
)
|
)
|
||||||
|
|
||||||
// mask for masking username/password from error messages
|
// mask for masking username/password from error messages
|
||||||
|
@ -108,28 +110,26 @@ const sampleConfig = `
|
||||||
## "breaker". Per default, all stats are gathered.
|
## "breaker". Per default, all stats are gathered.
|
||||||
# node_stats = ["jvm", "http"]
|
# node_stats = ["jvm", "http"]
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
`
|
`
|
||||||
|
|
||||||
// Elasticsearch is a plugin to read stats from one or many Elasticsearch
|
// Elasticsearch is a plugin to read stats from one or many Elasticsearch
|
||||||
// servers.
|
// servers.
|
||||||
type Elasticsearch struct {
|
type Elasticsearch struct {
|
||||||
Local bool
|
Local bool
|
||||||
Servers []string
|
Servers []string
|
||||||
HttpTimeout internal.Duration
|
HttpTimeout internal.Duration
|
||||||
ClusterHealth bool
|
ClusterHealth bool
|
||||||
ClusterHealthLevel string
|
ClusterHealthLevel string
|
||||||
ClusterStats bool
|
ClusterStats bool
|
||||||
NodeStats []string
|
NodeStats []string
|
||||||
SSLCA string `toml:"ssl_ca"` // Path to CA file
|
tls.ClientConfig
|
||||||
SSLCert string `toml:"ssl_cert"` // Path to host cert file
|
|
||||||
SSLKey string `toml:"ssl_key"` // Path to cert key file
|
|
||||||
InsecureSkipVerify bool // Use SSL but skip chain & host verification
|
|
||||||
client *http.Client
|
client *http.Client
|
||||||
catMasterResponseTokens []string
|
catMasterResponseTokens []string
|
||||||
isMaster bool
|
isMaster bool
|
||||||
|
@ -227,7 +227,7 @@ func (e *Elasticsearch) Gather(acc telegraf.Accumulator) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (e *Elasticsearch) createHttpClient() (*http.Client, error) {
|
func (e *Elasticsearch) createHttpClient() (*http.Client, error) {
|
||||||
tlsCfg, err := internal.GetTLSConfig(e.SSLCert, e.SSLKey, e.SSLCA, e.InsecureSkipVerify)
|
tlsCfg, err := e.ClientConfig.TLSConfig()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -44,11 +44,11 @@ Note: if namespace end point specified metrics array will be ignored for that ca
|
||||||
username = ""
|
username = ""
|
||||||
password = ""
|
password = ""
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -35,15 +35,7 @@ type GrayLog struct {
|
||||||
Metrics []string
|
Metrics []string
|
||||||
Username string
|
Username string
|
||||||
Password string
|
Password string
|
||||||
|
tls.ClientConfig
|
||||||
// Path to CA file
|
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
client HTTPClient
|
client HTTPClient
|
||||||
}
|
}
|
||||||
|
@ -111,11 +103,11 @@ var sampleConfig = `
|
||||||
username = ""
|
username = ""
|
||||||
password = ""
|
password = ""
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
`
|
`
|
||||||
|
|
||||||
|
@ -132,8 +124,7 @@ func (h *GrayLog) Gather(acc telegraf.Accumulator) error {
|
||||||
var wg sync.WaitGroup
|
var wg sync.WaitGroup
|
||||||
|
|
||||||
if h.client.HTTPClient() == nil {
|
if h.client.HTTPClient() == nil {
|
||||||
tlsCfg, err := internal.GetTLSConfig(
|
tlsCfg, err := h.ClientConfig.TLSConfig()
|
||||||
h.SSLCert, h.SSLKey, h.SSLCA, h.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -28,11 +28,11 @@ or [HTTP statistics page](https://cbonte.github.io/haproxy-dconv/1.9/management.
|
||||||
## field names.
|
## field names.
|
||||||
# keep_field_names = false
|
# keep_field_names = false
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -14,27 +14,18 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
)
|
)
|
||||||
|
|
||||||
//CSV format: https://cbonte.github.io/haproxy-dconv/1.5/configuration.html#9.1
|
//CSV format: https://cbonte.github.io/haproxy-dconv/1.5/configuration.html#9.1
|
||||||
|
|
||||||
type haproxy struct {
|
type haproxy struct {
|
||||||
Servers []string
|
Servers []string
|
||||||
|
KeepFieldNames bool
|
||||||
|
tls.ClientConfig
|
||||||
|
|
||||||
client *http.Client
|
client *http.Client
|
||||||
|
|
||||||
KeepFieldNames bool
|
|
||||||
|
|
||||||
// Path to CA file
|
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
}
|
}
|
||||||
|
|
||||||
var sampleConfig = `
|
var sampleConfig = `
|
||||||
|
@ -56,11 +47,11 @@ var sampleConfig = `
|
||||||
## field names.
|
## field names.
|
||||||
# keep_field_names = false
|
# keep_field_names = false
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
`
|
`
|
||||||
|
|
||||||
|
@ -144,8 +135,7 @@ func (g *haproxy) gatherServer(addr string, acc telegraf.Accumulator) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
if g.client == nil {
|
if g.client == nil {
|
||||||
tlsCfg, err := internal.GetTLSConfig(
|
tlsCfg, err := g.ClientConfig.TLSConfig()
|
||||||
g.SSLCert, g.SSLKey, g.SSLCA, g.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -23,11 +23,11 @@ The HTTP input plugin collects metrics from one or more HTTP(S) endpoints. The
|
||||||
# username = "username"
|
# username = "username"
|
||||||
# password = "pa$$word"
|
# password = "pa$$word"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Amount of time allowed to complete the HTTP request
|
## Amount of time allowed to complete the HTTP request
|
||||||
|
|
|
@ -11,6 +11,7 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
"github.com/influxdata/telegraf/plugins/parsers"
|
"github.com/influxdata/telegraf/plugins/parsers"
|
||||||
)
|
)
|
||||||
|
@ -24,15 +25,7 @@ type HTTP struct {
|
||||||
// HTTP Basic Auth Credentials
|
// HTTP Basic Auth Credentials
|
||||||
Username string
|
Username string
|
||||||
Password string
|
Password string
|
||||||
|
tls.ClientConfig
|
||||||
// Path to CA file
|
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
Timeout internal.Duration
|
Timeout internal.Duration
|
||||||
|
|
||||||
|
@ -62,11 +55,11 @@ var sampleConfig = `
|
||||||
## Tag all metrics with the url
|
## Tag all metrics with the url
|
||||||
# tag_url = true
|
# tag_url = true
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Amount of time allowed to complete the HTTP request
|
## Amount of time allowed to complete the HTTP request
|
||||||
|
@ -97,8 +90,7 @@ func (h *HTTP) Gather(acc telegraf.Accumulator) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
if h.client == nil {
|
if h.client == nil {
|
||||||
tlsCfg, err := internal.GetTLSConfig(
|
tlsCfg, err := h.ClientConfig.TLSConfig()
|
||||||
h.SSLCert, h.SSLKey, h.SSLCA, h.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,9 +5,7 @@ import (
|
||||||
"compress/gzip"
|
"compress/gzip"
|
||||||
"crypto/subtle"
|
"crypto/subtle"
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"crypto/x509"
|
|
||||||
"io"
|
"io"
|
||||||
"io/ioutil"
|
|
||||||
"log"
|
"log"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
@ -16,6 +14,7 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
tlsint "github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
"github.com/influxdata/telegraf/plugins/parsers/influx"
|
"github.com/influxdata/telegraf/plugins/parsers/influx"
|
||||||
"github.com/influxdata/telegraf/selfstat"
|
"github.com/influxdata/telegraf/selfstat"
|
||||||
|
@ -43,9 +42,7 @@ type HTTPListener struct {
|
||||||
MaxLineSize int
|
MaxLineSize int
|
||||||
Port int
|
Port int
|
||||||
|
|
||||||
TlsAllowedCacerts []string
|
tlsint.ServerConfig
|
||||||
TlsCert string
|
|
||||||
TlsKey string
|
|
||||||
|
|
||||||
BasicUsername string
|
BasicUsername string
|
||||||
BasicPassword string
|
BasicPassword string
|
||||||
|
@ -158,7 +155,10 @@ func (h *HTTPListener) Start(acc telegraf.Accumulator) error {
|
||||||
h.acc = acc
|
h.acc = acc
|
||||||
h.pool = NewPool(200, h.MaxLineSize)
|
h.pool = NewPool(200, h.MaxLineSize)
|
||||||
|
|
||||||
tlsConf := h.getTLSConfig()
|
tlsConf, err := h.ServerConfig.TLSConfig()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
server := &http.Server{
|
server := &http.Server{
|
||||||
Addr: h.ServiceAddress,
|
Addr: h.ServiceAddress,
|
||||||
|
@ -168,7 +168,6 @@ func (h *HTTPListener) Start(acc telegraf.Accumulator) error {
|
||||||
TLSConfig: tlsConf,
|
TLSConfig: tlsConf,
|
||||||
}
|
}
|
||||||
|
|
||||||
var err error
|
|
||||||
var listener net.Listener
|
var listener net.Listener
|
||||||
if tlsConf != nil {
|
if tlsConf != nil {
|
||||||
listener, err = tls.Listen("tcp", h.ServiceAddress, tlsConf)
|
listener, err = tls.Listen("tcp", h.ServiceAddress, tlsConf)
|
||||||
|
@ -372,38 +371,6 @@ func badRequest(res http.ResponseWriter) {
|
||||||
res.Write([]byte(`{"error":"http: bad request"}`))
|
res.Write([]byte(`{"error":"http: bad request"}`))
|
||||||
}
|
}
|
||||||
|
|
||||||
func (h *HTTPListener) getTLSConfig() *tls.Config {
|
|
||||||
tlsConf := &tls.Config{
|
|
||||||
InsecureSkipVerify: false,
|
|
||||||
Renegotiation: tls.RenegotiateNever,
|
|
||||||
}
|
|
||||||
|
|
||||||
if len(h.TlsCert) == 0 || len(h.TlsKey) == 0 {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
cert, err := tls.LoadX509KeyPair(h.TlsCert, h.TlsKey)
|
|
||||||
if err != nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
tlsConf.Certificates = []tls.Certificate{cert}
|
|
||||||
|
|
||||||
if h.TlsAllowedCacerts != nil {
|
|
||||||
tlsConf.ClientAuth = tls.RequireAndVerifyClientCert
|
|
||||||
clientPool := x509.NewCertPool()
|
|
||||||
for _, ca := range h.TlsAllowedCacerts {
|
|
||||||
c, err := ioutil.ReadFile(ca)
|
|
||||||
if err != nil {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
clientPool.AppendCertsFromPEM(c)
|
|
||||||
}
|
|
||||||
tlsConf.ClientCAs = clientPool
|
|
||||||
}
|
|
||||||
|
|
||||||
return tlsConf
|
|
||||||
}
|
|
||||||
|
|
||||||
func (h *HTTPListener) AuthenticateIfSet(handler http.HandlerFunc, res http.ResponseWriter, req *http.Request) {
|
func (h *HTTPListener) AuthenticateIfSet(handler http.HandlerFunc, res http.ResponseWriter, req *http.Request) {
|
||||||
if h.BasicUsername != "" && h.BasicPassword != "" {
|
if h.BasicUsername != "" && h.BasicPassword != "" {
|
||||||
reqUsername, reqPassword, ok := req.BasicAuth()
|
reqUsername, reqPassword, ok := req.BasicAuth()
|
||||||
|
|
|
@ -4,7 +4,6 @@ import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
"io"
|
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
|
@ -34,86 +33,12 @@ cpu_load_short,host=server06 value=12.0 1422568543702900257
|
||||||
|
|
||||||
emptyMsg = ""
|
emptyMsg = ""
|
||||||
|
|
||||||
serviceRootPEM = `-----BEGIN CERTIFICATE-----
|
|
||||||
MIIBxzCCATCgAwIBAgIJAJb7HqN2BzWWMA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
|
|
||||||
BAMMC1RlbGVncmFmIENBMB4XDTE3MTEwNDA0MzEwN1oXDTI3MTEwMjA0MzEwN1ow
|
|
||||||
FjEUMBIGA1UEAwwLVGVsZWdyYWYgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
|
|
||||||
AoGBANbkUkK6JQC3rbLcXhLJTS9SX6uXyFwl7bUfpAN5Hm5EqfvG3PnLrogfTGLr
|
|
||||||
Tq5CRAu/gbbdcMoL9TLv/aaDVnrpV0FslKhqYmkOgT28bdmA7Qtr539aQpMKCfcW
|
|
||||||
WCnoMcBD5u5h9MsRqpdq+0Mjlsf1H2hSf07jHk5R1T4l8RMXAgMBAAGjHTAbMAwG
|
|
||||||
A1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBANSrwvpU
|
|
||||||
t8ihIhpHqgJZ34DM92CZZ3ZHmH/KyqlnuGzjjpnVZiXVrLDTOzrA0ziVhmefY29w
|
|
||||||
roHjENbFm54HW97ogxeURuO8HRHIVh2U0rkyVxOfGZiUdINHqsZdSnDY07bzCtSr
|
|
||||||
Z/KsfWXM5llD1Ig1FyBHpKjyUvfzr73sjm/4
|
|
||||||
-----END CERTIFICATE-----`
|
|
||||||
serviceCertPEM = `-----BEGIN CERTIFICATE-----
|
|
||||||
MIIBzzCCATigAwIBAgIBATANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDDAtUZWxl
|
|
||||||
Z3JhZiBDQTAeFw0xNzExMDQwNDMxMDdaFw0yNzExMDIwNDMxMDdaMBQxEjAQBgNV
|
|
||||||
BAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsJRss1af
|
|
||||||
XKrcIjQoAp2kdJIpT2Ya+MRQXJ18b0PP7szh2lisY11kd/HCkd4D4efuIkpszHaN
|
|
||||||
xwyTOZLOoplxp6fizzgOYjXsJ6SzbO1MQNmq8Ch/+uKiGgFwLX+YxOOsGSDIHNhF
|
|
||||||
vcBi93cQtCWPBFz6QRQf9yfIAA5KKxUfJcMCAwEAAaMvMC0wCQYDVR0TBAIwADAL
|
|
||||||
BgNVHQ8EBAMCBSAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQAD
|
|
||||||
gYEAiC3WI4y9vfYz53gw7FKnNK7BBdwRc43x7Pd+5J/cclWyUZPdmcj1UNmv/3rj
|
|
||||||
2qcMmX06UdgPoHppzNAJePvMVk0vjMBUe9MmYlafMz0h4ma/it5iuldXwmejFcdL
|
|
||||||
6wWQp7gVTileCEmq9sNvfQN1FmT3EWf4IMdO2MNat/1If0g=
|
|
||||||
-----END CERTIFICATE-----`
|
|
||||||
serviceKeyPEM = `-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIICXQIBAAKBgQCwlGyzVp9cqtwiNCgCnaR0kilPZhr4xFBcnXxvQ8/uzOHaWKxj
|
|
||||||
XWR38cKR3gPh5+4iSmzMdo3HDJM5ks6imXGnp+LPOA5iNewnpLNs7UxA2arwKH/6
|
|
||||||
4qIaAXAtf5jE46wZIMgc2EW9wGL3dxC0JY8EXPpBFB/3J8gADkorFR8lwwIDAQAB
|
|
||||||
AoGBAJaFHxfMmjHK77U0UnrQWFSKFy64cftmlL4t/Nl3q7L68PdIKULWZIMeEWZ4
|
|
||||||
I0UZiFOwr4em83oejQ1ByGSwekEuiWaKUI85IaHfcbt+ogp9hY/XbOEo56OPQUAd
|
|
||||||
bEZv1JqJOqta9Ug1/E1P9LjEEyZ5F5ubx7813rxAE31qKtKJAkEA1zaMlCWIr+Rj
|
|
||||||
hGvzv5rlHH3wbOB4kQFXO4nqj3J/ttzR5QiJW24STMDcbNngFlVcDVju56LrNTiD
|
|
||||||
dPh9qvl7nwJBANILguR4u33OMksEZTYB7nQZSurqXsq6382zH7pTl29ANQTROHaM
|
|
||||||
PKC8dnDWq8RGTqKuvWblIzzGIKqIMovZo10CQC96T0UXirITFolOL3XjvAuvFO1Q
|
|
||||||
EAkdXJs77805m0dCK+P1IChVfiAEpBw3bKJArpAbQIlFfdI953JUp5SieU0CQEub
|
|
||||||
BSSEKMjh/cxu6peEHnb/262vayuCFKkQPu1sxWewLuVrAe36EKCy9dcsDmv5+rgo
|
|
||||||
Odjdxc9Madm4aKlaT6kCQQCpAgeblDrrxTrNQ+Typzo37PlnQrvI+0EceAUuJ72G
|
|
||||||
P0a+YZUeHNRqT2pPN9lMTAZGGi3CtcF2XScbLNEBeXge
|
|
||||||
-----END RSA PRIVATE KEY-----`
|
|
||||||
clientRootPEM = serviceRootPEM
|
|
||||||
clientCertPEM = `-----BEGIN CERTIFICATE-----
|
|
||||||
MIIBzjCCATegAwIBAgIBAjANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDDAtUZWxl
|
|
||||||
Z3JhZiBDQTAeFw0xNzExMDQwNDMxMDdaFw0yNzExMDIwNDMxMDdaMBMxETAPBgNV
|
|
||||||
BAMMCHRlbGVncmFmMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDP2IMqyOqI
|
|
||||||
sJjwBprrz8WPzmlrpyYikQ4XSCSJB3DSTIO+igqMpBUTj3vLlOzsHfVVot1WRqc6
|
|
||||||
3esM4JE92rc6S73xi4g8L/r8cPIHW4hvFJdMti4UkJBWim8ArSbFqnZjcR19G3tG
|
|
||||||
LUOiXAUG3nWzMzoEsPruvV1dkKRbJVE4MwIDAQABoy8wLTAJBgNVHRMEAjAAMAsG
|
|
||||||
A1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOB
|
|
||||||
gQCHxMk38XNxL9nPFBYo3JqITJCFswu6/NLHwDBXCuZKl53rUuFWduiO+1OuScKQ
|
|
||||||
sQ79W0jHsWRKGOUFrF5/Gdnh8AlkVaITVlcmhdAOFCEbeGpeEvLuuK6grckPitxy
|
|
||||||
bRF5oM4TCLKKAha60Ir41rk2bomZM9+NZu+Bm+csDqCoxQ==
|
|
||||||
-----END CERTIFICATE-----`
|
|
||||||
clientKeyPEM = `-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIICXAIBAAKBgQDP2IMqyOqIsJjwBprrz8WPzmlrpyYikQ4XSCSJB3DSTIO+igqM
|
|
||||||
pBUTj3vLlOzsHfVVot1WRqc63esM4JE92rc6S73xi4g8L/r8cPIHW4hvFJdMti4U
|
|
||||||
kJBWim8ArSbFqnZjcR19G3tGLUOiXAUG3nWzMzoEsPruvV1dkKRbJVE4MwIDAQAB
|
|
||||||
AoGAFzb/r4+xYoMXEfgq5ZvXXTCY5cVNpR6+jCsqqYODPnn9XRLeCsdo8z5bfWms
|
|
||||||
7NKLzHzca/6IPzL6Rf3vOxFq1YyIZfYVHH+d63/9blAm3Iajjp1W2yW5aj9BJjTb
|
|
||||||
nm6F0RfuW/SjrZ9IXxTZhSpCklPmUzVZpzvwV3KGeVTVCEECQQDoavCeOwLuqDpt
|
|
||||||
0aM9GMFUpOU7kLPDuicSwCDaTae4kN2rS17Zki41YXe8A8+509IEN7mK09Vq9HxY
|
|
||||||
SX6EmV1FAkEA5O9QcCHEa8P12EmUC8oqD2bjq6o7JjUIRlKinwZTlooMJYZw98gA
|
|
||||||
FVSngTUvLVCVIvSdjldXPOGgfYiccTZrFwJAfHS3gKOtAEuJbkEyHodhD4h1UB4+
|
|
||||||
hPLr9Xh4ny2yQH0ilpV3px5GLEOTMFUCKUoqTiPg8VxaDjn5U/WXED5n2QJAR4J1
|
|
||||||
NsFlcGACj+/TvacFYlA6N2nyFeokzoqLX28Ddxdh2erXqJ4hYIhT1ik9tkLggs2z
|
|
||||||
1T1084BquCuO6lIcOwJBALX4xChoMUF9k0IxSQzlz//seQYDkQNsE7y9IgAOXkzp
|
|
||||||
RaR4pzgPbnKj7atG+2dBnffWfE+1Mcy0INDAO6WxPg0=
|
|
||||||
-----END RSA PRIVATE KEY-----`
|
|
||||||
|
|
||||||
basicUsername = "test-username-please-ignore"
|
basicUsername = "test-username-please-ignore"
|
||||||
basicPassword = "super-secure-password!"
|
basicPassword = "super-secure-password!"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
initClient sync.Once
|
pki = testutil.NewPKI("../../../testutil/pki")
|
||||||
client *http.Client
|
|
||||||
initServiceCertFiles sync.Once
|
|
||||||
allowedCAFiles []string
|
|
||||||
serviceCAFiles []string
|
|
||||||
serviceCertFile string
|
|
||||||
serviceKeyFile string
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func newTestHTTPListener() *HTTPListener {
|
func newTestHTTPListener() *HTTPListener {
|
||||||
|
@ -132,74 +57,25 @@ func newTestHTTPAuthListener() *HTTPListener {
|
||||||
}
|
}
|
||||||
|
|
||||||
func newTestHTTPSListener() *HTTPListener {
|
func newTestHTTPSListener() *HTTPListener {
|
||||||
initServiceCertFiles.Do(func() {
|
|
||||||
acaf, err := ioutil.TempFile("", "allowedCAFile.crt")
|
|
||||||
if err != nil {
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
defer acaf.Close()
|
|
||||||
_, err = io.Copy(acaf, bytes.NewReader([]byte(clientRootPEM)))
|
|
||||||
allowedCAFiles = []string{acaf.Name()}
|
|
||||||
|
|
||||||
scaf, err := ioutil.TempFile("", "serviceCAFile.crt")
|
|
||||||
if err != nil {
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
defer scaf.Close()
|
|
||||||
_, err = io.Copy(scaf, bytes.NewReader([]byte(serviceRootPEM)))
|
|
||||||
serviceCAFiles = []string{scaf.Name()}
|
|
||||||
|
|
||||||
scf, err := ioutil.TempFile("", "serviceCertFile.crt")
|
|
||||||
if err != nil {
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
defer scf.Close()
|
|
||||||
_, err = io.Copy(scf, bytes.NewReader([]byte(serviceCertPEM)))
|
|
||||||
serviceCertFile = scf.Name()
|
|
||||||
|
|
||||||
skf, err := ioutil.TempFile("", "serviceKeyFile.crt")
|
|
||||||
if err != nil {
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
defer skf.Close()
|
|
||||||
_, err = io.Copy(skf, bytes.NewReader([]byte(serviceKeyPEM)))
|
|
||||||
serviceKeyFile = skf.Name()
|
|
||||||
})
|
|
||||||
|
|
||||||
listener := &HTTPListener{
|
listener := &HTTPListener{
|
||||||
ServiceAddress: "localhost:0",
|
ServiceAddress: "localhost:0",
|
||||||
TlsAllowedCacerts: allowedCAFiles,
|
ServerConfig: *pki.TLSServerConfig(),
|
||||||
TlsCert: serviceCertFile,
|
TimeFunc: time.Now,
|
||||||
TlsKey: serviceKeyFile,
|
|
||||||
TimeFunc: time.Now,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return listener
|
return listener
|
||||||
}
|
}
|
||||||
|
|
||||||
func getHTTPSClient() *http.Client {
|
func getHTTPSClient() *http.Client {
|
||||||
initClient.Do(func() {
|
tlsConfig, err := pki.TLSClientConfig().TLSConfig()
|
||||||
cas := x509.NewCertPool()
|
if err != nil {
|
||||||
cas.AppendCertsFromPEM([]byte(serviceRootPEM))
|
panic(err)
|
||||||
clientCert, err := tls.X509KeyPair([]byte(clientCertPEM), []byte(clientKeyPEM))
|
}
|
||||||
if err != nil {
|
return &http.Client{
|
||||||
panic(err)
|
Transport: &http.Transport{
|
||||||
}
|
TLSClientConfig: tlsConfig,
|
||||||
client = &http.Client{
|
},
|
||||||
Transport: &http.Transport{
|
}
|
||||||
TLSClientConfig: &tls.Config{
|
|
||||||
RootCAs: cas,
|
|
||||||
Certificates: []tls.Certificate{clientCert},
|
|
||||||
MinVersion: tls.VersionTLS12,
|
|
||||||
MaxVersion: tls.VersionTLS12,
|
|
||||||
CipherSuites: []uint16{tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
|
|
||||||
Renegotiation: tls.RenegotiateNever,
|
|
||||||
InsecureSkipVerify: false,
|
|
||||||
},
|
|
||||||
},
|
|
||||||
}
|
|
||||||
})
|
|
||||||
return client
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func createURL(listener *HTTPListener, scheme string, path string, rawquery string) string {
|
func createURL(listener *HTTPListener, scheme string, path string, rawquery string) string {
|
||||||
|
@ -214,14 +90,14 @@ func createURL(listener *HTTPListener, scheme string, path string, rawquery stri
|
||||||
|
|
||||||
func TestWriteHTTPSNoClientAuth(t *testing.T) {
|
func TestWriteHTTPSNoClientAuth(t *testing.T) {
|
||||||
listener := newTestHTTPSListener()
|
listener := newTestHTTPSListener()
|
||||||
listener.TlsAllowedCacerts = nil
|
listener.TLSAllowedCACerts = nil
|
||||||
|
|
||||||
acc := &testutil.Accumulator{}
|
acc := &testutil.Accumulator{}
|
||||||
require.NoError(t, listener.Start(acc))
|
require.NoError(t, listener.Start(acc))
|
||||||
defer listener.Stop()
|
defer listener.Stop()
|
||||||
|
|
||||||
cas := x509.NewCertPool()
|
cas := x509.NewCertPool()
|
||||||
cas.AppendCertsFromPEM([]byte(serviceRootPEM))
|
cas.AppendCertsFromPEM([]byte(pki.ReadServerCert()))
|
||||||
noClientAuthClient := &http.Client{
|
noClientAuthClient := &http.Client{
|
||||||
Transport: &http.Transport{
|
Transport: &http.Transport{
|
||||||
TLSClientConfig: &tls.Config{
|
TLSClientConfig: &tls.Config{
|
||||||
|
|
|
@ -32,11 +32,11 @@ This input plugin checks HTTP/HTTPS connections.
|
||||||
# response_string_match = "ok"
|
# response_string_match = "ok"
|
||||||
# response_string_match = "\".*_status\".?:.?\"up\""
|
# response_string_match = "\".*_status\".?:.?\"up\""
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## HTTP Request Headers (all values must be strings)
|
## HTTP Request Headers (all values must be strings)
|
||||||
|
|
|
@ -16,6 +16,7 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -29,15 +30,7 @@ type HTTPResponse struct {
|
||||||
Headers map[string]string
|
Headers map[string]string
|
||||||
FollowRedirects bool
|
FollowRedirects bool
|
||||||
ResponseStringMatch string
|
ResponseStringMatch string
|
||||||
|
tls.ClientConfig
|
||||||
// Path to CA file
|
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
compiledStringMatch *regexp.Regexp
|
compiledStringMatch *regexp.Regexp
|
||||||
client *http.Client
|
client *http.Client
|
||||||
|
@ -74,11 +67,11 @@ var sampleConfig = `
|
||||||
# response_string_match = "ok"
|
# response_string_match = "ok"
|
||||||
# response_string_match = "\".*_status\".?:.?\"up\""
|
# response_string_match = "\".*_status\".?:.?\"up\""
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## HTTP Request Headers (all values must be strings)
|
## HTTP Request Headers (all values must be strings)
|
||||||
|
@ -113,8 +106,7 @@ func getProxyFunc(http_proxy string) func(*http.Request) (*url.URL, error) {
|
||||||
// CreateHttpClient creates an http client which will timeout at the specified
|
// CreateHttpClient creates an http client which will timeout at the specified
|
||||||
// timeout period and can follow redirects if specified
|
// timeout period and can follow redirects if specified
|
||||||
func (h *HTTPResponse) createHttpClient() (*http.Client, error) {
|
func (h *HTTPResponse) createHttpClient() (*http.Client, error) {
|
||||||
tlsCfg, err := internal.GetTLSConfig(
|
tlsCfg, err := h.ClientConfig.TLSConfig()
|
||||||
h.SSLCert, h.SSLKey, h.SSLCA, h.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -34,11 +34,11 @@ Deprecated (1.6): use the [http](../http) input.
|
||||||
# "my_tag_2"
|
# "my_tag_2"
|
||||||
# ]
|
# ]
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## HTTP Request Parameters (all values must be strings). For "GET" requests, data
|
## HTTP Request Parameters (all values must be strings). For "GET" requests, data
|
||||||
|
|
|
@ -12,6 +12,7 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
"github.com/influxdata/telegraf/plugins/parsers"
|
"github.com/influxdata/telegraf/plugins/parsers"
|
||||||
)
|
)
|
||||||
|
@ -29,15 +30,7 @@ type HttpJson struct {
|
||||||
ResponseTimeout internal.Duration
|
ResponseTimeout internal.Duration
|
||||||
Parameters map[string]string
|
Parameters map[string]string
|
||||||
Headers map[string]string
|
Headers map[string]string
|
||||||
|
tls.ClientConfig
|
||||||
// Path to CA file
|
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
client HTTPClient
|
client HTTPClient
|
||||||
}
|
}
|
||||||
|
@ -100,11 +93,11 @@ var sampleConfig = `
|
||||||
# "my_tag_2"
|
# "my_tag_2"
|
||||||
# ]
|
# ]
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## HTTP parameters (all values must be strings). For "GET" requests, data
|
## HTTP parameters (all values must be strings). For "GET" requests, data
|
||||||
|
@ -133,8 +126,7 @@ func (h *HttpJson) Gather(acc telegraf.Accumulator) error {
|
||||||
var wg sync.WaitGroup
|
var wg sync.WaitGroup
|
||||||
|
|
||||||
if h.client.HTTPClient() == nil {
|
if h.client.HTTPClient() == nil {
|
||||||
tlsCfg, err := internal.GetTLSConfig(
|
tlsCfg, err := h.ClientConfig.TLSConfig()
|
||||||
h.SSLCert, h.SSLKey, h.SSLCA, h.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,11 +20,11 @@ InfluxDB-formatted endpoints. See below for more information.
|
||||||
"http://localhost:8086/debug/vars"
|
"http://localhost:8086/debug/vars"
|
||||||
]
|
]
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## http request & header timeout
|
## http request & header timeout
|
||||||
|
|
|
@ -10,21 +10,14 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
)
|
)
|
||||||
|
|
||||||
type InfluxDB struct {
|
type InfluxDB struct {
|
||||||
URLs []string `toml:"urls"`
|
URLs []string `toml:"urls"`
|
||||||
// Path to CA file
|
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
Timeout internal.Duration
|
Timeout internal.Duration
|
||||||
|
tls.ClientConfig
|
||||||
|
|
||||||
client *http.Client
|
client *http.Client
|
||||||
}
|
}
|
||||||
|
@ -45,11 +38,11 @@ func (*InfluxDB) SampleConfig() string {
|
||||||
"http://localhost:8086/debug/vars"
|
"http://localhost:8086/debug/vars"
|
||||||
]
|
]
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## http request & header timeout
|
## http request & header timeout
|
||||||
|
@ -63,8 +56,7 @@ func (i *InfluxDB) Gather(acc telegraf.Accumulator) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
if i.client == nil {
|
if i.client == nil {
|
||||||
tlsCfg, err := internal.GetTLSConfig(
|
tlsCfg, err := i.ClientConfig.TLSConfig()
|
||||||
i.SSLCert, i.SSLKey, i.SSLCA, i.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -18,14 +18,14 @@ The `jolokia2_agent` input plugin reads JMX metrics from one or more [Jolokia ag
|
||||||
paths = ["Uptime"]
|
paths = ["Uptime"]
|
||||||
```
|
```
|
||||||
|
|
||||||
Optionally, specify SSL options for communicating with agents:
|
Optionally, specify TLS options for communicating with agents:
|
||||||
|
|
||||||
```toml
|
```toml
|
||||||
[[inputs.jolokia2_agent]]
|
[[inputs.jolokia2_agent]]
|
||||||
urls = ["https://agent:8080/jolokia"]
|
urls = ["https://agent:8080/jolokia"]
|
||||||
ssl_ca = "/var/private/ca.pem"
|
tls_ca = "/var/private/ca.pem"
|
||||||
ssl_cert = "/var/private/client.pem"
|
tls_cert = "/var/private/client.pem"
|
||||||
ssl_key = "/var/private/client-key.pem"
|
tls_key = "/var/private/client-key.pem"
|
||||||
#insecure_skip_verify = false
|
#insecure_skip_verify = false
|
||||||
|
|
||||||
[[inputs.jolokia2_agent.metric]]
|
[[inputs.jolokia2_agent.metric]]
|
||||||
|
@ -55,15 +55,15 @@ The `jolokia2_proxy` input plugin reads JMX metrics from one or more _targets_ b
|
||||||
paths = ["Uptime"]
|
paths = ["Uptime"]
|
||||||
```
|
```
|
||||||
|
|
||||||
Optionally, specify SSL options for communicating with proxies:
|
Optionally, specify TLS options for communicating with proxies:
|
||||||
|
|
||||||
```toml
|
```toml
|
||||||
[[inputs.jolokia2_proxy]]
|
[[inputs.jolokia2_proxy]]
|
||||||
url = "https://proxy:8080/jolokia"
|
url = "https://proxy:8080/jolokia"
|
||||||
|
|
||||||
ssl_ca = "/var/private/ca.pem"
|
tls_ca = "/var/private/ca.pem"
|
||||||
ssl_cert = "/var/private/client.pem"
|
tls_cert = "/var/private/client.pem"
|
||||||
ssl_key = "/var/private/client-key.pem"
|
tls_key = "/var/private/client-key.pem"
|
||||||
#insecure_skip_verify = false
|
#insecure_skip_verify = false
|
||||||
|
|
||||||
#default_target_username = ""
|
#default_target_username = ""
|
||||||
|
|
|
@ -10,7 +10,7 @@ import (
|
||||||
"path"
|
"path"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
)
|
)
|
||||||
|
|
||||||
type Client struct {
|
type Client struct {
|
||||||
|
@ -20,15 +20,11 @@ type Client struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
type ClientConfig struct {
|
type ClientConfig struct {
|
||||||
ResponseTimeout time.Duration
|
ResponseTimeout time.Duration
|
||||||
Username string
|
Username string
|
||||||
Password string
|
Password string
|
||||||
SSLCA string
|
ProxyConfig *ProxyConfig
|
||||||
SSLCert string
|
tls.ClientConfig
|
||||||
SSLKey string
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
ProxyConfig *ProxyConfig
|
|
||||||
}
|
}
|
||||||
|
|
||||||
type ProxyConfig struct {
|
type ProxyConfig struct {
|
||||||
|
@ -100,8 +96,7 @@ type jolokiaResponse struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewClient(url string, config *ClientConfig) (*Client, error) {
|
func NewClient(url string, config *ClientConfig) (*Client, error) {
|
||||||
tlsConfig, err := internal.GetTLSConfig(
|
tlsConfig, err := config.ClientConfig.TLSConfig()
|
||||||
config.SSLCert, config.SSLKey, config.SSLCA, config.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,6 +6,7 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
)
|
)
|
||||||
|
|
||||||
type JolokiaAgent struct {
|
type JolokiaAgent struct {
|
||||||
|
@ -18,10 +19,7 @@ type JolokiaAgent struct {
|
||||||
Password string
|
Password string
|
||||||
ResponseTimeout time.Duration `toml:"response_timeout"`
|
ResponseTimeout time.Duration `toml:"response_timeout"`
|
||||||
|
|
||||||
SSLCA string `toml:"ssl_ca"`
|
tls.ClientConfig
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
Metrics []MetricConfig `toml:"metric"`
|
Metrics []MetricConfig `toml:"metric"`
|
||||||
gatherer *Gatherer
|
gatherer *Gatherer
|
||||||
|
@ -39,10 +37,10 @@ func (ja *JolokiaAgent) SampleConfig() string {
|
||||||
# password = ""
|
# password = ""
|
||||||
# response_timeout = "5s"
|
# response_timeout = "5s"
|
||||||
|
|
||||||
## Optional SSL config
|
## Optional TLS config
|
||||||
# ssl_ca = "/var/private/ca.pem"
|
# tls_ca = "/var/private/ca.pem"
|
||||||
# ssl_cert = "/var/private/client.pem"
|
# tls_cert = "/var/private/client.pem"
|
||||||
# ssl_key = "/var/private/client-key.pem"
|
# tls_key = "/var/private/client-key.pem"
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Add metrics to read
|
## Add metrics to read
|
||||||
|
@ -101,12 +99,9 @@ func (ja *JolokiaAgent) createMetrics() []Metric {
|
||||||
|
|
||||||
func (ja *JolokiaAgent) createClient(url string) (*Client, error) {
|
func (ja *JolokiaAgent) createClient(url string) (*Client, error) {
|
||||||
return NewClient(url, &ClientConfig{
|
return NewClient(url, &ClientConfig{
|
||||||
Username: ja.Username,
|
Username: ja.Username,
|
||||||
Password: ja.Password,
|
Password: ja.Password,
|
||||||
ResponseTimeout: ja.ResponseTimeout,
|
ResponseTimeout: ja.ResponseTimeout,
|
||||||
SSLCA: ja.SSLCA,
|
ClientConfig: ja.ClientConfig,
|
||||||
SSLCert: ja.SSLCert,
|
|
||||||
SSLKey: ja.SSLKey,
|
|
||||||
InsecureSkipVerify: ja.InsecureSkipVerify,
|
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,6 +4,7 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
)
|
)
|
||||||
|
|
||||||
type JolokiaProxy struct {
|
type JolokiaProxy struct {
|
||||||
|
@ -16,13 +17,10 @@ type JolokiaProxy struct {
|
||||||
DefaultTargetUsername string
|
DefaultTargetUsername string
|
||||||
Targets []JolokiaProxyTargetConfig `toml:"target"`
|
Targets []JolokiaProxyTargetConfig `toml:"target"`
|
||||||
|
|
||||||
Username string
|
Username string
|
||||||
Password string
|
Password string
|
||||||
SSLCA string `toml:"ssl_ca"`
|
ResponseTimeout time.Duration `toml:"response_timeout"`
|
||||||
SSLCert string `toml:"ssl_cert"`
|
tls.ClientConfig
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
ResponseTimeout time.Duration `toml:"response_timeout"`
|
|
||||||
|
|
||||||
Metrics []MetricConfig `toml:"metric"`
|
Metrics []MetricConfig `toml:"metric"`
|
||||||
client *Client
|
client *Client
|
||||||
|
@ -47,10 +45,10 @@ func (jp *JolokiaProxy) SampleConfig() string {
|
||||||
# password = ""
|
# password = ""
|
||||||
# response_timeout = "5s"
|
# response_timeout = "5s"
|
||||||
|
|
||||||
## Optional SSL config
|
## Optional TLS config
|
||||||
# ssl_ca = "/var/private/ca.pem"
|
# tls_ca = "/var/private/ca.pem"
|
||||||
# ssl_cert = "/var/private/client.pem"
|
# tls_cert = "/var/private/client.pem"
|
||||||
# ssl_key = "/var/private/client-key.pem"
|
# tls_key = "/var/private/client-key.pem"
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Add proxy targets to query
|
## Add proxy targets to query
|
||||||
|
@ -117,13 +115,10 @@ func (jp *JolokiaProxy) createClient() (*Client, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
return NewClient(jp.URL, &ClientConfig{
|
return NewClient(jp.URL, &ClientConfig{
|
||||||
Username: jp.Username,
|
Username: jp.Username,
|
||||||
Password: jp.Password,
|
Password: jp.Password,
|
||||||
ResponseTimeout: jp.ResponseTimeout,
|
ResponseTimeout: jp.ResponseTimeout,
|
||||||
SSLCA: jp.SSLCA,
|
ClientConfig: jp.ClientConfig,
|
||||||
SSLCert: jp.SSLCert,
|
ProxyConfig: proxyConfig,
|
||||||
SSLKey: jp.SSLKey,
|
|
||||||
InsecureSkipVerify: jp.InsecureSkipVerify,
|
|
||||||
ProxyConfig: proxyConfig,
|
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
|
@ -22,11 +22,11 @@ and use the old zookeeper connection method.
|
||||||
## Offset (must be either "oldest" or "newest")
|
## Offset (must be either "oldest" or "newest")
|
||||||
offset = "oldest"
|
offset = "oldest"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Optional SASL Config
|
## Optional SASL Config
|
||||||
|
|
|
@ -7,7 +7,7 @@ import (
|
||||||
"sync"
|
"sync"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
"github.com/influxdata/telegraf/plugins/parsers"
|
"github.com/influxdata/telegraf/plugins/parsers"
|
||||||
|
|
||||||
|
@ -23,14 +23,7 @@ type Kafka struct {
|
||||||
|
|
||||||
Cluster *cluster.Consumer
|
Cluster *cluster.Consumer
|
||||||
|
|
||||||
// Verify Kafka SSL Certificate
|
tls.ClientConfig
|
||||||
InsecureSkipVerify bool
|
|
||||||
// Path to CA file
|
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
|
|
||||||
// SASL Username
|
// SASL Username
|
||||||
SASLUsername string `toml:"sasl_username"`
|
SASLUsername string `toml:"sasl_username"`
|
||||||
|
@ -67,11 +60,11 @@ var sampleConfig = `
|
||||||
## topic(s) to consume
|
## topic(s) to consume
|
||||||
topics = ["telegraf"]
|
topics = ["telegraf"]
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Optional SASL Config
|
## Optional SASL Config
|
||||||
|
@ -116,8 +109,7 @@ func (k *Kafka) Start(acc telegraf.Accumulator) error {
|
||||||
config := cluster.NewConfig()
|
config := cluster.NewConfig()
|
||||||
config.Consumer.Return.Errors = true
|
config.Consumer.Return.Errors = true
|
||||||
|
|
||||||
tlsConfig, err := internal.GetTLSConfig(
|
tlsConfig, err := k.ClientConfig.TLSConfig()
|
||||||
k.SSLCert, k.SSLKey, k.SSLCA, k.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -15,11 +15,11 @@ The Kapacitor plugin will collect metrics from the given Kapacitor instances.
|
||||||
## Time limit for http requests
|
## Time limit for http requests
|
||||||
timeout = "5s"
|
timeout = "5s"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -9,6 +9,7 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -17,18 +18,9 @@ const (
|
||||||
)
|
)
|
||||||
|
|
||||||
type Kapacitor struct {
|
type Kapacitor struct {
|
||||||
URLs []string `toml:"urls"`
|
URLs []string `toml:"urls"`
|
||||||
|
|
||||||
Timeout internal.Duration
|
Timeout internal.Duration
|
||||||
|
tls.ClientConfig
|
||||||
// Path to CA file
|
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
client *http.Client
|
client *http.Client
|
||||||
}
|
}
|
||||||
|
@ -48,11 +40,11 @@ func (*Kapacitor) SampleConfig() string {
|
||||||
## Time limit for http requests
|
## Time limit for http requests
|
||||||
timeout = "5s"
|
timeout = "5s"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
`
|
`
|
||||||
}
|
}
|
||||||
|
@ -82,8 +74,7 @@ func (k *Kapacitor) Gather(acc telegraf.Accumulator) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (k *Kapacitor) createHttpClient() (*http.Client, error) {
|
func (k *Kapacitor) createHttpClient() (*http.Client, error) {
|
||||||
tlsCfg, err := internal.GetTLSConfig(
|
tlsCfg, err := k.ClientConfig.TLSConfig()
|
||||||
k.SSLCert, k.SSLKey, k.SSLCA, k.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,6 +11,7 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -21,18 +22,11 @@ type Kubernetes struct {
|
||||||
// Bearer Token authorization file path
|
// Bearer Token authorization file path
|
||||||
BearerToken string `toml:"bearer_token"`
|
BearerToken string `toml:"bearer_token"`
|
||||||
|
|
||||||
// Path to CA file
|
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
// HTTP Timeout specified as a string - 3s, 1m, 1h
|
// HTTP Timeout specified as a string - 3s, 1m, 1h
|
||||||
ResponseTimeout internal.Duration
|
ResponseTimeout internal.Duration
|
||||||
|
|
||||||
|
tls.ClientConfig
|
||||||
|
|
||||||
RoundTripper http.RoundTripper
|
RoundTripper http.RoundTripper
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -46,11 +40,11 @@ var sampleConfig = `
|
||||||
## Set response_timeout (default 5 seconds)
|
## Set response_timeout (default 5 seconds)
|
||||||
# response_timeout = "5s"
|
# response_timeout = "5s"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = /path/to/cafile
|
# tls_ca = /path/to/cafile
|
||||||
# ssl_cert = /path/to/certfile
|
# tls_cert = /path/to/certfile
|
||||||
# ssl_key = /path/to/keyfile
|
# tls_key = /path/to/keyfile
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
`
|
`
|
||||||
|
|
||||||
|
@ -101,7 +95,7 @@ func (k *Kubernetes) gatherSummary(baseURL string, acc telegraf.Accumulator) err
|
||||||
var token []byte
|
var token []byte
|
||||||
var resp *http.Response
|
var resp *http.Response
|
||||||
|
|
||||||
tlsCfg, err := internal.GetTLSConfig(k.SSLCert, k.SSLKey, k.SSLCA, k.InsecureSkipVerify)
|
tlsCfg, err := k.ClientConfig.TLSConfig()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -36,11 +36,11 @@ For more information, please check the [Mesos Observability Metrics](http://meso
|
||||||
# "messages",
|
# "messages",
|
||||||
# ]
|
# ]
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
jsonparser "github.com/influxdata/telegraf/plugins/parsers/json"
|
jsonparser "github.com/influxdata/telegraf/plugins/parsers/json"
|
||||||
)
|
)
|
||||||
|
@ -33,15 +33,7 @@ type Mesos struct {
|
||||||
Slaves []string
|
Slaves []string
|
||||||
SlaveCols []string `toml:"slave_collections"`
|
SlaveCols []string `toml:"slave_collections"`
|
||||||
//SlaveTasks bool
|
//SlaveTasks bool
|
||||||
|
tls.ClientConfig
|
||||||
// Path to CA file
|
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
initialized bool
|
initialized bool
|
||||||
client *http.Client
|
client *http.Client
|
||||||
|
@ -83,11 +75,11 @@ var sampleConfig = `
|
||||||
# "messages",
|
# "messages",
|
||||||
# ]
|
# ]
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
`
|
`
|
||||||
|
|
||||||
|
@ -216,8 +208,7 @@ func (m *Mesos) Gather(acc telegraf.Accumulator) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *Mesos) createHttpClient() (*http.Client, error) {
|
func (m *Mesos) createHttpClient() (*http.Client, error) {
|
||||||
tlsCfg, err := internal.GetTLSConfig(
|
tlsCfg, err := m.ClientConfig.TLSConfig()
|
||||||
m.SSLCert, m.SSLKey, m.SSLCA, m.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,11 +14,11 @@
|
||||||
## When true, collect per database stats
|
## When true, collect per database stats
|
||||||
# gather_perdb_stats = false
|
# gather_perdb_stats = false
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -12,7 +12,7 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
tlsint "github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
"gopkg.in/mgo.v2"
|
"gopkg.in/mgo.v2"
|
||||||
)
|
)
|
||||||
|
@ -22,15 +22,7 @@ type MongoDB struct {
|
||||||
Ssl Ssl
|
Ssl Ssl
|
||||||
mongos map[string]*Server
|
mongos map[string]*Server
|
||||||
GatherPerdbStats bool
|
GatherPerdbStats bool
|
||||||
|
tlsint.ClientConfig
|
||||||
// Path to CA file
|
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
}
|
}
|
||||||
|
|
||||||
type Ssl struct {
|
type Ssl struct {
|
||||||
|
@ -49,11 +41,11 @@ var sampleConfig = `
|
||||||
## When true, collect per database stats
|
## When true, collect per database stats
|
||||||
# gather_perdb_stats = false
|
# gather_perdb_stats = false
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
`
|
`
|
||||||
|
|
||||||
|
@ -134,7 +126,7 @@ func (m *MongoDB) gatherServer(server *Server, acc telegraf.Accumulator) error {
|
||||||
var tlsConfig *tls.Config
|
var tlsConfig *tls.Config
|
||||||
|
|
||||||
if m.Ssl.Enabled {
|
if m.Ssl.Enabled {
|
||||||
// Deprecated SSL config
|
// Deprecated TLS config
|
||||||
tlsConfig = &tls.Config{}
|
tlsConfig = &tls.Config{}
|
||||||
if len(m.Ssl.CaCerts) > 0 {
|
if len(m.Ssl.CaCerts) > 0 {
|
||||||
roots := x509.NewCertPool()
|
roots := x509.NewCertPool()
|
||||||
|
@ -149,8 +141,7 @@ func (m *MongoDB) gatherServer(server *Server, acc telegraf.Accumulator) error {
|
||||||
tlsConfig.InsecureSkipVerify = true
|
tlsConfig.InsecureSkipVerify = true
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
tlsConfig, err = internal.GetTLSConfig(
|
tlsConfig, err = m.ClientConfig.TLSConfig()
|
||||||
m.SSLCert, m.SSLKey, m.SSLCA, m.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -36,11 +36,11 @@ The plugin expects messages in the
|
||||||
# username = "telegraf"
|
# username = "telegraf"
|
||||||
# password = "metricsmetricsmetricsmetrics"
|
# password = "metricsmetricsmetricsmetrics"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Data format to consume.
|
## Data format to consume.
|
||||||
|
|
|
@ -9,6 +9,7 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
"github.com/influxdata/telegraf/plugins/parsers"
|
"github.com/influxdata/telegraf/plugins/parsers"
|
||||||
|
|
||||||
|
@ -33,15 +34,7 @@ type MQTTConsumer struct {
|
||||||
|
|
||||||
PersistentSession bool
|
PersistentSession bool
|
||||||
ClientID string `toml:"client_id"`
|
ClientID string `toml:"client_id"`
|
||||||
|
tls.ClientConfig
|
||||||
// Path to CA file
|
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
sync.Mutex
|
sync.Mutex
|
||||||
client mqtt.Client
|
client mqtt.Client
|
||||||
|
@ -83,11 +76,11 @@ var sampleConfig = `
|
||||||
# username = "telegraf"
|
# username = "telegraf"
|
||||||
# password = "metricsmetricsmetricsmetrics"
|
# password = "metricsmetricsmetricsmetrics"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Data format to consume.
|
## Data format to consume.
|
||||||
|
@ -236,8 +229,7 @@ func (m *MQTTConsumer) createOpts() (*mqtt.ClientOptions, error) {
|
||||||
opts.SetClientID(m.ClientID)
|
opts.SetClientID(m.ClientID)
|
||||||
}
|
}
|
||||||
|
|
||||||
tlsCfg, err := internal.GetTLSConfig(
|
tlsCfg, err := m.ClientConfig.TLSConfig()
|
||||||
m.SSLCert, m.SSLKey, m.SSLCA, m.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -82,10 +82,10 @@ This plugin gathers the statistic data from MySQL server
|
||||||
## Some queries we may want to run less often (such as SHOW GLOBAL VARIABLES)
|
## Some queries we may want to run less often (such as SHOW GLOBAL VARIABLES)
|
||||||
interval_slow = "30m"
|
interval_slow = "30m"
|
||||||
|
|
||||||
## Optional SSL Config (will be used if tls=custom parameter specified in server uri)
|
## Optional TLS Config (will be used if tls=custom parameter specified in server uri)
|
||||||
ssl_ca = "/etc/telegraf/ca.pem"
|
tls_ca = "/etc/telegraf/ca.pem"
|
||||||
ssl_cert = "/etc/telegraf/cert.pem"
|
tls_cert = "/etc/telegraf/cert.pem"
|
||||||
ssl_key = "/etc/telegraf/key.pem"
|
tls_key = "/etc/telegraf/key.pem"
|
||||||
```
|
```
|
||||||
|
|
||||||
#### Metric Version
|
#### Metric Version
|
||||||
|
|
|
@ -11,7 +11,7 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs/mysql/v1"
|
"github.com/influxdata/telegraf/plugins/inputs/mysql/v1"
|
||||||
|
|
||||||
|
@ -38,10 +38,8 @@ type Mysql struct {
|
||||||
GatherFileEventsStats bool `toml:"gather_file_events_stats"`
|
GatherFileEventsStats bool `toml:"gather_file_events_stats"`
|
||||||
GatherPerfEventsStatements bool `toml:"gather_perf_events_statements"`
|
GatherPerfEventsStatements bool `toml:"gather_perf_events_statements"`
|
||||||
IntervalSlow string `toml:"interval_slow"`
|
IntervalSlow string `toml:"interval_slow"`
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
MetricVersion int `toml:"metric_version"`
|
MetricVersion int `toml:"metric_version"`
|
||||||
|
tls.ClientConfig
|
||||||
}
|
}
|
||||||
|
|
||||||
var sampleConfig = `
|
var sampleConfig = `
|
||||||
|
@ -118,10 +116,12 @@ var sampleConfig = `
|
||||||
## Some queries we may want to run less often (such as SHOW GLOBAL VARIABLES)
|
## Some queries we may want to run less often (such as SHOW GLOBAL VARIABLES)
|
||||||
interval_slow = "30m"
|
interval_slow = "30m"
|
||||||
|
|
||||||
## Optional SSL Config (will be used if tls=custom parameter specified in server uri)
|
## Optional TLS Config (will be used if tls=custom parameter specified in server uri)
|
||||||
ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
|
## Use TLS but skip chain & host verification
|
||||||
|
# insecure_skip_verify = false
|
||||||
`
|
`
|
||||||
|
|
||||||
var defaultTimeout = time.Second * time.Duration(5)
|
var defaultTimeout = time.Second * time.Duration(5)
|
||||||
|
@ -161,7 +161,7 @@ func (m *Mysql) Gather(acc telegraf.Accumulator) error {
|
||||||
m.InitMysql()
|
m.InitMysql()
|
||||||
}
|
}
|
||||||
|
|
||||||
tlsConfig, err := internal.GetTLSConfig(m.SSLCert, m.SSLKey, m.SSLCA, false)
|
tlsConfig, err := m.ClientConfig.TLSConfig()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("registering TLS config: %s", err)
|
return fmt.Errorf("registering TLS config: %s", err)
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,11 +8,11 @@
|
||||||
## An array of Nginx stub_status URI to gather stats.
|
## An array of Nginx stub_status URI to gather stats.
|
||||||
urls = ["http://localhost/server_status"]
|
urls = ["http://localhost/server_status"]
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## HTTP response timeout (default: 5s)
|
## HTTP response timeout (default: 5s)
|
||||||
|
|
|
@ -13,34 +13,28 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
)
|
)
|
||||||
|
|
||||||
type Nginx struct {
|
type Nginx struct {
|
||||||
// List of status URLs
|
Urls []string
|
||||||
Urls []string
|
ResponseTimeout internal.Duration
|
||||||
// Path to CA file
|
tls.ClientConfig
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to client cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
// HTTP client
|
// HTTP client
|
||||||
client *http.Client
|
client *http.Client
|
||||||
// Response timeout
|
|
||||||
ResponseTimeout internal.Duration
|
|
||||||
}
|
}
|
||||||
|
|
||||||
var sampleConfig = `
|
var sampleConfig = `
|
||||||
# An array of Nginx stub_status URI to gather stats.
|
# An array of Nginx stub_status URI to gather stats.
|
||||||
urls = ["http://localhost/server_status"]
|
urls = ["http://localhost/server_status"]
|
||||||
|
|
||||||
# TLS/SSL configuration
|
## Optional TLS Config
|
||||||
ssl_ca = "/etc/telegraf/ca.pem"
|
tls_ca = "/etc/telegraf/ca.pem"
|
||||||
ssl_cert = "/etc/telegraf/cert.cer"
|
tls_cert = "/etc/telegraf/cert.cer"
|
||||||
ssl_key = "/etc/telegraf/key.key"
|
tls_key = "/etc/telegraf/key.key"
|
||||||
|
## Use TLS but skip chain & host verification
|
||||||
insecure_skip_verify = false
|
insecure_skip_verify = false
|
||||||
|
|
||||||
# HTTP response timeout (default: 5s)
|
# HTTP response timeout (default: 5s)
|
||||||
|
@ -87,8 +81,7 @@ func (n *Nginx) Gather(acc telegraf.Accumulator) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (n *Nginx) createHttpClient() (*http.Client, error) {
|
func (n *Nginx) createHttpClient() (*http.Client, error) {
|
||||||
tlsCfg, err := internal.GetTLSConfig(
|
tlsCfg, err := n.ClientConfig.TLSConfig()
|
||||||
n.SSLCert, n.SSLKey, n.SSLCA, n.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,7 +20,7 @@ To use this plugin you must enable the [monitoring](https://www.openldap.org/dev
|
||||||
insecure_skip_verify = false
|
insecure_skip_verify = false
|
||||||
|
|
||||||
# Path to PEM-encoded Root certificate to use to verify server certificate
|
# Path to PEM-encoded Root certificate to use to verify server certificate
|
||||||
ssl_ca = "/etc/ssl/certs.pem"
|
tls_ca = "/etc/ssl/certs.pem"
|
||||||
|
|
||||||
# dn/password to bind with. If bind_dn is empty, an anonymous bind is performed.
|
# dn/password to bind with. If bind_dn is empty, an anonymous bind is performed.
|
||||||
bind_dn = ""
|
bind_dn = ""
|
||||||
|
|
|
@ -8,7 +8,7 @@ import (
|
||||||
"gopkg.in/ldap.v2"
|
"gopkg.in/ldap.v2"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -36,7 +36,7 @@ const sampleConfig string = `
|
||||||
insecure_skip_verify = false
|
insecure_skip_verify = false
|
||||||
|
|
||||||
# Path to PEM-encoded Root certificate to use to verify server certificate
|
# Path to PEM-encoded Root certificate to use to verify server certificate
|
||||||
ssl_ca = "/etc/ssl/certs.pem"
|
tls_ca = "/etc/ssl/certs.pem"
|
||||||
|
|
||||||
# dn/password to bind with. If bind_dn is empty, an anonymous bind is performed.
|
# dn/password to bind with. If bind_dn is empty, an anonymous bind is performed.
|
||||||
bind_dn = ""
|
bind_dn = ""
|
||||||
|
@ -85,7 +85,11 @@ func (o *Openldap) Gather(acc telegraf.Accumulator) error {
|
||||||
var l *ldap.Conn
|
var l *ldap.Conn
|
||||||
if o.Ssl != "" {
|
if o.Ssl != "" {
|
||||||
// build tls config
|
// build tls config
|
||||||
tlsConfig, err := internal.GetTLSConfig("", "", o.SslCa, o.InsecureSkipVerify)
|
clientTLSConfig := tls.ClientConfig{
|
||||||
|
SSLCA: o.SslCa,
|
||||||
|
InsecureSkipVerify: o.InsecureSkipVerify,
|
||||||
|
}
|
||||||
|
tlsConfig, err := clientTLSConfig.TLSConfig()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
acc.AddError(err)
|
acc.AddError(err)
|
||||||
return nil
|
return nil
|
||||||
|
|
|
@ -20,11 +20,11 @@ in Prometheus format.
|
||||||
## Specify timeout duration for slower prometheus clients (default is 3s)
|
## Specify timeout duration for slower prometheus clients (default is 3s)
|
||||||
# response_timeout = "3s"
|
# response_timeout = "3s"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = /path/to/cafile
|
# tls_ca = /path/to/cafile
|
||||||
# ssl_cert = /path/to/certfile
|
# tls_cert = /path/to/certfile
|
||||||
# ssl_key = /path/to/keyfile
|
# tls_key = /path/to/keyfile
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -13,6 +13,7 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -30,14 +31,7 @@ type Prometheus struct {
|
||||||
|
|
||||||
ResponseTimeout internal.Duration `toml:"response_timeout"`
|
ResponseTimeout internal.Duration `toml:"response_timeout"`
|
||||||
|
|
||||||
// Path to CA file
|
tls.ClientConfig
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
client *http.Client
|
client *http.Client
|
||||||
}
|
}
|
||||||
|
@ -55,11 +49,11 @@ var sampleConfig = `
|
||||||
## Specify timeout duration for slower prometheus clients (default is 3s)
|
## Specify timeout duration for slower prometheus clients (default is 3s)
|
||||||
# response_timeout = "3s"
|
# response_timeout = "3s"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = /path/to/cafile
|
# tls_ca = /path/to/cafile
|
||||||
# ssl_cert = /path/to/certfile
|
# tls_cert = /path/to/certfile
|
||||||
# ssl_key = /path/to/keyfile
|
# tls_key = /path/to/keyfile
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
`
|
`
|
||||||
|
|
||||||
|
@ -167,8 +161,7 @@ var client = &http.Client{
|
||||||
}
|
}
|
||||||
|
|
||||||
func (p *Prometheus) createHttpClient() (*http.Client, error) {
|
func (p *Prometheus) createHttpClient() (*http.Client, error) {
|
||||||
tlsCfg, err := internal.GetTLSConfig(
|
tlsCfg, err := p.ClientConfig.TLSConfig()
|
||||||
p.SSLCert, p.SSLKey, p.SSLCA, p.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,11 +16,11 @@ For additional details reference the [RabbitMQ Management HTTP Stats](https://cd
|
||||||
# username = "guest"
|
# username = "guest"
|
||||||
# password = "guest"
|
# password = "guest"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Optional request timeouts
|
## Optional request timeouts
|
||||||
|
|
|
@ -11,6 +11,7 @@ import (
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/filter"
|
"github.com/influxdata/telegraf/filter"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -37,14 +38,7 @@ type RabbitMQ struct {
|
||||||
Name string
|
Name string
|
||||||
Username string
|
Username string
|
||||||
Password string
|
Password string
|
||||||
// Path to CA file
|
tls.ClientConfig
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
ResponseHeaderTimeout internal.Duration `toml:"header_timeout"`
|
ResponseHeaderTimeout internal.Duration `toml:"header_timeout"`
|
||||||
ClientTimeout internal.Duration `toml:"client_timeout"`
|
ClientTimeout internal.Duration `toml:"client_timeout"`
|
||||||
|
@ -175,11 +169,11 @@ var sampleConfig = `
|
||||||
# username = "guest"
|
# username = "guest"
|
||||||
# password = "guest"
|
# password = "guest"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Optional request timeouts
|
## Optional request timeouts
|
||||||
|
@ -223,8 +217,7 @@ func (r *RabbitMQ) Description() string {
|
||||||
// Gather ...
|
// Gather ...
|
||||||
func (r *RabbitMQ) Gather(acc telegraf.Accumulator) error {
|
func (r *RabbitMQ) Gather(acc telegraf.Accumulator) error {
|
||||||
if r.Client == nil {
|
if r.Client == nil {
|
||||||
tlsCfg, err := internal.GetTLSConfig(
|
tlsCfg, err := r.ClientConfig.TLSConfig()
|
||||||
r.SSLCert, r.SSLKey, r.SSLCA, r.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,6 +16,7 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
tlsint "github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
"github.com/influxdata/telegraf/plugins/parsers"
|
"github.com/influxdata/telegraf/plugins/parsers"
|
||||||
)
|
)
|
||||||
|
@ -161,14 +162,12 @@ func (psl *packetSocketListener) listen() {
|
||||||
}
|
}
|
||||||
|
|
||||||
type SocketListener struct {
|
type SocketListener struct {
|
||||||
ServiceAddress string `toml:"service_address"`
|
ServiceAddress string `toml:"service_address"`
|
||||||
MaxConnections int `toml:"max_connections"`
|
MaxConnections int `toml:"max_connections"`
|
||||||
ReadBufferSize int `toml:"read_buffer_size"`
|
ReadBufferSize int `toml:"read_buffer_size"`
|
||||||
ReadTimeout *internal.Duration `toml:"read_timeout"`
|
ReadTimeout *internal.Duration `toml:"read_timeout"`
|
||||||
TLSAllowedCACerts []string `toml:"tls_allowed_cacerts"`
|
KeepAlivePeriod *internal.Duration `toml:"keep_alive_period"`
|
||||||
TLSCert string `toml:"tls_cert"`
|
tlsint.ServerConfig
|
||||||
TLSKey string `toml:"tls_key"`
|
|
||||||
KeepAlivePeriod *internal.Duration `toml:"keep_alive_period"`
|
|
||||||
|
|
||||||
parsers.Parser
|
parsers.Parser
|
||||||
telegraf.Accumulator
|
telegraf.Accumulator
|
||||||
|
@ -259,7 +258,7 @@ func (sl *SocketListener) Start(acc telegraf.Accumulator) error {
|
||||||
l net.Listener
|
l net.Listener
|
||||||
)
|
)
|
||||||
|
|
||||||
tlsCfg, err := internal.GetServerTLSConfig(sl.TLSCert, sl.TLSKey, sl.TLSAllowedCACerts)
|
tlsCfg, err := sl.ServerConfig.TLSConfig()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,12 +9,13 @@ import (
|
||||||
"testing"
|
"testing"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf/internal"
|
|
||||||
"github.com/influxdata/telegraf/testutil"
|
"github.com/influxdata/telegraf/testutil"
|
||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
var pki = testutil.NewPKI("../../../testutil/pki")
|
||||||
|
|
||||||
// testEmptyLog is a helper function to ensure no data is written to log.
|
// testEmptyLog is a helper function to ensure no data is written to log.
|
||||||
// Should be called at the start of the test, and returns a function which should run at the end.
|
// Should be called at the start of the test, and returns a function which should run at the end.
|
||||||
func testEmptyLog(t *testing.T) func() {
|
func testEmptyLog(t *testing.T) func() {
|
||||||
|
@ -32,16 +33,14 @@ func TestSocketListener_tcp_tls(t *testing.T) {
|
||||||
|
|
||||||
sl := newSocketListener()
|
sl := newSocketListener()
|
||||||
sl.ServiceAddress = "tcp://127.0.0.1:0"
|
sl.ServiceAddress = "tcp://127.0.0.1:0"
|
||||||
sl.TLSCert = "testdata/server.pem"
|
sl.ServerConfig = *pki.TLSServerConfig()
|
||||||
sl.TLSKey = "testdata/server.key"
|
|
||||||
sl.TLSAllowedCACerts = []string{"testdata/ca.pem"}
|
|
||||||
|
|
||||||
acc := &testutil.Accumulator{}
|
acc := &testutil.Accumulator{}
|
||||||
err := sl.Start(acc)
|
err := sl.Start(acc)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
defer sl.Stop()
|
defer sl.Stop()
|
||||||
|
|
||||||
tlsCfg, err := internal.GetTLSConfig("testdata/client.pem", "testdata/client.key", "testdata/ca.pem", true)
|
tlsCfg, err := pki.TLSClientConfig().TLSConfig()
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
secureClient, err := tls.Dial("tcp", sl.Closer.(net.Listener).Addr().String(), tlsCfg)
|
secureClient, err := tls.Dial("tcp", sl.Closer.(net.Listener).Addr().String(), tlsCfg)
|
||||||
|
@ -55,16 +54,15 @@ func TestSocketListener_unix_tls(t *testing.T) {
|
||||||
|
|
||||||
sl := newSocketListener()
|
sl := newSocketListener()
|
||||||
sl.ServiceAddress = "unix:///tmp/telegraf_test.sock"
|
sl.ServiceAddress = "unix:///tmp/telegraf_test.sock"
|
||||||
sl.TLSCert = "testdata/server.pem"
|
sl.ServerConfig = *pki.TLSServerConfig()
|
||||||
sl.TLSKey = "testdata/server.key"
|
|
||||||
sl.TLSAllowedCACerts = []string{"testdata/ca.pem"}
|
|
||||||
|
|
||||||
acc := &testutil.Accumulator{}
|
acc := &testutil.Accumulator{}
|
||||||
err := sl.Start(acc)
|
err := sl.Start(acc)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
defer sl.Stop()
|
defer sl.Stop()
|
||||||
|
|
||||||
tlsCfg, err := internal.GetTLSConfig("testdata/client.pem", "testdata/client.key", "testdata/ca.pem", true)
|
tlsCfg, err := pki.TLSClientConfig().TLSConfig()
|
||||||
|
tlsCfg.InsecureSkipVerify = true
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
secureClient, err := tls.Dial("unix", "/tmp/telegraf_test.sock", tlsCfg)
|
secureClient, err := tls.Dial("unix", "/tmp/telegraf_test.sock", tlsCfg)
|
||||||
|
|
|
@ -1,31 +0,0 @@
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIFVTCCAz2gAwIBAgIJAOhLvwv6zUf+MA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
|
|
||||||
BAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsG
|
|
||||||
A1UECgwEVGVzdDAeFw0xODA0MTcwNDIwNDZaFw0yMTAyMDQwNDIwNDZaMEExCzAJ
|
|
||||||
BgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEN
|
|
||||||
MAsGA1UECgwEVGVzdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKwE
|
|
||||||
Xy814CDH03G3Fg2/XSpYZXVMzwp6oq/bUe3iLhkOpA6C4+j07AxAAa22qEPlvYkb
|
|
||||||
W7oxVJiL0ih1od2FeAxvroBTmjG54j/Syb8OeQsZaJLNp1rRmwYGBIVi284ScaIc
|
|
||||||
dn+2bfmfpSLjK3SbU5XygtwIE3gh/B7x02UJRNJmJ1faRT2CfTeg/56xnTE4bcR5
|
|
||||||
HRrlojoN5laJngowLWAEAvWljCR8oge+ciNYB3xoK8Hgc9+WgTy95G1RBCNkaFFI
|
|
||||||
73nrcHl6dGOH9UgIqfbHJYxNEarI3o/JAr8DIBS0W4r8r4aY4JQ4LoN3bg4mLHQq
|
|
||||||
THKkVW5hyBeWe47qmlL0m4F6/+mzVi95NAWG2BQDCZJAWJNc+PbSRHi81838m7ff
|
|
||||||
O4rixd/F53LUUas8/zVca3vtv+XjOHZzIQLIy1bM4MhzpHlRcSmS9kqxxZ3S70e3
|
|
||||||
ZIWFdM0iRrtlBbJeoHIJRDpgPRYIWdRc6XotljTTi6/lN4Bj/0NK4E3iONcDsscN
|
|
||||||
kiqEHRAWZ4ptCqdVPgYR0S096Fx6OaC3ASODE0Cjb18ylZQRsQi8TiYSihGzuoio
|
|
||||||
wJwSLdIifDbbSUkjT1384cA/HsOjFQ9xHXYa6cQnAg3TUZyG1lAMJyFWYke+rxmG
|
|
||||||
srfL/EtIzgbzmEOC5anQjA2pdgUO9Pk2SinJaMApAgMBAAGjUDBOMB0GA1UdDgQW
|
|
||||||
BBQNJctDLjj8bVKNCYANaOcboPQnmzAfBgNVHSMEGDAWgBQNJctDLjj8bVKNCYAN
|
|
||||||
aOcboPQnmzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQATSr26Kc8g
|
|
||||||
3l2zuccoKWM57DQcgRmzSYwEOKA2jn3FWmrAdwozEIkLaTK0OXz0zh2dZxh9V3GR
|
|
||||||
w0WFCynbGNy/9s33MSi+zIWJOU/MZvt6zGE5CTcTgZ+u5IZyvSubMkPcwQi3Yvcg
|
|
||||||
AHmWzpF42kT2J5C5MfrSU65hrhPX7hT/CUoV3gN7oxFzj+/ED4kgNorO8SUUJCmq
|
|
||||||
DJNFbjgsD63EhnvAhn1AeM35GmKdl2enEKqcZsRkE4ZLpU7ibrThEm1aOQuJUtHk
|
|
||||||
gDAx49QMdQpWnxWxnfoiwpLu7ufR7ls8O9oA8ZJux/SVHEmtkOdRsuMtY5MElFZg
|
|
||||||
dANlQsdFWDko4ixaxFYzppuPNnRlqjGNnaEFJrNc2KR0Dxgmp28Yh2VyLd4r3fLT
|
|
||||||
nLVBYF8KzFchUdXYYPNBXwAf/N52jGfugDx8snLxOfzxoUZ4y64qMCpYhntGgBJ1
|
|
||||||
Rrk2trcn3Dw19gi8p3ylbdoz/Ch1INDDrO35pd0bZpcwASc/UNU72W5v2kGL0H7o
|
|
||||||
nJzgtrqeHcoIzNBmBhHlMlnTF5GMfrYGsf5d30KyKv7UL6qJTvT641dpKpB/FFrk
|
|
||||||
y3AQbKmKRDI+aVzeOlwdy/eJAwt7FikD4bR9GZ4PBX9n9jd4u/PHZNfxtgzplqo1
|
|
||||||
oy7kJv0cB/vRKOblmn/vPUfTFtAX7M3GkQ==
|
|
||||||
-----END CERTIFICATE-----
|
|
|
@ -1,27 +0,0 @@
|
||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIIEpAIBAAKCAQEAmRuY+9Gg5V4e9hCd2mYek1jKeoaZijz89EPvox78XzoGdxPf
|
|
||||||
RoukUcTVS9VWN7HyJBjRA9P+KuHI9dX47skxyxH53uXZvRmGQAJBY4cE07JHvGkZ
|
|
||||||
eK1heXoWlBzYtivckha7bLBfn1ttAzcFCblUfJdzsn9XDuC4Jfn4oSaKn1o8Rzy1
|
|
||||||
KRvyLgvsYxMA/XzhyBzVMyoUOulye7EZx4f+AwSNmNHD4OgtxxPofrrMOtXZ2tC6
|
|
||||||
xNOexIZXbsB9dyrUW+4pWXYaadU7fl2V+arAJj+NVxV+3tmGGjmd1MiIypPx6BbP
|
|
||||||
g7xH20nJ/Y0U6V7gklZpYO1i84RbtR/kqBgi9QIDAQABAoIBAEONJJM+KyHnw/tG
|
|
||||||
246HbcgO7c7fYhDW1bgj3S/4NNsC6+VP1Dv40nftQzphFtgd37rDZDyvJL3gvlyQ
|
|
||||||
mnMoO5rgBIGuocHH6C6HkDgMUznft7zOFhnjTVVeY2XX0FmXwoqGEw1iR940ZUV8
|
|
||||||
2fEvXrJV1AsWGeALj9PZlTPsoE6rv5sUk9Lh3wCD73m7GSg7DzBRE+6bBze8Lmwn
|
|
||||||
ZzTvmimhgPJw8LR5rRpYbDbhAJLAfgA7/yPgYEPxA/ffry6Ba4epj8tVNUNOAcOf
|
|
||||||
PURF+uuIF7RceI2PkdvoNuQyVR5oxQUPUfidfVK5ClUmnHECSgb/FFnYC+nU2vSi
|
|
||||||
IAnmC6ECgYEAyrUFHyxxuIQAiinjBxa0OQ3ynvMxDnF/+zvWe8536Y61lz9dblKb
|
|
||||||
0xvFhpOEMfiG/zFdZdWJ+xdq7VQVNMHu4USoskG8sZs5zImMTu50kuDNln7xYqVf
|
|
||||||
SUuN1U7cp7JouI1qkZAOsytPfAgZN/83hLObd07lAvL44jKYaHVeMmkCgYEAwVxZ
|
|
||||||
wKXpboHwQawA+4ubsnZ36IlOk21/+FlGJiDg/LB643BS+QhgVNxuB2gL1gOCYkhl
|
|
||||||
6BBcIhWMvZOIIo5uwnv4fQ+WfFwntU9POFViZgbZvkitQtorB7MXc/NU2BDrNYx2
|
|
||||||
TBCiRn/9BaZ4fziW8I3Fx3xQ3rKDBXrexmrJQq0CgYEAvYGQYT12r47Qxlo0gcsL
|
|
||||||
AA/3E/y9jwgzItglQ6eZ2ULup5C4s0wNm8Zp2s+Mlf8HjgpDi9Gf5ptU/r1N+f2Y
|
|
||||||
awd6QvRMCSraVUr+Xkh1uV7rNNhGqPd75pT460OH7EtRtb+XsrAf3gcOjyEvGnfC
|
|
||||||
GpCjNl4OobwvS6ELdRTM1IkCgYAHUGX4uo3k5zdeVJJI8ZP3ITIR8retLfQsQbw8
|
|
||||||
jvvTsx1C4ynQT7fNHfVvhEkGVGWnMBPivlOt2mDTfvQkUnzwEF5q5J8NnzLFUfWu
|
|
||||||
LNSnBVVRNFCRec0s4mJduXOZJLKw+No0sGBjCE5a21wte8eB2+sCS7qHYftAxtAM
|
|
||||||
c1eflQKBgQDGTFsMvpM8BEPTreinTllFBdjeYchcdY/Ov9DZ3mMVopjAWRD81MKM
|
|
||||||
zM1RCqwLkgv9FvF79B1FLJ1Inr8e/XIGdcrhE1a4sZdIWdqTWQ4xFrlDgxCquq66
|
|
||||||
da09WVBRdvq2kVLAMaBViH2/GP1G4ZV9a8+JHuWKj+Arrr52Qeazjw==
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
|
@ -1,24 +0,0 @@
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIEEjCCAfoCCQCmcronmMSqXTANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJV
|
|
||||||
UzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoM
|
|
||||||
BFRlc3QwHhcNMTgwNDE3MDQyNDMwWhcNNDUwOTAyMDQyNDMwWjBVMQswCQYDVQQG
|
|
||||||
EwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xITAfBgNV
|
|
||||||
BAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQAD
|
|
||||||
ggEPADCCAQoCggEBAJkbmPvRoOVeHvYQndpmHpNYynqGmYo8/PRD76Me/F86BncT
|
|
||||||
30aLpFHE1UvVVjex8iQY0QPT/irhyPXV+O7JMcsR+d7l2b0ZhkACQWOHBNOyR7xp
|
|
||||||
GXitYXl6FpQc2LYr3JIWu2ywX59bbQM3BQm5VHyXc7J/Vw7guCX5+KEmip9aPEc8
|
|
||||||
tSkb8i4L7GMTAP184cgc1TMqFDrpcnuxGceH/gMEjZjRw+DoLccT6H66zDrV2drQ
|
|
||||||
usTTnsSGV27AfXcq1FvuKVl2GmnVO35dlfmqwCY/jVcVft7Zhho5ndTIiMqT8egW
|
|
||||||
z4O8R9tJyf2NFOle4JJWaWDtYvOEW7Uf5KgYIvUCAwEAATANBgkqhkiG9w0BAQsF
|
|
||||||
AAOCAgEACJkccOvBavtagiMQc9OLsbo0PkHv7Qk9uTm5Sg9+LjLGUsu+3WLjAAmj
|
|
||||||
YScHyGbvQzXlwpgo8JuwY0lMNoPfwGuydlJPfOBCbaoAqFp6Vpc/E49J9YovCsqa
|
|
||||||
2HJUJeuxpf6SiH1Vc1SECjzwzKo03t8ul7t7SNVqA0r9fV4I936FlJOeQ4d5U+Wv
|
|
||||||
H7c2LmAqbHi2Mwf+m+W6ziOvzp+szspcP2gJDX7hsKEtIlqmHYm2bzZ4fsCuU9xN
|
|
||||||
3quewBVQUOuParO632yaLgzpGmfzzxLmCPO84lxarJKCxjHG2Q2l30TO/wA44m+r
|
|
||||||
Wd17HpCT3PkCDG5eSNCSnYqfLm8DE1hLGfHiXxKmrgU94q4wvwVGOlcYa+CQeP9Q
|
|
||||||
ZW3Tj0Axz0Mqlg1iLLo12+Z/yocSY2nFnFntBFT4qBKNCeD0xH3PxC0HJdK66xBv
|
|
||||||
MVDE/OE2hBtTTts+vC9yjx4W8thtMSA4VCOgtt5sHjt3ZekiYYh5VZK47Bx/a0uc
|
|
||||||
8CouRdyppWyPp/cNC+PcGW3YnXpAkxe/bSY/qgfK5kmbeOf+HzvZAIwAH/d9VK0g
|
|
||||||
AoLNp46eP6U2E2lVvtc/HJ1C/gsiC/1TSIq/kBbYtuIJjhhH3u6IVet7WSD22Akv
|
|
||||||
o5gOpcoKwy8IPDRC5lJEAAVYUKt7ORo2en3OVg6I4FaQmeBFp5s=
|
|
||||||
-----END CERTIFICATE-----
|
|
|
@ -1,27 +0,0 @@
|
||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIIEowIBAAKCAQEAzkEDLijGOqXNQPAqUjOz5TLuM28SENauknLtcfIyEN/N6PwZ
|
|
||||||
re5DjokxtDPp+c9yP/9qtn7+dBfdUXg2Mu7HQz8lAKniir2ZH+axkjp5LUE6vYJd
|
|
||||||
I1W8lOOc0kXDjozBetgriE0jkgc3v9oDBbLhN5waKR86jpQaNkfnI7/4U3yrlymK
|
|
||||||
yaT3uD6L1ldUJubdQ/xc1HxdmX8VewBnkK1urYyiRbju2iL9YmtSM72yWXvFsD1O
|
|
||||||
I4fP/XuiaymicBmXKL4cu6KYdfn1qeLAV3U35xG597M031WmR5o67rc63sqs+Q//
|
|
||||||
V3dbGqnFXRMkLhoOnuKK0DD28ujY1kctbNQWVQIDAQABAoIBAHFxFJy41H7BXulO
|
|
||||||
rxhTU6jGoHktqBQW4CGwkKTRf3QEhK6WqlEd8Y5eKzZgL1q1HLPSehEyPCYCUjpT
|
|
||||||
EgxlhLeZ7XI1/mIs8iG3swconimj7Pj60Nt0dqq1njWRJYQsKua0Kw1m0B+rVKBy
|
|
||||||
+qKRxondlA32HTD6iIg+eAUTuzO/KzimZcyL9hiT/g6aN9k0H5+qURi8dO7VV8fD
|
|
||||||
zvP8Y+oOGLwW2ccp+ZjFQizjTOkL4lgldr0hsGQXZJNHL94fA7jPdAxAUbnTicMJ
|
|
||||||
oXM++L3eCwIVabipGxxlqCMj9Dn8yfbQvRGzP2e76QDeROYZHX4osH6vLcZEjx9i
|
|
||||||
tJ4J+ekCgYEA82kKzkSKmFo4gZxnqAywlfZ2X2PADuMmHdqdiDFwt54orlMlKf/b
|
|
||||||
wVSvN/djLXwvFHuyzFmJeMFSHKFkYVTOsh8kPSETAIGkcJEMHD3viYn7DwjkQudY
|
|
||||||
vB/FpBWSiDT0T7qDUCzW3iMbx/JvTUSp7uO4ZuwOu6t6v3PEZwIChQ8CgYEA2Ov9
|
|
||||||
FXHmm7sS54HgvZd6Wk8zLMLIDnyMmECjtYOasJ9c40yQHpRlXsb+Dzn/2xhMMwth
|
|
||||||
Bln2hIiJ/e+G0bzFu4x0cItRPOQeRNyz5Pal8EsATeUwcX4KRKOZaUpDkV6XV1L0
|
|
||||||
r/HSk/wed+90B74sGoJY1qsFflOATIUVs7SIllsCgYEAwhGSB/sl9WqZet1U1+um
|
|
||||||
LyqeHlfNnREGJu9Sgm/Iyt1S2gp4qw/QCkiWmyym6nEEqHQnjj4lGR4pdaJIAkI3
|
|
||||||
ulSR9BsWp2S10voSicHn5eUZQld4hs8lNHiwf66jce2mjJrMb3QQrHOZhsWIcDa6
|
|
||||||
tjjhoU28QWzrJRIMGYTEtYkCgYA17NSJlDsj06mra5oXB6Ue9jlekz1wfH3nC4qn
|
|
||||||
AQRfi/5ncw0QzQs2OHnIBz8XlD69IcMI9SxXXioPuo/la+wr54q6v6d+X6c2rzb5
|
|
||||||
YGd4CO0WcDdOv2qGDbWBezi41q8AwlqZsqAKsc5ROnG5ywjjviufkfxXnyJx41O1
|
|
||||||
zNd3qQKBgGEy+EwUXD5iGeQxdCDnd6iVu14SoBscHO5SpIeDu3DIhnu+7gPq2VMg
|
|
||||||
Vp9j/iNVtEA3HyYCOeXc2rz9Di1wwt3YijED4birLAkC5YW6YB9rmLMfCNc1EyLh
|
|
||||||
BKAkUQN3D+XCN4pXdbKvbkOcfYRUHoD+pPBjRYH020OtPBUc6Wkl
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
|
@ -1,25 +0,0 @@
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIEJjCCAg4CCQCmcronmMSqXDANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJV
|
|
||||||
UzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoM
|
|
||||||
BFRlc3QwHhcNMTgwNDE3MDQyNDAwWhcNNDUwOTAyMDQyNDAwWjBpMQswCQYDVQQG
|
|
||||||
EwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xITAfBgNV
|
|
||||||
BAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDESMBAGA1UEAwwJMTI3LjAuMC4x
|
|
||||||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzkEDLijGOqXNQPAqUjOz
|
|
||||||
5TLuM28SENauknLtcfIyEN/N6PwZre5DjokxtDPp+c9yP/9qtn7+dBfdUXg2Mu7H
|
|
||||||
Qz8lAKniir2ZH+axkjp5LUE6vYJdI1W8lOOc0kXDjozBetgriE0jkgc3v9oDBbLh
|
|
||||||
N5waKR86jpQaNkfnI7/4U3yrlymKyaT3uD6L1ldUJubdQ/xc1HxdmX8VewBnkK1u
|
|
||||||
rYyiRbju2iL9YmtSM72yWXvFsD1OI4fP/XuiaymicBmXKL4cu6KYdfn1qeLAV3U3
|
|
||||||
5xG597M031WmR5o67rc63sqs+Q//V3dbGqnFXRMkLhoOnuKK0DD28ujY1kctbNQW
|
|
||||||
VQIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQCVgzqFrehoRAMFLMEL8avfokYtsSYc
|
|
||||||
50Yug4Es0ISo/PRWGeUnv8k1inyE3Y1iR/gbN5n/yjLXJKEflan6BuqGuukfr2eA
|
|
||||||
fRdDCyPvzQLABdxCx2n6ByQFxj92z82tizf35R2OMuHHWzTckta+7s5EvxwIiUsd
|
|
||||||
rUuXp+0ltJzlYYW9xTGFiJO9hAbRgMgZiwL8F7ayic8GmLQ1eRK/DfKDCOH3afeX
|
|
||||||
MNN5FulgjqNyhXHF33vwgIJynGDg2JEhkWjB1DkUAxll0+SMQoYyVGZVrQSGbGw1
|
|
||||||
JhOLc8C8bTzfK3qcJDuyldvjiut+To+lpu76R0u0+sn+wxQFL1uCWuAbMJgGsJgM
|
|
||||||
ARavu2XDeae9X+e8MgJuN1FYS3tihBplPjMJD3UYRybRvHAvQh26BZ7Ch3JNSNST
|
|
||||||
AL2l5T7JKU+XaWWeo+crV+AnGIJyqyh9Su/n97PEoZoEMGH4Kcl/n/w2Jms60+5s
|
|
||||||
K0FK2OGNL42ddUfQiVL9CwYQQo70hydjsIo1x8S6+tSFLMAAysQEToSjfAA6qxDu
|
|
||||||
fgGVMuIYHo0rSkpTVsHVwru08Z5o4m+XDAK0iHalZ4knKsO0lJ+9l7vFnQHlzwt7
|
|
||||||
JTjDhnyOKWPIANeWf3PrHPWE7kKpFVBqFBzOvWLJuxDu5NlgLo1PFahsahTqB9bz
|
|
||||||
qwUyMg/oYWnwqw==
|
|
||||||
-----END CERTIFICATE-----
|
|
|
@ -19,11 +19,11 @@ See the [Tomcat documentation](https://tomcat.apache.org/tomcat-9.0-doc/manager-
|
||||||
## Request timeout
|
## Request timeout
|
||||||
# timeout = "5s"
|
# timeout = "5s"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -10,6 +10,7 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -63,11 +64,7 @@ type Tomcat struct {
|
||||||
Username string
|
Username string
|
||||||
Password string
|
Password string
|
||||||
Timeout internal.Duration
|
Timeout internal.Duration
|
||||||
|
tls.ClientConfig
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
client *http.Client
|
client *http.Client
|
||||||
request *http.Request
|
request *http.Request
|
||||||
|
@ -84,11 +81,11 @@ var sampleconfig = `
|
||||||
## Request timeout
|
## Request timeout
|
||||||
# timeout = "5s"
|
# timeout = "5s"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
`
|
`
|
||||||
|
|
||||||
|
@ -191,8 +188,7 @@ func (s *Tomcat) Gather(acc telegraf.Accumulator) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *Tomcat) createHttpClient() (*http.Client, error) {
|
func (s *Tomcat) createHttpClient() (*http.Client, error) {
|
||||||
tlsConfig, err := internal.GetTLSConfig(
|
tlsConfig, err := s.ClientConfig.TLSConfig()
|
||||||
s.SSLCert, s.SSLKey, s.SSLCA, s.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -18,11 +18,11 @@ The zookeeper plugin collects variables outputted from the 'mntr' command
|
||||||
## Timeout for metric collections from all servers. Minimum timeout is "1s".
|
## Timeout for metric collections from all servers. Minimum timeout is "1s".
|
||||||
# timeout = "5s"
|
# timeout = "5s"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# enable_ssl = true
|
# enable_ssl = true
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## If false, skip chain & host verification
|
## If false, skip chain & host verification
|
||||||
# insecure_skip_verify = true
|
# insecure_skip_verify = true
|
||||||
```
|
```
|
||||||
|
|
|
@ -13,6 +13,7 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
tlsint "github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -21,11 +22,9 @@ type Zookeeper struct {
|
||||||
Servers []string
|
Servers []string
|
||||||
Timeout internal.Duration
|
Timeout internal.Duration
|
||||||
|
|
||||||
EnableSSL bool `toml:"enable_ssl"`
|
EnableTLS bool `toml:"enable_tls"`
|
||||||
SSLCA string `toml:"ssl_ca"`
|
EnableSSL bool `toml:"enable_ssl"` // deprecated in 1.7; use enable_tls
|
||||||
SSLCert string `toml:"ssl_cert"`
|
tlsint.ClientConfig
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
InsecureSkipVerify bool `toml:"insecure_skip_verify"`
|
|
||||||
|
|
||||||
initialized bool
|
initialized bool
|
||||||
tlsConfig *tls.Config
|
tlsConfig *tls.Config
|
||||||
|
@ -42,11 +41,11 @@ var sampleConfig = `
|
||||||
## Timeout for metric collections from all servers. Minimum timeout is "1s".
|
## Timeout for metric collections from all servers. Minimum timeout is "1s".
|
||||||
# timeout = "5s"
|
# timeout = "5s"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# enable_ssl = true
|
# enable_tls = true
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## If false, skip chain & host verification
|
## If false, skip chain & host verification
|
||||||
# insecure_skip_verify = true
|
# insecure_skip_verify = true
|
||||||
`
|
`
|
||||||
|
@ -65,7 +64,7 @@ func (z *Zookeeper) Description() string {
|
||||||
|
|
||||||
func (z *Zookeeper) dial(ctx context.Context, addr string) (net.Conn, error) {
|
func (z *Zookeeper) dial(ctx context.Context, addr string) (net.Conn, error) {
|
||||||
var dialer net.Dialer
|
var dialer net.Dialer
|
||||||
if z.EnableSSL {
|
if z.EnableTLS || z.EnableSSL {
|
||||||
deadline, ok := ctx.Deadline()
|
deadline, ok := ctx.Deadline()
|
||||||
if ok {
|
if ok {
|
||||||
dialer.Deadline = deadline
|
dialer.Deadline = deadline
|
||||||
|
@ -81,8 +80,7 @@ func (z *Zookeeper) Gather(acc telegraf.Accumulator) error {
|
||||||
ctx := context.Background()
|
ctx := context.Background()
|
||||||
|
|
||||||
if !z.initialized {
|
if !z.initialized {
|
||||||
tlsConfig, err := internal.GetTLSConfig(
|
tlsConfig, err := z.ClientConfig.TLSConfig()
|
||||||
z.SSLCert, z.SSLKey, z.SSLCA, z.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -42,11 +42,11 @@ For an introduction to AMQP see:
|
||||||
## to 5s. 0s means no timeout (not recommended).
|
## to 5s. 0s means no timeout (not recommended).
|
||||||
# timeout = "5s"
|
# timeout = "5s"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Data format to output.
|
## Data format to output.
|
||||||
|
|
|
@ -10,6 +10,7 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/outputs"
|
"github.com/influxdata/telegraf/plugins/outputs"
|
||||||
"github.com/influxdata/telegraf/plugins/serializers"
|
"github.com/influxdata/telegraf/plugins/serializers"
|
||||||
|
|
||||||
|
@ -43,14 +44,7 @@ type AMQP struct {
|
||||||
// Valid options are "transient" and "persistent". default: "transient"
|
// Valid options are "transient" and "persistent". default: "transient"
|
||||||
DeliveryMode string
|
DeliveryMode string
|
||||||
|
|
||||||
// Path to CA file
|
tls.ClientConfig
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
sync.Mutex
|
sync.Mutex
|
||||||
c *client
|
c *client
|
||||||
|
@ -99,11 +93,11 @@ var sampleConfig = `
|
||||||
## to 5s. 0s means no timeout (not recommended).
|
## to 5s. 0s means no timeout (not recommended).
|
||||||
# timeout = "5s"
|
# timeout = "5s"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Data format to output.
|
## Data format to output.
|
||||||
|
@ -137,8 +131,7 @@ func (q *AMQP) Connect() error {
|
||||||
|
|
||||||
var connection *amqp.Connection
|
var connection *amqp.Connection
|
||||||
// make new tls config
|
// make new tls config
|
||||||
tls, err := internal.GetTLSConfig(
|
tls, err := q.ClientConfig.TLSConfig()
|
||||||
q.SSLCert, q.SSLKey, q.SSLCA, q.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -180,11 +180,11 @@ This plugin will format the events in the following way:
|
||||||
# default_tag_value = "none"
|
# default_tag_value = "none"
|
||||||
index_name = "telegraf-%Y.%m.%d" # required.
|
index_name = "telegraf-%Y.%m.%d" # required.
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Template Config
|
## Template Config
|
||||||
|
|
|
@ -11,6 +11,7 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/outputs"
|
"github.com/influxdata/telegraf/plugins/outputs"
|
||||||
"gopkg.in/olivere/elastic.v5"
|
"gopkg.in/olivere/elastic.v5"
|
||||||
)
|
)
|
||||||
|
@ -28,11 +29,9 @@ type Elasticsearch struct {
|
||||||
ManageTemplate bool
|
ManageTemplate bool
|
||||||
TemplateName string
|
TemplateName string
|
||||||
OverwriteTemplate bool
|
OverwriteTemplate bool
|
||||||
SSLCA string `toml:"ssl_ca"` // Path to CA file
|
tls.ClientConfig
|
||||||
SSLCert string `toml:"ssl_cert"` // Path to host cert file
|
|
||||||
SSLKey string `toml:"ssl_key"` // Path to cert key file
|
Client *elastic.Client
|
||||||
InsecureSkipVerify bool // Use SSL but skip chain & host verification
|
|
||||||
Client *elastic.Client
|
|
||||||
}
|
}
|
||||||
|
|
||||||
var sampleConfig = `
|
var sampleConfig = `
|
||||||
|
@ -69,11 +68,11 @@ var sampleConfig = `
|
||||||
# default_tag_value = "none"
|
# default_tag_value = "none"
|
||||||
index_name = "telegraf-%Y.%m.%d" # required.
|
index_name = "telegraf-%Y.%m.%d" # required.
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Template Config
|
## Template Config
|
||||||
|
@ -96,7 +95,7 @@ func (a *Elasticsearch) Connect() error {
|
||||||
|
|
||||||
var clientOptions []elastic.ClientOptionFunc
|
var clientOptions []elastic.ClientOptionFunc
|
||||||
|
|
||||||
tlsCfg, err := internal.GetTLSConfig(a.SSLCert, a.SSLKey, a.SSLCA, a.InsecureSkipVerify)
|
tlsCfg, err := a.ClientConfig.TLSConfig()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,42 +20,10 @@ via raw TCP.
|
||||||
## timeout in seconds for the write connection to graphite
|
## timeout in seconds for the write connection to graphite
|
||||||
timeout = 2
|
timeout = 2
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
```
|
```
|
||||||
|
|
||||||
Parameters:
|
|
||||||
|
|
||||||
Servers []string
|
|
||||||
Prefix string
|
|
||||||
Timeout int
|
|
||||||
Template string
|
|
||||||
|
|
||||||
// Path to CA file
|
|
||||||
SSLCA string
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string
|
|
||||||
// Skip SSL verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
### Required parameters:
|
|
||||||
|
|
||||||
* `servers`: List of strings, ["mygraphiteserver:2003"].
|
|
||||||
* `prefix`: String use to prefix all sent metrics.
|
|
||||||
* `timeout`: Connection timeout in seconds.
|
|
||||||
* `template`: Template for graphite output format, see
|
|
||||||
https://github.com/influxdata/telegraf/blob/master/docs/DATA_FORMATS_OUTPUT.md
|
|
||||||
for more details.
|
|
||||||
|
|
||||||
### Optional parameters:
|
|
||||||
|
|
||||||
* `ssl_ca`: SSL CA
|
|
||||||
* `ssl_cert`: SSL CERT
|
|
||||||
* `ssl_key`: SSL key
|
|
||||||
* `insecure_skip_verify`: Use SSL but skip chain & host verification (default: false)
|
|
||||||
|
|
|
@ -10,7 +10,7 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
tlsint "github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/outputs"
|
"github.com/influxdata/telegraf/plugins/outputs"
|
||||||
"github.com/influxdata/telegraf/plugins/serializers"
|
"github.com/influxdata/telegraf/plugins/serializers"
|
||||||
)
|
)
|
||||||
|
@ -22,18 +22,7 @@ type Graphite struct {
|
||||||
Template string
|
Template string
|
||||||
Timeout int
|
Timeout int
|
||||||
conns []net.Conn
|
conns []net.Conn
|
||||||
|
tlsint.ClientConfig
|
||||||
// Path to CA file
|
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Skip SSL verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
// tls config
|
|
||||||
tlsConfig *tls.Config
|
|
||||||
}
|
}
|
||||||
|
|
||||||
var sampleConfig = `
|
var sampleConfig = `
|
||||||
|
@ -49,11 +38,11 @@ var sampleConfig = `
|
||||||
## timeout in seconds for the write connection to graphite
|
## timeout in seconds for the write connection to graphite
|
||||||
timeout = 2
|
timeout = 2
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
`
|
`
|
||||||
|
|
||||||
|
@ -67,9 +56,7 @@ func (g *Graphite) Connect() error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set tls config
|
// Set tls config
|
||||||
var err error
|
tlsConfig, err := g.ClientConfig.TLSConfig()
|
||||||
g.tlsConfig, err = internal.GetTLSConfig(
|
|
||||||
g.SSLCert, g.SSLKey, g.SSLCA, g.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -82,8 +69,8 @@ func (g *Graphite) Connect() error {
|
||||||
|
|
||||||
// Get secure connection if tls config is set
|
// Get secure connection if tls config is set
|
||||||
var conn net.Conn
|
var conn net.Conn
|
||||||
if g.tlsConfig != nil {
|
if tlsConfig != nil {
|
||||||
conn, err = tls.DialWithDialer(&d, "tcp", server, g.tlsConfig)
|
conn, err = tls.DialWithDialer(&d, "tcp", server, tlsConfig)
|
||||||
} else {
|
} else {
|
||||||
conn, err = d.Dial("tcp", server)
|
conn, err = d.Dial("tcp", server)
|
||||||
}
|
}
|
||||||
|
|
|
@ -44,11 +44,11 @@ This InfluxDB output plugin writes metrics to the [InfluxDB](https://github.com/
|
||||||
## UDP payload size is the maximum packet size to send.
|
## UDP payload size is the maximum packet size to send.
|
||||||
# udp_payload = 512
|
# udp_payload = 512
|
||||||
|
|
||||||
## Optional SSL Config for use on HTTP connections.
|
## Optional TLS Config for use on HTTP connections.
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## HTTP Proxy override, if unset values the standard proxy environment
|
## HTTP Proxy override, if unset values the standard proxy environment
|
||||||
|
|
|
@ -11,6 +11,7 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/outputs"
|
"github.com/influxdata/telegraf/plugins/outputs"
|
||||||
"github.com/influxdata/telegraf/plugins/serializers/influx"
|
"github.com/influxdata/telegraf/plugins/serializers/influx"
|
||||||
)
|
)
|
||||||
|
@ -46,15 +47,7 @@ type InfluxDB struct {
|
||||||
ContentEncoding string `toml:"content_encoding"`
|
ContentEncoding string `toml:"content_encoding"`
|
||||||
SkipDatabaseCreation bool `toml:"skip_database_creation"`
|
SkipDatabaseCreation bool `toml:"skip_database_creation"`
|
||||||
InfluxUintSupport bool `toml:"influx_uint_support"`
|
InfluxUintSupport bool `toml:"influx_uint_support"`
|
||||||
|
tls.ClientConfig
|
||||||
// Path to CA file
|
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
Precision string // precision deprecated in 1.0; value is ignored
|
Precision string // precision deprecated in 1.0; value is ignored
|
||||||
|
|
||||||
|
@ -104,11 +97,11 @@ var sampleConfig = `
|
||||||
## UDP payload size is the maximum packet size to send.
|
## UDP payload size is the maximum packet size to send.
|
||||||
# udp_payload = 512
|
# udp_payload = 512
|
||||||
|
|
||||||
## Optional SSL Config for use on HTTP connections.
|
## Optional TLS Config for use on HTTP connections.
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## HTTP Proxy override, if unset values the standard proxy environment
|
## HTTP Proxy override, if unset values the standard proxy environment
|
||||||
|
@ -245,8 +238,7 @@ func (i *InfluxDB) udpClient(url *url.URL) (Client, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (i *InfluxDB) httpClient(ctx context.Context, url *url.URL, proxy *url.URL) (Client, error) {
|
func (i *InfluxDB) httpClient(ctx context.Context, url *url.URL, proxy *url.URL) (Client, error) {
|
||||||
tlsConfig, err := internal.GetTLSConfig(
|
tlsConfig, err := i.ClientConfig.TLSConfig()
|
||||||
i.SSLCert, i.SSLKey, i.SSLCA, i.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,6 +8,7 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/metric"
|
"github.com/influxdata/telegraf/metric"
|
||||||
"github.com/influxdata/telegraf/plugins/outputs/influxdb"
|
"github.com/influxdata/telegraf/plugins/outputs/influxdb"
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
|
@ -104,8 +105,10 @@ func TestConnectHTTPConfig(t *testing.T) {
|
||||||
HTTPHeaders: map[string]string{
|
HTTPHeaders: map[string]string{
|
||||||
"x": "y",
|
"x": "y",
|
||||||
},
|
},
|
||||||
ContentEncoding: "gzip",
|
ContentEncoding: "gzip",
|
||||||
InsecureSkipVerify: true,
|
ClientConfig: tls.ClientConfig{
|
||||||
|
InsecureSkipVerify: true,
|
||||||
|
},
|
||||||
|
|
||||||
CreateHTTPClientF: func(config *influxdb.HTTPConfig) (influxdb.Client, error) {
|
CreateHTTPClientF: func(config *influxdb.HTTPConfig) (influxdb.Client, error) {
|
||||||
actual = config
|
actual = config
|
||||||
|
|
|
@ -68,11 +68,11 @@ This plugin writes to a [Kafka Broker](http://kafka.apache.org/07/quickstart.htm
|
||||||
## until the next flush.
|
## until the next flush.
|
||||||
# max_retry = 3
|
# max_retry = 3
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Optional SASL Config
|
## Optional SASL Config
|
||||||
|
|
|
@ -6,7 +6,7 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
tlsint "github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/outputs"
|
"github.com/influxdata/telegraf/plugins/outputs"
|
||||||
"github.com/influxdata/telegraf/plugins/serializers"
|
"github.com/influxdata/telegraf/plugins/serializers"
|
||||||
|
|
||||||
|
@ -36,7 +36,7 @@ type (
|
||||||
// MaxRetry Tag
|
// MaxRetry Tag
|
||||||
MaxRetry int
|
MaxRetry int
|
||||||
|
|
||||||
// Legacy SSL config options
|
// Legacy TLS config options
|
||||||
// TLS client certificate
|
// TLS client certificate
|
||||||
Certificate string
|
Certificate string
|
||||||
// TLS client key
|
// TLS client key
|
||||||
|
@ -44,15 +44,7 @@ type (
|
||||||
// TLS certificate authority
|
// TLS certificate authority
|
||||||
CA string
|
CA string
|
||||||
|
|
||||||
// Path to CA file
|
tlsint.ClientConfig
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
|
|
||||||
// Skip SSL verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
// SASL Username
|
// SASL Username
|
||||||
SASLUsername string `toml:"sasl_username"`
|
SASLUsername string `toml:"sasl_username"`
|
||||||
|
@ -135,11 +127,11 @@ var sampleConfig = `
|
||||||
## until the next flush.
|
## until the next flush.
|
||||||
# max_retry = 3
|
# max_retry = 3
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Optional SASL Config
|
## Optional SASL Config
|
||||||
|
@ -201,13 +193,12 @@ func (k *Kafka) Connect() error {
|
||||||
|
|
||||||
// Legacy support ssl config
|
// Legacy support ssl config
|
||||||
if k.Certificate != "" {
|
if k.Certificate != "" {
|
||||||
k.SSLCert = k.Certificate
|
k.TLSCert = k.Certificate
|
||||||
k.SSLCA = k.CA
|
k.TLSCA = k.CA
|
||||||
k.SSLKey = k.Key
|
k.TLSKey = k.Key
|
||||||
}
|
}
|
||||||
|
|
||||||
tlsConfig, err := internal.GetTLSConfig(
|
tlsConfig, err := k.ClientConfig.TLSConfig()
|
||||||
k.SSLCert, k.SSLKey, k.SSLCA, k.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -22,12 +22,12 @@ This plugin writes to a [MQTT Broker](http://http://mqtt.org/) acting as a mqtt
|
||||||
|
|
||||||
## Timeout for write operations. default: 5s
|
## Timeout for write operations. default: 5s
|
||||||
# timeout = "5s"
|
# timeout = "5s"
|
||||||
## Optional SSL Config
|
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
|
||||||
|
|
||||||
## Use SSL but skip chain & host verification
|
## Optional TLS Config
|
||||||
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Data format to output.
|
## Data format to output.
|
||||||
|
@ -45,8 +45,8 @@ This plugin writes to a [MQTT Broker](http://http://mqtt.org/) acting as a mqtt
|
||||||
* `password`: The password to connect MQTT server.
|
* `password`: The password to connect MQTT server.
|
||||||
* `client_id`: The unique client id to connect MQTT server. If this paramater is not set then a random ID is generated.
|
* `client_id`: The unique client id to connect MQTT server. If this paramater is not set then a random ID is generated.
|
||||||
* `timeout`: Timeout for write operations. default: 5s
|
* `timeout`: Timeout for write operations. default: 5s
|
||||||
* `ssl_ca`: SSL CA
|
* `tls_ca`: TLS CA
|
||||||
* `ssl_cert`: SSL CERT
|
* `tls_cert`: TLS CERT
|
||||||
* `ssl_key`: SSL key
|
* `tls_key`: TLS key
|
||||||
* `insecure_skip_verify`: Use SSL but skip chain & host verification (default: false)
|
* `insecure_skip_verify`: Use TLS but skip chain & host verification (default: false)
|
||||||
* `data_format`: [About Telegraf data formats](https://github.com/influxdata/telegraf/blob/master/docs/DATA_FORMATS_OUTPUT.md)
|
* `data_format`: [About Telegraf data formats](https://github.com/influxdata/telegraf/blob/master/docs/DATA_FORMATS_OUTPUT.md)
|
||||||
|
|
|
@ -8,6 +8,7 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/outputs"
|
"github.com/influxdata/telegraf/plugins/outputs"
|
||||||
"github.com/influxdata/telegraf/plugins/serializers"
|
"github.com/influxdata/telegraf/plugins/serializers"
|
||||||
|
|
||||||
|
@ -32,11 +33,11 @@ var sampleConfig = `
|
||||||
## client ID, if not set a random ID is generated
|
## client ID, if not set a random ID is generated
|
||||||
# client_id = ""
|
# client_id = ""
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Data format to output.
|
## Data format to output.
|
||||||
|
@ -55,15 +56,7 @@ type MQTT struct {
|
||||||
TopicPrefix string
|
TopicPrefix string
|
||||||
QoS int `toml:"qos"`
|
QoS int `toml:"qos"`
|
||||||
ClientID string `toml:"client_id"`
|
ClientID string `toml:"client_id"`
|
||||||
|
tls.ClientConfig
|
||||||
// Path to CA file
|
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
client paho.Client
|
client paho.Client
|
||||||
opts *paho.ClientOptions
|
opts *paho.ClientOptions
|
||||||
|
@ -174,8 +167,7 @@ func (m *MQTT) createOpts() (*paho.ClientOptions, error) {
|
||||||
opts.SetClientID("Telegraf-Output-" + internal.RandomString(5))
|
opts.SetClientID("Telegraf-Output-" + internal.RandomString(5))
|
||||||
}
|
}
|
||||||
|
|
||||||
tlsCfg, err := internal.GetTLSConfig(
|
tlsCfg, err := m.ClientConfig.TLSConfig()
|
||||||
m.SSLCert, m.SSLKey, m.SSLCA, m.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,7 +6,7 @@ import (
|
||||||
nats_client "github.com/nats-io/nats"
|
nats_client "github.com/nats-io/nats"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/outputs"
|
"github.com/influxdata/telegraf/plugins/outputs"
|
||||||
"github.com/influxdata/telegraf/plugins/serializers"
|
"github.com/influxdata/telegraf/plugins/serializers"
|
||||||
)
|
)
|
||||||
|
@ -19,15 +19,7 @@ type NATS struct {
|
||||||
Password string
|
Password string
|
||||||
// NATS subject to publish metrics to
|
// NATS subject to publish metrics to
|
||||||
Subject string
|
Subject string
|
||||||
|
tls.ClientConfig
|
||||||
// Path to CA file
|
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
conn *nats_client.Conn
|
conn *nats_client.Conn
|
||||||
serializer serializers.Serializer
|
serializer serializers.Serializer
|
||||||
|
@ -42,11 +34,11 @@ var sampleConfig = `
|
||||||
## NATS subject for producer messages
|
## NATS subject for producer messages
|
||||||
subject = "telegraf"
|
subject = "telegraf"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Data format to output.
|
## Data format to output.
|
||||||
|
@ -79,8 +71,7 @@ func (n *NATS) Connect() error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// override TLS, if it was specified
|
// override TLS, if it was specified
|
||||||
tlsConfig, err := internal.GetTLSConfig(
|
tlsConfig, err := n.ClientConfig.TLSConfig()
|
||||||
n.SSLCert, n.SSLKey, n.SSLCA, n.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,11 +19,11 @@ It can output data in any of the [supported output formats](https://github.com/i
|
||||||
# address = "unix:///tmp/telegraf.sock"
|
# address = "unix:///tmp/telegraf.sock"
|
||||||
# address = "unixgram:///tmp/telegraf.sock"
|
# address = "unixgram:///tmp/telegraf.sock"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Period between keep alive probes.
|
## Period between keep alive probes.
|
||||||
|
|
|
@ -10,17 +10,15 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
tlsint "github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/outputs"
|
"github.com/influxdata/telegraf/plugins/outputs"
|
||||||
"github.com/influxdata/telegraf/plugins/serializers"
|
"github.com/influxdata/telegraf/plugins/serializers"
|
||||||
)
|
)
|
||||||
|
|
||||||
type SocketWriter struct {
|
type SocketWriter struct {
|
||||||
Address string
|
Address string
|
||||||
KeepAlivePeriod *internal.Duration
|
KeepAlivePeriod *internal.Duration
|
||||||
SSLCA string
|
tlsint.ClientConfig
|
||||||
SSLCert string
|
|
||||||
SSLKey string
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
serializers.Serializer
|
serializers.Serializer
|
||||||
|
|
||||||
|
@ -45,11 +43,11 @@ func (sw *SocketWriter) SampleConfig() string {
|
||||||
# address = "unix:///tmp/telegraf.sock"
|
# address = "unix:///tmp/telegraf.sock"
|
||||||
# address = "unixgram:///tmp/telegraf.sock"
|
# address = "unixgram:///tmp/telegraf.sock"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Period between keep alive probes.
|
## Period between keep alive probes.
|
||||||
|
@ -76,7 +74,7 @@ func (sw *SocketWriter) Connect() error {
|
||||||
return fmt.Errorf("invalid address: %s", sw.Address)
|
return fmt.Errorf("invalid address: %s", sw.Address)
|
||||||
}
|
}
|
||||||
|
|
||||||
tlsCfg, err := internal.GetTLSConfig(sw.SSLCert, sw.SSLKey, sw.SSLCA, sw.InsecureSkipVerify)
|
tlsCfg, err := sw.ClientConfig.TLSConfig()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,12 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB0TCCATqgAwIBAgIJAMgbq6rkA4b/MA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNV
|
||||||
|
BAMMEFRlbGVncmFmIFRlc3QgQ0EwHhcNMTgwNTAzMDEwNTI5WhcNMjgwNDMwMDEw
|
||||||
|
NTI5WjAbMRkwFwYDVQQDDBBUZWxlZ3JhZiBUZXN0IENBMIGfMA0GCSqGSIb3DQEB
|
||||||
|
AQUAA4GNADCBiQKBgQDTySxyXeyQQjCOtNQ/7cKtXN91sp4B1k7whPKBO6yXEFFR
|
||||||
|
rYaw76xY5CTTPTJaAPBJ+amHPdPGfmGq6yX10tjAaWQQYV26Axngfpti6F14ci0/
|
||||||
|
X/sTay8ii/4Du5DRr9f9rHVimPASR1fkgK+IFhXnONn1R+pNbHYmGS4OVNyoPwID
|
||||||
|
AQABox0wGzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsF
|
||||||
|
AAOBgQA9v3eMU33q+bGPEd65kKQcVddPEFdSqmuUJMeO2VQmUFc/ejkP48u42eDK
|
||||||
|
Y1GAR+209XgkuWItEBH8HJysOU2plunuIPXpnPcxyP30tpFVLaWzWTQvUehhYpfQ
|
||||||
|
C0v9Re3jdLfLORxiaAPyyKogMpAQrjGX+u1aMSOCkcTD2Hjvbw==
|
||||||
|
-----END CERTIFICATE-----
|
|
@ -0,0 +1,16 @@
|
||||||
|
-----BEGIN PRIVATE KEY-----
|
||||||
|
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANPJLHJd7JBCMI60
|
||||||
|
1D/twq1c33WyngHWTvCE8oE7rJcQUVGthrDvrFjkJNM9MloA8En5qYc908Z+Yarr
|
||||||
|
JfXS2MBpZBBhXboDGeB+m2LoXXhyLT9f+xNrLyKL/gO7kNGv1/2sdWKY8BJHV+SA
|
||||||
|
r4gWFec42fVH6k1sdiYZLg5U3Kg/AgMBAAECgYA2PCtssk7Vdo3WzcoZAPs8yC7V
|
||||||
|
hkNedxJKF9G+dJizKtOYVhbLEuWQ8gPYMLDHSbw/RXc7kgK8rzq1uXhEJpWo4THD
|
||||||
|
CUUlxGRu3gt94202hbnEnV93Kix4hP98qpv1jPErlx2KywsRPTegMnUAZ2xeI564
|
||||||
|
yYwDITqXALa/PqRqSQJBAPPZQeRDtBSfEjZFJS3IgUkmN3RJn4rJz+6D0ahgXPga
|
||||||
|
YAYVe8SJyj2epLJP2aOBzrqBSUVkVGg8qOG5w+ibebsCQQDeVuUzYOffthO5f1Hl
|
||||||
|
LvdEmfaHjXI0Q+grOnDjNRcvQaCDYYkC9JewBQmnpFrd85rN/Leo0gQ5Yyxp/ja5
|
||||||
|
gPFNAkAFwn/38FF0mz1G4uM57Z6AJ9LvgD2wfYvXym1NWNlZUuYpvqApyEdqpTCm
|
||||||
|
tZQidJJ5fUxJw1DrFWO30Td7axC5AkEAjSbRX6rXyhiHsS35SexlInI0Jp5PsIqj
|
||||||
|
7D2vyS69R0z8oCvdlbi+TAsGtB0Navbqgnc8Cbs630vsuGWhTGdlyQJBAKqQ2gYw
|
||||||
|
+WeXH77FP8yDQOjpFw80tSyXVykT0Am75RF3sQ1OIn0o0DLhE+he0crb2n8g3FJh
|
||||||
|
WyxmGkbTDelSG20=
|
||||||
|
-----END PRIVATE KEY-----
|
|
@ -0,0 +1,13 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB+TCCAWKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDDBBUZWxl
|
||||||
|
Z3JhZiBUZXN0IENBMB4XDTE4MDUwMzAxMDUyOVoXDTI4MDQzMDAxMDUyOVowHTEb
|
||||||
|
MBkGA1UEAwwSY2xpZW50LmxvY2FsZG9tYWluMIGfMA0GCSqGSIb3DQEBAQUAA4GN
|
||||||
|
ADCBiQKBgQDX7Plvu0MJtA9TrusYtQnAogsdiYJZd9wfFIjH5FxE3SWJ4KAIE+yR
|
||||||
|
WRqcqX8XnpieQLaNsfXhDPWLkWngTDydk4NO/jlAQk0e6+9+NeiZ2ViIHmtXERb9
|
||||||
|
CyiiWUmo+YCd69lhzSEIMK9EPBSDHQTgQMtEfGak03G5rx3MCakE1QIDAQABo0sw
|
||||||
|
STAJBgNVHRMEAjAAMAsGA1UdDwQEAwIHgDAaBgNVHREEEzARgglsb2NhbGhvc3SH
|
||||||
|
BH8AAAEwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADgYEAVry0
|
||||||
|
L07oTN+FMLncY/Be9BzFB3b3mnbxbZr58OgI4WHuOeYBuvDI033FIIIzpwb8XYpG
|
||||||
|
HJkZlSbviqq19lAh/Cktl35BCNrA6Uc+dgW7QWhnYS2tZandVTo/8FFstJTNiiLw
|
||||||
|
uiz/Hr3mRXUIDi5OygJHY1IZr8hFTOOJY+0ws3E=
|
||||||
|
-----END CERTIFICATE-----
|
|
@ -0,0 +1,15 @@
|
||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
MIICXAIBAAKBgQDX7Plvu0MJtA9TrusYtQnAogsdiYJZd9wfFIjH5FxE3SWJ4KAI
|
||||||
|
E+yRWRqcqX8XnpieQLaNsfXhDPWLkWngTDydk4NO/jlAQk0e6+9+NeiZ2ViIHmtX
|
||||||
|
ERb9CyiiWUmo+YCd69lhzSEIMK9EPBSDHQTgQMtEfGak03G5rx3MCakE1QIDAQAB
|
||||||
|
AoGAOjRU4Lt3zKvO3d3u3ZAfet+zY1jn3DolCfO9EzUJcj6ymcIFIWhNgrikJcrC
|
||||||
|
yZkkxrPnAbcQ8oNNxTuDcMTcKZbnyUnlQj5NtVuty5Q+zgf3/Q2pRhaE+TwrpOJ+
|
||||||
|
ETtVp9R/PrPN2NC5wPo289fPNWFYkd4DPbdWZp5AJHz1XYECQQD3kKpinJxMYp9F
|
||||||
|
Q1Qj1OkxGln0KPgdqRYjjW/rXI4/hUodfg+xXWHPFSGj3AgEjQIvuengbOAeH3qo
|
||||||
|
wF1uxVTlAkEA30hXM3EbboMCDQzNRNkkV9EiZ0MZXhj1aIGl+sQZOmOeFdcdjGkD
|
||||||
|
dsA42nmaYqXCD9KAvc+S/tGJaa0Qg0VhMQJAb2+TAqh0Qn3yK39PFIH2JcAy1ZDL
|
||||||
|
fq5p5L75rfwPm9AnuHbSIYhjSo+8gMG+ai3+2fTZrcfUajrJP8S3SfFRcQJBANQQ
|
||||||
|
POHatxcKzlPeqMaPBXlyY553mAxK4CnVmPLGdL+EBYzwtlu5EVUj09uMSxkOHXYx
|
||||||
|
k5yzHQVvtXbsrBZBOsECQBJLlkMjJmXrIIdLPmHQWL3bm9MMg1PqzupSEwz6cyrG
|
||||||
|
uIIm/X91pDyxCHaKYWp38FXBkYAgohI8ow5/sgRvU5w=
|
||||||
|
-----END RSA PRIVATE KEY-----
|
|
@ -0,0 +1,13 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB+TCCAWKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDDBBUZWxl
|
||||||
|
Z3JhZiBUZXN0IENBMB4XDTE4MDUwMzAxMDUyOVoXDTI4MDQzMDAxMDUyOVowHTEb
|
||||||
|
MBkGA1UEAwwSc2VydmVyLmxvY2FsZG9tYWluMIGfMA0GCSqGSIb3DQEBAQUAA4GN
|
||||||
|
ADCBiQKBgQDTBmLJ0pBFUxnPkkx38sBnOKvs+OinVqxTnVcc1iCyQJQleB37uY6D
|
||||||
|
L55mSsPvnad/oDpyGpHt4RVtrhmyC6ptSrWLyk7mraeAo30Cooqr5tA9A+6yj0ij
|
||||||
|
ySLlYimTMQy8tbnVNWLwKbxgT9N4NlUzwyqxLWUMfRzLfmefqzk5bQIDAQABo0sw
|
||||||
|
STAJBgNVHRMEAjAAMBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATALBgNVHQ8E
|
||||||
|
BAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADgYEATNnM
|
||||||
|
ol0s29lJ+WkP+HUFtKaXxQ+kXLADqfhsk2G1/kZAVRHsYUDlJ+GkHnWIHlg/ggIP
|
||||||
|
JS+z44iwMPOtzJQI7MvAFYVKpYAEdIFTjXf6GafLjUfoXYi0vwHoVJHtQu3Kpm9L
|
||||||
|
Ugm02h0ycIadN8RdWAAFUf6XpVKUJa0YYLuyaXY=
|
||||||
|
-----END CERTIFICATE-----
|
|
@ -0,0 +1,15 @@
|
||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
MIICXQIBAAKBgQDTBmLJ0pBFUxnPkkx38sBnOKvs+OinVqxTnVcc1iCyQJQleB37
|
||||||
|
uY6DL55mSsPvnad/oDpyGpHt4RVtrhmyC6ptSrWLyk7mraeAo30Cooqr5tA9A+6y
|
||||||
|
j0ijySLlYimTMQy8tbnVNWLwKbxgT9N4NlUzwyqxLWUMfRzLfmefqzk5bQIDAQAB
|
||||||
|
AoGBALWQAgFJxM2QwV1hr59oYnitPudmBa6smRpb/q6V4Y3cmFpgrdN+hIqEtxGl
|
||||||
|
9E0+5PWfI4o3KCV2itxSdlNFTDyqTZkM+BT8PPKISzAewkdqnKjbWgAmluzOJH4O
|
||||||
|
hc1zBfIOuT5+cfx5JR5/j9BhWVC7BJ+EiREkd/Z8ZnAMeItVAkEA8bhcC+8luiFQ
|
||||||
|
6kytXx2XfbKKh4Q99+KEQHqSGeuHZOcnWfjX99jo67CIxpwBRENslpZOw78fBmi4
|
||||||
|
4kf8j+dgLwJBAN99zyRxYzKc8TSsy/fF+3V/Ex75HYGGS/eOWcwPFXpGNA63hIa8
|
||||||
|
fJ/2pDnLzCqLZ9vWdBF39NtkacJS7bo6XSMCQQCZgN2bipSn3k53bJhRJga1gXOt
|
||||||
|
2dJMoGIiXHR513QVJSJ9ZaUpNWu9eU9y6VF4m2TTQMLmVnIKbOi0csi2TlZrAkAi
|
||||||
|
7URsC5RXGpPPiZmutTAhIqTYWFI2JcjFfWenLkxK+aG1ExURAW/wh9kOdz0HARZQ
|
||||||
|
Eum8uSR5DO5CQjeIvQpFAkAgZJXAwRxuts/p1EoLuPCJTaDkIY2vc0AJzzr5nuAs
|
||||||
|
pyjnLYCYqSBUJ+3nDDBqNYpgxCJddzmjNxGuO7mef9Ue
|
||||||
|
-----END RSA PRIVATE KEY-----
|
|
@ -46,21 +46,31 @@ keyUsage = keyCertSign, cRLSign
|
||||||
[ client_ca_extensions ]
|
[ client_ca_extensions ]
|
||||||
basicConstraints = CA:false
|
basicConstraints = CA:false
|
||||||
keyUsage = digitalSignature
|
keyUsage = digitalSignature
|
||||||
|
subjectAltName = @client_alt_names
|
||||||
extendedKeyUsage = 1.3.6.1.5.5.7.3.2
|
extendedKeyUsage = 1.3.6.1.5.5.7.3.2
|
||||||
|
|
||||||
|
[ client_alt_names ]
|
||||||
|
DNS.1 = localhost
|
||||||
|
IP.1 = 127.0.0.1
|
||||||
|
|
||||||
[ server_ca_extensions ]
|
[ server_ca_extensions ]
|
||||||
basicConstraints = CA:false
|
basicConstraints = CA:false
|
||||||
keyUsage = keyEncipherment
|
subjectAltName = @server_alt_names
|
||||||
|
keyUsage = keyEncipherment, digitalSignature
|
||||||
extendedKeyUsage = 1.3.6.1.5.5.7.3.1
|
extendedKeyUsage = 1.3.6.1.5.5.7.3.1
|
||||||
|
|
||||||
|
[ server_alt_names ]
|
||||||
|
DNS.1 = localhost
|
||||||
|
IP.1 = 127.0.0.1
|
||||||
EOF
|
EOF
|
||||||
openssl req -x509 -config ./openssl.conf -days 3650 -newkey rsa:1024 -out ./certs/cacert.pem -keyout ./private/cakey.pem -subj "/CN=Telegraf CA/" -nodes &&
|
openssl req -x509 -config ./openssl.conf -days 3650 -newkey rsa:1024 -out ./certs/cacert.pem -keyout ./private/cakey.pem -subj "/CN=Telegraf Test CA/" -nodes &&
|
||||||
|
|
||||||
# Create server keypair
|
# Create server keypair
|
||||||
openssl genrsa -out ./private/serverkey.pem 1024 &&
|
openssl genrsa -out ./private/serverkey.pem 1024 &&
|
||||||
openssl req -new -key ./private/serverkey.pem -out ./certs/servercsr.pem -outform PEM -subj "/CN=localhost/O=server/" &&
|
openssl req -new -key ./private/serverkey.pem -out ./certs/servercsr.pem -outform PEM -subj "/CN=server.localdomain/O=server/" &&
|
||||||
openssl ca -config ./openssl.conf -in ./certs/servercsr.pem -out ./certs/servercert.pem -notext -batch -extensions server_ca_extensions &&
|
openssl ca -config ./openssl.conf -in ./certs/servercsr.pem -out ./certs/servercert.pem -notext -batch -extensions server_ca_extensions &&
|
||||||
|
|
||||||
# Create client keypair
|
# Create client keypair
|
||||||
openssl genrsa -out ./private/clientkey.pem 1024 &&
|
openssl genrsa -out ./private/clientkey.pem 1024 &&
|
||||||
openssl req -new -key ./private/clientkey.pem -out ./certs/clientcsr.pem -outform PEM -subj "/CN=telegraf/O=client/" &&
|
openssl req -new -key ./private/clientkey.pem -out ./certs/clientcsr.pem -outform PEM -subj "/CN=client.localdomain/O=client/" &&
|
||||||
openssl ca -config ./openssl.conf -in ./certs/clientcsr.pem -out ./certs/clientcert.pem -notext -batch -extensions client_ca_extensions
|
openssl ca -config ./openssl.conf -in ./certs/clientcsr.pem -out ./certs/clientcert.pem -notext -batch -extensions client_ca_extensions
|
|
@ -0,0 +1,86 @@
|
||||||
|
package testutil
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"io/ioutil"
|
||||||
|
"os"
|
||||||
|
"path"
|
||||||
|
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
|
)
|
||||||
|
|
||||||
|
type pki struct {
|
||||||
|
path string
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewPKI(path string) *pki {
|
||||||
|
return &pki{path: path}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *pki) TLSClientConfig() *tls.ClientConfig {
|
||||||
|
return &tls.ClientConfig{
|
||||||
|
TLSCA: p.CACertPath(),
|
||||||
|
TLSCert: p.ClientCertPath(),
|
||||||
|
TLSKey: p.ClientKeyPath(),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *pki) TLSServerConfig() *tls.ServerConfig {
|
||||||
|
return &tls.ServerConfig{
|
||||||
|
TLSAllowedCACerts: []string{p.CACertPath()},
|
||||||
|
TLSCert: p.ServerCertPath(),
|
||||||
|
TLSKey: p.ServerKeyPath(),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *pki) ReadCACert() string {
|
||||||
|
return readCertificate(p.CACertPath())
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *pki) CACertPath() string {
|
||||||
|
return path.Join(p.path, "cacert.pem")
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *pki) ReadClientCert() string {
|
||||||
|
return readCertificate(p.ClientCertPath())
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *pki) ClientCertPath() string {
|
||||||
|
return path.Join(p.path, "clientcert.pem")
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *pki) ReadClientKey() string {
|
||||||
|
return readCertificate(p.ClientKeyPath())
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *pki) ClientKeyPath() string {
|
||||||
|
return path.Join(p.path, "clientkey.pem")
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *pki) ReadServerCert() string {
|
||||||
|
return readCertificate(p.ServerCertPath())
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *pki) ServerCertPath() string {
|
||||||
|
return path.Join(p.path, "servercert.pem")
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *pki) ReadServerKey() string {
|
||||||
|
return readCertificate(p.ServerKeyPath())
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *pki) ServerKeyPath() string {
|
||||||
|
return path.Join(p.path, "serverkey.pem")
|
||||||
|
}
|
||||||
|
|
||||||
|
func readCertificate(filename string) string {
|
||||||
|
file, err := os.Open(filename)
|
||||||
|
if err != nil {
|
||||||
|
panic(fmt.Sprintf("opening %q: %v", filename, err))
|
||||||
|
}
|
||||||
|
octets, err := ioutil.ReadAll(file)
|
||||||
|
if err != nil {
|
||||||
|
panic(fmt.Sprintf("reading %q: %v", filename, err))
|
||||||
|
}
|
||||||
|
return string(octets)
|
||||||
|
}
|
Loading…
Reference in New Issue