diff --git a/CHANGELOG.md b/CHANGELOG.md index 42658c5a7541d..55baaccef56f6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,9 @@ ### Release Notes ### Features + +- [#2773](https://github.com/influxdata/telegraf/pull/2773): Add support for self-signed certs to InfluxDB input plugin + ### Bugfixes - [#2749](https://github.com/influxdata/telegraf/pull/2749): Fixed sqlserver input to work with case sensitive server collation. diff --git a/plugins/inputs/influxdb/README.md b/plugins/inputs/influxdb/README.md index c983e9749d5d0..13c932ca9740e 100644 --- a/plugins/inputs/influxdb/README.md +++ b/plugins/inputs/influxdb/README.md @@ -19,6 +19,16 @@ InfluxDB-formatted endpoints. See below for more information. urls = [ "http://localhost:8086/debug/vars" ] + + ## Optional SSL Config + # ssl_ca = "/etc/telegraf/ca.pem" + # ssl_cert = "/etc/telegraf/cert.pem" + # ssl_key = "/etc/telegraf/key.pem" + ## Use SSL but skip chain & host verification + # insecure_skip_verify = false + + ## http request & header timeout + timeout = "5s" ``` ### Measurements & Fields diff --git a/plugins/inputs/influxdb/influxdb.go b/plugins/inputs/influxdb/influxdb.go index fc84d7c928b4e..811f4ce56bcaf 100644 --- a/plugins/inputs/influxdb/influxdb.go +++ b/plugins/inputs/influxdb/influxdb.go @@ -15,6 +15,14 @@ import ( type InfluxDB struct { URLs []string `toml:"urls"` + // Path to CA file + SSLCA string `toml:"ssl_ca"` + // Path to host cert file + SSLCert string `toml:"ssl_cert"` + // Path to cert key file + SSLKey string `toml:"ssl_key"` + // Use SSL but skip chain & host verification + InsecureSkipVerify bool Timeout internal.Duration @@ -37,6 +45,13 @@ func (*InfluxDB) SampleConfig() string { "http://localhost:8086/debug/vars" ] + ## Optional SSL Config + # ssl_ca = "/etc/telegraf/ca.pem" + # ssl_cert = "/etc/telegraf/cert.pem" + # ssl_key = "/etc/telegraf/key.pem" + ## Use SSL but skip chain & host verification + # insecure_skip_verify = false + ## http request & header timeout timeout = "5s" ` @@ -48,9 +63,15 @@ func (i *InfluxDB) Gather(acc telegraf.Accumulator) error { } if i.client == nil { + tlsCfg, err := internal.GetTLSConfig( + i.SSLCert, i.SSLKey, i.SSLCA, i.InsecureSkipVerify) + if err != nil { + return err + } i.client = &http.Client{ Transport: &http.Transport{ ResponseHeaderTimeout: i.Timeout.Duration, + TLSClientConfig: tlsCfg, }, Timeout: i.Timeout.Duration, }