Skip to content

Commit

Permalink
Add secure connection support to graphite output (#2602)
Browse files Browse the repository at this point in the history
  • Loading branch information
dheerajdwivedi authored and danielnelson committed Jun 13, 2017
1 parent 4c8ff30 commit a27b074
Show file tree
Hide file tree
Showing 3 changed files with 73 additions and 1 deletion.
7 changes: 7 additions & 0 deletions etc/telegraf.conf
Original file line number Diff line number Diff line change
Expand Up @@ -270,6 +270,13 @@
# template = "host.tags.measurement.field"
# ## timeout in seconds for the write connection to graphite
# timeout = 2
#
# ## Optional SSL Config
# ssl_ca = "/etc/telegraf/ca.pem"
# ssl_cert = "/etc/telegraf/cert.pem"
# ssl_key = "/etc/telegraf/key.pem"
# ## Use SSL but skip chain & host verification
# insecure_skip_verify = false


# # Send telegraf metrics to graylog(s)
Expand Down
25 changes: 25 additions & 0 deletions plugins/outputs/graphite/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,13 @@ via raw TCP.
template = "host.tags.measurement.field"
## timeout in seconds for the write connection to graphite
timeout = 2

## Optional SSL Config
# ssl_ca = "/etc/telegraf/ca.pem"
# ssl_cert = "/etc/telegraf/cert.pem"
# ssl_key = "/etc/telegraf/key.pem"
## Use SSL but skip chain & host verification
# insecure_skip_verify = false
```

Parameters:
Expand All @@ -28,9 +35,27 @@ Parameters:
Timeout int
Template string

// Path to CA file
SSLCA string
// Path to host cert file
SSLCert string
// Path to cert key file
SSLKey string
// Skip SSL verification
InsecureSkipVerify bool

### Required parameters:

* `servers`: List of strings, ["mygraphiteserver:2003"].
* `prefix`: String use to prefix all sent metrics.
* `timeout`: Connection timeout in seconds.
* `template`: Template for graphite output format, see
https://github.com/influxdata/telegraf/blob/master/docs/DATA_FORMATS_OUTPUT.md
for more details.

### Optional parameters:

* `ssl_ca`: SSL CA
* `ssl_cert`: SSL CERT
* `ssl_key`: SSL key
* `insecure_skip_verify`: Use SSL but skip chain & host verification (default: false)
42 changes: 41 additions & 1 deletion plugins/outputs/graphite/graphite.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package graphite

import (
"crypto/tls"
"errors"
"io"
"log"
Expand All @@ -9,6 +10,7 @@ import (
"time"

"github.com/influxdata/telegraf"
"github.com/influxdata/telegraf/internal"
"github.com/influxdata/telegraf/plugins/outputs"
"github.com/influxdata/telegraf/plugins/serializers"
)
Expand All @@ -20,6 +22,18 @@ type Graphite struct {
Template string
Timeout int
conns []net.Conn

// Path to CA file
SSLCA string `toml:"ssl_ca"`
// Path to host cert file
SSLCert string `toml:"ssl_cert"`
// Path to cert key file
SSLKey string `toml:"ssl_key"`
// Skip SSL verification
InsecureSkipVerify bool

// tls config
tlsConfig *tls.Config
}

var sampleConfig = `
Expand All @@ -34,6 +48,13 @@ var sampleConfig = `
template = "host.tags.measurement.field"
## timeout in seconds for the write connection to graphite
timeout = 2
## Optional SSL Config
# ssl_ca = "/etc/telegraf/ca.pem"
# ssl_cert = "/etc/telegraf/cert.pem"
# ssl_key = "/etc/telegraf/key.pem"
## Use SSL but skip chain & host verification
# insecure_skip_verify = false
`

func (g *Graphite) Connect() error {
Expand All @@ -44,10 +65,29 @@ func (g *Graphite) Connect() error {
if len(g.Servers) == 0 {
g.Servers = append(g.Servers, "localhost:2003")
}

// Set tls config
var err error
g.tlsConfig, err = internal.GetTLSConfig(
g.SSLCert, g.SSLKey, g.SSLCA, g.InsecureSkipVerify)
if err != nil {
return err
}

// Get Connections
var conns []net.Conn
for _, server := range g.Servers {
conn, err := net.DialTimeout("tcp", server, time.Duration(g.Timeout)*time.Second)
// Dialer with timeout
d := net.Dialer{Timeout: time.Duration(g.Timeout) * time.Second}

// Get secure connection if tls config is set
var conn net.Conn
if g.tlsConfig != nil {
conn, err = tls.DialWithDialer(&d, "tcp", server, g.tlsConfig)
} else {
conn, err = d.Dial("tcp", server)
}

if err == nil {
conns = append(conns, conn)
}
Expand Down

0 comments on commit a27b074

Please sign in to comment.