Skip to content

Commit

Permalink
Fix connection to servers with self-signed certificates or unknown ce…
Browse files Browse the repository at this point in the history
…rtificate authority

The metrics module fails to connect to the Elasticsearch metrics store,
if secure transport is used and the server has a self signed certificate
or a certificate signed by a certificate authority that's not in the
certificate store provided by `certifi`.

+ Introduce a non-mandatory setting that allows turning off certificate verification.
+ Introduce a non-mandatroy setting to override the ca_certs certificate store.

Fixes #413
  • Loading branch information
kesslerm authored and danielmitterdorfer committed Feb 19, 2018
1 parent f90ee67 commit f04638a
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion esrally/metrics.py
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,11 @@ def __init__(self, cfg):
secure = self._config.opts("reporting", "datastore.secure") == "True"
user = self._config.opts("reporting", "datastore.user")
password = self._config.opts("reporting", "datastore.password")
# poor man's boolean conversion
verify_certs = self._config.opts("reporting", "datastore.verify_certs", default_value="True", mandatory=False) == "True"
ca_certs = self._config.opts("reporting", "datastore.ca_certs", default_value=None, mandatory=False)
if ca_certs is None and verify_certs:
ca_certs = certifi.where()

if user and password:
auth = (user, password)
Expand All @@ -138,7 +143,7 @@ def __init__(self, cfg):
logger.info("Creating connection to metrics store at %s:%s" % (host, port))
import elasticsearch
self._client = elasticsearch.Elasticsearch(hosts=[{"host": host, "port": port}],
use_ssl=secure, http_auth=auth, verify_certs=True, ca_certs=certifi.where(),
use_ssl=secure, http_auth=auth, verify_certs=verify_certs, ca_certs=ca_certs,
timeout=120, request_timeout=120)

def create(self):
Expand Down

0 comments on commit f04638a

Please sign in to comment.