Add secure connection support to graphite output (#2602)
This commit is contained in:
parent
40d8e582ee
commit
f0cbfe4d67
|
@ -270,6 +270,13 @@
|
||||||
# template = "host.tags.measurement.field"
|
# template = "host.tags.measurement.field"
|
||||||
# ## timeout in seconds for the write connection to graphite
|
# ## timeout in seconds for the write connection to graphite
|
||||||
# timeout = 2
|
# timeout = 2
|
||||||
|
#
|
||||||
|
# ## Optional SSL Config
|
||||||
|
# ssl_ca = "/etc/telegraf/ca.pem"
|
||||||
|
# ssl_cert = "/etc/telegraf/cert.pem"
|
||||||
|
# ssl_key = "/etc/telegraf/key.pem"
|
||||||
|
# ## Use SSL but skip chain & host verification
|
||||||
|
# insecure_skip_verify = false
|
||||||
|
|
||||||
|
|
||||||
# # Send telegraf metrics to graylog(s)
|
# # Send telegraf metrics to graylog(s)
|
||||||
|
|
|
@ -19,6 +19,13 @@ via raw TCP.
|
||||||
template = "host.tags.measurement.field"
|
template = "host.tags.measurement.field"
|
||||||
## timeout in seconds for the write connection to graphite
|
## timeout in seconds for the write connection to graphite
|
||||||
timeout = 2
|
timeout = 2
|
||||||
|
|
||||||
|
## Optional SSL Config
|
||||||
|
# ssl_ca = "/etc/telegraf/ca.pem"
|
||||||
|
# ssl_cert = "/etc/telegraf/cert.pem"
|
||||||
|
# ssl_key = "/etc/telegraf/key.pem"
|
||||||
|
## Use SSL but skip chain & host verification
|
||||||
|
# insecure_skip_verify = false
|
||||||
```
|
```
|
||||||
|
|
||||||
Parameters:
|
Parameters:
|
||||||
|
@ -28,9 +35,27 @@ Parameters:
|
||||||
Timeout int
|
Timeout int
|
||||||
Template string
|
Template string
|
||||||
|
|
||||||
|
// Path to CA file
|
||||||
|
SSLCA string
|
||||||
|
// Path to host cert file
|
||||||
|
SSLCert string
|
||||||
|
// Path to cert key file
|
||||||
|
SSLKey string
|
||||||
|
// Skip SSL verification
|
||||||
|
InsecureSkipVerify bool
|
||||||
|
|
||||||
|
### Required parameters:
|
||||||
|
|
||||||
* `servers`: List of strings, ["mygraphiteserver:2003"].
|
* `servers`: List of strings, ["mygraphiteserver:2003"].
|
||||||
* `prefix`: String use to prefix all sent metrics.
|
* `prefix`: String use to prefix all sent metrics.
|
||||||
* `timeout`: Connection timeout in seconds.
|
* `timeout`: Connection timeout in seconds.
|
||||||
* `template`: Template for graphite output format, see
|
* `template`: Template for graphite output format, see
|
||||||
https://github.com/influxdata/telegraf/blob/master/docs/DATA_FORMATS_OUTPUT.md
|
https://github.com/influxdata/telegraf/blob/master/docs/DATA_FORMATS_OUTPUT.md
|
||||||
for more details.
|
for more details.
|
||||||
|
|
||||||
|
### Optional parameters:
|
||||||
|
|
||||||
|
* `ssl_ca`: SSL CA
|
||||||
|
* `ssl_cert`: SSL CERT
|
||||||
|
* `ssl_key`: SSL key
|
||||||
|
* `insecure_skip_verify`: Use SSL but skip chain & host verification (default: false)
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
package graphite
|
package graphite
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto/tls"
|
||||||
"errors"
|
"errors"
|
||||||
"io"
|
"io"
|
||||||
"log"
|
"log"
|
||||||
|
@ -9,6 +10,7 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
|
"github.com/influxdata/telegraf/internal"
|
||||||
"github.com/influxdata/telegraf/plugins/outputs"
|
"github.com/influxdata/telegraf/plugins/outputs"
|
||||||
"github.com/influxdata/telegraf/plugins/serializers"
|
"github.com/influxdata/telegraf/plugins/serializers"
|
||||||
)
|
)
|
||||||
|
@ -20,6 +22,18 @@ type Graphite struct {
|
||||||
Template string
|
Template string
|
||||||
Timeout int
|
Timeout int
|
||||||
conns []net.Conn
|
conns []net.Conn
|
||||||
|
|
||||||
|
// Path to CA file
|
||||||
|
SSLCA string `toml:"ssl_ca"`
|
||||||
|
// Path to host cert file
|
||||||
|
SSLCert string `toml:"ssl_cert"`
|
||||||
|
// Path to cert key file
|
||||||
|
SSLKey string `toml:"ssl_key"`
|
||||||
|
// Skip SSL verification
|
||||||
|
InsecureSkipVerify bool
|
||||||
|
|
||||||
|
// tls config
|
||||||
|
tlsConfig *tls.Config
|
||||||
}
|
}
|
||||||
|
|
||||||
var sampleConfig = `
|
var sampleConfig = `
|
||||||
|
@ -34,6 +48,13 @@ var sampleConfig = `
|
||||||
template = "host.tags.measurement.field"
|
template = "host.tags.measurement.field"
|
||||||
## timeout in seconds for the write connection to graphite
|
## timeout in seconds for the write connection to graphite
|
||||||
timeout = 2
|
timeout = 2
|
||||||
|
|
||||||
|
## Optional SSL Config
|
||||||
|
# ssl_ca = "/etc/telegraf/ca.pem"
|
||||||
|
# ssl_cert = "/etc/telegraf/cert.pem"
|
||||||
|
# ssl_key = "/etc/telegraf/key.pem"
|
||||||
|
## Use SSL but skip chain & host verification
|
||||||
|
# insecure_skip_verify = false
|
||||||
`
|
`
|
||||||
|
|
||||||
func (g *Graphite) Connect() error {
|
func (g *Graphite) Connect() error {
|
||||||
|
@ -44,10 +65,29 @@ func (g *Graphite) Connect() error {
|
||||||
if len(g.Servers) == 0 {
|
if len(g.Servers) == 0 {
|
||||||
g.Servers = append(g.Servers, "localhost:2003")
|
g.Servers = append(g.Servers, "localhost:2003")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Set tls config
|
||||||
|
var err error
|
||||||
|
g.tlsConfig, err = internal.GetTLSConfig(
|
||||||
|
g.SSLCert, g.SSLKey, g.SSLCA, g.InsecureSkipVerify)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
// Get Connections
|
// Get Connections
|
||||||
var conns []net.Conn
|
var conns []net.Conn
|
||||||
for _, server := range g.Servers {
|
for _, server := range g.Servers {
|
||||||
conn, err := net.DialTimeout("tcp", server, time.Duration(g.Timeout)*time.Second)
|
// Dialer with timeout
|
||||||
|
d := net.Dialer{Timeout: time.Duration(g.Timeout) * time.Second}
|
||||||
|
|
||||||
|
// Get secure connection if tls config is set
|
||||||
|
var conn net.Conn
|
||||||
|
if g.tlsConfig != nil {
|
||||||
|
conn, err = tls.DialWithDialer(&d, "tcp", server, g.tlsConfig)
|
||||||
|
} else {
|
||||||
|
conn, err = d.Dial("tcp", server)
|
||||||
|
}
|
||||||
|
|
||||||
if err == nil {
|
if err == nil {
|
||||||
conns = append(conns, conn)
|
conns = append(conns, conn)
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue