fluent-plugin-logit 0.2.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +20 -0
- data/VERSION +1 -1
- data/lib/fluent/plugin/out_logit.rb +30 -3
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3e711fd3713c8f48f841a2c921cf817a62fdfd280728442a060825d05880b80d
|
|
4
|
+
data.tar.gz: fb12650d8d450070d11f6b39e22c2e04b6a3a40485ed2c4a5cab4eda02ef76d1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2edb4fdaa7ce8c0cefafb7e65e164eb0768d7fc4598d82b6e6f70982b09f76608529fdf694e872345326ee9906ad8b0cc13eb7f1d18974c1882631441394a5ce
|
|
7
|
+
data.tar.gz: bc3f8809f72f531011f6922d21ba33bb13bbea9542d428f9cf142591fd915ddf6a00018a656c9f381c781e942e388e63697a66c5fb7fc7b6e24bf73c61a5478a
|
data/README.md
CHANGED
|
@@ -20,6 +20,26 @@ You need to configure the output with your stack_id and port number. See the sou
|
|
|
20
20
|
buffer_path /var/log/fluent/logcentral
|
|
21
21
|
</match>
|
|
22
22
|
|
|
23
|
+
### Mutual TLS configuration
|
|
24
|
+
|
|
25
|
+
If your stack is enabled for mutual TLS, make the client certificate, private
|
|
26
|
+
key, and CA chain certificates available to Fluentd and specify their locations
|
|
27
|
+
in the config:
|
|
28
|
+
|
|
29
|
+
<match **>
|
|
30
|
+
@type logit
|
|
31
|
+
stack_id <your-stack-id>
|
|
32
|
+
port <your-port>
|
|
33
|
+
buffer_type file
|
|
34
|
+
buffer_path /var/log/fluent/logcentral
|
|
35
|
+
tls_mode mutual
|
|
36
|
+
tls_ca_certificate "/etc/pki/tls/logit/ca-chain.pem"
|
|
37
|
+
tls_certificate "/etc/pki/tls/logit/client.pem"
|
|
38
|
+
tls_private_key "/etc/pki/tls/logit/key.pem"
|
|
39
|
+
</match>
|
|
40
|
+
|
|
41
|
+
The private key file must be unencrypted before use.
|
|
42
|
+
|
|
23
43
|
## Support
|
|
24
44
|
|
|
25
45
|
This plugin uses TCP with TLS to ship events.
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.
|
|
1
|
+
0.3.0
|
|
@@ -21,6 +21,11 @@ module Fluent
|
|
|
21
21
|
config_param :output_type, :string, :default => "json"
|
|
22
22
|
config_param :output_append_newline, :bool, :default => true
|
|
23
23
|
|
|
24
|
+
config_param :tls_mode, :enum, list: [:simple, :mutual], default: :simple
|
|
25
|
+
config_param :tls_ca_certificate, :string, :default => nil
|
|
26
|
+
config_param :tls_certificate, :string, :default => nil
|
|
27
|
+
config_param :tls_private_key, :string, :default => nil
|
|
28
|
+
|
|
24
29
|
def configure(conf)
|
|
25
30
|
super
|
|
26
31
|
if /[\w]{8}(-[\w]{4}){3}-[\w]{12}/.match(@stack_id) == nil
|
|
@@ -29,6 +34,23 @@ module Fluent
|
|
|
29
34
|
if @port == 0
|
|
30
35
|
raise "port is required. See the source wizard."
|
|
31
36
|
end
|
|
37
|
+
|
|
38
|
+
if @tls_mode == :mutual
|
|
39
|
+
if ! @tls_ca_certificate || @tls_ca_certificate.empty?
|
|
40
|
+
raise Fluent::ConfigError,
|
|
41
|
+
"tls_ca_certificate is required when tls_mode is set to mutual"
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
if ! @tls_certificate || @tls_certificate.empty?
|
|
45
|
+
raise Fluent::ConfigError,
|
|
46
|
+
"tls_certificate is required when tls_mode is set to mutual"
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
if ! @tls_private_key || @tls_private_key.empty?
|
|
50
|
+
raise Fluent::ConfigError,
|
|
51
|
+
"tls_private_key is required when tls_mode is set to mutual"
|
|
52
|
+
end
|
|
53
|
+
end
|
|
32
54
|
end
|
|
33
55
|
|
|
34
56
|
def start
|
|
@@ -84,17 +106,22 @@ module Fluent
|
|
|
84
106
|
Timeout.timeout(@connect_timeout) do
|
|
85
107
|
socket = TCPSocket.open("#{resolved_host()}", @port)
|
|
86
108
|
ssl_context = OpenSSL::SSL::SSLContext.new()
|
|
87
|
-
# TODO implement mutual tls
|
|
88
|
-
#ssl_context.cert = OpenSSL::X509::Certificate.new(File.open("certificate.crt"))
|
|
89
|
-
#ssl_context.key = OpenSSL::PKey::RSA.new(File.open("certificate.key"))
|
|
90
109
|
ssl_context.options |= OpenSSL::SSL::OP_NO_SSLv2
|
|
91
110
|
ssl_context.options |= OpenSSL::SSL::OP_NO_SSLv3
|
|
92
111
|
ssl_context.options |= OpenSSL::SSL::OP_NO_COMPRESSION
|
|
93
112
|
ssl_context.ciphers = "TLSv1.2:!aNULL:!eNULL"
|
|
94
113
|
ssl_context.ssl_version = :TLSv1_2
|
|
114
|
+
|
|
115
|
+
if @tls_mode == :mutual
|
|
116
|
+
ssl_context.cert = OpenSSL::X509::Certificate.new(File.open(@tls_certificate))
|
|
117
|
+
ssl_context.key = OpenSSL::PKey::RSA.new(File.open(@tls_private_key))
|
|
118
|
+
ssl_context.ca_file = @tls_ca_certificate
|
|
119
|
+
end
|
|
120
|
+
|
|
95
121
|
ssl_socket = OpenSSL::SSL::SSLSocket.new(socket, ssl_context)
|
|
96
122
|
ssl_socket.sync_close = true
|
|
97
123
|
ssl_socket.connect
|
|
124
|
+
|
|
98
125
|
return ssl_socket
|
|
99
126
|
end
|
|
100
127
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fluent-plugin-logit
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Logit
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-
|
|
11
|
+
date: 2019-11-26 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: fluentd
|