Simplify testing with TLS (#4095)
This commit is contained in:
parent
b2bb44363a
commit
de355b76d6
|
@ -7,6 +7,10 @@
|
||||||
an [example configuration](./plugins/inputs/jolokia2/examples) to help you
|
an [example configuration](./plugins/inputs/jolokia2/examples) to help you
|
||||||
get started.
|
get started.
|
||||||
|
|
||||||
|
- For plugins supporting TLS, you can now specify the certificate and keys
|
||||||
|
using `tls_ca`, `tls_cert`, `tls_key`. These options behave the same as
|
||||||
|
the, now deprecated, `ssl` forms.
|
||||||
|
|
||||||
### New Inputs
|
### New Inputs
|
||||||
|
|
||||||
- [fibaro](./plugins/inputs/fibaro/README.md) - Contributed by @dynek
|
- [fibaro](./plugins/inputs/fibaro/README.md) - Contributed by @dynek
|
||||||
|
|
|
@ -121,11 +121,11 @@
|
||||||
## UDP payload size is the maximum packet size to send.
|
## UDP payload size is the maximum packet size to send.
|
||||||
# udp_payload = 512
|
# udp_payload = 512
|
||||||
|
|
||||||
## Optional SSL Config for use on HTTP connections.
|
## Optional TLS Config for use on HTTP connections.
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## HTTP Proxy override, if unset values the standard proxy environment
|
## HTTP Proxy override, if unset values the standard proxy environment
|
||||||
|
@ -184,11 +184,11 @@
|
||||||
# ## to 5s. 0s means no timeout (not recommended).
|
# ## to 5s. 0s means no timeout (not recommended).
|
||||||
# # timeout = "5s"
|
# # timeout = "5s"
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
#
|
#
|
||||||
# ## Data format to output.
|
# ## Data format to output.
|
||||||
|
@ -284,11 +284,11 @@
|
||||||
# # default_tag_value = "none"
|
# # default_tag_value = "none"
|
||||||
# index_name = "telegraf-%Y.%m.%d" # required.
|
# index_name = "telegraf-%Y.%m.%d" # required.
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
#
|
#
|
||||||
# ## Template Config
|
# ## Template Config
|
||||||
|
@ -327,11 +327,11 @@
|
||||||
# ## timeout in seconds for the write connection to graphite
|
# ## timeout in seconds for the write connection to graphite
|
||||||
# timeout = 2
|
# timeout = 2
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
|
|
||||||
|
|
||||||
|
@ -420,11 +420,11 @@
|
||||||
# ## The total number of times to retry sending a message
|
# ## The total number of times to retry sending a message
|
||||||
# max_retry = 3
|
# max_retry = 3
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
#
|
#
|
||||||
# ## Optional SASL Config
|
# ## Optional SASL Config
|
||||||
|
@ -536,11 +536,11 @@
|
||||||
# ## client ID, if not set a random ID is generated
|
# ## client ID, if not set a random ID is generated
|
||||||
# # client_id = ""
|
# # client_id = ""
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
#
|
#
|
||||||
# ## Data format to output.
|
# ## Data format to output.
|
||||||
|
@ -560,11 +560,11 @@
|
||||||
# ## NATS subject for producer messages
|
# ## NATS subject for producer messages
|
||||||
# subject = "telegraf"
|
# subject = "telegraf"
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
#
|
#
|
||||||
# ## Data format to output.
|
# ## Data format to output.
|
||||||
|
@ -695,11 +695,11 @@
|
||||||
# # address = "unix:///tmp/telegraf.sock"
|
# # address = "unix:///tmp/telegraf.sock"
|
||||||
# # address = "unixgram:///tmp/telegraf.sock"
|
# # address = "unixgram:///tmp/telegraf.sock"
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
#
|
#
|
||||||
# ## Period between keep alive probes.
|
# ## Period between keep alive probes.
|
||||||
|
@ -928,11 +928,11 @@
|
||||||
# ## Maximum time to receive response.
|
# ## Maximum time to receive response.
|
||||||
# # response_timeout = "5s"
|
# # response_timeout = "5s"
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
|
|
||||||
|
|
||||||
|
@ -1112,11 +1112,11 @@
|
||||||
# ## Data centre to query the health checks from
|
# ## Data centre to query the health checks from
|
||||||
# # datacentre = ""
|
# # datacentre = ""
|
||||||
#
|
#
|
||||||
# ## SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## If false, skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = true
|
# # insecure_skip_verify = true
|
||||||
|
|
||||||
|
|
||||||
|
@ -1173,10 +1173,10 @@
|
||||||
# ## Maximum time to receive a response from cluster.
|
# ## Maximum time to receive a response from cluster.
|
||||||
# # response_timeout = "20s"
|
# # response_timeout = "20s"
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## If false, skip chain & host verification
|
# ## If false, skip chain & host verification
|
||||||
# # insecure_skip_verify = true
|
# # insecure_skip_verify = true
|
||||||
#
|
#
|
||||||
|
@ -1261,11 +1261,11 @@
|
||||||
# docker_label_include = []
|
# docker_label_include = []
|
||||||
# docker_label_exclude = []
|
# docker_label_exclude = []
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
|
|
||||||
|
|
||||||
|
@ -1317,11 +1317,11 @@
|
||||||
# ## "breaker". Per default, all stats are gathered.
|
# ## "breaker". Per default, all stats are gathered.
|
||||||
# # node_stats = ["jvm", "http"]
|
# # node_stats = ["jvm", "http"]
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
|
|
||||||
|
|
||||||
|
@ -1428,11 +1428,11 @@
|
||||||
# username = ""
|
# username = ""
|
||||||
# password = ""
|
# password = ""
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
|
|
||||||
|
|
||||||
|
@ -1456,11 +1456,11 @@
|
||||||
# ## field names.
|
# ## field names.
|
||||||
# # keep_field_names = false
|
# # keep_field_names = false
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
|
|
||||||
|
|
||||||
|
@ -1497,11 +1497,11 @@
|
||||||
# ## Tag all metrics with the url
|
# ## Tag all metrics with the url
|
||||||
# # tag_url = true
|
# # tag_url = true
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
#
|
#
|
||||||
# ## Amount of time allowed to complete the HTTP request
|
# ## Amount of time allowed to complete the HTTP request
|
||||||
|
@ -1541,11 +1541,11 @@
|
||||||
# # response_string_match = "ok"
|
# # response_string_match = "ok"
|
||||||
# # response_string_match = "\".*_status\".?:.?\"up\""
|
# # response_string_match = "\".*_status\".?:.?\"up\""
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
#
|
#
|
||||||
# ## HTTP Request Headers (all values must be strings)
|
# ## HTTP Request Headers (all values must be strings)
|
||||||
|
@ -1581,11 +1581,11 @@
|
||||||
# # "my_tag_2"
|
# # "my_tag_2"
|
||||||
# # ]
|
# # ]
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
#
|
#
|
||||||
# ## HTTP parameters (all values must be strings). For "GET" requests, data
|
# ## HTTP parameters (all values must be strings). For "GET" requests, data
|
||||||
|
@ -1613,11 +1613,11 @@
|
||||||
# "http://localhost:8086/debug/vars"
|
# "http://localhost:8086/debug/vars"
|
||||||
# ]
|
# ]
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
#
|
#
|
||||||
# ## http request & header timeout
|
# ## http request & header timeout
|
||||||
|
@ -1771,10 +1771,10 @@
|
||||||
# # password = ""
|
# # password = ""
|
||||||
# # response_timeout = "5s"
|
# # response_timeout = "5s"
|
||||||
#
|
#
|
||||||
# ## Optional SSL config
|
# ## Optional TLS config
|
||||||
# # ssl_ca = "/var/private/ca.pem"
|
# # tls_ca = "/var/private/ca.pem"
|
||||||
# # ssl_cert = "/var/private/client.pem"
|
# # tls_cert = "/var/private/client.pem"
|
||||||
# # ssl_key = "/var/private/client-key.pem"
|
# # tls_key = "/var/private/client-key.pem"
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
#
|
#
|
||||||
# ## Add metrics to read
|
# ## Add metrics to read
|
||||||
|
@ -1796,10 +1796,10 @@
|
||||||
# # password = ""
|
# # password = ""
|
||||||
# # response_timeout = "5s"
|
# # response_timeout = "5s"
|
||||||
#
|
#
|
||||||
# ## Optional SSL config
|
# ## Optional TLS config
|
||||||
# # ssl_ca = "/var/private/ca.pem"
|
# # tls_ca = "/var/private/ca.pem"
|
||||||
# # ssl_cert = "/var/private/client.pem"
|
# # tls_cert = "/var/private/client.pem"
|
||||||
# # ssl_key = "/var/private/client-key.pem"
|
# # tls_key = "/var/private/client-key.pem"
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
#
|
#
|
||||||
# ## Add proxy targets to query
|
# ## Add proxy targets to query
|
||||||
|
@ -1828,11 +1828,11 @@
|
||||||
# ## Time limit for http requests
|
# ## Time limit for http requests
|
||||||
# timeout = "5s"
|
# timeout = "5s"
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
|
|
||||||
|
|
||||||
|
@ -1852,11 +1852,11 @@
|
||||||
# ## Set response_timeout (default 5 seconds)
|
# ## Set response_timeout (default 5 seconds)
|
||||||
# # response_timeout = "5s"
|
# # response_timeout = "5s"
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = /path/to/cafile
|
# # tls_ca = /path/to/cafile
|
||||||
# # ssl_cert = /path/to/certfile
|
# # tls_cert = /path/to/certfile
|
||||||
# # ssl_key = /path/to/keyfile
|
# # tls_key = /path/to/keyfile
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
|
|
||||||
|
|
||||||
|
@ -1948,11 +1948,11 @@
|
||||||
# # "messages",
|
# # "messages",
|
||||||
# # ]
|
# # ]
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
|
|
||||||
|
|
||||||
|
@ -1978,11 +1978,11 @@
|
||||||
# ## When true, collect per database stats
|
# ## When true, collect per database stats
|
||||||
# # gather_perdb_stats = false
|
# # gather_perdb_stats = false
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
|
|
||||||
|
|
||||||
|
@ -2061,10 +2061,12 @@
|
||||||
# ## Some queries we may want to run less often (such as SHOW GLOBAL VARIABLES)
|
# ## Some queries we may want to run less often (such as SHOW GLOBAL VARIABLES)
|
||||||
# interval_slow = "30m"
|
# interval_slow = "30m"
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config (will be used if tls=custom parameter specified in server uri)
|
# ## Optional TLS Config (will be used if tls=custom parameter specified in server uri)
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
|
# ## Use TLS but skip chain & host verification
|
||||||
|
# # insecure_skip_verify = false
|
||||||
|
|
||||||
|
|
||||||
# # Provides metrics about the state of a NATS server
|
# # Provides metrics about the state of a NATS server
|
||||||
|
@ -2124,10 +2126,11 @@
|
||||||
# # An array of Nginx stub_status URI to gather stats.
|
# # An array of Nginx stub_status URI to gather stats.
|
||||||
# urls = ["http://localhost/server_status"]
|
# urls = ["http://localhost/server_status"]
|
||||||
#
|
#
|
||||||
# # TLS/SSL configuration
|
# ## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.cer"
|
# tls_cert = "/etc/telegraf/cert.cer"
|
||||||
# ssl_key = "/etc/telegraf/key.key"
|
# tls_key = "/etc/telegraf/key.key"
|
||||||
|
# ## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
#
|
#
|
||||||
# # HTTP response timeout (default: 5s)
|
# # HTTP response timeout (default: 5s)
|
||||||
|
@ -2190,7 +2193,7 @@
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
#
|
#
|
||||||
# # Path to PEM-encoded Root certificate to use to verify server certificate
|
# # Path to PEM-encoded Root certificate to use to verify server certificate
|
||||||
# ssl_ca = "/etc/ssl/certs.pem"
|
# tls_ca = "/etc/ssl/certs.pem"
|
||||||
#
|
#
|
||||||
# # dn/password to bind with. If bind_dn is empty, an anonymous bind is performed.
|
# # dn/password to bind with. If bind_dn is empty, an anonymous bind is performed.
|
||||||
# bind_dn = ""
|
# bind_dn = ""
|
||||||
|
@ -2341,11 +2344,11 @@
|
||||||
# ## Specify timeout duration for slower prometheus clients (default is 3s)
|
# ## Specify timeout duration for slower prometheus clients (default is 3s)
|
||||||
# # response_timeout = "3s"
|
# # response_timeout = "3s"
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = /path/to/cafile
|
# # tls_ca = /path/to/cafile
|
||||||
# # ssl_cert = /path/to/certfile
|
# # tls_cert = /path/to/certfile
|
||||||
# # ssl_key = /path/to/keyfile
|
# # tls_key = /path/to/keyfile
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
|
|
||||||
|
|
||||||
|
@ -2365,11 +2368,11 @@
|
||||||
# # username = "guest"
|
# # username = "guest"
|
||||||
# # password = "guest"
|
# # password = "guest"
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
#
|
#
|
||||||
# ## Optional request timeouts
|
# ## Optional request timeouts
|
||||||
|
@ -2798,11 +2801,11 @@
|
||||||
# ## Request timeout
|
# ## Request timeout
|
||||||
# # timeout = "5s"
|
# # timeout = "5s"
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
|
|
||||||
|
|
||||||
|
@ -2886,11 +2889,11 @@
|
||||||
# ## Timeout for metric collections from all servers. Minimum timeout is "1s".
|
# ## Timeout for metric collections from all servers. Minimum timeout is "1s".
|
||||||
# # timeout = "5s"
|
# # timeout = "5s"
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # enable_ssl = true
|
# # enable_tls = true
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## If false, skip chain & host verification
|
# ## If false, skip chain & host verification
|
||||||
# # insecure_skip_verify = true
|
# # insecure_skip_verify = true
|
||||||
|
|
||||||
|
@ -2919,11 +2922,11 @@
|
||||||
# ## described here: https://www.rabbitmq.com/plugins.html
|
# ## described here: https://www.rabbitmq.com/plugins.html
|
||||||
# # auth_method = "PLAIN"
|
# # auth_method = "PLAIN"
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
#
|
#
|
||||||
# ## Data format to consume.
|
# ## Data format to consume.
|
||||||
|
@ -2994,11 +2997,11 @@
|
||||||
# ## topic(s) to consume
|
# ## topic(s) to consume
|
||||||
# topics = ["telegraf"]
|
# topics = ["telegraf"]
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
#
|
#
|
||||||
# ## Optional SASL Config
|
# ## Optional SASL Config
|
||||||
|
@ -3124,11 +3127,11 @@
|
||||||
# # username = "telegraf"
|
# # username = "telegraf"
|
||||||
# # password = "metricsmetricsmetricsmetrics"
|
# # password = "metricsmetricsmetricsmetrics"
|
||||||
#
|
#
|
||||||
# ## Optional SSL Config
|
# ## Optional TLS Config
|
||||||
# # ssl_ca = "/etc/telegraf/ca.pem"
|
# # tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# # ssl_cert = "/etc/telegraf/cert.pem"
|
# # tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# # ssl_key = "/etc/telegraf/key.pem"
|
# # tls_key = "/etc/telegraf/key.pem"
|
||||||
# ## Use SSL but skip chain & host verification
|
# ## Use TLS but skip chain & host verification
|
||||||
# # insecure_skip_verify = false
|
# # insecure_skip_verify = false
|
||||||
#
|
#
|
||||||
# ## Data format to consume.
|
# ## Data format to consume.
|
||||||
|
|
|
@ -4,11 +4,7 @@ import (
|
||||||
"bufio"
|
"bufio"
|
||||||
"bytes"
|
"bytes"
|
||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
"crypto/tls"
|
|
||||||
"crypto/x509"
|
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
|
||||||
"io/ioutil"
|
|
||||||
"log"
|
"log"
|
||||||
"math/big"
|
"math/big"
|
||||||
"os"
|
"os"
|
||||||
|
@ -112,94 +108,6 @@ func RandomString(n int) string {
|
||||||
return string(bytes)
|
return string(bytes)
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetTLSConfig gets a tls.Config object from the given certs, key, and CA files
|
|
||||||
// for use with a client.
|
|
||||||
// The full path to each file must be provided.
|
|
||||||
// Returns a nil pointer if all files are blank and InsecureSkipVerify=false.
|
|
||||||
func GetTLSConfig(
|
|
||||||
SSLCert, SSLKey, SSLCA string,
|
|
||||||
InsecureSkipVerify bool,
|
|
||||||
) (*tls.Config, error) {
|
|
||||||
if SSLCert == "" && SSLKey == "" && SSLCA == "" && !InsecureSkipVerify {
|
|
||||||
return nil, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
t := &tls.Config{
|
|
||||||
InsecureSkipVerify: InsecureSkipVerify,
|
|
||||||
}
|
|
||||||
|
|
||||||
if SSLCA != "" {
|
|
||||||
caCert, err := ioutil.ReadFile(SSLCA)
|
|
||||||
if err != nil {
|
|
||||||
return nil, errors.New(fmt.Sprintf("Could not load TLS CA: %s",
|
|
||||||
err))
|
|
||||||
}
|
|
||||||
|
|
||||||
caCertPool := x509.NewCertPool()
|
|
||||||
caCertPool.AppendCertsFromPEM(caCert)
|
|
||||||
t.RootCAs = caCertPool
|
|
||||||
}
|
|
||||||
|
|
||||||
if SSLCert != "" && SSLKey != "" {
|
|
||||||
cert, err := tls.LoadX509KeyPair(SSLCert, SSLKey)
|
|
||||||
if err != nil {
|
|
||||||
return nil, errors.New(fmt.Sprintf(
|
|
||||||
"Could not load TLS client key/certificate from %s:%s: %s",
|
|
||||||
SSLKey, SSLCert, err))
|
|
||||||
}
|
|
||||||
|
|
||||||
t.Certificates = []tls.Certificate{cert}
|
|
||||||
t.BuildNameToCertificate()
|
|
||||||
}
|
|
||||||
|
|
||||||
// will be nil by default if nothing is provided
|
|
||||||
return t, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// GetServerTLSConfig gets a tls.Config object from the given certs, key, and one or more CA files
|
|
||||||
// for use with a server.
|
|
||||||
// The full path to each file must be provided.
|
|
||||||
// Returns a nil pointer if all files are blank.
|
|
||||||
func GetServerTLSConfig(
|
|
||||||
TLSCert, TLSKey string,
|
|
||||||
TLSAllowedCACerts []string,
|
|
||||||
) (*tls.Config, error) {
|
|
||||||
if TLSCert == "" && TLSKey == "" && len(TLSAllowedCACerts) == 0 {
|
|
||||||
return nil, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
t := &tls.Config{}
|
|
||||||
|
|
||||||
if len(TLSAllowedCACerts) != 0 {
|
|
||||||
caCertPool := x509.NewCertPool()
|
|
||||||
for _, cert := range TLSAllowedCACerts {
|
|
||||||
c, err := ioutil.ReadFile(cert)
|
|
||||||
if err != nil {
|
|
||||||
return nil, errors.New(fmt.Sprintf("Could not load TLS CA: %s",
|
|
||||||
err))
|
|
||||||
}
|
|
||||||
caCertPool.AppendCertsFromPEM(c)
|
|
||||||
}
|
|
||||||
t.ClientCAs = caCertPool
|
|
||||||
t.ClientAuth = tls.RequireAndVerifyClientCert
|
|
||||||
}
|
|
||||||
|
|
||||||
if TLSCert != "" && TLSKey != "" {
|
|
||||||
cert, err := tls.LoadX509KeyPair(TLSCert, TLSKey)
|
|
||||||
if err != nil {
|
|
||||||
return nil, errors.New(fmt.Sprintf(
|
|
||||||
"Could not load TLS client key/certificate from %s:%s: %s",
|
|
||||||
TLSKey, TLSCert, err))
|
|
||||||
}
|
|
||||||
|
|
||||||
t.Certificates = []tls.Certificate{cert}
|
|
||||||
}
|
|
||||||
|
|
||||||
t.BuildNameToCertificate()
|
|
||||||
|
|
||||||
return t, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// SnakeCase converts the given string to snake case following the Golang format:
|
// SnakeCase converts the given string to snake case following the Golang format:
|
||||||
// acronyms are converted to lower-case and preceded by an underscore.
|
// acronyms are converted to lower-case and preceded by an underscore.
|
||||||
func SnakeCase(in string) string {
|
func SnakeCase(in string) string {
|
||||||
|
|
|
@ -0,0 +1,130 @@
|
||||||
|
package tls
|
||||||
|
|
||||||
|
import (
|
||||||
|
"crypto/tls"
|
||||||
|
"crypto/x509"
|
||||||
|
"fmt"
|
||||||
|
"io/ioutil"
|
||||||
|
)
|
||||||
|
|
||||||
|
// ClientConfig represents the standard client TLS config.
|
||||||
|
type ClientConfig struct {
|
||||||
|
TLSCA string `toml:"tls_ca"`
|
||||||
|
TLSCert string `toml:"tls_cert"`
|
||||||
|
TLSKey string `toml:"tls_key"`
|
||||||
|
InsecureSkipVerify bool `toml:"insecure_skip_verify"`
|
||||||
|
|
||||||
|
// Deprecated in 1.7; use TLS variables above
|
||||||
|
SSLCA string `toml:"ssl_ca"`
|
||||||
|
SSLCert string `toml:"ssl_cert"`
|
||||||
|
SSLKey string `toml:"ssl_ca"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// ServerConfig represents the standard server TLS config.
|
||||||
|
type ServerConfig struct {
|
||||||
|
TLSCert string `toml:"tls_cert"`
|
||||||
|
TLSKey string `toml:"tls_key"`
|
||||||
|
TLSAllowedCACerts []string `toml:"tls_allowed_cacerts"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// TLSConfig returns a tls.Config, may be nil without error if TLS is not
|
||||||
|
// configured.
|
||||||
|
func (c *ClientConfig) TLSConfig() (*tls.Config, error) {
|
||||||
|
// Support deprecated variable names
|
||||||
|
if c.TLSCA == "" && c.SSLCA != "" {
|
||||||
|
c.TLSCA = c.SSLCA
|
||||||
|
}
|
||||||
|
if c.TLSCert == "" && c.SSLCert != "" {
|
||||||
|
c.TLSCert = c.SSLCert
|
||||||
|
}
|
||||||
|
if c.TLSKey == "" && c.SSLKey != "" {
|
||||||
|
c.TLSKey = c.SSLKey
|
||||||
|
}
|
||||||
|
|
||||||
|
// TODO: return default tls.Config; plugins should not call if they don't
|
||||||
|
// want TLS, this will require using another option to determine. In the
|
||||||
|
// case of an HTTP plugin, you could use `https`. Other plugins may need
|
||||||
|
// the dedicated option `TLSEnable`.
|
||||||
|
if c.TLSCA == "" && c.TLSKey == "" && c.TLSCert == "" && !c.InsecureSkipVerify {
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
tlsConfig := &tls.Config{
|
||||||
|
InsecureSkipVerify: c.InsecureSkipVerify,
|
||||||
|
Renegotiation: tls.RenegotiateNever,
|
||||||
|
}
|
||||||
|
|
||||||
|
if c.TLSCA != "" {
|
||||||
|
pool, err := makeCertPool([]string{c.TLSCA})
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
tlsConfig.RootCAs = pool
|
||||||
|
}
|
||||||
|
|
||||||
|
if c.TLSCert != "" && c.TLSKey != "" {
|
||||||
|
err := loadCertificate(tlsConfig, c.TLSCert, c.TLSKey)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return tlsConfig, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// TLSConfig returns a tls.Config, may be nil without error if TLS is not
|
||||||
|
// configured.
|
||||||
|
func (c *ServerConfig) TLSConfig() (*tls.Config, error) {
|
||||||
|
if c.TLSCert == "" && c.TLSKey == "" && len(c.TLSAllowedCACerts) == 0 {
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
tlsConfig := &tls.Config{}
|
||||||
|
|
||||||
|
if len(c.TLSAllowedCACerts) != 0 {
|
||||||
|
pool, err := makeCertPool(c.TLSAllowedCACerts)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
tlsConfig.ClientCAs = pool
|
||||||
|
tlsConfig.ClientAuth = tls.RequireAndVerifyClientCert
|
||||||
|
}
|
||||||
|
|
||||||
|
if c.TLSCert != "" && c.TLSKey != "" {
|
||||||
|
err := loadCertificate(tlsConfig, c.TLSCert, c.TLSKey)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return tlsConfig, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func makeCertPool(certFiles []string) (*x509.CertPool, error) {
|
||||||
|
pool := x509.NewCertPool()
|
||||||
|
for _, certFile := range certFiles {
|
||||||
|
pem, err := ioutil.ReadFile(certFile)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf(
|
||||||
|
"could not read certificate %q: %v", certFile, err)
|
||||||
|
}
|
||||||
|
ok := pool.AppendCertsFromPEM(pem)
|
||||||
|
if !ok {
|
||||||
|
return nil, fmt.Errorf(
|
||||||
|
"could not parse any PEM certificates %q: %v", certFile, err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return pool, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func loadCertificate(config *tls.Config, certFile, keyFile string) error {
|
||||||
|
cert, err := tls.LoadX509KeyPair(certFile, keyFile)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf(
|
||||||
|
"could not load keypair %s:%s: %v", certFile, keyFile, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
config.Certificates = []tls.Certificate{cert}
|
||||||
|
config.BuildNameToCertificate()
|
||||||
|
return nil
|
||||||
|
}
|
|
@ -0,0 +1,226 @@
|
||||||
|
package tls_test
|
||||||
|
|
||||||
|
import (
|
||||||
|
"net/http"
|
||||||
|
"net/http/httptest"
|
||||||
|
"testing"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
|
"github.com/influxdata/telegraf/testutil"
|
||||||
|
"github.com/stretchr/testify/require"
|
||||||
|
)
|
||||||
|
|
||||||
|
var pki = testutil.NewPKI("../../testutil/pki")
|
||||||
|
|
||||||
|
func TestClientConfig(t *testing.T) {
|
||||||
|
tests := []struct {
|
||||||
|
name string
|
||||||
|
client tls.ClientConfig
|
||||||
|
expNil bool
|
||||||
|
expErr bool
|
||||||
|
}{
|
||||||
|
{
|
||||||
|
name: "unset",
|
||||||
|
client: tls.ClientConfig{},
|
||||||
|
expNil: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "success",
|
||||||
|
client: tls.ClientConfig{
|
||||||
|
TLSCA: pki.CACertPath(),
|
||||||
|
TLSCert: pki.ClientCertPath(),
|
||||||
|
TLSKey: pki.ClientKeyPath(),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "invalid ca",
|
||||||
|
client: tls.ClientConfig{
|
||||||
|
TLSCA: pki.ClientKeyPath(),
|
||||||
|
TLSCert: pki.ClientCertPath(),
|
||||||
|
TLSKey: pki.ClientKeyPath(),
|
||||||
|
},
|
||||||
|
expNil: true,
|
||||||
|
expErr: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "missing ca is okay",
|
||||||
|
client: tls.ClientConfig{
|
||||||
|
TLSCert: pki.ClientCertPath(),
|
||||||
|
TLSKey: pki.ClientKeyPath(),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "invalid cert",
|
||||||
|
client: tls.ClientConfig{
|
||||||
|
TLSCA: pki.CACertPath(),
|
||||||
|
TLSCert: pki.ClientKeyPath(),
|
||||||
|
TLSKey: pki.ClientKeyPath(),
|
||||||
|
},
|
||||||
|
expNil: true,
|
||||||
|
expErr: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "missing cert skips client keypair",
|
||||||
|
client: tls.ClientConfig{
|
||||||
|
TLSCA: pki.CACertPath(),
|
||||||
|
TLSKey: pki.ClientKeyPath(),
|
||||||
|
},
|
||||||
|
expNil: false,
|
||||||
|
expErr: false,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "missing key skips client keypair",
|
||||||
|
client: tls.ClientConfig{
|
||||||
|
TLSCA: pki.CACertPath(),
|
||||||
|
TLSCert: pki.ClientCertPath(),
|
||||||
|
},
|
||||||
|
expNil: false,
|
||||||
|
expErr: false,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "support deprecated ssl field names",
|
||||||
|
client: tls.ClientConfig{
|
||||||
|
SSLCA: pki.CACertPath(),
|
||||||
|
SSLCert: pki.ClientCertPath(),
|
||||||
|
SSLKey: pki.ClientKeyPath(),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
for _, tt := range tests {
|
||||||
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
|
tlsConfig, err := tt.client.TLSConfig()
|
||||||
|
if !tt.expNil {
|
||||||
|
require.NotNil(t, tlsConfig)
|
||||||
|
} else {
|
||||||
|
require.Nil(t, tlsConfig)
|
||||||
|
}
|
||||||
|
|
||||||
|
if !tt.expErr {
|
||||||
|
require.NoError(t, err)
|
||||||
|
} else {
|
||||||
|
require.Error(t, err)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestServerConfig(t *testing.T) {
|
||||||
|
tests := []struct {
|
||||||
|
name string
|
||||||
|
server tls.ServerConfig
|
||||||
|
expNil bool
|
||||||
|
expErr bool
|
||||||
|
}{
|
||||||
|
{
|
||||||
|
name: "unset",
|
||||||
|
server: tls.ServerConfig{},
|
||||||
|
expNil: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "success",
|
||||||
|
server: tls.ServerConfig{
|
||||||
|
TLSCert: pki.ServerCertPath(),
|
||||||
|
TLSKey: pki.ServerKeyPath(),
|
||||||
|
TLSAllowedCACerts: []string{pki.CACertPath()},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "invalid ca",
|
||||||
|
server: tls.ServerConfig{
|
||||||
|
TLSCert: pki.ServerCertPath(),
|
||||||
|
TLSKey: pki.ServerKeyPath(),
|
||||||
|
TLSAllowedCACerts: []string{pki.ServerKeyPath()},
|
||||||
|
},
|
||||||
|
expNil: true,
|
||||||
|
expErr: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "missing allowed ca is okay",
|
||||||
|
server: tls.ServerConfig{
|
||||||
|
TLSCert: pki.ServerCertPath(),
|
||||||
|
TLSKey: pki.ServerKeyPath(),
|
||||||
|
},
|
||||||
|
expNil: true,
|
||||||
|
expErr: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "invalid cert",
|
||||||
|
server: tls.ServerConfig{
|
||||||
|
TLSCert: pki.ServerKeyPath(),
|
||||||
|
TLSKey: pki.ServerKeyPath(),
|
||||||
|
TLSAllowedCACerts: []string{pki.CACertPath()},
|
||||||
|
},
|
||||||
|
expNil: true,
|
||||||
|
expErr: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "missing cert",
|
||||||
|
server: tls.ServerConfig{
|
||||||
|
TLSKey: pki.ServerKeyPath(),
|
||||||
|
TLSAllowedCACerts: []string{pki.CACertPath()},
|
||||||
|
},
|
||||||
|
expNil: true,
|
||||||
|
expErr: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "missing key",
|
||||||
|
server: tls.ServerConfig{
|
||||||
|
TLSCert: pki.ServerCertPath(),
|
||||||
|
TLSAllowedCACerts: []string{pki.CACertPath()},
|
||||||
|
},
|
||||||
|
expNil: true,
|
||||||
|
expErr: true,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
for _, tt := range tests {
|
||||||
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
|
tlsConfig, err := tt.server.TLSConfig()
|
||||||
|
if !tt.expNil {
|
||||||
|
require.NotNil(t, tlsConfig)
|
||||||
|
}
|
||||||
|
if !tt.expErr {
|
||||||
|
require.NoError(t, err)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestConnect(t *testing.T) {
|
||||||
|
clientConfig := tls.ClientConfig{
|
||||||
|
TLSCA: pki.CACertPath(),
|
||||||
|
TLSCert: pki.ClientCertPath(),
|
||||||
|
TLSKey: pki.ClientKeyPath(),
|
||||||
|
}
|
||||||
|
|
||||||
|
serverConfig := tls.ServerConfig{
|
||||||
|
TLSCert: pki.ServerCertPath(),
|
||||||
|
TLSKey: pki.ServerKeyPath(),
|
||||||
|
TLSAllowedCACerts: []string{pki.CACertPath()},
|
||||||
|
}
|
||||||
|
|
||||||
|
serverTLSConfig, err := serverConfig.TLSConfig()
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
ts := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
w.WriteHeader(http.StatusOK)
|
||||||
|
}))
|
||||||
|
ts.TLS = serverTLSConfig
|
||||||
|
|
||||||
|
ts.StartTLS()
|
||||||
|
defer ts.Close()
|
||||||
|
|
||||||
|
clientTLSConfig, err := clientConfig.TLSConfig()
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
client := http.Client{
|
||||||
|
Transport: &http.Transport{
|
||||||
|
TLSClientConfig: clientTLSConfig,
|
||||||
|
},
|
||||||
|
Timeout: 10 * time.Second,
|
||||||
|
}
|
||||||
|
|
||||||
|
resp, err := client.Get(ts.URL)
|
||||||
|
require.NoError(t, err)
|
||||||
|
require.Equal(t, 200, resp.StatusCode)
|
||||||
|
}
|
|
@ -32,11 +32,11 @@ The following defaults are known to work with RabbitMQ:
|
||||||
## Using EXTERNAL requires enabling the rabbitmq_auth_mechanism_ssl plugin as
|
## Using EXTERNAL requires enabling the rabbitmq_auth_mechanism_ssl plugin as
|
||||||
## described here: https://www.rabbitmq.com/plugins.html
|
## described here: https://www.rabbitmq.com/plugins.html
|
||||||
# auth_method = "PLAIN"
|
# auth_method = "PLAIN"
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Data format to consume.
|
## Data format to consume.
|
||||||
|
|
|
@ -10,7 +10,7 @@ import (
|
||||||
"github.com/streadway/amqp"
|
"github.com/streadway/amqp"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
"github.com/influxdata/telegraf/plugins/parsers"
|
"github.com/influxdata/telegraf/plugins/parsers"
|
||||||
)
|
)
|
||||||
|
@ -31,14 +31,7 @@ type AMQPConsumer struct {
|
||||||
|
|
||||||
// AMQP Auth method
|
// AMQP Auth method
|
||||||
AuthMethod string
|
AuthMethod string
|
||||||
// Path to CA file
|
tls.ClientConfig
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
parser parsers.Parser
|
parser parsers.Parser
|
||||||
conn *amqp.Connection
|
conn *amqp.Connection
|
||||||
|
@ -78,11 +71,11 @@ func (a *AMQPConsumer) SampleConfig() string {
|
||||||
## described here: https://www.rabbitmq.com/plugins.html
|
## described here: https://www.rabbitmq.com/plugins.html
|
||||||
# auth_method = "PLAIN"
|
# auth_method = "PLAIN"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Data format to consume.
|
## Data format to consume.
|
||||||
|
@ -108,8 +101,7 @@ func (a *AMQPConsumer) Gather(_ telegraf.Accumulator) error {
|
||||||
|
|
||||||
func (a *AMQPConsumer) createConfig() (*amqp.Config, error) {
|
func (a *AMQPConsumer) createConfig() (*amqp.Config, error) {
|
||||||
// make new tls config
|
// make new tls config
|
||||||
tls, err := internal.GetTLSConfig(
|
tls, err := a.ClientConfig.TLSConfig()
|
||||||
a.SSLCert, a.SSLKey, a.SSLCA, a.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -21,11 +21,11 @@ Typically, the `mod_status` module is configured to expose a page at the `/serve
|
||||||
## Maximum time to receive response.
|
## Maximum time to receive response.
|
||||||
# response_timeout = "5s"
|
# response_timeout = "5s"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -13,6 +13,7 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -21,14 +22,7 @@ type Apache struct {
|
||||||
Username string
|
Username string
|
||||||
Password string
|
Password string
|
||||||
ResponseTimeout internal.Duration
|
ResponseTimeout internal.Duration
|
||||||
// Path to CA file
|
tls.ClientConfig
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
client *http.Client
|
client *http.Client
|
||||||
}
|
}
|
||||||
|
@ -46,11 +40,11 @@ var sampleConfig = `
|
||||||
## Maximum time to receive response.
|
## Maximum time to receive response.
|
||||||
# response_timeout = "5s"
|
# response_timeout = "5s"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
`
|
`
|
||||||
|
|
||||||
|
@ -98,8 +92,7 @@ func (n *Apache) Gather(acc telegraf.Accumulator) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (n *Apache) createHttpClient() (*http.Client, error) {
|
func (n *Apache) createHttpClient() (*http.Client, error) {
|
||||||
tlsCfg, err := internal.GetTLSConfig(
|
tlsCfg, err := n.ClientConfig.TLSConfig()
|
||||||
n.SSLCert, n.SSLKey, n.SSLCA, n.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -27,11 +27,11 @@ report those stats already using StatsD protocol if needed.
|
||||||
## Data centre to query the health checks from
|
## Data centre to query the health checks from
|
||||||
# datacentre = ""
|
# datacentre = ""
|
||||||
|
|
||||||
## SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## If false, skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = true
|
# insecure_skip_verify = true
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -5,7 +5,7 @@ import (
|
||||||
|
|
||||||
"github.com/hashicorp/consul/api"
|
"github.com/hashicorp/consul/api"
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -16,15 +16,7 @@ type Consul struct {
|
||||||
Username string
|
Username string
|
||||||
Password string
|
Password string
|
||||||
Datacentre string
|
Datacentre string
|
||||||
|
tls.ClientConfig
|
||||||
// Path to CA file
|
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
// client used to connect to Consul agnet
|
// client used to connect to Consul agnet
|
||||||
client *api.Client
|
client *api.Client
|
||||||
|
@ -47,11 +39,11 @@ var sampleConfig = `
|
||||||
## Data centre to query the health checks from
|
## Data centre to query the health checks from
|
||||||
# datacentre = ""
|
# datacentre = ""
|
||||||
|
|
||||||
## SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## If false, skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = true
|
# insecure_skip_verify = true
|
||||||
`
|
`
|
||||||
|
|
||||||
|
@ -89,9 +81,7 @@ func (c *Consul) createAPIClient() (*api.Client, error) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
tlsCfg, err := internal.GetTLSConfig(
|
tlsCfg, err := c.ClientConfig.TLSConfig()
|
||||||
c.SSLCert, c.SSLKey, c.SSLCA, c.InsecureSkipVerify)
|
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -54,10 +54,10 @@ your database.
|
||||||
## Maximum time to receive a response from cluster.
|
## Maximum time to receive a response from cluster.
|
||||||
# response_timeout = "20s"
|
# response_timeout = "20s"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## If false, skip chain & host verification
|
## If false, skip chain & host verification
|
||||||
# insecure_skip_verify = true
|
# insecure_skip_verify = true
|
||||||
|
|
||||||
|
|
|
@ -9,26 +9,11 @@ import (
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
jwt "github.com/dgrijalva/jwt-go"
|
jwt "github.com/dgrijalva/jwt-go"
|
||||||
|
"github.com/influxdata/telegraf/testutil"
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
var privateKey = testutil.NewPKI("../../../testutil/pki").ReadServerKey()
|
||||||
privateKey = `-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIICXQIBAAKBgQCwlGyzVp9cqtwiNCgCnaR0kilPZhr4xFBcnXxvQ8/uzOHaWKxj
|
|
||||||
XWR38cKR3gPh5+4iSmzMdo3HDJM5ks6imXGnp+LPOA5iNewnpLNs7UxA2arwKH/6
|
|
||||||
4qIaAXAtf5jE46wZIMgc2EW9wGL3dxC0JY8EXPpBFB/3J8gADkorFR8lwwIDAQAB
|
|
||||||
AoGBAJaFHxfMmjHK77U0UnrQWFSKFy64cftmlL4t/Nl3q7L68PdIKULWZIMeEWZ4
|
|
||||||
I0UZiFOwr4em83oejQ1ByGSwekEuiWaKUI85IaHfcbt+ogp9hY/XbOEo56OPQUAd
|
|
||||||
bEZv1JqJOqta9Ug1/E1P9LjEEyZ5F5ubx7813rxAE31qKtKJAkEA1zaMlCWIr+Rj
|
|
||||||
hGvzv5rlHH3wbOB4kQFXO4nqj3J/ttzR5QiJW24STMDcbNngFlVcDVju56LrNTiD
|
|
||||||
dPh9qvl7nwJBANILguR4u33OMksEZTYB7nQZSurqXsq6382zH7pTl29ANQTROHaM
|
|
||||||
PKC8dnDWq8RGTqKuvWblIzzGIKqIMovZo10CQC96T0UXirITFolOL3XjvAuvFO1Q
|
|
||||||
EAkdXJs77805m0dCK+P1IChVfiAEpBw3bKJArpAbQIlFfdI953JUp5SieU0CQEub
|
|
||||||
BSSEKMjh/cxu6peEHnb/262vayuCFKkQPu1sxWewLuVrAe36EKCy9dcsDmv5+rgo
|
|
||||||
Odjdxc9Madm4aKlaT6kCQQCpAgeblDrrxTrNQ+Typzo37PlnQrvI+0EceAUuJ72G
|
|
||||||
P0a+YZUeHNRqT2pPN9lMTAZGGi3CtcF2XScbLNEBeXge
|
|
||||||
-----END RSA PRIVATE KEY-----`
|
|
||||||
)
|
|
||||||
|
|
||||||
func TestLogin(t *testing.T) {
|
func TestLogin(t *testing.T) {
|
||||||
ts := httptest.NewServer(http.NotFoundHandler())
|
ts := httptest.NewServer(http.NotFoundHandler())
|
||||||
|
|
|
@ -13,6 +13,7 @@ import (
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/filter"
|
"github.com/influxdata/telegraf/filter"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -56,11 +57,7 @@ type DCOS struct {
|
||||||
|
|
||||||
MaxConnections int
|
MaxConnections int
|
||||||
ResponseTimeout internal.Duration
|
ResponseTimeout internal.Duration
|
||||||
|
tls.ClientConfig
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
InsecureSkipVerify bool `toml:"insecure_skip_verify"`
|
|
||||||
|
|
||||||
client Client
|
client Client
|
||||||
creds Credentials
|
creds Credentials
|
||||||
|
@ -107,10 +104,10 @@ var sampleConfig = `
|
||||||
## Maximum time to receive a response from cluster.
|
## Maximum time to receive a response from cluster.
|
||||||
# response_timeout = "20s"
|
# response_timeout = "20s"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## If false, skip chain & host verification
|
## If false, skip chain & host verification
|
||||||
# insecure_skip_verify = true
|
# insecure_skip_verify = true
|
||||||
|
|
||||||
|
@ -351,8 +348,7 @@ func (d *DCOS) init() error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (d *DCOS) createClient() (Client, error) {
|
func (d *DCOS) createClient() (Client, error) {
|
||||||
tlsCfg, err := internal.GetTLSConfig(
|
tlsCfg, err := d.ClientConfig.TLSConfig()
|
||||||
d.SSLCert, d.SSLKey, d.SSLCA, d.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -53,11 +53,11 @@ to gather stats from the [Engine API](https://docs.docker.com/engine/api/v1.24/)
|
||||||
## Which environment variables should we use as a tag
|
## Which environment variables should we use as a tag
|
||||||
tag_env = ["JAVA_HOME", "HEAP_SIZE"]
|
tag_env = ["JAVA_HOME", "HEAP_SIZE"]
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -20,6 +20,7 @@ import (
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/filter"
|
"github.com/influxdata/telegraf/filter"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
tlsint "github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -43,10 +44,7 @@ type Docker struct {
|
||||||
ContainerStateInclude []string `toml:"container_state_include"`
|
ContainerStateInclude []string `toml:"container_state_include"`
|
||||||
ContainerStateExclude []string `toml:"container_state_exclude"`
|
ContainerStateExclude []string `toml:"container_state_exclude"`
|
||||||
|
|
||||||
SSLCA string `toml:"ssl_ca"`
|
tlsint.ClientConfig
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
newEnvClient func() (Client, error)
|
newEnvClient func() (Client, error)
|
||||||
newClient func(string, *tls.Config) (Client, error)
|
newClient func(string, *tls.Config) (Client, error)
|
||||||
|
@ -115,11 +113,11 @@ var sampleConfig = `
|
||||||
docker_label_include = []
|
docker_label_include = []
|
||||||
docker_label_exclude = []
|
docker_label_exclude = []
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
`
|
`
|
||||||
|
|
||||||
|
@ -136,8 +134,7 @@ func (d *Docker) Gather(acc telegraf.Accumulator) error {
|
||||||
if d.Endpoint == "ENV" {
|
if d.Endpoint == "ENV" {
|
||||||
c, err = d.newEnvClient()
|
c, err = d.newEnvClient()
|
||||||
} else {
|
} else {
|
||||||
tlsConfig, err := internal.GetTLSConfig(
|
tlsConfig, err := d.ClientConfig.TLSConfig()
|
||||||
d.SSLCert, d.SSLKey, d.SSLCA, d.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -38,11 +38,11 @@ or [cluster-stats](https://www.elastic.co/guide/en/elasticsearch/reference/curre
|
||||||
## "breaker". Per default, all stats are gathered.
|
## "breaker". Per default, all stats are gathered.
|
||||||
# node_stats = ["jvm", "http"]
|
# node_stats = ["jvm", "http"]
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -3,16 +3,18 @@ package elasticsearch
|
||||||
import (
|
import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
"github.com/influxdata/telegraf"
|
|
||||||
"github.com/influxdata/telegraf/internal"
|
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
|
||||||
jsonparser "github.com/influxdata/telegraf/plugins/parsers/json"
|
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"net/http"
|
"net/http"
|
||||||
"regexp"
|
"regexp"
|
||||||
"strings"
|
"strings"
|
||||||
"sync"
|
"sync"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/influxdata/telegraf"
|
||||||
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
|
jsonparser "github.com/influxdata/telegraf/plugins/parsers/json"
|
||||||
)
|
)
|
||||||
|
|
||||||
// mask for masking username/password from error messages
|
// mask for masking username/password from error messages
|
||||||
|
@ -108,28 +110,26 @@ const sampleConfig = `
|
||||||
## "breaker". Per default, all stats are gathered.
|
## "breaker". Per default, all stats are gathered.
|
||||||
# node_stats = ["jvm", "http"]
|
# node_stats = ["jvm", "http"]
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
`
|
`
|
||||||
|
|
||||||
// Elasticsearch is a plugin to read stats from one or many Elasticsearch
|
// Elasticsearch is a plugin to read stats from one or many Elasticsearch
|
||||||
// servers.
|
// servers.
|
||||||
type Elasticsearch struct {
|
type Elasticsearch struct {
|
||||||
Local bool
|
Local bool
|
||||||
Servers []string
|
Servers []string
|
||||||
HttpTimeout internal.Duration
|
HttpTimeout internal.Duration
|
||||||
ClusterHealth bool
|
ClusterHealth bool
|
||||||
ClusterHealthLevel string
|
ClusterHealthLevel string
|
||||||
ClusterStats bool
|
ClusterStats bool
|
||||||
NodeStats []string
|
NodeStats []string
|
||||||
SSLCA string `toml:"ssl_ca"` // Path to CA file
|
tls.ClientConfig
|
||||||
SSLCert string `toml:"ssl_cert"` // Path to host cert file
|
|
||||||
SSLKey string `toml:"ssl_key"` // Path to cert key file
|
|
||||||
InsecureSkipVerify bool // Use SSL but skip chain & host verification
|
|
||||||
client *http.Client
|
client *http.Client
|
||||||
catMasterResponseTokens []string
|
catMasterResponseTokens []string
|
||||||
isMaster bool
|
isMaster bool
|
||||||
|
@ -227,7 +227,7 @@ func (e *Elasticsearch) Gather(acc telegraf.Accumulator) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (e *Elasticsearch) createHttpClient() (*http.Client, error) {
|
func (e *Elasticsearch) createHttpClient() (*http.Client, error) {
|
||||||
tlsCfg, err := internal.GetTLSConfig(e.SSLCert, e.SSLKey, e.SSLCA, e.InsecureSkipVerify)
|
tlsCfg, err := e.ClientConfig.TLSConfig()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -44,11 +44,11 @@ Note: if namespace end point specified metrics array will be ignored for that ca
|
||||||
username = ""
|
username = ""
|
||||||
password = ""
|
password = ""
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -35,15 +35,7 @@ type GrayLog struct {
|
||||||
Metrics []string
|
Metrics []string
|
||||||
Username string
|
Username string
|
||||||
Password string
|
Password string
|
||||||
|
tls.ClientConfig
|
||||||
// Path to CA file
|
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
client HTTPClient
|
client HTTPClient
|
||||||
}
|
}
|
||||||
|
@ -111,11 +103,11 @@ var sampleConfig = `
|
||||||
username = ""
|
username = ""
|
||||||
password = ""
|
password = ""
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
`
|
`
|
||||||
|
|
||||||
|
@ -132,8 +124,7 @@ func (h *GrayLog) Gather(acc telegraf.Accumulator) error {
|
||||||
var wg sync.WaitGroup
|
var wg sync.WaitGroup
|
||||||
|
|
||||||
if h.client.HTTPClient() == nil {
|
if h.client.HTTPClient() == nil {
|
||||||
tlsCfg, err := internal.GetTLSConfig(
|
tlsCfg, err := h.ClientConfig.TLSConfig()
|
||||||
h.SSLCert, h.SSLKey, h.SSLCA, h.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -28,11 +28,11 @@ or [HTTP statistics page](https://cbonte.github.io/haproxy-dconv/1.9/management.
|
||||||
## field names.
|
## field names.
|
||||||
# keep_field_names = false
|
# keep_field_names = false
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -14,27 +14,18 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
)
|
)
|
||||||
|
|
||||||
//CSV format: https://cbonte.github.io/haproxy-dconv/1.5/configuration.html#9.1
|
//CSV format: https://cbonte.github.io/haproxy-dconv/1.5/configuration.html#9.1
|
||||||
|
|
||||||
type haproxy struct {
|
type haproxy struct {
|
||||||
Servers []string
|
Servers []string
|
||||||
|
KeepFieldNames bool
|
||||||
|
tls.ClientConfig
|
||||||
|
|
||||||
client *http.Client
|
client *http.Client
|
||||||
|
|
||||||
KeepFieldNames bool
|
|
||||||
|
|
||||||
// Path to CA file
|
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
}
|
}
|
||||||
|
|
||||||
var sampleConfig = `
|
var sampleConfig = `
|
||||||
|
@ -56,11 +47,11 @@ var sampleConfig = `
|
||||||
## field names.
|
## field names.
|
||||||
# keep_field_names = false
|
# keep_field_names = false
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
`
|
`
|
||||||
|
|
||||||
|
@ -144,8 +135,7 @@ func (g *haproxy) gatherServer(addr string, acc telegraf.Accumulator) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
if g.client == nil {
|
if g.client == nil {
|
||||||
tlsCfg, err := internal.GetTLSConfig(
|
tlsCfg, err := g.ClientConfig.TLSConfig()
|
||||||
g.SSLCert, g.SSLKey, g.SSLCA, g.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -23,11 +23,11 @@ The HTTP input plugin collects metrics from one or more HTTP(S) endpoints. The
|
||||||
# username = "username"
|
# username = "username"
|
||||||
# password = "pa$$word"
|
# password = "pa$$word"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Amount of time allowed to complete the HTTP request
|
## Amount of time allowed to complete the HTTP request
|
||||||
|
|
|
@ -11,6 +11,7 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
"github.com/influxdata/telegraf/plugins/parsers"
|
"github.com/influxdata/telegraf/plugins/parsers"
|
||||||
)
|
)
|
||||||
|
@ -24,15 +25,7 @@ type HTTP struct {
|
||||||
// HTTP Basic Auth Credentials
|
// HTTP Basic Auth Credentials
|
||||||
Username string
|
Username string
|
||||||
Password string
|
Password string
|
||||||
|
tls.ClientConfig
|
||||||
// Path to CA file
|
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
Timeout internal.Duration
|
Timeout internal.Duration
|
||||||
|
|
||||||
|
@ -62,11 +55,11 @@ var sampleConfig = `
|
||||||
## Tag all metrics with the url
|
## Tag all metrics with the url
|
||||||
# tag_url = true
|
# tag_url = true
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Amount of time allowed to complete the HTTP request
|
## Amount of time allowed to complete the HTTP request
|
||||||
|
@ -97,8 +90,7 @@ func (h *HTTP) Gather(acc telegraf.Accumulator) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
if h.client == nil {
|
if h.client == nil {
|
||||||
tlsCfg, err := internal.GetTLSConfig(
|
tlsCfg, err := h.ClientConfig.TLSConfig()
|
||||||
h.SSLCert, h.SSLKey, h.SSLCA, h.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,9 +5,7 @@ import (
|
||||||
"compress/gzip"
|
"compress/gzip"
|
||||||
"crypto/subtle"
|
"crypto/subtle"
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"crypto/x509"
|
|
||||||
"io"
|
"io"
|
||||||
"io/ioutil"
|
|
||||||
"log"
|
"log"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
@ -16,6 +14,7 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
tlsint "github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
"github.com/influxdata/telegraf/plugins/parsers/influx"
|
"github.com/influxdata/telegraf/plugins/parsers/influx"
|
||||||
"github.com/influxdata/telegraf/selfstat"
|
"github.com/influxdata/telegraf/selfstat"
|
||||||
|
@ -43,9 +42,7 @@ type HTTPListener struct {
|
||||||
MaxLineSize int
|
MaxLineSize int
|
||||||
Port int
|
Port int
|
||||||
|
|
||||||
TlsAllowedCacerts []string
|
tlsint.ServerConfig
|
||||||
TlsCert string
|
|
||||||
TlsKey string
|
|
||||||
|
|
||||||
BasicUsername string
|
BasicUsername string
|
||||||
BasicPassword string
|
BasicPassword string
|
||||||
|
@ -158,7 +155,10 @@ func (h *HTTPListener) Start(acc telegraf.Accumulator) error {
|
||||||
h.acc = acc
|
h.acc = acc
|
||||||
h.pool = NewPool(200, h.MaxLineSize)
|
h.pool = NewPool(200, h.MaxLineSize)
|
||||||
|
|
||||||
tlsConf := h.getTLSConfig()
|
tlsConf, err := h.ServerConfig.TLSConfig()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
server := &http.Server{
|
server := &http.Server{
|
||||||
Addr: h.ServiceAddress,
|
Addr: h.ServiceAddress,
|
||||||
|
@ -168,7 +168,6 @@ func (h *HTTPListener) Start(acc telegraf.Accumulator) error {
|
||||||
TLSConfig: tlsConf,
|
TLSConfig: tlsConf,
|
||||||
}
|
}
|
||||||
|
|
||||||
var err error
|
|
||||||
var listener net.Listener
|
var listener net.Listener
|
||||||
if tlsConf != nil {
|
if tlsConf != nil {
|
||||||
listener, err = tls.Listen("tcp", h.ServiceAddress, tlsConf)
|
listener, err = tls.Listen("tcp", h.ServiceAddress, tlsConf)
|
||||||
|
@ -372,38 +371,6 @@ func badRequest(res http.ResponseWriter) {
|
||||||
res.Write([]byte(`{"error":"http: bad request"}`))
|
res.Write([]byte(`{"error":"http: bad request"}`))
|
||||||
}
|
}
|
||||||
|
|
||||||
func (h *HTTPListener) getTLSConfig() *tls.Config {
|
|
||||||
tlsConf := &tls.Config{
|
|
||||||
InsecureSkipVerify: false,
|
|
||||||
Renegotiation: tls.RenegotiateNever,
|
|
||||||
}
|
|
||||||
|
|
||||||
if len(h.TlsCert) == 0 || len(h.TlsKey) == 0 {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
cert, err := tls.LoadX509KeyPair(h.TlsCert, h.TlsKey)
|
|
||||||
if err != nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
tlsConf.Certificates = []tls.Certificate{cert}
|
|
||||||
|
|
||||||
if h.TlsAllowedCacerts != nil {
|
|
||||||
tlsConf.ClientAuth = tls.RequireAndVerifyClientCert
|
|
||||||
clientPool := x509.NewCertPool()
|
|
||||||
for _, ca := range h.TlsAllowedCacerts {
|
|
||||||
c, err := ioutil.ReadFile(ca)
|
|
||||||
if err != nil {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
clientPool.AppendCertsFromPEM(c)
|
|
||||||
}
|
|
||||||
tlsConf.ClientCAs = clientPool
|
|
||||||
}
|
|
||||||
|
|
||||||
return tlsConf
|
|
||||||
}
|
|
||||||
|
|
||||||
func (h *HTTPListener) AuthenticateIfSet(handler http.HandlerFunc, res http.ResponseWriter, req *http.Request) {
|
func (h *HTTPListener) AuthenticateIfSet(handler http.HandlerFunc, res http.ResponseWriter, req *http.Request) {
|
||||||
if h.BasicUsername != "" && h.BasicPassword != "" {
|
if h.BasicUsername != "" && h.BasicPassword != "" {
|
||||||
reqUsername, reqPassword, ok := req.BasicAuth()
|
reqUsername, reqPassword, ok := req.BasicAuth()
|
||||||
|
|
|
@ -4,7 +4,6 @@ import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
"io"
|
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
|
@ -34,86 +33,12 @@ cpu_load_short,host=server06 value=12.0 1422568543702900257
|
||||||
|
|
||||||
emptyMsg = ""
|
emptyMsg = ""
|
||||||
|
|
||||||
serviceRootPEM = `-----BEGIN CERTIFICATE-----
|
|
||||||
MIIBxzCCATCgAwIBAgIJAJb7HqN2BzWWMA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
|
|
||||||
BAMMC1RlbGVncmFmIENBMB4XDTE3MTEwNDA0MzEwN1oXDTI3MTEwMjA0MzEwN1ow
|
|
||||||
FjEUMBIGA1UEAwwLVGVsZWdyYWYgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
|
|
||||||
AoGBANbkUkK6JQC3rbLcXhLJTS9SX6uXyFwl7bUfpAN5Hm5EqfvG3PnLrogfTGLr
|
|
||||||
Tq5CRAu/gbbdcMoL9TLv/aaDVnrpV0FslKhqYmkOgT28bdmA7Qtr539aQpMKCfcW
|
|
||||||
WCnoMcBD5u5h9MsRqpdq+0Mjlsf1H2hSf07jHk5R1T4l8RMXAgMBAAGjHTAbMAwG
|
|
||||||
A1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBANSrwvpU
|
|
||||||
t8ihIhpHqgJZ34DM92CZZ3ZHmH/KyqlnuGzjjpnVZiXVrLDTOzrA0ziVhmefY29w
|
|
||||||
roHjENbFm54HW97ogxeURuO8HRHIVh2U0rkyVxOfGZiUdINHqsZdSnDY07bzCtSr
|
|
||||||
Z/KsfWXM5llD1Ig1FyBHpKjyUvfzr73sjm/4
|
|
||||||
-----END CERTIFICATE-----`
|
|
||||||
serviceCertPEM = `-----BEGIN CERTIFICATE-----
|
|
||||||
MIIBzzCCATigAwIBAgIBATANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDDAtUZWxl
|
|
||||||
Z3JhZiBDQTAeFw0xNzExMDQwNDMxMDdaFw0yNzExMDIwNDMxMDdaMBQxEjAQBgNV
|
|
||||||
BAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsJRss1af
|
|
||||||
XKrcIjQoAp2kdJIpT2Ya+MRQXJ18b0PP7szh2lisY11kd/HCkd4D4efuIkpszHaN
|
|
||||||
xwyTOZLOoplxp6fizzgOYjXsJ6SzbO1MQNmq8Ch/+uKiGgFwLX+YxOOsGSDIHNhF
|
|
||||||
vcBi93cQtCWPBFz6QRQf9yfIAA5KKxUfJcMCAwEAAaMvMC0wCQYDVR0TBAIwADAL
|
|
||||||
BgNVHQ8EBAMCBSAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQAD
|
|
||||||
gYEAiC3WI4y9vfYz53gw7FKnNK7BBdwRc43x7Pd+5J/cclWyUZPdmcj1UNmv/3rj
|
|
||||||
2qcMmX06UdgPoHppzNAJePvMVk0vjMBUe9MmYlafMz0h4ma/it5iuldXwmejFcdL
|
|
||||||
6wWQp7gVTileCEmq9sNvfQN1FmT3EWf4IMdO2MNat/1If0g=
|
|
||||||
-----END CERTIFICATE-----`
|
|
||||||
serviceKeyPEM = `-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIICXQIBAAKBgQCwlGyzVp9cqtwiNCgCnaR0kilPZhr4xFBcnXxvQ8/uzOHaWKxj
|
|
||||||
XWR38cKR3gPh5+4iSmzMdo3HDJM5ks6imXGnp+LPOA5iNewnpLNs7UxA2arwKH/6
|
|
||||||
4qIaAXAtf5jE46wZIMgc2EW9wGL3dxC0JY8EXPpBFB/3J8gADkorFR8lwwIDAQAB
|
|
||||||
AoGBAJaFHxfMmjHK77U0UnrQWFSKFy64cftmlL4t/Nl3q7L68PdIKULWZIMeEWZ4
|
|
||||||
I0UZiFOwr4em83oejQ1ByGSwekEuiWaKUI85IaHfcbt+ogp9hY/XbOEo56OPQUAd
|
|
||||||
bEZv1JqJOqta9Ug1/E1P9LjEEyZ5F5ubx7813rxAE31qKtKJAkEA1zaMlCWIr+Rj
|
|
||||||
hGvzv5rlHH3wbOB4kQFXO4nqj3J/ttzR5QiJW24STMDcbNngFlVcDVju56LrNTiD
|
|
||||||
dPh9qvl7nwJBANILguR4u33OMksEZTYB7nQZSurqXsq6382zH7pTl29ANQTROHaM
|
|
||||||
PKC8dnDWq8RGTqKuvWblIzzGIKqIMovZo10CQC96T0UXirITFolOL3XjvAuvFO1Q
|
|
||||||
EAkdXJs77805m0dCK+P1IChVfiAEpBw3bKJArpAbQIlFfdI953JUp5SieU0CQEub
|
|
||||||
BSSEKMjh/cxu6peEHnb/262vayuCFKkQPu1sxWewLuVrAe36EKCy9dcsDmv5+rgo
|
|
||||||
Odjdxc9Madm4aKlaT6kCQQCpAgeblDrrxTrNQ+Typzo37PlnQrvI+0EceAUuJ72G
|
|
||||||
P0a+YZUeHNRqT2pPN9lMTAZGGi3CtcF2XScbLNEBeXge
|
|
||||||
-----END RSA PRIVATE KEY-----`
|
|
||||||
clientRootPEM = serviceRootPEM
|
|
||||||
clientCertPEM = `-----BEGIN CERTIFICATE-----
|
|
||||||
MIIBzjCCATegAwIBAgIBAjANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDDAtUZWxl
|
|
||||||
Z3JhZiBDQTAeFw0xNzExMDQwNDMxMDdaFw0yNzExMDIwNDMxMDdaMBMxETAPBgNV
|
|
||||||
BAMMCHRlbGVncmFmMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDP2IMqyOqI
|
|
||||||
sJjwBprrz8WPzmlrpyYikQ4XSCSJB3DSTIO+igqMpBUTj3vLlOzsHfVVot1WRqc6
|
|
||||||
3esM4JE92rc6S73xi4g8L/r8cPIHW4hvFJdMti4UkJBWim8ArSbFqnZjcR19G3tG
|
|
||||||
LUOiXAUG3nWzMzoEsPruvV1dkKRbJVE4MwIDAQABoy8wLTAJBgNVHRMEAjAAMAsG
|
|
||||||
A1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOB
|
|
||||||
gQCHxMk38XNxL9nPFBYo3JqITJCFswu6/NLHwDBXCuZKl53rUuFWduiO+1OuScKQ
|
|
||||||
sQ79W0jHsWRKGOUFrF5/Gdnh8AlkVaITVlcmhdAOFCEbeGpeEvLuuK6grckPitxy
|
|
||||||
bRF5oM4TCLKKAha60Ir41rk2bomZM9+NZu+Bm+csDqCoxQ==
|
|
||||||
-----END CERTIFICATE-----`
|
|
||||||
clientKeyPEM = `-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIICXAIBAAKBgQDP2IMqyOqIsJjwBprrz8WPzmlrpyYikQ4XSCSJB3DSTIO+igqM
|
|
||||||
pBUTj3vLlOzsHfVVot1WRqc63esM4JE92rc6S73xi4g8L/r8cPIHW4hvFJdMti4U
|
|
||||||
kJBWim8ArSbFqnZjcR19G3tGLUOiXAUG3nWzMzoEsPruvV1dkKRbJVE4MwIDAQAB
|
|
||||||
AoGAFzb/r4+xYoMXEfgq5ZvXXTCY5cVNpR6+jCsqqYODPnn9XRLeCsdo8z5bfWms
|
|
||||||
7NKLzHzca/6IPzL6Rf3vOxFq1YyIZfYVHH+d63/9blAm3Iajjp1W2yW5aj9BJjTb
|
|
||||||
nm6F0RfuW/SjrZ9IXxTZhSpCklPmUzVZpzvwV3KGeVTVCEECQQDoavCeOwLuqDpt
|
|
||||||
0aM9GMFUpOU7kLPDuicSwCDaTae4kN2rS17Zki41YXe8A8+509IEN7mK09Vq9HxY
|
|
||||||
SX6EmV1FAkEA5O9QcCHEa8P12EmUC8oqD2bjq6o7JjUIRlKinwZTlooMJYZw98gA
|
|
||||||
FVSngTUvLVCVIvSdjldXPOGgfYiccTZrFwJAfHS3gKOtAEuJbkEyHodhD4h1UB4+
|
|
||||||
hPLr9Xh4ny2yQH0ilpV3px5GLEOTMFUCKUoqTiPg8VxaDjn5U/WXED5n2QJAR4J1
|
|
||||||
NsFlcGACj+/TvacFYlA6N2nyFeokzoqLX28Ddxdh2erXqJ4hYIhT1ik9tkLggs2z
|
|
||||||
1T1084BquCuO6lIcOwJBALX4xChoMUF9k0IxSQzlz//seQYDkQNsE7y9IgAOXkzp
|
|
||||||
RaR4pzgPbnKj7atG+2dBnffWfE+1Mcy0INDAO6WxPg0=
|
|
||||||
-----END RSA PRIVATE KEY-----`
|
|
||||||
|
|
||||||
basicUsername = "test-username-please-ignore"
|
basicUsername = "test-username-please-ignore"
|
||||||
basicPassword = "super-secure-password!"
|
basicPassword = "super-secure-password!"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
initClient sync.Once
|
pki = testutil.NewPKI("../../../testutil/pki")
|
||||||
client *http.Client
|
|
||||||
initServiceCertFiles sync.Once
|
|
||||||
allowedCAFiles []string
|
|
||||||
serviceCAFiles []string
|
|
||||||
serviceCertFile string
|
|
||||||
serviceKeyFile string
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func newTestHTTPListener() *HTTPListener {
|
func newTestHTTPListener() *HTTPListener {
|
||||||
|
@ -132,74 +57,25 @@ func newTestHTTPAuthListener() *HTTPListener {
|
||||||
}
|
}
|
||||||
|
|
||||||
func newTestHTTPSListener() *HTTPListener {
|
func newTestHTTPSListener() *HTTPListener {
|
||||||
initServiceCertFiles.Do(func() {
|
|
||||||
acaf, err := ioutil.TempFile("", "allowedCAFile.crt")
|
|
||||||
if err != nil {
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
defer acaf.Close()
|
|
||||||
_, err = io.Copy(acaf, bytes.NewReader([]byte(clientRootPEM)))
|
|
||||||
allowedCAFiles = []string{acaf.Name()}
|
|
||||||
|
|
||||||
scaf, err := ioutil.TempFile("", "serviceCAFile.crt")
|
|
||||||
if err != nil {
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
defer scaf.Close()
|
|
||||||
_, err = io.Copy(scaf, bytes.NewReader([]byte(serviceRootPEM)))
|
|
||||||
serviceCAFiles = []string{scaf.Name()}
|
|
||||||
|
|
||||||
scf, err := ioutil.TempFile("", "serviceCertFile.crt")
|
|
||||||
if err != nil {
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
defer scf.Close()
|
|
||||||
_, err = io.Copy(scf, bytes.NewReader([]byte(serviceCertPEM)))
|
|
||||||
serviceCertFile = scf.Name()
|
|
||||||
|
|
||||||
skf, err := ioutil.TempFile("", "serviceKeyFile.crt")
|
|
||||||
if err != nil {
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
defer skf.Close()
|
|
||||||
_, err = io.Copy(skf, bytes.NewReader([]byte(serviceKeyPEM)))
|
|
||||||
serviceKeyFile = skf.Name()
|
|
||||||
})
|
|
||||||
|
|
||||||
listener := &HTTPListener{
|
listener := &HTTPListener{
|
||||||
ServiceAddress: "localhost:0",
|
ServiceAddress: "localhost:0",
|
||||||
TlsAllowedCacerts: allowedCAFiles,
|
ServerConfig: *pki.TLSServerConfig(),
|
||||||
TlsCert: serviceCertFile,
|
TimeFunc: time.Now,
|
||||||
TlsKey: serviceKeyFile,
|
|
||||||
TimeFunc: time.Now,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return listener
|
return listener
|
||||||
}
|
}
|
||||||
|
|
||||||
func getHTTPSClient() *http.Client {
|
func getHTTPSClient() *http.Client {
|
||||||
initClient.Do(func() {
|
tlsConfig, err := pki.TLSClientConfig().TLSConfig()
|
||||||
cas := x509.NewCertPool()
|
if err != nil {
|
||||||
cas.AppendCertsFromPEM([]byte(serviceRootPEM))
|
panic(err)
|
||||||
clientCert, err := tls.X509KeyPair([]byte(clientCertPEM), []byte(clientKeyPEM))
|
}
|
||||||
if err != nil {
|
return &http.Client{
|
||||||
panic(err)
|
Transport: &http.Transport{
|
||||||
}
|
TLSClientConfig: tlsConfig,
|
||||||
client = &http.Client{
|
},
|
||||||
Transport: &http.Transport{
|
}
|
||||||
TLSClientConfig: &tls.Config{
|
|
||||||
RootCAs: cas,
|
|
||||||
Certificates: []tls.Certificate{clientCert},
|
|
||||||
MinVersion: tls.VersionTLS12,
|
|
||||||
MaxVersion: tls.VersionTLS12,
|
|
||||||
CipherSuites: []uint16{tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
|
|
||||||
Renegotiation: tls.RenegotiateNever,
|
|
||||||
InsecureSkipVerify: false,
|
|
||||||
},
|
|
||||||
},
|
|
||||||
}
|
|
||||||
})
|
|
||||||
return client
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func createURL(listener *HTTPListener, scheme string, path string, rawquery string) string {
|
func createURL(listener *HTTPListener, scheme string, path string, rawquery string) string {
|
||||||
|
@ -214,14 +90,14 @@ func createURL(listener *HTTPListener, scheme string, path string, rawquery stri
|
||||||
|
|
||||||
func TestWriteHTTPSNoClientAuth(t *testing.T) {
|
func TestWriteHTTPSNoClientAuth(t *testing.T) {
|
||||||
listener := newTestHTTPSListener()
|
listener := newTestHTTPSListener()
|
||||||
listener.TlsAllowedCacerts = nil
|
listener.TLSAllowedCACerts = nil
|
||||||
|
|
||||||
acc := &testutil.Accumulator{}
|
acc := &testutil.Accumulator{}
|
||||||
require.NoError(t, listener.Start(acc))
|
require.NoError(t, listener.Start(acc))
|
||||||
defer listener.Stop()
|
defer listener.Stop()
|
||||||
|
|
||||||
cas := x509.NewCertPool()
|
cas := x509.NewCertPool()
|
||||||
cas.AppendCertsFromPEM([]byte(serviceRootPEM))
|
cas.AppendCertsFromPEM([]byte(pki.ReadServerCert()))
|
||||||
noClientAuthClient := &http.Client{
|
noClientAuthClient := &http.Client{
|
||||||
Transport: &http.Transport{
|
Transport: &http.Transport{
|
||||||
TLSClientConfig: &tls.Config{
|
TLSClientConfig: &tls.Config{
|
||||||
|
|
|
@ -32,11 +32,11 @@ This input plugin checks HTTP/HTTPS connections.
|
||||||
# response_string_match = "ok"
|
# response_string_match = "ok"
|
||||||
# response_string_match = "\".*_status\".?:.?\"up\""
|
# response_string_match = "\".*_status\".?:.?\"up\""
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## HTTP Request Headers (all values must be strings)
|
## HTTP Request Headers (all values must be strings)
|
||||||
|
|
|
@ -16,6 +16,7 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -29,15 +30,7 @@ type HTTPResponse struct {
|
||||||
Headers map[string]string
|
Headers map[string]string
|
||||||
FollowRedirects bool
|
FollowRedirects bool
|
||||||
ResponseStringMatch string
|
ResponseStringMatch string
|
||||||
|
tls.ClientConfig
|
||||||
// Path to CA file
|
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
compiledStringMatch *regexp.Regexp
|
compiledStringMatch *regexp.Regexp
|
||||||
client *http.Client
|
client *http.Client
|
||||||
|
@ -74,11 +67,11 @@ var sampleConfig = `
|
||||||
# response_string_match = "ok"
|
# response_string_match = "ok"
|
||||||
# response_string_match = "\".*_status\".?:.?\"up\""
|
# response_string_match = "\".*_status\".?:.?\"up\""
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## HTTP Request Headers (all values must be strings)
|
## HTTP Request Headers (all values must be strings)
|
||||||
|
@ -113,8 +106,7 @@ func getProxyFunc(http_proxy string) func(*http.Request) (*url.URL, error) {
|
||||||
// CreateHttpClient creates an http client which will timeout at the specified
|
// CreateHttpClient creates an http client which will timeout at the specified
|
||||||
// timeout period and can follow redirects if specified
|
// timeout period and can follow redirects if specified
|
||||||
func (h *HTTPResponse) createHttpClient() (*http.Client, error) {
|
func (h *HTTPResponse) createHttpClient() (*http.Client, error) {
|
||||||
tlsCfg, err := internal.GetTLSConfig(
|
tlsCfg, err := h.ClientConfig.TLSConfig()
|
||||||
h.SSLCert, h.SSLKey, h.SSLCA, h.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -34,11 +34,11 @@ Deprecated (1.6): use the [http](../http) input.
|
||||||
# "my_tag_2"
|
# "my_tag_2"
|
||||||
# ]
|
# ]
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## HTTP Request Parameters (all values must be strings). For "GET" requests, data
|
## HTTP Request Parameters (all values must be strings). For "GET" requests, data
|
||||||
|
|
|
@ -12,6 +12,7 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
"github.com/influxdata/telegraf/plugins/parsers"
|
"github.com/influxdata/telegraf/plugins/parsers"
|
||||||
)
|
)
|
||||||
|
@ -29,15 +30,7 @@ type HttpJson struct {
|
||||||
ResponseTimeout internal.Duration
|
ResponseTimeout internal.Duration
|
||||||
Parameters map[string]string
|
Parameters map[string]string
|
||||||
Headers map[string]string
|
Headers map[string]string
|
||||||
|
tls.ClientConfig
|
||||||
// Path to CA file
|
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
client HTTPClient
|
client HTTPClient
|
||||||
}
|
}
|
||||||
|
@ -100,11 +93,11 @@ var sampleConfig = `
|
||||||
# "my_tag_2"
|
# "my_tag_2"
|
||||||
# ]
|
# ]
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## HTTP parameters (all values must be strings). For "GET" requests, data
|
## HTTP parameters (all values must be strings). For "GET" requests, data
|
||||||
|
@ -133,8 +126,7 @@ func (h *HttpJson) Gather(acc telegraf.Accumulator) error {
|
||||||
var wg sync.WaitGroup
|
var wg sync.WaitGroup
|
||||||
|
|
||||||
if h.client.HTTPClient() == nil {
|
if h.client.HTTPClient() == nil {
|
||||||
tlsCfg, err := internal.GetTLSConfig(
|
tlsCfg, err := h.ClientConfig.TLSConfig()
|
||||||
h.SSLCert, h.SSLKey, h.SSLCA, h.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,11 +20,11 @@ InfluxDB-formatted endpoints. See below for more information.
|
||||||
"http://localhost:8086/debug/vars"
|
"http://localhost:8086/debug/vars"
|
||||||
]
|
]
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## http request & header timeout
|
## http request & header timeout
|
||||||
|
|
|
@ -10,21 +10,14 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
)
|
)
|
||||||
|
|
||||||
type InfluxDB struct {
|
type InfluxDB struct {
|
||||||
URLs []string `toml:"urls"`
|
URLs []string `toml:"urls"`
|
||||||
// Path to CA file
|
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
Timeout internal.Duration
|
Timeout internal.Duration
|
||||||
|
tls.ClientConfig
|
||||||
|
|
||||||
client *http.Client
|
client *http.Client
|
||||||
}
|
}
|
||||||
|
@ -45,11 +38,11 @@ func (*InfluxDB) SampleConfig() string {
|
||||||
"http://localhost:8086/debug/vars"
|
"http://localhost:8086/debug/vars"
|
||||||
]
|
]
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## http request & header timeout
|
## http request & header timeout
|
||||||
|
@ -63,8 +56,7 @@ func (i *InfluxDB) Gather(acc telegraf.Accumulator) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
if i.client == nil {
|
if i.client == nil {
|
||||||
tlsCfg, err := internal.GetTLSConfig(
|
tlsCfg, err := i.ClientConfig.TLSConfig()
|
||||||
i.SSLCert, i.SSLKey, i.SSLCA, i.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -18,14 +18,14 @@ The `jolokia2_agent` input plugin reads JMX metrics from one or more [Jolokia ag
|
||||||
paths = ["Uptime"]
|
paths = ["Uptime"]
|
||||||
```
|
```
|
||||||
|
|
||||||
Optionally, specify SSL options for communicating with agents:
|
Optionally, specify TLS options for communicating with agents:
|
||||||
|
|
||||||
```toml
|
```toml
|
||||||
[[inputs.jolokia2_agent]]
|
[[inputs.jolokia2_agent]]
|
||||||
urls = ["https://agent:8080/jolokia"]
|
urls = ["https://agent:8080/jolokia"]
|
||||||
ssl_ca = "/var/private/ca.pem"
|
tls_ca = "/var/private/ca.pem"
|
||||||
ssl_cert = "/var/private/client.pem"
|
tls_cert = "/var/private/client.pem"
|
||||||
ssl_key = "/var/private/client-key.pem"
|
tls_key = "/var/private/client-key.pem"
|
||||||
#insecure_skip_verify = false
|
#insecure_skip_verify = false
|
||||||
|
|
||||||
[[inputs.jolokia2_agent.metric]]
|
[[inputs.jolokia2_agent.metric]]
|
||||||
|
@ -55,15 +55,15 @@ The `jolokia2_proxy` input plugin reads JMX metrics from one or more _targets_ b
|
||||||
paths = ["Uptime"]
|
paths = ["Uptime"]
|
||||||
```
|
```
|
||||||
|
|
||||||
Optionally, specify SSL options for communicating with proxies:
|
Optionally, specify TLS options for communicating with proxies:
|
||||||
|
|
||||||
```toml
|
```toml
|
||||||
[[inputs.jolokia2_proxy]]
|
[[inputs.jolokia2_proxy]]
|
||||||
url = "https://proxy:8080/jolokia"
|
url = "https://proxy:8080/jolokia"
|
||||||
|
|
||||||
ssl_ca = "/var/private/ca.pem"
|
tls_ca = "/var/private/ca.pem"
|
||||||
ssl_cert = "/var/private/client.pem"
|
tls_cert = "/var/private/client.pem"
|
||||||
ssl_key = "/var/private/client-key.pem"
|
tls_key = "/var/private/client-key.pem"
|
||||||
#insecure_skip_verify = false
|
#insecure_skip_verify = false
|
||||||
|
|
||||||
#default_target_username = ""
|
#default_target_username = ""
|
||||||
|
|
|
@ -10,7 +10,7 @@ import (
|
||||||
"path"
|
"path"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
)
|
)
|
||||||
|
|
||||||
type Client struct {
|
type Client struct {
|
||||||
|
@ -20,15 +20,11 @@ type Client struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
type ClientConfig struct {
|
type ClientConfig struct {
|
||||||
ResponseTimeout time.Duration
|
ResponseTimeout time.Duration
|
||||||
Username string
|
Username string
|
||||||
Password string
|
Password string
|
||||||
SSLCA string
|
ProxyConfig *ProxyConfig
|
||||||
SSLCert string
|
tls.ClientConfig
|
||||||
SSLKey string
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
ProxyConfig *ProxyConfig
|
|
||||||
}
|
}
|
||||||
|
|
||||||
type ProxyConfig struct {
|
type ProxyConfig struct {
|
||||||
|
@ -100,8 +96,7 @@ type jolokiaResponse struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewClient(url string, config *ClientConfig) (*Client, error) {
|
func NewClient(url string, config *ClientConfig) (*Client, error) {
|
||||||
tlsConfig, err := internal.GetTLSConfig(
|
tlsConfig, err := config.ClientConfig.TLSConfig()
|
||||||
config.SSLCert, config.SSLKey, config.SSLCA, config.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,6 +6,7 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
)
|
)
|
||||||
|
|
||||||
type JolokiaAgent struct {
|
type JolokiaAgent struct {
|
||||||
|
@ -18,10 +19,7 @@ type JolokiaAgent struct {
|
||||||
Password string
|
Password string
|
||||||
ResponseTimeout time.Duration `toml:"response_timeout"`
|
ResponseTimeout time.Duration `toml:"response_timeout"`
|
||||||
|
|
||||||
SSLCA string `toml:"ssl_ca"`
|
tls.ClientConfig
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
Metrics []MetricConfig `toml:"metric"`
|
Metrics []MetricConfig `toml:"metric"`
|
||||||
gatherer *Gatherer
|
gatherer *Gatherer
|
||||||
|
@ -39,10 +37,10 @@ func (ja *JolokiaAgent) SampleConfig() string {
|
||||||
# password = ""
|
# password = ""
|
||||||
# response_timeout = "5s"
|
# response_timeout = "5s"
|
||||||
|
|
||||||
## Optional SSL config
|
## Optional TLS config
|
||||||
# ssl_ca = "/var/private/ca.pem"
|
# tls_ca = "/var/private/ca.pem"
|
||||||
# ssl_cert = "/var/private/client.pem"
|
# tls_cert = "/var/private/client.pem"
|
||||||
# ssl_key = "/var/private/client-key.pem"
|
# tls_key = "/var/private/client-key.pem"
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Add metrics to read
|
## Add metrics to read
|
||||||
|
@ -101,12 +99,9 @@ func (ja *JolokiaAgent) createMetrics() []Metric {
|
||||||
|
|
||||||
func (ja *JolokiaAgent) createClient(url string) (*Client, error) {
|
func (ja *JolokiaAgent) createClient(url string) (*Client, error) {
|
||||||
return NewClient(url, &ClientConfig{
|
return NewClient(url, &ClientConfig{
|
||||||
Username: ja.Username,
|
Username: ja.Username,
|
||||||
Password: ja.Password,
|
Password: ja.Password,
|
||||||
ResponseTimeout: ja.ResponseTimeout,
|
ResponseTimeout: ja.ResponseTimeout,
|
||||||
SSLCA: ja.SSLCA,
|
ClientConfig: ja.ClientConfig,
|
||||||
SSLCert: ja.SSLCert,
|
|
||||||
SSLKey: ja.SSLKey,
|
|
||||||
InsecureSkipVerify: ja.InsecureSkipVerify,
|
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,6 +4,7 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
)
|
)
|
||||||
|
|
||||||
type JolokiaProxy struct {
|
type JolokiaProxy struct {
|
||||||
|
@ -16,13 +17,10 @@ type JolokiaProxy struct {
|
||||||
DefaultTargetUsername string
|
DefaultTargetUsername string
|
||||||
Targets []JolokiaProxyTargetConfig `toml:"target"`
|
Targets []JolokiaProxyTargetConfig `toml:"target"`
|
||||||
|
|
||||||
Username string
|
Username string
|
||||||
Password string
|
Password string
|
||||||
SSLCA string `toml:"ssl_ca"`
|
ResponseTimeout time.Duration `toml:"response_timeout"`
|
||||||
SSLCert string `toml:"ssl_cert"`
|
tls.ClientConfig
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
ResponseTimeout time.Duration `toml:"response_timeout"`
|
|
||||||
|
|
||||||
Metrics []MetricConfig `toml:"metric"`
|
Metrics []MetricConfig `toml:"metric"`
|
||||||
client *Client
|
client *Client
|
||||||
|
@ -47,10 +45,10 @@ func (jp *JolokiaProxy) SampleConfig() string {
|
||||||
# password = ""
|
# password = ""
|
||||||
# response_timeout = "5s"
|
# response_timeout = "5s"
|
||||||
|
|
||||||
## Optional SSL config
|
## Optional TLS config
|
||||||
# ssl_ca = "/var/private/ca.pem"
|
# tls_ca = "/var/private/ca.pem"
|
||||||
# ssl_cert = "/var/private/client.pem"
|
# tls_cert = "/var/private/client.pem"
|
||||||
# ssl_key = "/var/private/client-key.pem"
|
# tls_key = "/var/private/client-key.pem"
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Add proxy targets to query
|
## Add proxy targets to query
|
||||||
|
@ -117,13 +115,10 @@ func (jp *JolokiaProxy) createClient() (*Client, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
return NewClient(jp.URL, &ClientConfig{
|
return NewClient(jp.URL, &ClientConfig{
|
||||||
Username: jp.Username,
|
Username: jp.Username,
|
||||||
Password: jp.Password,
|
Password: jp.Password,
|
||||||
ResponseTimeout: jp.ResponseTimeout,
|
ResponseTimeout: jp.ResponseTimeout,
|
||||||
SSLCA: jp.SSLCA,
|
ClientConfig: jp.ClientConfig,
|
||||||
SSLCert: jp.SSLCert,
|
ProxyConfig: proxyConfig,
|
||||||
SSLKey: jp.SSLKey,
|
|
||||||
InsecureSkipVerify: jp.InsecureSkipVerify,
|
|
||||||
ProxyConfig: proxyConfig,
|
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
|
@ -22,11 +22,11 @@ and use the old zookeeper connection method.
|
||||||
## Offset (must be either "oldest" or "newest")
|
## Offset (must be either "oldest" or "newest")
|
||||||
offset = "oldest"
|
offset = "oldest"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Optional SASL Config
|
## Optional SASL Config
|
||||||
|
|
|
@ -7,7 +7,7 @@ import (
|
||||||
"sync"
|
"sync"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
"github.com/influxdata/telegraf/plugins/parsers"
|
"github.com/influxdata/telegraf/plugins/parsers"
|
||||||
|
|
||||||
|
@ -23,14 +23,7 @@ type Kafka struct {
|
||||||
|
|
||||||
Cluster *cluster.Consumer
|
Cluster *cluster.Consumer
|
||||||
|
|
||||||
// Verify Kafka SSL Certificate
|
tls.ClientConfig
|
||||||
InsecureSkipVerify bool
|
|
||||||
// Path to CA file
|
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
|
|
||||||
// SASL Username
|
// SASL Username
|
||||||
SASLUsername string `toml:"sasl_username"`
|
SASLUsername string `toml:"sasl_username"`
|
||||||
|
@ -67,11 +60,11 @@ var sampleConfig = `
|
||||||
## topic(s) to consume
|
## topic(s) to consume
|
||||||
topics = ["telegraf"]
|
topics = ["telegraf"]
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Optional SASL Config
|
## Optional SASL Config
|
||||||
|
@ -116,8 +109,7 @@ func (k *Kafka) Start(acc telegraf.Accumulator) error {
|
||||||
config := cluster.NewConfig()
|
config := cluster.NewConfig()
|
||||||
config.Consumer.Return.Errors = true
|
config.Consumer.Return.Errors = true
|
||||||
|
|
||||||
tlsConfig, err := internal.GetTLSConfig(
|
tlsConfig, err := k.ClientConfig.TLSConfig()
|
||||||
k.SSLCert, k.SSLKey, k.SSLCA, k.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -15,11 +15,11 @@ The Kapacitor plugin will collect metrics from the given Kapacitor instances.
|
||||||
## Time limit for http requests
|
## Time limit for http requests
|
||||||
timeout = "5s"
|
timeout = "5s"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -9,6 +9,7 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -17,18 +18,9 @@ const (
|
||||||
)
|
)
|
||||||
|
|
||||||
type Kapacitor struct {
|
type Kapacitor struct {
|
||||||
URLs []string `toml:"urls"`
|
URLs []string `toml:"urls"`
|
||||||
|
|
||||||
Timeout internal.Duration
|
Timeout internal.Duration
|
||||||
|
tls.ClientConfig
|
||||||
// Path to CA file
|
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
client *http.Client
|
client *http.Client
|
||||||
}
|
}
|
||||||
|
@ -48,11 +40,11 @@ func (*Kapacitor) SampleConfig() string {
|
||||||
## Time limit for http requests
|
## Time limit for http requests
|
||||||
timeout = "5s"
|
timeout = "5s"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
`
|
`
|
||||||
}
|
}
|
||||||
|
@ -82,8 +74,7 @@ func (k *Kapacitor) Gather(acc telegraf.Accumulator) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (k *Kapacitor) createHttpClient() (*http.Client, error) {
|
func (k *Kapacitor) createHttpClient() (*http.Client, error) {
|
||||||
tlsCfg, err := internal.GetTLSConfig(
|
tlsCfg, err := k.ClientConfig.TLSConfig()
|
||||||
k.SSLCert, k.SSLKey, k.SSLCA, k.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,6 +11,7 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -21,18 +22,11 @@ type Kubernetes struct {
|
||||||
// Bearer Token authorization file path
|
// Bearer Token authorization file path
|
||||||
BearerToken string `toml:"bearer_token"`
|
BearerToken string `toml:"bearer_token"`
|
||||||
|
|
||||||
// Path to CA file
|
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
// HTTP Timeout specified as a string - 3s, 1m, 1h
|
// HTTP Timeout specified as a string - 3s, 1m, 1h
|
||||||
ResponseTimeout internal.Duration
|
ResponseTimeout internal.Duration
|
||||||
|
|
||||||
|
tls.ClientConfig
|
||||||
|
|
||||||
RoundTripper http.RoundTripper
|
RoundTripper http.RoundTripper
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -46,11 +40,11 @@ var sampleConfig = `
|
||||||
## Set response_timeout (default 5 seconds)
|
## Set response_timeout (default 5 seconds)
|
||||||
# response_timeout = "5s"
|
# response_timeout = "5s"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = /path/to/cafile
|
# tls_ca = /path/to/cafile
|
||||||
# ssl_cert = /path/to/certfile
|
# tls_cert = /path/to/certfile
|
||||||
# ssl_key = /path/to/keyfile
|
# tls_key = /path/to/keyfile
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
`
|
`
|
||||||
|
|
||||||
|
@ -101,7 +95,7 @@ func (k *Kubernetes) gatherSummary(baseURL string, acc telegraf.Accumulator) err
|
||||||
var token []byte
|
var token []byte
|
||||||
var resp *http.Response
|
var resp *http.Response
|
||||||
|
|
||||||
tlsCfg, err := internal.GetTLSConfig(k.SSLCert, k.SSLKey, k.SSLCA, k.InsecureSkipVerify)
|
tlsCfg, err := k.ClientConfig.TLSConfig()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -36,11 +36,11 @@ For more information, please check the [Mesos Observability Metrics](http://meso
|
||||||
# "messages",
|
# "messages",
|
||||||
# ]
|
# ]
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
jsonparser "github.com/influxdata/telegraf/plugins/parsers/json"
|
jsonparser "github.com/influxdata/telegraf/plugins/parsers/json"
|
||||||
)
|
)
|
||||||
|
@ -33,15 +33,7 @@ type Mesos struct {
|
||||||
Slaves []string
|
Slaves []string
|
||||||
SlaveCols []string `toml:"slave_collections"`
|
SlaveCols []string `toml:"slave_collections"`
|
||||||
//SlaveTasks bool
|
//SlaveTasks bool
|
||||||
|
tls.ClientConfig
|
||||||
// Path to CA file
|
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
initialized bool
|
initialized bool
|
||||||
client *http.Client
|
client *http.Client
|
||||||
|
@ -83,11 +75,11 @@ var sampleConfig = `
|
||||||
# "messages",
|
# "messages",
|
||||||
# ]
|
# ]
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
`
|
`
|
||||||
|
|
||||||
|
@ -216,8 +208,7 @@ func (m *Mesos) Gather(acc telegraf.Accumulator) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *Mesos) createHttpClient() (*http.Client, error) {
|
func (m *Mesos) createHttpClient() (*http.Client, error) {
|
||||||
tlsCfg, err := internal.GetTLSConfig(
|
tlsCfg, err := m.ClientConfig.TLSConfig()
|
||||||
m.SSLCert, m.SSLKey, m.SSLCA, m.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,11 +14,11 @@
|
||||||
## When true, collect per database stats
|
## When true, collect per database stats
|
||||||
# gather_perdb_stats = false
|
# gather_perdb_stats = false
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -12,7 +12,7 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
tlsint "github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
"gopkg.in/mgo.v2"
|
"gopkg.in/mgo.v2"
|
||||||
)
|
)
|
||||||
|
@ -22,15 +22,7 @@ type MongoDB struct {
|
||||||
Ssl Ssl
|
Ssl Ssl
|
||||||
mongos map[string]*Server
|
mongos map[string]*Server
|
||||||
GatherPerdbStats bool
|
GatherPerdbStats bool
|
||||||
|
tlsint.ClientConfig
|
||||||
// Path to CA file
|
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
}
|
}
|
||||||
|
|
||||||
type Ssl struct {
|
type Ssl struct {
|
||||||
|
@ -49,11 +41,11 @@ var sampleConfig = `
|
||||||
## When true, collect per database stats
|
## When true, collect per database stats
|
||||||
# gather_perdb_stats = false
|
# gather_perdb_stats = false
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
`
|
`
|
||||||
|
|
||||||
|
@ -134,7 +126,7 @@ func (m *MongoDB) gatherServer(server *Server, acc telegraf.Accumulator) error {
|
||||||
var tlsConfig *tls.Config
|
var tlsConfig *tls.Config
|
||||||
|
|
||||||
if m.Ssl.Enabled {
|
if m.Ssl.Enabled {
|
||||||
// Deprecated SSL config
|
// Deprecated TLS config
|
||||||
tlsConfig = &tls.Config{}
|
tlsConfig = &tls.Config{}
|
||||||
if len(m.Ssl.CaCerts) > 0 {
|
if len(m.Ssl.CaCerts) > 0 {
|
||||||
roots := x509.NewCertPool()
|
roots := x509.NewCertPool()
|
||||||
|
@ -149,8 +141,7 @@ func (m *MongoDB) gatherServer(server *Server, acc telegraf.Accumulator) error {
|
||||||
tlsConfig.InsecureSkipVerify = true
|
tlsConfig.InsecureSkipVerify = true
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
tlsConfig, err = internal.GetTLSConfig(
|
tlsConfig, err = m.ClientConfig.TLSConfig()
|
||||||
m.SSLCert, m.SSLKey, m.SSLCA, m.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -36,11 +36,11 @@ The plugin expects messages in the
|
||||||
# username = "telegraf"
|
# username = "telegraf"
|
||||||
# password = "metricsmetricsmetricsmetrics"
|
# password = "metricsmetricsmetricsmetrics"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Data format to consume.
|
## Data format to consume.
|
||||||
|
|
|
@ -9,6 +9,7 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
"github.com/influxdata/telegraf/plugins/parsers"
|
"github.com/influxdata/telegraf/plugins/parsers"
|
||||||
|
|
||||||
|
@ -33,15 +34,7 @@ type MQTTConsumer struct {
|
||||||
|
|
||||||
PersistentSession bool
|
PersistentSession bool
|
||||||
ClientID string `toml:"client_id"`
|
ClientID string `toml:"client_id"`
|
||||||
|
tls.ClientConfig
|
||||||
// Path to CA file
|
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
sync.Mutex
|
sync.Mutex
|
||||||
client mqtt.Client
|
client mqtt.Client
|
||||||
|
@ -83,11 +76,11 @@ var sampleConfig = `
|
||||||
# username = "telegraf"
|
# username = "telegraf"
|
||||||
# password = "metricsmetricsmetricsmetrics"
|
# password = "metricsmetricsmetricsmetrics"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Data format to consume.
|
## Data format to consume.
|
||||||
|
@ -236,8 +229,7 @@ func (m *MQTTConsumer) createOpts() (*mqtt.ClientOptions, error) {
|
||||||
opts.SetClientID(m.ClientID)
|
opts.SetClientID(m.ClientID)
|
||||||
}
|
}
|
||||||
|
|
||||||
tlsCfg, err := internal.GetTLSConfig(
|
tlsCfg, err := m.ClientConfig.TLSConfig()
|
||||||
m.SSLCert, m.SSLKey, m.SSLCA, m.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -82,10 +82,10 @@ This plugin gathers the statistic data from MySQL server
|
||||||
## Some queries we may want to run less often (such as SHOW GLOBAL VARIABLES)
|
## Some queries we may want to run less often (such as SHOW GLOBAL VARIABLES)
|
||||||
interval_slow = "30m"
|
interval_slow = "30m"
|
||||||
|
|
||||||
## Optional SSL Config (will be used if tls=custom parameter specified in server uri)
|
## Optional TLS Config (will be used if tls=custom parameter specified in server uri)
|
||||||
ssl_ca = "/etc/telegraf/ca.pem"
|
tls_ca = "/etc/telegraf/ca.pem"
|
||||||
ssl_cert = "/etc/telegraf/cert.pem"
|
tls_cert = "/etc/telegraf/cert.pem"
|
||||||
ssl_key = "/etc/telegraf/key.pem"
|
tls_key = "/etc/telegraf/key.pem"
|
||||||
```
|
```
|
||||||
|
|
||||||
#### Metric Version
|
#### Metric Version
|
||||||
|
|
|
@ -11,7 +11,7 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs/mysql/v1"
|
"github.com/influxdata/telegraf/plugins/inputs/mysql/v1"
|
||||||
|
|
||||||
|
@ -38,10 +38,8 @@ type Mysql struct {
|
||||||
GatherFileEventsStats bool `toml:"gather_file_events_stats"`
|
GatherFileEventsStats bool `toml:"gather_file_events_stats"`
|
||||||
GatherPerfEventsStatements bool `toml:"gather_perf_events_statements"`
|
GatherPerfEventsStatements bool `toml:"gather_perf_events_statements"`
|
||||||
IntervalSlow string `toml:"interval_slow"`
|
IntervalSlow string `toml:"interval_slow"`
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
MetricVersion int `toml:"metric_version"`
|
MetricVersion int `toml:"metric_version"`
|
||||||
|
tls.ClientConfig
|
||||||
}
|
}
|
||||||
|
|
||||||
var sampleConfig = `
|
var sampleConfig = `
|
||||||
|
@ -118,10 +116,12 @@ var sampleConfig = `
|
||||||
## Some queries we may want to run less often (such as SHOW GLOBAL VARIABLES)
|
## Some queries we may want to run less often (such as SHOW GLOBAL VARIABLES)
|
||||||
interval_slow = "30m"
|
interval_slow = "30m"
|
||||||
|
|
||||||
## Optional SSL Config (will be used if tls=custom parameter specified in server uri)
|
## Optional TLS Config (will be used if tls=custom parameter specified in server uri)
|
||||||
ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
|
## Use TLS but skip chain & host verification
|
||||||
|
# insecure_skip_verify = false
|
||||||
`
|
`
|
||||||
|
|
||||||
var defaultTimeout = time.Second * time.Duration(5)
|
var defaultTimeout = time.Second * time.Duration(5)
|
||||||
|
@ -161,7 +161,7 @@ func (m *Mysql) Gather(acc telegraf.Accumulator) error {
|
||||||
m.InitMysql()
|
m.InitMysql()
|
||||||
}
|
}
|
||||||
|
|
||||||
tlsConfig, err := internal.GetTLSConfig(m.SSLCert, m.SSLKey, m.SSLCA, false)
|
tlsConfig, err := m.ClientConfig.TLSConfig()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("registering TLS config: %s", err)
|
return fmt.Errorf("registering TLS config: %s", err)
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,11 +8,11 @@
|
||||||
## An array of Nginx stub_status URI to gather stats.
|
## An array of Nginx stub_status URI to gather stats.
|
||||||
urls = ["http://localhost/server_status"]
|
urls = ["http://localhost/server_status"]
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## HTTP response timeout (default: 5s)
|
## HTTP response timeout (default: 5s)
|
||||||
|
|
|
@ -13,34 +13,28 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
)
|
)
|
||||||
|
|
||||||
type Nginx struct {
|
type Nginx struct {
|
||||||
// List of status URLs
|
Urls []string
|
||||||
Urls []string
|
ResponseTimeout internal.Duration
|
||||||
// Path to CA file
|
tls.ClientConfig
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to client cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
// HTTP client
|
// HTTP client
|
||||||
client *http.Client
|
client *http.Client
|
||||||
// Response timeout
|
|
||||||
ResponseTimeout internal.Duration
|
|
||||||
}
|
}
|
||||||
|
|
||||||
var sampleConfig = `
|
var sampleConfig = `
|
||||||
# An array of Nginx stub_status URI to gather stats.
|
# An array of Nginx stub_status URI to gather stats.
|
||||||
urls = ["http://localhost/server_status"]
|
urls = ["http://localhost/server_status"]
|
||||||
|
|
||||||
# TLS/SSL configuration
|
## Optional TLS Config
|
||||||
ssl_ca = "/etc/telegraf/ca.pem"
|
tls_ca = "/etc/telegraf/ca.pem"
|
||||||
ssl_cert = "/etc/telegraf/cert.cer"
|
tls_cert = "/etc/telegraf/cert.cer"
|
||||||
ssl_key = "/etc/telegraf/key.key"
|
tls_key = "/etc/telegraf/key.key"
|
||||||
|
## Use TLS but skip chain & host verification
|
||||||
insecure_skip_verify = false
|
insecure_skip_verify = false
|
||||||
|
|
||||||
# HTTP response timeout (default: 5s)
|
# HTTP response timeout (default: 5s)
|
||||||
|
@ -87,8 +81,7 @@ func (n *Nginx) Gather(acc telegraf.Accumulator) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (n *Nginx) createHttpClient() (*http.Client, error) {
|
func (n *Nginx) createHttpClient() (*http.Client, error) {
|
||||||
tlsCfg, err := internal.GetTLSConfig(
|
tlsCfg, err := n.ClientConfig.TLSConfig()
|
||||||
n.SSLCert, n.SSLKey, n.SSLCA, n.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,7 +20,7 @@ To use this plugin you must enable the [monitoring](https://www.openldap.org/dev
|
||||||
insecure_skip_verify = false
|
insecure_skip_verify = false
|
||||||
|
|
||||||
# Path to PEM-encoded Root certificate to use to verify server certificate
|
# Path to PEM-encoded Root certificate to use to verify server certificate
|
||||||
ssl_ca = "/etc/ssl/certs.pem"
|
tls_ca = "/etc/ssl/certs.pem"
|
||||||
|
|
||||||
# dn/password to bind with. If bind_dn is empty, an anonymous bind is performed.
|
# dn/password to bind with. If bind_dn is empty, an anonymous bind is performed.
|
||||||
bind_dn = ""
|
bind_dn = ""
|
||||||
|
|
|
@ -8,7 +8,7 @@ import (
|
||||||
"gopkg.in/ldap.v2"
|
"gopkg.in/ldap.v2"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -36,7 +36,7 @@ const sampleConfig string = `
|
||||||
insecure_skip_verify = false
|
insecure_skip_verify = false
|
||||||
|
|
||||||
# Path to PEM-encoded Root certificate to use to verify server certificate
|
# Path to PEM-encoded Root certificate to use to verify server certificate
|
||||||
ssl_ca = "/etc/ssl/certs.pem"
|
tls_ca = "/etc/ssl/certs.pem"
|
||||||
|
|
||||||
# dn/password to bind with. If bind_dn is empty, an anonymous bind is performed.
|
# dn/password to bind with. If bind_dn is empty, an anonymous bind is performed.
|
||||||
bind_dn = ""
|
bind_dn = ""
|
||||||
|
@ -85,7 +85,11 @@ func (o *Openldap) Gather(acc telegraf.Accumulator) error {
|
||||||
var l *ldap.Conn
|
var l *ldap.Conn
|
||||||
if o.Ssl != "" {
|
if o.Ssl != "" {
|
||||||
// build tls config
|
// build tls config
|
||||||
tlsConfig, err := internal.GetTLSConfig("", "", o.SslCa, o.InsecureSkipVerify)
|
clientTLSConfig := tls.ClientConfig{
|
||||||
|
SSLCA: o.SslCa,
|
||||||
|
InsecureSkipVerify: o.InsecureSkipVerify,
|
||||||
|
}
|
||||||
|
tlsConfig, err := clientTLSConfig.TLSConfig()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
acc.AddError(err)
|
acc.AddError(err)
|
||||||
return nil
|
return nil
|
||||||
|
|
|
@ -20,11 +20,11 @@ in Prometheus format.
|
||||||
## Specify timeout duration for slower prometheus clients (default is 3s)
|
## Specify timeout duration for slower prometheus clients (default is 3s)
|
||||||
# response_timeout = "3s"
|
# response_timeout = "3s"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = /path/to/cafile
|
# tls_ca = /path/to/cafile
|
||||||
# ssl_cert = /path/to/certfile
|
# tls_cert = /path/to/certfile
|
||||||
# ssl_key = /path/to/keyfile
|
# tls_key = /path/to/keyfile
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -13,6 +13,7 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -30,14 +31,7 @@ type Prometheus struct {
|
||||||
|
|
||||||
ResponseTimeout internal.Duration `toml:"response_timeout"`
|
ResponseTimeout internal.Duration `toml:"response_timeout"`
|
||||||
|
|
||||||
// Path to CA file
|
tls.ClientConfig
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
client *http.Client
|
client *http.Client
|
||||||
}
|
}
|
||||||
|
@ -55,11 +49,11 @@ var sampleConfig = `
|
||||||
## Specify timeout duration for slower prometheus clients (default is 3s)
|
## Specify timeout duration for slower prometheus clients (default is 3s)
|
||||||
# response_timeout = "3s"
|
# response_timeout = "3s"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = /path/to/cafile
|
# tls_ca = /path/to/cafile
|
||||||
# ssl_cert = /path/to/certfile
|
# tls_cert = /path/to/certfile
|
||||||
# ssl_key = /path/to/keyfile
|
# tls_key = /path/to/keyfile
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
`
|
`
|
||||||
|
|
||||||
|
@ -167,8 +161,7 @@ var client = &http.Client{
|
||||||
}
|
}
|
||||||
|
|
||||||
func (p *Prometheus) createHttpClient() (*http.Client, error) {
|
func (p *Prometheus) createHttpClient() (*http.Client, error) {
|
||||||
tlsCfg, err := internal.GetTLSConfig(
|
tlsCfg, err := p.ClientConfig.TLSConfig()
|
||||||
p.SSLCert, p.SSLKey, p.SSLCA, p.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,11 +16,11 @@ For additional details reference the [RabbitMQ Management HTTP Stats](https://cd
|
||||||
# username = "guest"
|
# username = "guest"
|
||||||
# password = "guest"
|
# password = "guest"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Optional request timeouts
|
## Optional request timeouts
|
||||||
|
|
|
@ -11,6 +11,7 @@ import (
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/filter"
|
"github.com/influxdata/telegraf/filter"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -37,14 +38,7 @@ type RabbitMQ struct {
|
||||||
Name string
|
Name string
|
||||||
Username string
|
Username string
|
||||||
Password string
|
Password string
|
||||||
// Path to CA file
|
tls.ClientConfig
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
ResponseHeaderTimeout internal.Duration `toml:"header_timeout"`
|
ResponseHeaderTimeout internal.Duration `toml:"header_timeout"`
|
||||||
ClientTimeout internal.Duration `toml:"client_timeout"`
|
ClientTimeout internal.Duration `toml:"client_timeout"`
|
||||||
|
@ -175,11 +169,11 @@ var sampleConfig = `
|
||||||
# username = "guest"
|
# username = "guest"
|
||||||
# password = "guest"
|
# password = "guest"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Optional request timeouts
|
## Optional request timeouts
|
||||||
|
@ -223,8 +217,7 @@ func (r *RabbitMQ) Description() string {
|
||||||
// Gather ...
|
// Gather ...
|
||||||
func (r *RabbitMQ) Gather(acc telegraf.Accumulator) error {
|
func (r *RabbitMQ) Gather(acc telegraf.Accumulator) error {
|
||||||
if r.Client == nil {
|
if r.Client == nil {
|
||||||
tlsCfg, err := internal.GetTLSConfig(
|
tlsCfg, err := r.ClientConfig.TLSConfig()
|
||||||
r.SSLCert, r.SSLKey, r.SSLCA, r.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,6 +16,7 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
tlsint "github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
"github.com/influxdata/telegraf/plugins/parsers"
|
"github.com/influxdata/telegraf/plugins/parsers"
|
||||||
)
|
)
|
||||||
|
@ -161,14 +162,12 @@ func (psl *packetSocketListener) listen() {
|
||||||
}
|
}
|
||||||
|
|
||||||
type SocketListener struct {
|
type SocketListener struct {
|
||||||
ServiceAddress string `toml:"service_address"`
|
ServiceAddress string `toml:"service_address"`
|
||||||
MaxConnections int `toml:"max_connections"`
|
MaxConnections int `toml:"max_connections"`
|
||||||
ReadBufferSize int `toml:"read_buffer_size"`
|
ReadBufferSize int `toml:"read_buffer_size"`
|
||||||
ReadTimeout *internal.Duration `toml:"read_timeout"`
|
ReadTimeout *internal.Duration `toml:"read_timeout"`
|
||||||
TLSAllowedCACerts []string `toml:"tls_allowed_cacerts"`
|
KeepAlivePeriod *internal.Duration `toml:"keep_alive_period"`
|
||||||
TLSCert string `toml:"tls_cert"`
|
tlsint.ServerConfig
|
||||||
TLSKey string `toml:"tls_key"`
|
|
||||||
KeepAlivePeriod *internal.Duration `toml:"keep_alive_period"`
|
|
||||||
|
|
||||||
parsers.Parser
|
parsers.Parser
|
||||||
telegraf.Accumulator
|
telegraf.Accumulator
|
||||||
|
@ -259,7 +258,7 @@ func (sl *SocketListener) Start(acc telegraf.Accumulator) error {
|
||||||
l net.Listener
|
l net.Listener
|
||||||
)
|
)
|
||||||
|
|
||||||
tlsCfg, err := internal.GetServerTLSConfig(sl.TLSCert, sl.TLSKey, sl.TLSAllowedCACerts)
|
tlsCfg, err := sl.ServerConfig.TLSConfig()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,12 +9,13 @@ import (
|
||||||
"testing"
|
"testing"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf/internal"
|
|
||||||
"github.com/influxdata/telegraf/testutil"
|
"github.com/influxdata/telegraf/testutil"
|
||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
var pki = testutil.NewPKI("../../../testutil/pki")
|
||||||
|
|
||||||
// testEmptyLog is a helper function to ensure no data is written to log.
|
// testEmptyLog is a helper function to ensure no data is written to log.
|
||||||
// Should be called at the start of the test, and returns a function which should run at the end.
|
// Should be called at the start of the test, and returns a function which should run at the end.
|
||||||
func testEmptyLog(t *testing.T) func() {
|
func testEmptyLog(t *testing.T) func() {
|
||||||
|
@ -32,16 +33,14 @@ func TestSocketListener_tcp_tls(t *testing.T) {
|
||||||
|
|
||||||
sl := newSocketListener()
|
sl := newSocketListener()
|
||||||
sl.ServiceAddress = "tcp://127.0.0.1:0"
|
sl.ServiceAddress = "tcp://127.0.0.1:0"
|
||||||
sl.TLSCert = "testdata/server.pem"
|
sl.ServerConfig = *pki.TLSServerConfig()
|
||||||
sl.TLSKey = "testdata/server.key"
|
|
||||||
sl.TLSAllowedCACerts = []string{"testdata/ca.pem"}
|
|
||||||
|
|
||||||
acc := &testutil.Accumulator{}
|
acc := &testutil.Accumulator{}
|
||||||
err := sl.Start(acc)
|
err := sl.Start(acc)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
defer sl.Stop()
|
defer sl.Stop()
|
||||||
|
|
||||||
tlsCfg, err := internal.GetTLSConfig("testdata/client.pem", "testdata/client.key", "testdata/ca.pem", true)
|
tlsCfg, err := pki.TLSClientConfig().TLSConfig()
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
secureClient, err := tls.Dial("tcp", sl.Closer.(net.Listener).Addr().String(), tlsCfg)
|
secureClient, err := tls.Dial("tcp", sl.Closer.(net.Listener).Addr().String(), tlsCfg)
|
||||||
|
@ -55,16 +54,15 @@ func TestSocketListener_unix_tls(t *testing.T) {
|
||||||
|
|
||||||
sl := newSocketListener()
|
sl := newSocketListener()
|
||||||
sl.ServiceAddress = "unix:///tmp/telegraf_test.sock"
|
sl.ServiceAddress = "unix:///tmp/telegraf_test.sock"
|
||||||
sl.TLSCert = "testdata/server.pem"
|
sl.ServerConfig = *pki.TLSServerConfig()
|
||||||
sl.TLSKey = "testdata/server.key"
|
|
||||||
sl.TLSAllowedCACerts = []string{"testdata/ca.pem"}
|
|
||||||
|
|
||||||
acc := &testutil.Accumulator{}
|
acc := &testutil.Accumulator{}
|
||||||
err := sl.Start(acc)
|
err := sl.Start(acc)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
defer sl.Stop()
|
defer sl.Stop()
|
||||||
|
|
||||||
tlsCfg, err := internal.GetTLSConfig("testdata/client.pem", "testdata/client.key", "testdata/ca.pem", true)
|
tlsCfg, err := pki.TLSClientConfig().TLSConfig()
|
||||||
|
tlsCfg.InsecureSkipVerify = true
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
secureClient, err := tls.Dial("unix", "/tmp/telegraf_test.sock", tlsCfg)
|
secureClient, err := tls.Dial("unix", "/tmp/telegraf_test.sock", tlsCfg)
|
||||||
|
|
|
@ -1,31 +0,0 @@
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIFVTCCAz2gAwIBAgIJAOhLvwv6zUf+MA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
|
|
||||||
BAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsG
|
|
||||||
A1UECgwEVGVzdDAeFw0xODA0MTcwNDIwNDZaFw0yMTAyMDQwNDIwNDZaMEExCzAJ
|
|
||||||
BgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEN
|
|
||||||
MAsGA1UECgwEVGVzdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKwE
|
|
||||||
Xy814CDH03G3Fg2/XSpYZXVMzwp6oq/bUe3iLhkOpA6C4+j07AxAAa22qEPlvYkb
|
|
||||||
W7oxVJiL0ih1od2FeAxvroBTmjG54j/Syb8OeQsZaJLNp1rRmwYGBIVi284ScaIc
|
|
||||||
dn+2bfmfpSLjK3SbU5XygtwIE3gh/B7x02UJRNJmJ1faRT2CfTeg/56xnTE4bcR5
|
|
||||||
HRrlojoN5laJngowLWAEAvWljCR8oge+ciNYB3xoK8Hgc9+WgTy95G1RBCNkaFFI
|
|
||||||
73nrcHl6dGOH9UgIqfbHJYxNEarI3o/JAr8DIBS0W4r8r4aY4JQ4LoN3bg4mLHQq
|
|
||||||
THKkVW5hyBeWe47qmlL0m4F6/+mzVi95NAWG2BQDCZJAWJNc+PbSRHi81838m7ff
|
|
||||||
O4rixd/F53LUUas8/zVca3vtv+XjOHZzIQLIy1bM4MhzpHlRcSmS9kqxxZ3S70e3
|
|
||||||
ZIWFdM0iRrtlBbJeoHIJRDpgPRYIWdRc6XotljTTi6/lN4Bj/0NK4E3iONcDsscN
|
|
||||||
kiqEHRAWZ4ptCqdVPgYR0S096Fx6OaC3ASODE0Cjb18ylZQRsQi8TiYSihGzuoio
|
|
||||||
wJwSLdIifDbbSUkjT1384cA/HsOjFQ9xHXYa6cQnAg3TUZyG1lAMJyFWYke+rxmG
|
|
||||||
srfL/EtIzgbzmEOC5anQjA2pdgUO9Pk2SinJaMApAgMBAAGjUDBOMB0GA1UdDgQW
|
|
||||||
BBQNJctDLjj8bVKNCYANaOcboPQnmzAfBgNVHSMEGDAWgBQNJctDLjj8bVKNCYAN
|
|
||||||
aOcboPQnmzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQATSr26Kc8g
|
|
||||||
3l2zuccoKWM57DQcgRmzSYwEOKA2jn3FWmrAdwozEIkLaTK0OXz0zh2dZxh9V3GR
|
|
||||||
w0WFCynbGNy/9s33MSi+zIWJOU/MZvt6zGE5CTcTgZ+u5IZyvSubMkPcwQi3Yvcg
|
|
||||||
AHmWzpF42kT2J5C5MfrSU65hrhPX7hT/CUoV3gN7oxFzj+/ED4kgNorO8SUUJCmq
|
|
||||||
DJNFbjgsD63EhnvAhn1AeM35GmKdl2enEKqcZsRkE4ZLpU7ibrThEm1aOQuJUtHk
|
|
||||||
gDAx49QMdQpWnxWxnfoiwpLu7ufR7ls8O9oA8ZJux/SVHEmtkOdRsuMtY5MElFZg
|
|
||||||
dANlQsdFWDko4ixaxFYzppuPNnRlqjGNnaEFJrNc2KR0Dxgmp28Yh2VyLd4r3fLT
|
|
||||||
nLVBYF8KzFchUdXYYPNBXwAf/N52jGfugDx8snLxOfzxoUZ4y64qMCpYhntGgBJ1
|
|
||||||
Rrk2trcn3Dw19gi8p3ylbdoz/Ch1INDDrO35pd0bZpcwASc/UNU72W5v2kGL0H7o
|
|
||||||
nJzgtrqeHcoIzNBmBhHlMlnTF5GMfrYGsf5d30KyKv7UL6qJTvT641dpKpB/FFrk
|
|
||||||
y3AQbKmKRDI+aVzeOlwdy/eJAwt7FikD4bR9GZ4PBX9n9jd4u/PHZNfxtgzplqo1
|
|
||||||
oy7kJv0cB/vRKOblmn/vPUfTFtAX7M3GkQ==
|
|
||||||
-----END CERTIFICATE-----
|
|
|
@ -1,27 +0,0 @@
|
||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIIEpAIBAAKCAQEAmRuY+9Gg5V4e9hCd2mYek1jKeoaZijz89EPvox78XzoGdxPf
|
|
||||||
RoukUcTVS9VWN7HyJBjRA9P+KuHI9dX47skxyxH53uXZvRmGQAJBY4cE07JHvGkZ
|
|
||||||
eK1heXoWlBzYtivckha7bLBfn1ttAzcFCblUfJdzsn9XDuC4Jfn4oSaKn1o8Rzy1
|
|
||||||
KRvyLgvsYxMA/XzhyBzVMyoUOulye7EZx4f+AwSNmNHD4OgtxxPofrrMOtXZ2tC6
|
|
||||||
xNOexIZXbsB9dyrUW+4pWXYaadU7fl2V+arAJj+NVxV+3tmGGjmd1MiIypPx6BbP
|
|
||||||
g7xH20nJ/Y0U6V7gklZpYO1i84RbtR/kqBgi9QIDAQABAoIBAEONJJM+KyHnw/tG
|
|
||||||
246HbcgO7c7fYhDW1bgj3S/4NNsC6+VP1Dv40nftQzphFtgd37rDZDyvJL3gvlyQ
|
|
||||||
mnMoO5rgBIGuocHH6C6HkDgMUznft7zOFhnjTVVeY2XX0FmXwoqGEw1iR940ZUV8
|
|
||||||
2fEvXrJV1AsWGeALj9PZlTPsoE6rv5sUk9Lh3wCD73m7GSg7DzBRE+6bBze8Lmwn
|
|
||||||
ZzTvmimhgPJw8LR5rRpYbDbhAJLAfgA7/yPgYEPxA/ffry6Ba4epj8tVNUNOAcOf
|
|
||||||
PURF+uuIF7RceI2PkdvoNuQyVR5oxQUPUfidfVK5ClUmnHECSgb/FFnYC+nU2vSi
|
|
||||||
IAnmC6ECgYEAyrUFHyxxuIQAiinjBxa0OQ3ynvMxDnF/+zvWe8536Y61lz9dblKb
|
|
||||||
0xvFhpOEMfiG/zFdZdWJ+xdq7VQVNMHu4USoskG8sZs5zImMTu50kuDNln7xYqVf
|
|
||||||
SUuN1U7cp7JouI1qkZAOsytPfAgZN/83hLObd07lAvL44jKYaHVeMmkCgYEAwVxZ
|
|
||||||
wKXpboHwQawA+4ubsnZ36IlOk21/+FlGJiDg/LB643BS+QhgVNxuB2gL1gOCYkhl
|
|
||||||
6BBcIhWMvZOIIo5uwnv4fQ+WfFwntU9POFViZgbZvkitQtorB7MXc/NU2BDrNYx2
|
|
||||||
TBCiRn/9BaZ4fziW8I3Fx3xQ3rKDBXrexmrJQq0CgYEAvYGQYT12r47Qxlo0gcsL
|
|
||||||
AA/3E/y9jwgzItglQ6eZ2ULup5C4s0wNm8Zp2s+Mlf8HjgpDi9Gf5ptU/r1N+f2Y
|
|
||||||
awd6QvRMCSraVUr+Xkh1uV7rNNhGqPd75pT460OH7EtRtb+XsrAf3gcOjyEvGnfC
|
|
||||||
GpCjNl4OobwvS6ELdRTM1IkCgYAHUGX4uo3k5zdeVJJI8ZP3ITIR8retLfQsQbw8
|
|
||||||
jvvTsx1C4ynQT7fNHfVvhEkGVGWnMBPivlOt2mDTfvQkUnzwEF5q5J8NnzLFUfWu
|
|
||||||
LNSnBVVRNFCRec0s4mJduXOZJLKw+No0sGBjCE5a21wte8eB2+sCS7qHYftAxtAM
|
|
||||||
c1eflQKBgQDGTFsMvpM8BEPTreinTllFBdjeYchcdY/Ov9DZ3mMVopjAWRD81MKM
|
|
||||||
zM1RCqwLkgv9FvF79B1FLJ1Inr8e/XIGdcrhE1a4sZdIWdqTWQ4xFrlDgxCquq66
|
|
||||||
da09WVBRdvq2kVLAMaBViH2/GP1G4ZV9a8+JHuWKj+Arrr52Qeazjw==
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
|
@ -1,24 +0,0 @@
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIEEjCCAfoCCQCmcronmMSqXTANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJV
|
|
||||||
UzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoM
|
|
||||||
BFRlc3QwHhcNMTgwNDE3MDQyNDMwWhcNNDUwOTAyMDQyNDMwWjBVMQswCQYDVQQG
|
|
||||||
EwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xITAfBgNV
|
|
||||||
BAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQAD
|
|
||||||
ggEPADCCAQoCggEBAJkbmPvRoOVeHvYQndpmHpNYynqGmYo8/PRD76Me/F86BncT
|
|
||||||
30aLpFHE1UvVVjex8iQY0QPT/irhyPXV+O7JMcsR+d7l2b0ZhkACQWOHBNOyR7xp
|
|
||||||
GXitYXl6FpQc2LYr3JIWu2ywX59bbQM3BQm5VHyXc7J/Vw7guCX5+KEmip9aPEc8
|
|
||||||
tSkb8i4L7GMTAP184cgc1TMqFDrpcnuxGceH/gMEjZjRw+DoLccT6H66zDrV2drQ
|
|
||||||
usTTnsSGV27AfXcq1FvuKVl2GmnVO35dlfmqwCY/jVcVft7Zhho5ndTIiMqT8egW
|
|
||||||
z4O8R9tJyf2NFOle4JJWaWDtYvOEW7Uf5KgYIvUCAwEAATANBgkqhkiG9w0BAQsF
|
|
||||||
AAOCAgEACJkccOvBavtagiMQc9OLsbo0PkHv7Qk9uTm5Sg9+LjLGUsu+3WLjAAmj
|
|
||||||
YScHyGbvQzXlwpgo8JuwY0lMNoPfwGuydlJPfOBCbaoAqFp6Vpc/E49J9YovCsqa
|
|
||||||
2HJUJeuxpf6SiH1Vc1SECjzwzKo03t8ul7t7SNVqA0r9fV4I936FlJOeQ4d5U+Wv
|
|
||||||
H7c2LmAqbHi2Mwf+m+W6ziOvzp+szspcP2gJDX7hsKEtIlqmHYm2bzZ4fsCuU9xN
|
|
||||||
3quewBVQUOuParO632yaLgzpGmfzzxLmCPO84lxarJKCxjHG2Q2l30TO/wA44m+r
|
|
||||||
Wd17HpCT3PkCDG5eSNCSnYqfLm8DE1hLGfHiXxKmrgU94q4wvwVGOlcYa+CQeP9Q
|
|
||||||
ZW3Tj0Axz0Mqlg1iLLo12+Z/yocSY2nFnFntBFT4qBKNCeD0xH3PxC0HJdK66xBv
|
|
||||||
MVDE/OE2hBtTTts+vC9yjx4W8thtMSA4VCOgtt5sHjt3ZekiYYh5VZK47Bx/a0uc
|
|
||||||
8CouRdyppWyPp/cNC+PcGW3YnXpAkxe/bSY/qgfK5kmbeOf+HzvZAIwAH/d9VK0g
|
|
||||||
AoLNp46eP6U2E2lVvtc/HJ1C/gsiC/1TSIq/kBbYtuIJjhhH3u6IVet7WSD22Akv
|
|
||||||
o5gOpcoKwy8IPDRC5lJEAAVYUKt7ORo2en3OVg6I4FaQmeBFp5s=
|
|
||||||
-----END CERTIFICATE-----
|
|
|
@ -1,27 +0,0 @@
|
||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIIEowIBAAKCAQEAzkEDLijGOqXNQPAqUjOz5TLuM28SENauknLtcfIyEN/N6PwZ
|
|
||||||
re5DjokxtDPp+c9yP/9qtn7+dBfdUXg2Mu7HQz8lAKniir2ZH+axkjp5LUE6vYJd
|
|
||||||
I1W8lOOc0kXDjozBetgriE0jkgc3v9oDBbLhN5waKR86jpQaNkfnI7/4U3yrlymK
|
|
||||||
yaT3uD6L1ldUJubdQ/xc1HxdmX8VewBnkK1urYyiRbju2iL9YmtSM72yWXvFsD1O
|
|
||||||
I4fP/XuiaymicBmXKL4cu6KYdfn1qeLAV3U35xG597M031WmR5o67rc63sqs+Q//
|
|
||||||
V3dbGqnFXRMkLhoOnuKK0DD28ujY1kctbNQWVQIDAQABAoIBAHFxFJy41H7BXulO
|
|
||||||
rxhTU6jGoHktqBQW4CGwkKTRf3QEhK6WqlEd8Y5eKzZgL1q1HLPSehEyPCYCUjpT
|
|
||||||
EgxlhLeZ7XI1/mIs8iG3swconimj7Pj60Nt0dqq1njWRJYQsKua0Kw1m0B+rVKBy
|
|
||||||
+qKRxondlA32HTD6iIg+eAUTuzO/KzimZcyL9hiT/g6aN9k0H5+qURi8dO7VV8fD
|
|
||||||
zvP8Y+oOGLwW2ccp+ZjFQizjTOkL4lgldr0hsGQXZJNHL94fA7jPdAxAUbnTicMJ
|
|
||||||
oXM++L3eCwIVabipGxxlqCMj9Dn8yfbQvRGzP2e76QDeROYZHX4osH6vLcZEjx9i
|
|
||||||
tJ4J+ekCgYEA82kKzkSKmFo4gZxnqAywlfZ2X2PADuMmHdqdiDFwt54orlMlKf/b
|
|
||||||
wVSvN/djLXwvFHuyzFmJeMFSHKFkYVTOsh8kPSETAIGkcJEMHD3viYn7DwjkQudY
|
|
||||||
vB/FpBWSiDT0T7qDUCzW3iMbx/JvTUSp7uO4ZuwOu6t6v3PEZwIChQ8CgYEA2Ov9
|
|
||||||
FXHmm7sS54HgvZd6Wk8zLMLIDnyMmECjtYOasJ9c40yQHpRlXsb+Dzn/2xhMMwth
|
|
||||||
Bln2hIiJ/e+G0bzFu4x0cItRPOQeRNyz5Pal8EsATeUwcX4KRKOZaUpDkV6XV1L0
|
|
||||||
r/HSk/wed+90B74sGoJY1qsFflOATIUVs7SIllsCgYEAwhGSB/sl9WqZet1U1+um
|
|
||||||
LyqeHlfNnREGJu9Sgm/Iyt1S2gp4qw/QCkiWmyym6nEEqHQnjj4lGR4pdaJIAkI3
|
|
||||||
ulSR9BsWp2S10voSicHn5eUZQld4hs8lNHiwf66jce2mjJrMb3QQrHOZhsWIcDa6
|
|
||||||
tjjhoU28QWzrJRIMGYTEtYkCgYA17NSJlDsj06mra5oXB6Ue9jlekz1wfH3nC4qn
|
|
||||||
AQRfi/5ncw0QzQs2OHnIBz8XlD69IcMI9SxXXioPuo/la+wr54q6v6d+X6c2rzb5
|
|
||||||
YGd4CO0WcDdOv2qGDbWBezi41q8AwlqZsqAKsc5ROnG5ywjjviufkfxXnyJx41O1
|
|
||||||
zNd3qQKBgGEy+EwUXD5iGeQxdCDnd6iVu14SoBscHO5SpIeDu3DIhnu+7gPq2VMg
|
|
||||||
Vp9j/iNVtEA3HyYCOeXc2rz9Di1wwt3YijED4birLAkC5YW6YB9rmLMfCNc1EyLh
|
|
||||||
BKAkUQN3D+XCN4pXdbKvbkOcfYRUHoD+pPBjRYH020OtPBUc6Wkl
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
|
@ -1,25 +0,0 @@
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIEJjCCAg4CCQCmcronmMSqXDANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJV
|
|
||||||
UzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoM
|
|
||||||
BFRlc3QwHhcNMTgwNDE3MDQyNDAwWhcNNDUwOTAyMDQyNDAwWjBpMQswCQYDVQQG
|
|
||||||
EwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xITAfBgNV
|
|
||||||
BAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDESMBAGA1UEAwwJMTI3LjAuMC4x
|
|
||||||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzkEDLijGOqXNQPAqUjOz
|
|
||||||
5TLuM28SENauknLtcfIyEN/N6PwZre5DjokxtDPp+c9yP/9qtn7+dBfdUXg2Mu7H
|
|
||||||
Qz8lAKniir2ZH+axkjp5LUE6vYJdI1W8lOOc0kXDjozBetgriE0jkgc3v9oDBbLh
|
|
||||||
N5waKR86jpQaNkfnI7/4U3yrlymKyaT3uD6L1ldUJubdQ/xc1HxdmX8VewBnkK1u
|
|
||||||
rYyiRbju2iL9YmtSM72yWXvFsD1OI4fP/XuiaymicBmXKL4cu6KYdfn1qeLAV3U3
|
|
||||||
5xG597M031WmR5o67rc63sqs+Q//V3dbGqnFXRMkLhoOnuKK0DD28ujY1kctbNQW
|
|
||||||
VQIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQCVgzqFrehoRAMFLMEL8avfokYtsSYc
|
|
||||||
50Yug4Es0ISo/PRWGeUnv8k1inyE3Y1iR/gbN5n/yjLXJKEflan6BuqGuukfr2eA
|
|
||||||
fRdDCyPvzQLABdxCx2n6ByQFxj92z82tizf35R2OMuHHWzTckta+7s5EvxwIiUsd
|
|
||||||
rUuXp+0ltJzlYYW9xTGFiJO9hAbRgMgZiwL8F7ayic8GmLQ1eRK/DfKDCOH3afeX
|
|
||||||
MNN5FulgjqNyhXHF33vwgIJynGDg2JEhkWjB1DkUAxll0+SMQoYyVGZVrQSGbGw1
|
|
||||||
JhOLc8C8bTzfK3qcJDuyldvjiut+To+lpu76R0u0+sn+wxQFL1uCWuAbMJgGsJgM
|
|
||||||
ARavu2XDeae9X+e8MgJuN1FYS3tihBplPjMJD3UYRybRvHAvQh26BZ7Ch3JNSNST
|
|
||||||
AL2l5T7JKU+XaWWeo+crV+AnGIJyqyh9Su/n97PEoZoEMGH4Kcl/n/w2Jms60+5s
|
|
||||||
K0FK2OGNL42ddUfQiVL9CwYQQo70hydjsIo1x8S6+tSFLMAAysQEToSjfAA6qxDu
|
|
||||||
fgGVMuIYHo0rSkpTVsHVwru08Z5o4m+XDAK0iHalZ4knKsO0lJ+9l7vFnQHlzwt7
|
|
||||||
JTjDhnyOKWPIANeWf3PrHPWE7kKpFVBqFBzOvWLJuxDu5NlgLo1PFahsahTqB9bz
|
|
||||||
qwUyMg/oYWnwqw==
|
|
||||||
-----END CERTIFICATE-----
|
|
|
@ -19,11 +19,11 @@ See the [Tomcat documentation](https://tomcat.apache.org/tomcat-9.0-doc/manager-
|
||||||
## Request timeout
|
## Request timeout
|
||||||
# timeout = "5s"
|
# timeout = "5s"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -10,6 +10,7 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -63,11 +64,7 @@ type Tomcat struct {
|
||||||
Username string
|
Username string
|
||||||
Password string
|
Password string
|
||||||
Timeout internal.Duration
|
Timeout internal.Duration
|
||||||
|
tls.ClientConfig
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
client *http.Client
|
client *http.Client
|
||||||
request *http.Request
|
request *http.Request
|
||||||
|
@ -84,11 +81,11 @@ var sampleconfig = `
|
||||||
## Request timeout
|
## Request timeout
|
||||||
# timeout = "5s"
|
# timeout = "5s"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
`
|
`
|
||||||
|
|
||||||
|
@ -191,8 +188,7 @@ func (s *Tomcat) Gather(acc telegraf.Accumulator) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *Tomcat) createHttpClient() (*http.Client, error) {
|
func (s *Tomcat) createHttpClient() (*http.Client, error) {
|
||||||
tlsConfig, err := internal.GetTLSConfig(
|
tlsConfig, err := s.ClientConfig.TLSConfig()
|
||||||
s.SSLCert, s.SSLKey, s.SSLCA, s.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -18,11 +18,11 @@ The zookeeper plugin collects variables outputted from the 'mntr' command
|
||||||
## Timeout for metric collections from all servers. Minimum timeout is "1s".
|
## Timeout for metric collections from all servers. Minimum timeout is "1s".
|
||||||
# timeout = "5s"
|
# timeout = "5s"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# enable_ssl = true
|
# enable_ssl = true
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## If false, skip chain & host verification
|
## If false, skip chain & host verification
|
||||||
# insecure_skip_verify = true
|
# insecure_skip_verify = true
|
||||||
```
|
```
|
||||||
|
|
|
@ -13,6 +13,7 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
tlsint "github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -21,11 +22,9 @@ type Zookeeper struct {
|
||||||
Servers []string
|
Servers []string
|
||||||
Timeout internal.Duration
|
Timeout internal.Duration
|
||||||
|
|
||||||
EnableSSL bool `toml:"enable_ssl"`
|
EnableTLS bool `toml:"enable_tls"`
|
||||||
SSLCA string `toml:"ssl_ca"`
|
EnableSSL bool `toml:"enable_ssl"` // deprecated in 1.7; use enable_tls
|
||||||
SSLCert string `toml:"ssl_cert"`
|
tlsint.ClientConfig
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
InsecureSkipVerify bool `toml:"insecure_skip_verify"`
|
|
||||||
|
|
||||||
initialized bool
|
initialized bool
|
||||||
tlsConfig *tls.Config
|
tlsConfig *tls.Config
|
||||||
|
@ -42,11 +41,11 @@ var sampleConfig = `
|
||||||
## Timeout for metric collections from all servers. Minimum timeout is "1s".
|
## Timeout for metric collections from all servers. Minimum timeout is "1s".
|
||||||
# timeout = "5s"
|
# timeout = "5s"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# enable_ssl = true
|
# enable_tls = true
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## If false, skip chain & host verification
|
## If false, skip chain & host verification
|
||||||
# insecure_skip_verify = true
|
# insecure_skip_verify = true
|
||||||
`
|
`
|
||||||
|
@ -65,7 +64,7 @@ func (z *Zookeeper) Description() string {
|
||||||
|
|
||||||
func (z *Zookeeper) dial(ctx context.Context, addr string) (net.Conn, error) {
|
func (z *Zookeeper) dial(ctx context.Context, addr string) (net.Conn, error) {
|
||||||
var dialer net.Dialer
|
var dialer net.Dialer
|
||||||
if z.EnableSSL {
|
if z.EnableTLS || z.EnableSSL {
|
||||||
deadline, ok := ctx.Deadline()
|
deadline, ok := ctx.Deadline()
|
||||||
if ok {
|
if ok {
|
||||||
dialer.Deadline = deadline
|
dialer.Deadline = deadline
|
||||||
|
@ -81,8 +80,7 @@ func (z *Zookeeper) Gather(acc telegraf.Accumulator) error {
|
||||||
ctx := context.Background()
|
ctx := context.Background()
|
||||||
|
|
||||||
if !z.initialized {
|
if !z.initialized {
|
||||||
tlsConfig, err := internal.GetTLSConfig(
|
tlsConfig, err := z.ClientConfig.TLSConfig()
|
||||||
z.SSLCert, z.SSLKey, z.SSLCA, z.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -42,11 +42,11 @@ For an introduction to AMQP see:
|
||||||
## to 5s. 0s means no timeout (not recommended).
|
## to 5s. 0s means no timeout (not recommended).
|
||||||
# timeout = "5s"
|
# timeout = "5s"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Data format to output.
|
## Data format to output.
|
||||||
|
|
|
@ -10,6 +10,7 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/outputs"
|
"github.com/influxdata/telegraf/plugins/outputs"
|
||||||
"github.com/influxdata/telegraf/plugins/serializers"
|
"github.com/influxdata/telegraf/plugins/serializers"
|
||||||
|
|
||||||
|
@ -43,14 +44,7 @@ type AMQP struct {
|
||||||
// Valid options are "transient" and "persistent". default: "transient"
|
// Valid options are "transient" and "persistent". default: "transient"
|
||||||
DeliveryMode string
|
DeliveryMode string
|
||||||
|
|
||||||
// Path to CA file
|
tls.ClientConfig
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
sync.Mutex
|
sync.Mutex
|
||||||
c *client
|
c *client
|
||||||
|
@ -99,11 +93,11 @@ var sampleConfig = `
|
||||||
## to 5s. 0s means no timeout (not recommended).
|
## to 5s. 0s means no timeout (not recommended).
|
||||||
# timeout = "5s"
|
# timeout = "5s"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Data format to output.
|
## Data format to output.
|
||||||
|
@ -137,8 +131,7 @@ func (q *AMQP) Connect() error {
|
||||||
|
|
||||||
var connection *amqp.Connection
|
var connection *amqp.Connection
|
||||||
// make new tls config
|
// make new tls config
|
||||||
tls, err := internal.GetTLSConfig(
|
tls, err := q.ClientConfig.TLSConfig()
|
||||||
q.SSLCert, q.SSLKey, q.SSLCA, q.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -180,11 +180,11 @@ This plugin will format the events in the following way:
|
||||||
# default_tag_value = "none"
|
# default_tag_value = "none"
|
||||||
index_name = "telegraf-%Y.%m.%d" # required.
|
index_name = "telegraf-%Y.%m.%d" # required.
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Template Config
|
## Template Config
|
||||||
|
@ -230,4 +230,4 @@ Integer values collected that are bigger than 2^63 and smaller than 1e21 (or in
|
||||||
|
|
||||||
The correct field mapping will be created on the telegraf index as soon as a supported JSON value is received by Elasticsearch, and subsequent insertions will work because the field mapping will already exist.
|
The correct field mapping will be created on the telegraf index as soon as a supported JSON value is received by Elasticsearch, and subsequent insertions will work because the field mapping will already exist.
|
||||||
|
|
||||||
This issue is caused by the way Elasticsearch tries to detect integer fields, and by how golang encodes numbers in JSON. There is no clear workaround for this at the moment.
|
This issue is caused by the way Elasticsearch tries to detect integer fields, and by how golang encodes numbers in JSON. There is no clear workaround for this at the moment.
|
||||||
|
|
|
@ -11,6 +11,7 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/outputs"
|
"github.com/influxdata/telegraf/plugins/outputs"
|
||||||
"gopkg.in/olivere/elastic.v5"
|
"gopkg.in/olivere/elastic.v5"
|
||||||
)
|
)
|
||||||
|
@ -28,11 +29,9 @@ type Elasticsearch struct {
|
||||||
ManageTemplate bool
|
ManageTemplate bool
|
||||||
TemplateName string
|
TemplateName string
|
||||||
OverwriteTemplate bool
|
OverwriteTemplate bool
|
||||||
SSLCA string `toml:"ssl_ca"` // Path to CA file
|
tls.ClientConfig
|
||||||
SSLCert string `toml:"ssl_cert"` // Path to host cert file
|
|
||||||
SSLKey string `toml:"ssl_key"` // Path to cert key file
|
Client *elastic.Client
|
||||||
InsecureSkipVerify bool // Use SSL but skip chain & host verification
|
|
||||||
Client *elastic.Client
|
|
||||||
}
|
}
|
||||||
|
|
||||||
var sampleConfig = `
|
var sampleConfig = `
|
||||||
|
@ -69,11 +68,11 @@ var sampleConfig = `
|
||||||
# default_tag_value = "none"
|
# default_tag_value = "none"
|
||||||
index_name = "telegraf-%Y.%m.%d" # required.
|
index_name = "telegraf-%Y.%m.%d" # required.
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Template Config
|
## Template Config
|
||||||
|
@ -96,7 +95,7 @@ func (a *Elasticsearch) Connect() error {
|
||||||
|
|
||||||
var clientOptions []elastic.ClientOptionFunc
|
var clientOptions []elastic.ClientOptionFunc
|
||||||
|
|
||||||
tlsCfg, err := internal.GetTLSConfig(a.SSLCert, a.SSLKey, a.SSLCA, a.InsecureSkipVerify)
|
tlsCfg, err := a.ClientConfig.TLSConfig()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,42 +20,10 @@ via raw TCP.
|
||||||
## timeout in seconds for the write connection to graphite
|
## timeout in seconds for the write connection to graphite
|
||||||
timeout = 2
|
timeout = 2
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
```
|
```
|
||||||
|
|
||||||
Parameters:
|
|
||||||
|
|
||||||
Servers []string
|
|
||||||
Prefix string
|
|
||||||
Timeout int
|
|
||||||
Template string
|
|
||||||
|
|
||||||
// Path to CA file
|
|
||||||
SSLCA string
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string
|
|
||||||
// Skip SSL verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
### Required parameters:
|
|
||||||
|
|
||||||
* `servers`: List of strings, ["mygraphiteserver:2003"].
|
|
||||||
* `prefix`: String use to prefix all sent metrics.
|
|
||||||
* `timeout`: Connection timeout in seconds.
|
|
||||||
* `template`: Template for graphite output format, see
|
|
||||||
https://github.com/influxdata/telegraf/blob/master/docs/DATA_FORMATS_OUTPUT.md
|
|
||||||
for more details.
|
|
||||||
|
|
||||||
### Optional parameters:
|
|
||||||
|
|
||||||
* `ssl_ca`: SSL CA
|
|
||||||
* `ssl_cert`: SSL CERT
|
|
||||||
* `ssl_key`: SSL key
|
|
||||||
* `insecure_skip_verify`: Use SSL but skip chain & host verification (default: false)
|
|
||||||
|
|
|
@ -10,7 +10,7 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
tlsint "github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/outputs"
|
"github.com/influxdata/telegraf/plugins/outputs"
|
||||||
"github.com/influxdata/telegraf/plugins/serializers"
|
"github.com/influxdata/telegraf/plugins/serializers"
|
||||||
)
|
)
|
||||||
|
@ -22,18 +22,7 @@ type Graphite struct {
|
||||||
Template string
|
Template string
|
||||||
Timeout int
|
Timeout int
|
||||||
conns []net.Conn
|
conns []net.Conn
|
||||||
|
tlsint.ClientConfig
|
||||||
// Path to CA file
|
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Skip SSL verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
// tls config
|
|
||||||
tlsConfig *tls.Config
|
|
||||||
}
|
}
|
||||||
|
|
||||||
var sampleConfig = `
|
var sampleConfig = `
|
||||||
|
@ -49,11 +38,11 @@ var sampleConfig = `
|
||||||
## timeout in seconds for the write connection to graphite
|
## timeout in seconds for the write connection to graphite
|
||||||
timeout = 2
|
timeout = 2
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
`
|
`
|
||||||
|
|
||||||
|
@ -67,9 +56,7 @@ func (g *Graphite) Connect() error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set tls config
|
// Set tls config
|
||||||
var err error
|
tlsConfig, err := g.ClientConfig.TLSConfig()
|
||||||
g.tlsConfig, err = internal.GetTLSConfig(
|
|
||||||
g.SSLCert, g.SSLKey, g.SSLCA, g.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -82,8 +69,8 @@ func (g *Graphite) Connect() error {
|
||||||
|
|
||||||
// Get secure connection if tls config is set
|
// Get secure connection if tls config is set
|
||||||
var conn net.Conn
|
var conn net.Conn
|
||||||
if g.tlsConfig != nil {
|
if tlsConfig != nil {
|
||||||
conn, err = tls.DialWithDialer(&d, "tcp", server, g.tlsConfig)
|
conn, err = tls.DialWithDialer(&d, "tcp", server, tlsConfig)
|
||||||
} else {
|
} else {
|
||||||
conn, err = d.Dial("tcp", server)
|
conn, err = d.Dial("tcp", server)
|
||||||
}
|
}
|
||||||
|
|
|
@ -44,11 +44,11 @@ This InfluxDB output plugin writes metrics to the [InfluxDB](https://github.com/
|
||||||
## UDP payload size is the maximum packet size to send.
|
## UDP payload size is the maximum packet size to send.
|
||||||
# udp_payload = 512
|
# udp_payload = 512
|
||||||
|
|
||||||
## Optional SSL Config for use on HTTP connections.
|
## Optional TLS Config for use on HTTP connections.
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## HTTP Proxy override, if unset values the standard proxy environment
|
## HTTP Proxy override, if unset values the standard proxy environment
|
||||||
|
|
|
@ -11,6 +11,7 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/outputs"
|
"github.com/influxdata/telegraf/plugins/outputs"
|
||||||
"github.com/influxdata/telegraf/plugins/serializers/influx"
|
"github.com/influxdata/telegraf/plugins/serializers/influx"
|
||||||
)
|
)
|
||||||
|
@ -46,15 +47,7 @@ type InfluxDB struct {
|
||||||
ContentEncoding string `toml:"content_encoding"`
|
ContentEncoding string `toml:"content_encoding"`
|
||||||
SkipDatabaseCreation bool `toml:"skip_database_creation"`
|
SkipDatabaseCreation bool `toml:"skip_database_creation"`
|
||||||
InfluxUintSupport bool `toml:"influx_uint_support"`
|
InfluxUintSupport bool `toml:"influx_uint_support"`
|
||||||
|
tls.ClientConfig
|
||||||
// Path to CA file
|
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
Precision string // precision deprecated in 1.0; value is ignored
|
Precision string // precision deprecated in 1.0; value is ignored
|
||||||
|
|
||||||
|
@ -104,11 +97,11 @@ var sampleConfig = `
|
||||||
## UDP payload size is the maximum packet size to send.
|
## UDP payload size is the maximum packet size to send.
|
||||||
# udp_payload = 512
|
# udp_payload = 512
|
||||||
|
|
||||||
## Optional SSL Config for use on HTTP connections.
|
## Optional TLS Config for use on HTTP connections.
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## HTTP Proxy override, if unset values the standard proxy environment
|
## HTTP Proxy override, if unset values the standard proxy environment
|
||||||
|
@ -245,8 +238,7 @@ func (i *InfluxDB) udpClient(url *url.URL) (Client, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (i *InfluxDB) httpClient(ctx context.Context, url *url.URL, proxy *url.URL) (Client, error) {
|
func (i *InfluxDB) httpClient(ctx context.Context, url *url.URL, proxy *url.URL) (Client, error) {
|
||||||
tlsConfig, err := internal.GetTLSConfig(
|
tlsConfig, err := i.ClientConfig.TLSConfig()
|
||||||
i.SSLCert, i.SSLKey, i.SSLCA, i.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,6 +8,7 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/metric"
|
"github.com/influxdata/telegraf/metric"
|
||||||
"github.com/influxdata/telegraf/plugins/outputs/influxdb"
|
"github.com/influxdata/telegraf/plugins/outputs/influxdb"
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
|
@ -104,8 +105,10 @@ func TestConnectHTTPConfig(t *testing.T) {
|
||||||
HTTPHeaders: map[string]string{
|
HTTPHeaders: map[string]string{
|
||||||
"x": "y",
|
"x": "y",
|
||||||
},
|
},
|
||||||
ContentEncoding: "gzip",
|
ContentEncoding: "gzip",
|
||||||
InsecureSkipVerify: true,
|
ClientConfig: tls.ClientConfig{
|
||||||
|
InsecureSkipVerify: true,
|
||||||
|
},
|
||||||
|
|
||||||
CreateHTTPClientF: func(config *influxdb.HTTPConfig) (influxdb.Client, error) {
|
CreateHTTPClientF: func(config *influxdb.HTTPConfig) (influxdb.Client, error) {
|
||||||
actual = config
|
actual = config
|
||||||
|
|
|
@ -68,11 +68,11 @@ This plugin writes to a [Kafka Broker](http://kafka.apache.org/07/quickstart.htm
|
||||||
## until the next flush.
|
## until the next flush.
|
||||||
# max_retry = 3
|
# max_retry = 3
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Optional SASL Config
|
## Optional SASL Config
|
||||||
|
|
|
@ -6,7 +6,7 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
tlsint "github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/outputs"
|
"github.com/influxdata/telegraf/plugins/outputs"
|
||||||
"github.com/influxdata/telegraf/plugins/serializers"
|
"github.com/influxdata/telegraf/plugins/serializers"
|
||||||
|
|
||||||
|
@ -36,7 +36,7 @@ type (
|
||||||
// MaxRetry Tag
|
// MaxRetry Tag
|
||||||
MaxRetry int
|
MaxRetry int
|
||||||
|
|
||||||
// Legacy SSL config options
|
// Legacy TLS config options
|
||||||
// TLS client certificate
|
// TLS client certificate
|
||||||
Certificate string
|
Certificate string
|
||||||
// TLS client key
|
// TLS client key
|
||||||
|
@ -44,15 +44,7 @@ type (
|
||||||
// TLS certificate authority
|
// TLS certificate authority
|
||||||
CA string
|
CA string
|
||||||
|
|
||||||
// Path to CA file
|
tlsint.ClientConfig
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
|
|
||||||
// Skip SSL verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
// SASL Username
|
// SASL Username
|
||||||
SASLUsername string `toml:"sasl_username"`
|
SASLUsername string `toml:"sasl_username"`
|
||||||
|
@ -135,11 +127,11 @@ var sampleConfig = `
|
||||||
## until the next flush.
|
## until the next flush.
|
||||||
# max_retry = 3
|
# max_retry = 3
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Optional SASL Config
|
## Optional SASL Config
|
||||||
|
@ -201,13 +193,12 @@ func (k *Kafka) Connect() error {
|
||||||
|
|
||||||
// Legacy support ssl config
|
// Legacy support ssl config
|
||||||
if k.Certificate != "" {
|
if k.Certificate != "" {
|
||||||
k.SSLCert = k.Certificate
|
k.TLSCert = k.Certificate
|
||||||
k.SSLCA = k.CA
|
k.TLSCA = k.CA
|
||||||
k.SSLKey = k.Key
|
k.TLSKey = k.Key
|
||||||
}
|
}
|
||||||
|
|
||||||
tlsConfig, err := internal.GetTLSConfig(
|
tlsConfig, err := k.ClientConfig.TLSConfig()
|
||||||
k.SSLCert, k.SSLKey, k.SSLCA, k.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -22,12 +22,12 @@ This plugin writes to a [MQTT Broker](http://http://mqtt.org/) acting as a mqtt
|
||||||
|
|
||||||
## Timeout for write operations. default: 5s
|
## Timeout for write operations. default: 5s
|
||||||
# timeout = "5s"
|
# timeout = "5s"
|
||||||
## Optional SSL Config
|
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
|
||||||
|
|
||||||
## Use SSL but skip chain & host verification
|
## Optional TLS Config
|
||||||
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Data format to output.
|
## Data format to output.
|
||||||
|
@ -45,8 +45,8 @@ This plugin writes to a [MQTT Broker](http://http://mqtt.org/) acting as a mqtt
|
||||||
* `password`: The password to connect MQTT server.
|
* `password`: The password to connect MQTT server.
|
||||||
* `client_id`: The unique client id to connect MQTT server. If this paramater is not set then a random ID is generated.
|
* `client_id`: The unique client id to connect MQTT server. If this paramater is not set then a random ID is generated.
|
||||||
* `timeout`: Timeout for write operations. default: 5s
|
* `timeout`: Timeout for write operations. default: 5s
|
||||||
* `ssl_ca`: SSL CA
|
* `tls_ca`: TLS CA
|
||||||
* `ssl_cert`: SSL CERT
|
* `tls_cert`: TLS CERT
|
||||||
* `ssl_key`: SSL key
|
* `tls_key`: TLS key
|
||||||
* `insecure_skip_verify`: Use SSL but skip chain & host verification (default: false)
|
* `insecure_skip_verify`: Use TLS but skip chain & host verification (default: false)
|
||||||
* `data_format`: [About Telegraf data formats](https://github.com/influxdata/telegraf/blob/master/docs/DATA_FORMATS_OUTPUT.md)
|
* `data_format`: [About Telegraf data formats](https://github.com/influxdata/telegraf/blob/master/docs/DATA_FORMATS_OUTPUT.md)
|
||||||
|
|
|
@ -8,6 +8,7 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/outputs"
|
"github.com/influxdata/telegraf/plugins/outputs"
|
||||||
"github.com/influxdata/telegraf/plugins/serializers"
|
"github.com/influxdata/telegraf/plugins/serializers"
|
||||||
|
|
||||||
|
@ -32,11 +33,11 @@ var sampleConfig = `
|
||||||
## client ID, if not set a random ID is generated
|
## client ID, if not set a random ID is generated
|
||||||
# client_id = ""
|
# client_id = ""
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Data format to output.
|
## Data format to output.
|
||||||
|
@ -55,15 +56,7 @@ type MQTT struct {
|
||||||
TopicPrefix string
|
TopicPrefix string
|
||||||
QoS int `toml:"qos"`
|
QoS int `toml:"qos"`
|
||||||
ClientID string `toml:"client_id"`
|
ClientID string `toml:"client_id"`
|
||||||
|
tls.ClientConfig
|
||||||
// Path to CA file
|
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
client paho.Client
|
client paho.Client
|
||||||
opts *paho.ClientOptions
|
opts *paho.ClientOptions
|
||||||
|
@ -174,8 +167,7 @@ func (m *MQTT) createOpts() (*paho.ClientOptions, error) {
|
||||||
opts.SetClientID("Telegraf-Output-" + internal.RandomString(5))
|
opts.SetClientID("Telegraf-Output-" + internal.RandomString(5))
|
||||||
}
|
}
|
||||||
|
|
||||||
tlsCfg, err := internal.GetTLSConfig(
|
tlsCfg, err := m.ClientConfig.TLSConfig()
|
||||||
m.SSLCert, m.SSLKey, m.SSLCA, m.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,7 +6,7 @@ import (
|
||||||
nats_client "github.com/nats-io/nats"
|
nats_client "github.com/nats-io/nats"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/outputs"
|
"github.com/influxdata/telegraf/plugins/outputs"
|
||||||
"github.com/influxdata/telegraf/plugins/serializers"
|
"github.com/influxdata/telegraf/plugins/serializers"
|
||||||
)
|
)
|
||||||
|
@ -19,15 +19,7 @@ type NATS struct {
|
||||||
Password string
|
Password string
|
||||||
// NATS subject to publish metrics to
|
// NATS subject to publish metrics to
|
||||||
Subject string
|
Subject string
|
||||||
|
tls.ClientConfig
|
||||||
// Path to CA file
|
|
||||||
SSLCA string `toml:"ssl_ca"`
|
|
||||||
// Path to host cert file
|
|
||||||
SSLCert string `toml:"ssl_cert"`
|
|
||||||
// Path to cert key file
|
|
||||||
SSLKey string `toml:"ssl_key"`
|
|
||||||
// Use SSL but skip chain & host verification
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
conn *nats_client.Conn
|
conn *nats_client.Conn
|
||||||
serializer serializers.Serializer
|
serializer serializers.Serializer
|
||||||
|
@ -42,11 +34,11 @@ var sampleConfig = `
|
||||||
## NATS subject for producer messages
|
## NATS subject for producer messages
|
||||||
subject = "telegraf"
|
subject = "telegraf"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Data format to output.
|
## Data format to output.
|
||||||
|
@ -79,8 +71,7 @@ func (n *NATS) Connect() error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// override TLS, if it was specified
|
// override TLS, if it was specified
|
||||||
tlsConfig, err := internal.GetTLSConfig(
|
tlsConfig, err := n.ClientConfig.TLSConfig()
|
||||||
n.SSLCert, n.SSLKey, n.SSLCA, n.InsecureSkipVerify)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,11 +19,11 @@ It can output data in any of the [supported output formats](https://github.com/i
|
||||||
# address = "unix:///tmp/telegraf.sock"
|
# address = "unix:///tmp/telegraf.sock"
|
||||||
# address = "unixgram:///tmp/telegraf.sock"
|
# address = "unixgram:///tmp/telegraf.sock"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Period between keep alive probes.
|
## Period between keep alive probes.
|
||||||
|
|
|
@ -10,17 +10,15 @@ import (
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
tlsint "github.com/influxdata/telegraf/internal/tls"
|
||||||
"github.com/influxdata/telegraf/plugins/outputs"
|
"github.com/influxdata/telegraf/plugins/outputs"
|
||||||
"github.com/influxdata/telegraf/plugins/serializers"
|
"github.com/influxdata/telegraf/plugins/serializers"
|
||||||
)
|
)
|
||||||
|
|
||||||
type SocketWriter struct {
|
type SocketWriter struct {
|
||||||
Address string
|
Address string
|
||||||
KeepAlivePeriod *internal.Duration
|
KeepAlivePeriod *internal.Duration
|
||||||
SSLCA string
|
tlsint.ClientConfig
|
||||||
SSLCert string
|
|
||||||
SSLKey string
|
|
||||||
InsecureSkipVerify bool
|
|
||||||
|
|
||||||
serializers.Serializer
|
serializers.Serializer
|
||||||
|
|
||||||
|
@ -45,11 +43,11 @@ func (sw *SocketWriter) SampleConfig() string {
|
||||||
# address = "unix:///tmp/telegraf.sock"
|
# address = "unix:///tmp/telegraf.sock"
|
||||||
# address = "unixgram:///tmp/telegraf.sock"
|
# address = "unixgram:///tmp/telegraf.sock"
|
||||||
|
|
||||||
## Optional SSL Config
|
## Optional TLS Config
|
||||||
# ssl_ca = "/etc/telegraf/ca.pem"
|
# tls_ca = "/etc/telegraf/ca.pem"
|
||||||
# ssl_cert = "/etc/telegraf/cert.pem"
|
# tls_cert = "/etc/telegraf/cert.pem"
|
||||||
# ssl_key = "/etc/telegraf/key.pem"
|
# tls_key = "/etc/telegraf/key.pem"
|
||||||
## Use SSL but skip chain & host verification
|
## Use TLS but skip chain & host verification
|
||||||
# insecure_skip_verify = false
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
## Period between keep alive probes.
|
## Period between keep alive probes.
|
||||||
|
@ -76,7 +74,7 @@ func (sw *SocketWriter) Connect() error {
|
||||||
return fmt.Errorf("invalid address: %s", sw.Address)
|
return fmt.Errorf("invalid address: %s", sw.Address)
|
||||||
}
|
}
|
||||||
|
|
||||||
tlsCfg, err := internal.GetTLSConfig(sw.SSLCert, sw.SSLKey, sw.SSLCA, sw.InsecureSkipVerify)
|
tlsCfg, err := sw.ClientConfig.TLSConfig()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,12 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB0TCCATqgAwIBAgIJAMgbq6rkA4b/MA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNV
|
||||||
|
BAMMEFRlbGVncmFmIFRlc3QgQ0EwHhcNMTgwNTAzMDEwNTI5WhcNMjgwNDMwMDEw
|
||||||
|
NTI5WjAbMRkwFwYDVQQDDBBUZWxlZ3JhZiBUZXN0IENBMIGfMA0GCSqGSIb3DQEB
|
||||||
|
AQUAA4GNADCBiQKBgQDTySxyXeyQQjCOtNQ/7cKtXN91sp4B1k7whPKBO6yXEFFR
|
||||||
|
rYaw76xY5CTTPTJaAPBJ+amHPdPGfmGq6yX10tjAaWQQYV26Axngfpti6F14ci0/
|
||||||
|
X/sTay8ii/4Du5DRr9f9rHVimPASR1fkgK+IFhXnONn1R+pNbHYmGS4OVNyoPwID
|
||||||
|
AQABox0wGzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsF
|
||||||
|
AAOBgQA9v3eMU33q+bGPEd65kKQcVddPEFdSqmuUJMeO2VQmUFc/ejkP48u42eDK
|
||||||
|
Y1GAR+209XgkuWItEBH8HJysOU2plunuIPXpnPcxyP30tpFVLaWzWTQvUehhYpfQ
|
||||||
|
C0v9Re3jdLfLORxiaAPyyKogMpAQrjGX+u1aMSOCkcTD2Hjvbw==
|
||||||
|
-----END CERTIFICATE-----
|
|
@ -0,0 +1,16 @@
|
||||||
|
-----BEGIN PRIVATE KEY-----
|
||||||
|
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANPJLHJd7JBCMI60
|
||||||
|
1D/twq1c33WyngHWTvCE8oE7rJcQUVGthrDvrFjkJNM9MloA8En5qYc908Z+Yarr
|
||||||
|
JfXS2MBpZBBhXboDGeB+m2LoXXhyLT9f+xNrLyKL/gO7kNGv1/2sdWKY8BJHV+SA
|
||||||
|
r4gWFec42fVH6k1sdiYZLg5U3Kg/AgMBAAECgYA2PCtssk7Vdo3WzcoZAPs8yC7V
|
||||||
|
hkNedxJKF9G+dJizKtOYVhbLEuWQ8gPYMLDHSbw/RXc7kgK8rzq1uXhEJpWo4THD
|
||||||
|
CUUlxGRu3gt94202hbnEnV93Kix4hP98qpv1jPErlx2KywsRPTegMnUAZ2xeI564
|
||||||
|
yYwDITqXALa/PqRqSQJBAPPZQeRDtBSfEjZFJS3IgUkmN3RJn4rJz+6D0ahgXPga
|
||||||
|
YAYVe8SJyj2epLJP2aOBzrqBSUVkVGg8qOG5w+ibebsCQQDeVuUzYOffthO5f1Hl
|
||||||
|
LvdEmfaHjXI0Q+grOnDjNRcvQaCDYYkC9JewBQmnpFrd85rN/Leo0gQ5Yyxp/ja5
|
||||||
|
gPFNAkAFwn/38FF0mz1G4uM57Z6AJ9LvgD2wfYvXym1NWNlZUuYpvqApyEdqpTCm
|
||||||
|
tZQidJJ5fUxJw1DrFWO30Td7axC5AkEAjSbRX6rXyhiHsS35SexlInI0Jp5PsIqj
|
||||||
|
7D2vyS69R0z8oCvdlbi+TAsGtB0Navbqgnc8Cbs630vsuGWhTGdlyQJBAKqQ2gYw
|
||||||
|
+WeXH77FP8yDQOjpFw80tSyXVykT0Am75RF3sQ1OIn0o0DLhE+he0crb2n8g3FJh
|
||||||
|
WyxmGkbTDelSG20=
|
||||||
|
-----END PRIVATE KEY-----
|
|
@ -0,0 +1,13 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB+TCCAWKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDDBBUZWxl
|
||||||
|
Z3JhZiBUZXN0IENBMB4XDTE4MDUwMzAxMDUyOVoXDTI4MDQzMDAxMDUyOVowHTEb
|
||||||
|
MBkGA1UEAwwSY2xpZW50LmxvY2FsZG9tYWluMIGfMA0GCSqGSIb3DQEBAQUAA4GN
|
||||||
|
ADCBiQKBgQDX7Plvu0MJtA9TrusYtQnAogsdiYJZd9wfFIjH5FxE3SWJ4KAIE+yR
|
||||||
|
WRqcqX8XnpieQLaNsfXhDPWLkWngTDydk4NO/jlAQk0e6+9+NeiZ2ViIHmtXERb9
|
||||||
|
CyiiWUmo+YCd69lhzSEIMK9EPBSDHQTgQMtEfGak03G5rx3MCakE1QIDAQABo0sw
|
||||||
|
STAJBgNVHRMEAjAAMAsGA1UdDwQEAwIHgDAaBgNVHREEEzARgglsb2NhbGhvc3SH
|
||||||
|
BH8AAAEwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADgYEAVry0
|
||||||
|
L07oTN+FMLncY/Be9BzFB3b3mnbxbZr58OgI4WHuOeYBuvDI033FIIIzpwb8XYpG
|
||||||
|
HJkZlSbviqq19lAh/Cktl35BCNrA6Uc+dgW7QWhnYS2tZandVTo/8FFstJTNiiLw
|
||||||
|
uiz/Hr3mRXUIDi5OygJHY1IZr8hFTOOJY+0ws3E=
|
||||||
|
-----END CERTIFICATE-----
|
|
@ -0,0 +1,15 @@
|
||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
MIICXAIBAAKBgQDX7Plvu0MJtA9TrusYtQnAogsdiYJZd9wfFIjH5FxE3SWJ4KAI
|
||||||
|
E+yRWRqcqX8XnpieQLaNsfXhDPWLkWngTDydk4NO/jlAQk0e6+9+NeiZ2ViIHmtX
|
||||||
|
ERb9CyiiWUmo+YCd69lhzSEIMK9EPBSDHQTgQMtEfGak03G5rx3MCakE1QIDAQAB
|
||||||
|
AoGAOjRU4Lt3zKvO3d3u3ZAfet+zY1jn3DolCfO9EzUJcj6ymcIFIWhNgrikJcrC
|
||||||
|
yZkkxrPnAbcQ8oNNxTuDcMTcKZbnyUnlQj5NtVuty5Q+zgf3/Q2pRhaE+TwrpOJ+
|
||||||
|
ETtVp9R/PrPN2NC5wPo289fPNWFYkd4DPbdWZp5AJHz1XYECQQD3kKpinJxMYp9F
|
||||||
|
Q1Qj1OkxGln0KPgdqRYjjW/rXI4/hUodfg+xXWHPFSGj3AgEjQIvuengbOAeH3qo
|
||||||
|
wF1uxVTlAkEA30hXM3EbboMCDQzNRNkkV9EiZ0MZXhj1aIGl+sQZOmOeFdcdjGkD
|
||||||
|
dsA42nmaYqXCD9KAvc+S/tGJaa0Qg0VhMQJAb2+TAqh0Qn3yK39PFIH2JcAy1ZDL
|
||||||
|
fq5p5L75rfwPm9AnuHbSIYhjSo+8gMG+ai3+2fTZrcfUajrJP8S3SfFRcQJBANQQ
|
||||||
|
POHatxcKzlPeqMaPBXlyY553mAxK4CnVmPLGdL+EBYzwtlu5EVUj09uMSxkOHXYx
|
||||||
|
k5yzHQVvtXbsrBZBOsECQBJLlkMjJmXrIIdLPmHQWL3bm9MMg1PqzupSEwz6cyrG
|
||||||
|
uIIm/X91pDyxCHaKYWp38FXBkYAgohI8ow5/sgRvU5w=
|
||||||
|
-----END RSA PRIVATE KEY-----
|
|
@ -0,0 +1,13 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB+TCCAWKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDDBBUZWxl
|
||||||
|
Z3JhZiBUZXN0IENBMB4XDTE4MDUwMzAxMDUyOVoXDTI4MDQzMDAxMDUyOVowHTEb
|
||||||
|
MBkGA1UEAwwSc2VydmVyLmxvY2FsZG9tYWluMIGfMA0GCSqGSIb3DQEBAQUAA4GN
|
||||||
|
ADCBiQKBgQDTBmLJ0pBFUxnPkkx38sBnOKvs+OinVqxTnVcc1iCyQJQleB37uY6D
|
||||||
|
L55mSsPvnad/oDpyGpHt4RVtrhmyC6ptSrWLyk7mraeAo30Cooqr5tA9A+6yj0ij
|
||||||
|
ySLlYimTMQy8tbnVNWLwKbxgT9N4NlUzwyqxLWUMfRzLfmefqzk5bQIDAQABo0sw
|
||||||
|
STAJBgNVHRMEAjAAMBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATALBgNVHQ8E
|
||||||
|
BAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADgYEATNnM
|
||||||
|
ol0s29lJ+WkP+HUFtKaXxQ+kXLADqfhsk2G1/kZAVRHsYUDlJ+GkHnWIHlg/ggIP
|
||||||
|
JS+z44iwMPOtzJQI7MvAFYVKpYAEdIFTjXf6GafLjUfoXYi0vwHoVJHtQu3Kpm9L
|
||||||
|
Ugm02h0ycIadN8RdWAAFUf6XpVKUJa0YYLuyaXY=
|
||||||
|
-----END CERTIFICATE-----
|
|
@ -0,0 +1,15 @@
|
||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
MIICXQIBAAKBgQDTBmLJ0pBFUxnPkkx38sBnOKvs+OinVqxTnVcc1iCyQJQleB37
|
||||||
|
uY6DL55mSsPvnad/oDpyGpHt4RVtrhmyC6ptSrWLyk7mraeAo30Cooqr5tA9A+6y
|
||||||
|
j0ijySLlYimTMQy8tbnVNWLwKbxgT9N4NlUzwyqxLWUMfRzLfmefqzk5bQIDAQAB
|
||||||
|
AoGBALWQAgFJxM2QwV1hr59oYnitPudmBa6smRpb/q6V4Y3cmFpgrdN+hIqEtxGl
|
||||||
|
9E0+5PWfI4o3KCV2itxSdlNFTDyqTZkM+BT8PPKISzAewkdqnKjbWgAmluzOJH4O
|
||||||
|
hc1zBfIOuT5+cfx5JR5/j9BhWVC7BJ+EiREkd/Z8ZnAMeItVAkEA8bhcC+8luiFQ
|
||||||
|
6kytXx2XfbKKh4Q99+KEQHqSGeuHZOcnWfjX99jo67CIxpwBRENslpZOw78fBmi4
|
||||||
|
4kf8j+dgLwJBAN99zyRxYzKc8TSsy/fF+3V/Ex75HYGGS/eOWcwPFXpGNA63hIa8
|
||||||
|
fJ/2pDnLzCqLZ9vWdBF39NtkacJS7bo6XSMCQQCZgN2bipSn3k53bJhRJga1gXOt
|
||||||
|
2dJMoGIiXHR513QVJSJ9ZaUpNWu9eU9y6VF4m2TTQMLmVnIKbOi0csi2TlZrAkAi
|
||||||
|
7URsC5RXGpPPiZmutTAhIqTYWFI2JcjFfWenLkxK+aG1ExURAW/wh9kOdz0HARZQ
|
||||||
|
Eum8uSR5DO5CQjeIvQpFAkAgZJXAwRxuts/p1EoLuPCJTaDkIY2vc0AJzzr5nuAs
|
||||||
|
pyjnLYCYqSBUJ+3nDDBqNYpgxCJddzmjNxGuO7mef9Ue
|
||||||
|
-----END RSA PRIVATE KEY-----
|
|
@ -46,21 +46,31 @@ keyUsage = keyCertSign, cRLSign
|
||||||
[ client_ca_extensions ]
|
[ client_ca_extensions ]
|
||||||
basicConstraints = CA:false
|
basicConstraints = CA:false
|
||||||
keyUsage = digitalSignature
|
keyUsage = digitalSignature
|
||||||
|
subjectAltName = @client_alt_names
|
||||||
extendedKeyUsage = 1.3.6.1.5.5.7.3.2
|
extendedKeyUsage = 1.3.6.1.5.5.7.3.2
|
||||||
|
|
||||||
|
[ client_alt_names ]
|
||||||
|
DNS.1 = localhost
|
||||||
|
IP.1 = 127.0.0.1
|
||||||
|
|
||||||
[ server_ca_extensions ]
|
[ server_ca_extensions ]
|
||||||
basicConstraints = CA:false
|
basicConstraints = CA:false
|
||||||
keyUsage = keyEncipherment
|
subjectAltName = @server_alt_names
|
||||||
|
keyUsage = keyEncipherment, digitalSignature
|
||||||
extendedKeyUsage = 1.3.6.1.5.5.7.3.1
|
extendedKeyUsage = 1.3.6.1.5.5.7.3.1
|
||||||
|
|
||||||
|
[ server_alt_names ]
|
||||||
|
DNS.1 = localhost
|
||||||
|
IP.1 = 127.0.0.1
|
||||||
EOF
|
EOF
|
||||||
openssl req -x509 -config ./openssl.conf -days 3650 -newkey rsa:1024 -out ./certs/cacert.pem -keyout ./private/cakey.pem -subj "/CN=Telegraf CA/" -nodes &&
|
openssl req -x509 -config ./openssl.conf -days 3650 -newkey rsa:1024 -out ./certs/cacert.pem -keyout ./private/cakey.pem -subj "/CN=Telegraf Test CA/" -nodes &&
|
||||||
|
|
||||||
# Create server keypair
|
# Create server keypair
|
||||||
openssl genrsa -out ./private/serverkey.pem 1024 &&
|
openssl genrsa -out ./private/serverkey.pem 1024 &&
|
||||||
openssl req -new -key ./private/serverkey.pem -out ./certs/servercsr.pem -outform PEM -subj "/CN=localhost/O=server/" &&
|
openssl req -new -key ./private/serverkey.pem -out ./certs/servercsr.pem -outform PEM -subj "/CN=server.localdomain/O=server/" &&
|
||||||
openssl ca -config ./openssl.conf -in ./certs/servercsr.pem -out ./certs/servercert.pem -notext -batch -extensions server_ca_extensions &&
|
openssl ca -config ./openssl.conf -in ./certs/servercsr.pem -out ./certs/servercert.pem -notext -batch -extensions server_ca_extensions &&
|
||||||
|
|
||||||
# Create client keypair
|
# Create client keypair
|
||||||
openssl genrsa -out ./private/clientkey.pem 1024 &&
|
openssl genrsa -out ./private/clientkey.pem 1024 &&
|
||||||
openssl req -new -key ./private/clientkey.pem -out ./certs/clientcsr.pem -outform PEM -subj "/CN=telegraf/O=client/" &&
|
openssl req -new -key ./private/clientkey.pem -out ./certs/clientcsr.pem -outform PEM -subj "/CN=client.localdomain/O=client/" &&
|
||||||
openssl ca -config ./openssl.conf -in ./certs/clientcsr.pem -out ./certs/clientcert.pem -notext -batch -extensions client_ca_extensions
|
openssl ca -config ./openssl.conf -in ./certs/clientcsr.pem -out ./certs/clientcert.pem -notext -batch -extensions client_ca_extensions
|
|
@ -0,0 +1,86 @@
|
||||||
|
package testutil
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"io/ioutil"
|
||||||
|
"os"
|
||||||
|
"path"
|
||||||
|
|
||||||
|
"github.com/influxdata/telegraf/internal/tls"
|
||||||
|
)
|
||||||
|
|
||||||
|
type pki struct {
|
||||||
|
path string
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewPKI(path string) *pki {
|
||||||
|
return &pki{path: path}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *pki) TLSClientConfig() *tls.ClientConfig {
|
||||||
|
return &tls.ClientConfig{
|
||||||
|
TLSCA: p.CACertPath(),
|
||||||
|
TLSCert: p.ClientCertPath(),
|
||||||
|
TLSKey: p.ClientKeyPath(),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *pki) TLSServerConfig() *tls.ServerConfig {
|
||||||
|
return &tls.ServerConfig{
|
||||||
|
TLSAllowedCACerts: []string{p.CACertPath()},
|
||||||
|
TLSCert: p.ServerCertPath(),
|
||||||
|
TLSKey: p.ServerKeyPath(),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *pki) ReadCACert() string {
|
||||||
|
return readCertificate(p.CACertPath())
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *pki) CACertPath() string {
|
||||||
|
return path.Join(p.path, "cacert.pem")
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *pki) ReadClientCert() string {
|
||||||
|
return readCertificate(p.ClientCertPath())
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *pki) ClientCertPath() string {
|
||||||
|
return path.Join(p.path, "clientcert.pem")
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *pki) ReadClientKey() string {
|
||||||
|
return readCertificate(p.ClientKeyPath())
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *pki) ClientKeyPath() string {
|
||||||
|
return path.Join(p.path, "clientkey.pem")
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *pki) ReadServerCert() string {
|
||||||
|
return readCertificate(p.ServerCertPath())
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *pki) ServerCertPath() string {
|
||||||
|
return path.Join(p.path, "servercert.pem")
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *pki) ReadServerKey() string {
|
||||||
|
return readCertificate(p.ServerKeyPath())
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *pki) ServerKeyPath() string {
|
||||||
|
return path.Join(p.path, "serverkey.pem")
|
||||||
|
}
|
||||||
|
|
||||||
|
func readCertificate(filename string) string {
|
||||||
|
file, err := os.Open(filename)
|
||||||
|
if err != nil {
|
||||||
|
panic(fmt.Sprintf("opening %q: %v", filename, err))
|
||||||
|
}
|
||||||
|
octets, err := ioutil.ReadAll(file)
|
||||||
|
if err != nil {
|
||||||
|
panic(fmt.Sprintf("reading %q: %v", filename, err))
|
||||||
|
}
|
||||||
|
return string(octets)
|
||||||
|
}
|
Loading…
Reference in New Issue