Add secure connection support to graphite output (#2602)

This commit is contained in:
Dheeraj Dwivedi 2017-06-14 02:12:11 +05:30 committed by Daniel Nelson
parent 40d8e582ee
commit f0cbfe4d67
3 changed files with 73 additions and 1 deletions

View File

@ -270,6 +270,13 @@
# template = "host.tags.measurement.field" # template = "host.tags.measurement.field"
# ## timeout in seconds for the write connection to graphite # ## timeout in seconds for the write connection to graphite
# timeout = 2 # timeout = 2
#
# ## Optional SSL Config
# ssl_ca = "/etc/telegraf/ca.pem"
# ssl_cert = "/etc/telegraf/cert.pem"
# ssl_key = "/etc/telegraf/key.pem"
# ## Use SSL but skip chain & host verification
# insecure_skip_verify = false
# # Send telegraf metrics to graylog(s) # # Send telegraf metrics to graylog(s)

View File

@ -19,6 +19,13 @@ via raw TCP.
template = "host.tags.measurement.field" template = "host.tags.measurement.field"
## timeout in seconds for the write connection to graphite ## timeout in seconds for the write connection to graphite
timeout = 2 timeout = 2
## Optional SSL Config
# ssl_ca = "/etc/telegraf/ca.pem"
# ssl_cert = "/etc/telegraf/cert.pem"
# ssl_key = "/etc/telegraf/key.pem"
## Use SSL but skip chain & host verification
# insecure_skip_verify = false
``` ```
Parameters: Parameters:
@ -28,9 +35,27 @@ Parameters:
Timeout int Timeout int
Template string Template string
// Path to CA file
SSLCA string
// Path to host cert file
SSLCert string
// Path to cert key file
SSLKey string
// Skip SSL verification
InsecureSkipVerify bool
### Required parameters:
* `servers`: List of strings, ["mygraphiteserver:2003"]. * `servers`: List of strings, ["mygraphiteserver:2003"].
* `prefix`: String use to prefix all sent metrics. * `prefix`: String use to prefix all sent metrics.
* `timeout`: Connection timeout in seconds. * `timeout`: Connection timeout in seconds.
* `template`: Template for graphite output format, see * `template`: Template for graphite output format, see
https://github.com/influxdata/telegraf/blob/master/docs/DATA_FORMATS_OUTPUT.md https://github.com/influxdata/telegraf/blob/master/docs/DATA_FORMATS_OUTPUT.md
for more details. for more details.
### Optional parameters:
* `ssl_ca`: SSL CA
* `ssl_cert`: SSL CERT
* `ssl_key`: SSL key
* `insecure_skip_verify`: Use SSL but skip chain & host verification (default: false)

View File

@ -1,6 +1,7 @@
package graphite package graphite
import ( import (
"crypto/tls"
"errors" "errors"
"io" "io"
"log" "log"
@ -9,6 +10,7 @@ import (
"time" "time"
"github.com/influxdata/telegraf" "github.com/influxdata/telegraf"
"github.com/influxdata/telegraf/internal"
"github.com/influxdata/telegraf/plugins/outputs" "github.com/influxdata/telegraf/plugins/outputs"
"github.com/influxdata/telegraf/plugins/serializers" "github.com/influxdata/telegraf/plugins/serializers"
) )
@ -20,6 +22,18 @@ type Graphite struct {
Template string Template string
Timeout int Timeout int
conns []net.Conn conns []net.Conn
// Path to CA file
SSLCA string `toml:"ssl_ca"`
// Path to host cert file
SSLCert string `toml:"ssl_cert"`
// Path to cert key file
SSLKey string `toml:"ssl_key"`
// Skip SSL verification
InsecureSkipVerify bool
// tls config
tlsConfig *tls.Config
} }
var sampleConfig = ` var sampleConfig = `
@ -34,6 +48,13 @@ var sampleConfig = `
template = "host.tags.measurement.field" template = "host.tags.measurement.field"
## timeout in seconds for the write connection to graphite ## timeout in seconds for the write connection to graphite
timeout = 2 timeout = 2
## Optional SSL Config
# ssl_ca = "/etc/telegraf/ca.pem"
# ssl_cert = "/etc/telegraf/cert.pem"
# ssl_key = "/etc/telegraf/key.pem"
## Use SSL but skip chain & host verification
# insecure_skip_verify = false
` `
func (g *Graphite) Connect() error { func (g *Graphite) Connect() error {
@ -44,10 +65,29 @@ func (g *Graphite) Connect() error {
if len(g.Servers) == 0 { if len(g.Servers) == 0 {
g.Servers = append(g.Servers, "localhost:2003") g.Servers = append(g.Servers, "localhost:2003")
} }
// Set tls config
var err error
g.tlsConfig, err = internal.GetTLSConfig(
g.SSLCert, g.SSLKey, g.SSLCA, g.InsecureSkipVerify)
if err != nil {
return err
}
// Get Connections // Get Connections
var conns []net.Conn var conns []net.Conn
for _, server := range g.Servers { for _, server := range g.Servers {
conn, err := net.DialTimeout("tcp", server, time.Duration(g.Timeout)*time.Second) // Dialer with timeout
d := net.Dialer{Timeout: time.Duration(g.Timeout) * time.Second}
// Get secure connection if tls config is set
var conn net.Conn
if g.tlsConfig != nil {
conn, err = tls.DialWithDialer(&d, "tcp", server, g.tlsConfig)
} else {
conn, err = d.Dial("tcp", server)
}
if err == nil { if err == nil {
conns = append(conns, conn) conns = append(conns, conn)
} }