From 42130fb11b6155f3e4ea080c42b95a21da97a2dc Mon Sep 17 00:00:00 2001 From: Aditya C S Date: Mon, 30 Oct 2017 11:08:18 +0530 Subject: [PATCH] Add support for SSL settings to ElasticSearch output plugin --- .../outputs/elasticsearch/elasticsearch.go | 37 ++++++++++++++++--- 1 file changed, 32 insertions(+), 5 deletions(-) diff --git a/plugins/outputs/elasticsearch/elasticsearch.go b/plugins/outputs/elasticsearch/elasticsearch.go index dbd359b901ae3..2125b2a2bde84 100644 --- a/plugins/outputs/elasticsearch/elasticsearch.go +++ b/plugins/outputs/elasticsearch/elasticsearch.go @@ -3,19 +3,20 @@ package elasticsearch import ( "context" "fmt" - "log" - "strconv" - "strings" - "time" - "github.com/influxdata/telegraf" "github.com/influxdata/telegraf/internal" "github.com/influxdata/telegraf/plugins/outputs" "gopkg.in/olivere/elastic.v5" + "log" + "net/http" + "strconv" + "strings" + "time" ) type Elasticsearch struct { URLs []string `toml:"urls"` + Scheme string IndexName string Username string Password string @@ -25,6 +26,10 @@ type Elasticsearch struct { ManageTemplate bool TemplateName string OverwriteTemplate bool + SSLCA string `toml:"ssl_ca"` // Path to CA file + SSLCert string `toml:"ssl_cert"` // Path to host cert file + SSLKey string `toml:"ssl_key"` // Path to cert key file + InsecureSkipVerify bool // Use SSL but skip chain & host verification Client *elastic.Client } @@ -56,6 +61,13 @@ var sampleConfig = ` # %H - hour (00..23) index_name = "telegraf-%Y.%m.%d" # required. + ## Optional SSL Config + # ssl_ca = "/etc/telegraf/ca.pem" + # ssl_cert = "/etc/telegraf/cert.pem" + # ssl_key = "/etc/telegraf/key.pem" + ## Use SSL but skip chain & host verification + # insecure_skip_verify = false + ## Template Config ## Set to true if you want telegraf to manage its index template. ## If enabled it will create a recommended index template for telegraf indexes @@ -76,7 +88,22 @@ func (a *Elasticsearch) Connect() error { var clientOptions []elastic.ClientOptionFunc + tlsCfg, err := internal.GetTLSConfig(a.SSLCert, a.SSLKey, a.SSLCA, a.InsecureSkipVerify) + if err != nil { + return err + } + tr := &http.Transport{ + ResponseHeaderTimeout: a.Timeout.Duration, + TLSClientConfig: tlsCfg, + } + + httpclient := &http.Client{ + Transport: tr, + Timeout: a.Timeout.Duration, + } + clientOptions = append(clientOptions, + elastic.SetHttpClient(httpclient), elastic.SetSniff(a.EnableSniffer), elastic.SetURL(a.URLs...), elastic.SetHealthcheckInterval(a.HealthCheckInterval.Duration),