Fix TLS and SSL config option parsing (#4247 )

(cherry picked from commit acba20af1a)
Update changelog
2018-06-06 18:30:29 -07:00 · 2018-06-06 14:30:54 -07:00 · 2018-06-06 14:30:54 -07:00 · 2018-06-05 12:16:36 -07:00
14 changed files with 71 additions and 89 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,9 +1,3 @@
-## v1.8 [unreleased]
-
-### Features
-
- [#4236](https://github.com/influxdata/telegraf/pull/4236): Add SSL/TLS support to redis input.
-
 ## v1.7 [unreleased]

 ### Release Notes
@@ -79,6 +73,7 @@
 - [#2879](https://github.com/influxdata/telegraf/issues/2879): Fix wildcards and multi instance processes in win_perf_counters.
 - [#2468](https://github.com/influxdata/telegraf/issues/2468): Fix crash on 32-bit Windows in win_perf_counters.
 - [#4198](https://github.com/influxdata/telegraf/issues/4198): Fix win_perf_counters not collecting at every interval.
+- [#4227](https://github.com/influxdata/telegraf/issues/4227): Use same flags for all BSD family ping variants.

 ## v1.6.4 [2018-06-05]

--- a/4
+++ b/4
@@ -28,13 +28,13 @@ github.com/golang/snappy 7db9049039a047d955fe8c19b83c8ff5abd765c7
 github.com/go-ole/go-ole be49f7c07711fcb603cff39e1de7c67926dc0ba7
 github.com/google/go-cmp f94e52cad91c65a63acc1e75d4be223ea22e99bc
 github.com/gorilla/mux 53c1911da2b537f792e7cafcb446b05ffe33b996
-github.com/go-redis/redis 83fb42932f6145ce52df09860384a4653d2d332a
+github.com/go-redis/redis 73b70592cdaa9e6abdfcfbf97b4a90d80728c836
 github.com/go-sql-driver/mysql 2e00b5cd70399450106cec6431c2e2ce3cae5034
 github.com/hailocab/go-hostpool e80d13ce29ede4452c43dea11e79b9bc8a15b478
 github.com/hashicorp/consul 5174058f0d2bda63fa5198ab96c33d9a909c58ed
 github.com/influxdata/go-syslog 84f3b60009444d298f97454feb1f20cf91d1fa6e
 github.com/influxdata/tail c43482518d410361b6c383d7aebce33d0471d7bc
-github.com/influxdata/toml 5d1d907f22ead1cd47adde17ceec5bda9cacaf8f
+github.com/influxdata/toml 2a2e3012f7cfbef64091cc79776311e65dfa211b
 github.com/influxdata/wlog 7c63b0a71ef8300adc255344d275e10e5c3a71ec
 github.com/fsnotify/fsnotify c2828203cd70a50dcccfb2761f8b1f8ceef9a8e9
 github.com/jackc/pgx 63f58fd32edb5684b9e9f4cfaac847c6b42b3917
--- a/agent/agent.go
+++ b/agent/agent.go
@@ -362,6 +362,24 @@ func (a *Agent) Run(shutdown chan struct{}) error {
 	metricC := make(chan telegraf.Metric, 100)
 	aggC := make(chan telegraf.Metric, 100)

+	// Start all ServicePlugins
+	for _, input := range a.Config.Inputs {
+		input.SetDefaultTags(a.Config.Tags)
+		switch p := input.Input.(type) {
+		case telegraf.ServiceInput:
+			acc := NewAccumulator(input, metricC)
+			// Service input plugins should set their own precision of their
+			// metrics.
+			acc.SetPrecision(time.Nanosecond, 0)
+			if err := p.Start(acc); err != nil {
+				log.Printf("E! Service for input %s failed to start, exiting\n%s\n",
+					input.Name(), err.Error())
+				return err
+			}
+			defer p.Stop()
+		}
+	}
+
 	// Round collection to nearest interval by sleeping
 	if a.Config.Agent.RoundInterval {
 		i := int64(a.Config.Agent.Interval.Duration)
@@ -401,25 +419,6 @@ func (a *Agent) Run(shutdown chan struct{}) error {
 		}(input, interval)
 	}

-	// Start all ServicePlugins inputs after all other
-	// plugins are loaded so that no metrics get dropped
-	for _, input := range a.Config.Inputs {
-		input.SetDefaultTags(a.Config.Tags)
-		switch p := input.Input.(type) {
-		case telegraf.ServiceInput:
-			acc := NewAccumulator(input, metricC)
-			// Service input plugins should set their own precision of their
-			// metrics.
-			acc.SetPrecision(time.Nanosecond, 0)
-			if err := p.Start(acc); err != nil {
-				log.Printf("E! Service for input %s failed to start, exiting\n%s\n",
-					input.Name(), err.Error())
-				return err
-			}
-			defer p.Stop()
-		}
-	}
-
 	wg.Wait()
 	a.Close()
 	return nil
--- a/cmd/telegraf/telegraf.go
+++ b/cmd/telegraf/telegraf.go
@@ -58,7 +58,7 @@ var fService = flag.String("service", "",
 var fRunAsConsole = flag.Bool("console", false, "run as console application (windows only)")

 var (
-	nextVersion = "1.8.0"
+	nextVersion = "1.7.0"
 	version     string
 	commit      string
 	branch      string
--- a/internal/models/running_aggregator.go
+++ b/internal/models/running_aggregator.go
@@ -1,7 +1,6 @@
 package models

 import (
-	"log"
 	"time"

 	"github.com/influxdata/telegraf"
@@ -154,7 +153,6 @@ func (r *RunningAggregator) Run(
 				m.Time().After(r.periodEnd.Add(truncation).Add(r.Config.Delay)) {
 				// the metric is outside the current aggregation period, so
 				// skip it.
-				log.Printf("D! aggregator: metric \"%s\" is not in the current timewindow, skipping", m.Name())
 				continue
 			}
 			r.add(m)
--- a/internal/tls/config.go
+++ b/internal/tls/config.go
@@ -17,7 +17,7 @@ type ClientConfig struct {
 	// Deprecated in 1.7; use TLS variables above
 	SSLCA   string `toml:"ssl_ca"`
 	SSLCert string `toml:"ssl_cert"`
-	SSLKey  string `toml:"ssl_ca"`
+	SSLKey  string `toml:"ssl_key"`
 }

 // ServerConfig represents the standard server TLS config.
--- a/plugins/inputs/openldap/README.md
+++ b/plugins/inputs/openldap/README.md
@@ -14,7 +14,7 @@ To use this plugin you must enable the [monitoring](https://www.openldap.org/dev
  # ldaps, starttls, or no encryption. default is an empty string, disabling all encryption.
  # note that port will likely need to be changed to 636 for ldaps
  # valid options: "" | "starttls" | "ldaps"
-  ssl = ""
+  tls = ""

  # skip peer certificate verification. Default is false.
  insecure_skip_verify = false
--- a/plugins/inputs/openldap/openldap.go
+++ b/plugins/inputs/openldap/openldap.go
@@ -15,9 +15,11 @@ import (
 type Openldap struct {
 	Host               string
 	Port               int
-	Ssl                string
+	SSL                string `toml:"ssl"` // Deprecated in 1.7; use TLS
+	TLS                string `toml:"tls"`
 	InsecureSkipVerify bool
-	SslCa              string
+	SSLCA              string `toml:"ssl_ca"` // Deprecated in 1.7; use TLSCA
+	TLSCA              string `toml:"tls_ca"`
 	BindDn             string
 	BindPassword       string
 	ReverseMetricNames bool
@@ -30,7 +32,7 @@ const sampleConfig string = `
  # ldaps, starttls, or no encryption. default is an empty string, disabling all encryption.
  # note that port will likely need to be changed to 636 for ldaps
  # valid options: "" | "starttls" | "ldaps"
-  ssl = ""
+  tls = ""

  # skip peer certificate verification. Default is false.
  insecure_skip_verify = false
@@ -70,9 +72,11 @@ func NewOpenldap() *Openldap {
 	return &Openldap{
 		Host:               "localhost",
 		Port:               389,
-		Ssl:                "",
+		SSL:                "",
+		TLS:                "",
 		InsecureSkipVerify: false,
-		SslCa:              "",
+		SSLCA:              "",
+		TLSCA:              "",
 		BindDn:             "",
 		BindPassword:       "",
 		ReverseMetricNames: false,
@@ -81,12 +85,19 @@ func NewOpenldap() *Openldap {

 // gather metrics
 func (o *Openldap) Gather(acc telegraf.Accumulator) error {
+	if o.TLS == "" {
+		o.TLS = o.SSL
+	}
+	if o.TLSCA == "" {
+		o.TLSCA = o.SSLCA
+	}
+
 	var err error
 	var l *ldap.Conn
-	if o.Ssl != "" {
+	if o.TLS != "" {
 		// build tls config
 		clientTLSConfig := tls.ClientConfig{
-			SSLCA:              o.SslCa,
+			TLSCA:              o.TLSCA,
 			InsecureSkipVerify: o.InsecureSkipVerify,
 		}
 		tlsConfig, err := clientTLSConfig.TLSConfig()
@@ -94,13 +105,13 @@ func (o *Openldap) Gather(acc telegraf.Accumulator) error {
 			acc.AddError(err)
 			return nil
 		}
-		if o.Ssl == "ldaps" {
+		if o.TLS == "ldaps" {
 			l, err = ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", o.Host, o.Port), tlsConfig)
 			if err != nil {
 				acc.AddError(err)
 				return nil
 			}
-		} else if o.Ssl == "starttls" {
+		} else if o.TLS == "starttls" {
 			l, err = ldap.Dial("tcp", fmt.Sprintf("%s:%d", o.Host, o.Port))
 			if err != nil {
 				acc.AddError(err)
@@ -108,7 +119,7 @@ func (o *Openldap) Gather(acc telegraf.Accumulator) error {
 			}
 			err = l.StartTLS(tlsConfig)
 		} else {
-			acc.AddError(fmt.Errorf("Invalid setting for ssl: %s", o.Ssl))
+			acc.AddError(fmt.Errorf("Invalid setting for ssl: %s", o.TLS))
 			return nil
 		}
 	} else {
--- a/plugins/inputs/openldap/openldap_test.go
+++ b/plugins/inputs/openldap/openldap_test.go
@@ -1,10 +1,11 @@
 package openldap

 import (
-	"gopkg.in/ldap.v2"
 	"strconv"
 	"testing"

+	"gopkg.in/ldap.v2"
+
 	"github.com/influxdata/telegraf/testutil"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -74,7 +75,7 @@ func TestOpenldapStartTLS(t *testing.T) {
 	o := &Openldap{
 		Host:               testutil.GetLocalHost(),
 		Port:               389,
-		Ssl:                "starttls",
+		SSL:                "starttls",
 		InsecureSkipVerify: true,
 	}

@@ -92,7 +93,7 @@ func TestOpenldapLDAPS(t *testing.T) {
 	o := &Openldap{
 		Host:               testutil.GetLocalHost(),
 		Port:               636,
-		Ssl:                "ldaps",
+		SSL:                "ldaps",
 		InsecureSkipVerify: true,
 	}

@@ -110,7 +111,7 @@ func TestOpenldapInvalidSSL(t *testing.T) {
 	o := &Openldap{
 		Host:               testutil.GetLocalHost(),
 		Port:               636,
-		Ssl:                "invalid",
+		SSL:                "invalid",
 		InsecureSkipVerify: true,
 	}

@@ -129,7 +130,7 @@ func TestOpenldapBind(t *testing.T) {
 	o := &Openldap{
 		Host:               testutil.GetLocalHost(),
 		Port:               389,
-		Ssl:                "",
+		SSL:                "",
 		InsecureSkipVerify: true,
 		BindDn:             "cn=manager,cn=config",
 		BindPassword:       "secret",
@@ -157,7 +158,7 @@ func TestOpenldapReverseMetrics(t *testing.T) {
 	o := &Openldap{
 		Host:               testutil.GetLocalHost(),
 		Port:               389,
-		Ssl:                "",
+		SSL:                "",
 		InsecureSkipVerify: true,
 		BindDn:             "cn=manager,cn=config",
 		BindPassword:       "secret",
--- a/plugins/inputs/ping/ping.go
+++ b/plugins/inputs/ping/ping.go
@@ -175,7 +175,7 @@ func (p *Ping) args(url string) []string {
 	}
 	if p.Timeout > 0 {
 		switch runtime.GOOS {
-		case "darwin":
+		case "darwin", "freebsd", "netbsd", "openbsd":
 			args = append(args, "-W", strconv.FormatFloat(p.Timeout*1000, 'f', -1, 64))
 		case "linux":
 			args = append(args, "-W", strconv.FormatFloat(p.Timeout, 'f', -1, 64))
@@ -186,7 +186,7 @@ func (p *Ping) args(url string) []string {
 	}
 	if p.Deadline > 0 {
 		switch runtime.GOOS {
-		case "darwin":
+		case "darwin", "freebsd", "netbsd", "openbsd":
 			args = append(args, "-t", strconv.Itoa(p.Deadline))
 		case "linux":
 			args = append(args, "-w", strconv.Itoa(p.Deadline))
@@ -197,10 +197,10 @@ func (p *Ping) args(url string) []string {
 	}
 	if p.Interface != "" {
 		switch runtime.GOOS {
+		case "darwin", "freebsd", "netbsd", "openbsd":
+			args = append(args, "-S", p.Interface)
 		case "linux":
 			args = append(args, "-I", p.Interface)
-		case "freebsd", "darwin":
-			args = append(args, "-S", p.Interface)
 		default:
 			// Not sure the best option here, just assume GNU ping?
 			args = append(args, "-I", p.Interface)
--- a/plugins/inputs/redis/README.md
+++ b/plugins/inputs/redis/README.md
@@ -14,13 +14,6 @@
  ## If no servers are specified, then localhost is used as the host.
  ## If no port is specified, 6379 is used
  servers = ["tcp://localhost:6379"]
-
-  ## Optional TLS Config
-  # tls_ca = "/etc/telegraf/ca.pem"
-  # tls_cert = "/etc/telegraf/cert.pem"
-  # tls_key = "/etc/telegraf/key.pem"
-  ## Use TLS but skip chain & host verification
-  # insecure_skip_verify = true
 ```

 ### Measurements & Fields:
--- a/plugins/inputs/redis/redis.go
+++ b/plugins/inputs/redis/redis.go
@@ -13,13 +13,11 @@ import (

 	"github.com/go-redis/redis"
 	"github.com/influxdata/telegraf"
-	"github.com/influxdata/telegraf/internal/tls"
 	"github.com/influxdata/telegraf/plugins/inputs"
 )

 type Redis struct {
 	Servers []string
-	tls.ClientConfig

 	clients     []Client
 	initialized bool
@@ -58,13 +56,6 @@ var sampleConfig = `
  ## If no servers are specified, then localhost is used as the host.
  ## If no port is specified, 6379 is used
  servers = ["tcp://localhost:6379"]
-
-  ## Optional TLS Config
-  # tls_ca = "/etc/telegraf/ca.pem"
-  # tls_cert = "/etc/telegraf/cert.pem"
-  # tls_key = "/etc/telegraf/key.pem"
-  ## Use TLS but skip chain & host verification
-  # insecure_skip_verify = true
 `

 func (r *Redis) SampleConfig() string {
@@ -118,18 +109,12 @@ func (r *Redis) init(acc telegraf.Accumulator) error {
 			address = u.Host
 		}

-		tlsConfig, err := r.ClientConfig.TLSConfig()
-		if err != nil {
-			return err
-		}
-
 		client := redis.NewClient(
 			&redis.Options{
-				Addr:      address,
-				Password:  password,
-				Network:   u.Scheme,
-				PoolSize:  1,
-				TLSConfig: tlsConfig,
+				Addr:     address,
+				Password: password,
+				Network:  u.Scheme,
+				PoolSize: 1,
 			},
 		)

--- a/plugins/outputs/influxdb/influxdb.go
+++ b/plugins/outputs/influxdb/influxdb.go
@@ -140,17 +140,17 @@ func (i *InfluxDB) Connect() error {
 		i.serializer.SetFieldTypeSupport(influx.UintSupport)
 	}

-	for _, loc := range urls {
-		u, err := url.Parse(loc)
+	for _, u := range urls {
+		u, err := url.Parse(u)
 		if err != nil {
-			return fmt.Errorf("error parsing url [%q]: %v", loc, err)
+			return fmt.Errorf("error parsing url [%s]: %v", u, err)
 		}

 		var proxy *url.URL
 		if len(i.HTTPProxy) > 0 {
 			proxy, err = url.Parse(i.HTTPProxy)
 			if err != nil {
-				return fmt.Errorf("error parsing proxy_url [%q]: %v", proxy, err)
+				return fmt.Errorf("error parsing proxy_url [%s]: %v", proxy, err)
 			}
 		}

@@ -170,7 +170,7 @@ func (i *InfluxDB) Connect() error {

 			i.clients = append(i.clients, c)
 		default:
-			return fmt.Errorf("unsupported scheme [%q]: %q", u, u.Scheme)
+			return fmt.Errorf("unsupported scheme [%s]: %q", u, u.Scheme)
 		}
 	}

@@ -209,14 +209,14 @@ func (i *InfluxDB) Write(metrics []telegraf.Metric) error {
 				if apiError.Type == DatabaseNotFound {
 					err := client.CreateDatabase(ctx)
 					if err != nil {
-						log.Printf("E! [outputs.influxdb] when writing to [%q]: database %q not found and failed to recreate",
+						log.Printf("E! [outputs.influxdb] when writing to [%s]: database %q not found and failed to recreate",
 							client.URL(), client.Database())
 					}
 				}
 			}
 		}

-		log.Printf("E! [outputs.influxdb]: when writing to [%q]: %v", client.URL(), err)
+		log.Printf("E! [outputs.influxdb]: when writing to [%s]: %v", client.URL(), err)
 	}

 	return errors.New("could not write any address")
@@ -231,7 +231,7 @@ func (i *InfluxDB) udpClient(url *url.URL) (Client, error) {

 	c, err := i.CreateUDPClientF(config)
 	if err != nil {
-		return nil, fmt.Errorf("error creating UDP client [%q]: %v", url, err)
+		return nil, fmt.Errorf("error creating UDP client [%s]: %v", url, err)
 	}

 	return c, nil
@@ -261,13 +261,13 @@ func (i *InfluxDB) httpClient(ctx context.Context, url *url.URL, proxy *url.URL)

 	c, err := i.CreateHTTPClientF(config)
 	if err != nil {
-		return nil, fmt.Errorf("error creating HTTP client [%q]: %v", url, err)
+		return nil, fmt.Errorf("error creating HTTP client [%s]: %v", url, err)
 	}

 	if !i.SkipDatabaseCreation {
 		err = c.CreateDatabase(ctx)
 		if err != nil {
-			log.Printf("W! [outputs.influxdb] when writing to [%q]: database %q creation failed: %v",
+			log.Printf("W! [outputs.influxdb] when writing to [%s]: database %q creation failed: %v",
 				c.URL(), c.Database(), err)
 		}
 	}
--- a/scripts/build.py
+++ b/scripts/build.py
@@ -95,7 +95,7 @@ supported_packages = {
    "freebsd": [ "tar" ]
 }

-next_version = '1.8.0'
+next_version = '1.7.0'

 ################
 #### Telegraf Functions
Author	SHA1	Message	Date
Daniel Nelson	ef67222bc6	Fix TLS and SSL config option parsing (#4247 ) (cherry picked from commit `acba20af1a`)	2018-06-06 18:30:29 -07:00
Daniel Nelson	d616ce7a9e	Update changelog (cherry picked from commit `229b6bd944`)	2018-06-06 14:30:54 -07:00
Daniel Nelson	b4a0c854f5	Use same flags for all bsd family ping varients (#4241 ) (cherry picked from commit `7fe6e2f5ae`)	2018-06-06 14:30:54 -07:00
Daniel Nelson	27cd582f27	Set 1.6.4 release date (cherry picked from commit `92a8f795f5`)	2018-06-05 12:16:36 -07:00