fluent-plugin-logit 0.2.0 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +20 -0
- data/VERSION +1 -1
- data/lib/fluent/plugin/out_logit.rb +30 -3
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3e711fd3713c8f48f841a2c921cf817a62fdfd280728442a060825d05880b80d
|
|
4
|
+
data.tar.gz: fb12650d8d450070d11f6b39e22c2e04b6a3a40485ed2c4a5cab4eda02ef76d1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2edb4fdaa7ce8c0cefafb7e65e164eb0768d7fc4598d82b6e6f70982b09f76608529fdf694e872345326ee9906ad8b0cc13eb7f1d18974c1882631441394a5ce
|
|
7
|
+
data.tar.gz: bc3f8809f72f531011f6922d21ba33bb13bbea9542d428f9cf142591fd915ddf6a00018a656c9f381c781e942e388e63697a66c5fb7fc7b6e24bf73c61a5478a
|
data/README.md
CHANGED
|
@@ -20,6 +20,26 @@ You need to configure the output with your stack_id and port number. See the sou
|
|
|
20
20
|
buffer_path /var/log/fluent/logcentral
|
|
21
21
|
</match>
|
|
22
22
|
|
|
23
|
+
### Mutual TLS configuration
|
|
24
|
+
|
|
25
|
+
If your stack is enabled for mutual TLS, make the client certificate, private
|
|
26
|
+
key, and CA chain certificates available to Fluentd and specify their locations
|
|
27
|
+
in the config:
|
|
28
|
+
|
|
29
|
+
<match **>
|
|
30
|
+
@type logit
|
|
31
|
+
stack_id <your-stack-id>
|
|
32
|
+
port <your-port>
|
|
33
|
+
buffer_type file
|
|
34
|
+
buffer_path /var/log/fluent/logcentral
|
|
35
|
+
tls_mode mutual
|
|
36
|
+
tls_ca_certificate "/etc/pki/tls/logit/ca-chain.pem"
|
|
37
|
+
tls_certificate "/etc/pki/tls/logit/client.pem"
|
|
38
|
+
tls_private_key "/etc/pki/tls/logit/key.pem"
|
|
39
|
+
</match>
|
|
40
|
+
|
|
41
|
+
The private key file must be unencrypted before use.
|
|
42
|
+
|
|
23
43
|
## Support
|
|
24
44
|
|
|
25
45
|
This plugin uses TCP with TLS to ship events.
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.
|
|
1
|
+
0.3.0
|
|
@@ -21,6 +21,11 @@ module Fluent
|
|
|
21
21
|
config_param :output_type, :string, :default => "json"
|
|
22
22
|
config_param :output_append_newline, :bool, :default => true
|
|
23
23
|
|
|
24
|
+
config_param :tls_mode, :enum, list: [:simple, :mutual], default: :simple
|
|
25
|
+
config_param :tls_ca_certificate, :string, :default => nil
|
|
26
|
+
config_param :tls_certificate, :string, :default => nil
|
|
27
|
+
config_param :tls_private_key, :string, :default => nil
|
|
28
|
+
|
|
24
29
|
def configure(conf)
|
|
25
30
|
super
|
|
26
31
|
if /[\w]{8}(-[\w]{4}){3}-[\w]{12}/.match(@stack_id) == nil
|
|
@@ -29,6 +34,23 @@ module Fluent
|
|
|
29
34
|
if @port == 0
|
|
30
35
|
raise "port is required. See the source wizard."
|
|
31
36
|
end
|
|
37
|
+
|
|
38
|
+
if @tls_mode == :mutual
|
|
39
|
+
if ! @tls_ca_certificate || @tls_ca_certificate.empty?
|
|
40
|
+
raise Fluent::ConfigError,
|
|
41
|
+
"tls_ca_certificate is required when tls_mode is set to mutual"
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
if ! @tls_certificate || @tls_certificate.empty?
|
|
45
|
+
raise Fluent::ConfigError,
|
|
46
|
+
"tls_certificate is required when tls_mode is set to mutual"
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
if ! @tls_private_key || @tls_private_key.empty?
|
|
50
|
+
raise Fluent::ConfigError,
|
|
51
|
+
"tls_private_key is required when tls_mode is set to mutual"
|
|
52
|
+
end
|
|
53
|
+
end
|
|
32
54
|
end
|
|
33
55
|
|
|
34
56
|
def start
|
|
@@ -84,17 +106,22 @@ module Fluent
|
|
|
84
106
|
Timeout.timeout(@connect_timeout) do
|
|
85
107
|
socket = TCPSocket.open("#{resolved_host()}", @port)
|
|
86
108
|
ssl_context = OpenSSL::SSL::SSLContext.new()
|
|
87
|
-
# TODO implement mutual tls
|
|
88
|
-
#ssl_context.cert = OpenSSL::X509::Certificate.new(File.open("certificate.crt"))
|
|
89
|
-
#ssl_context.key = OpenSSL::PKey::RSA.new(File.open("certificate.key"))
|
|
90
109
|
ssl_context.options |= OpenSSL::SSL::OP_NO_SSLv2
|
|
91
110
|
ssl_context.options |= OpenSSL::SSL::OP_NO_SSLv3
|
|
92
111
|
ssl_context.options |= OpenSSL::SSL::OP_NO_COMPRESSION
|
|
93
112
|
ssl_context.ciphers = "TLSv1.2:!aNULL:!eNULL"
|
|
94
113
|
ssl_context.ssl_version = :TLSv1_2
|
|
114
|
+
|
|
115
|
+
if @tls_mode == :mutual
|
|
116
|
+
ssl_context.cert = OpenSSL::X509::Certificate.new(File.open(@tls_certificate))
|
|
117
|
+
ssl_context.key = OpenSSL::PKey::RSA.new(File.open(@tls_private_key))
|
|
118
|
+
ssl_context.ca_file = @tls_ca_certificate
|
|
119
|
+
end
|
|
120
|
+
|
|
95
121
|
ssl_socket = OpenSSL::SSL::SSLSocket.new(socket, ssl_context)
|
|
96
122
|
ssl_socket.sync_close = true
|
|
97
123
|
ssl_socket.connect
|
|
124
|
+
|
|
98
125
|
return ssl_socket
|
|
99
126
|
end
|
|
100
127
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fluent-plugin-logit
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Logit
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-
|
|
11
|
+
date: 2019-11-26 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: fluentd
|