fluent-plugin-prometheus_pushgateway 0.0.1 → 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6ed0d4b03ca33b58ea2329fb9af3b66d139a4f569c063cb02d9f9b2c01b0f453
|
4
|
+
data.tar.gz: '097fdd8eb62233042b1ebd64aaf734ba93b9db8ac6cffd87183239050621ba06'
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 828cf255662867a97aa8ded33e34e7aa4868f44359b56ec263bfe01b67494b7d6fcf48b293c52d96bee9b8ba5b231ca83dba34885fcc8803e2b1cb99377e6ede
|
7
|
+
data.tar.gz: a7215235075497dd73b745e206b1e6b815c47477f3028e6d18aba91e5e16db7808c6d3b6fe425194842956c65ed7d5fbd6b29ae568759426cc3fbb4f27b47d02
|
data/README.md
CHANGED
@@ -42,6 +42,16 @@ More configuration parameters:
|
|
42
42
|
- `instance`: instance name (default: nil)
|
43
43
|
- `push_interval`: the interval of pushing data to pushgateway (default: 3)
|
44
44
|
|
45
|
+
these parameters are used when `gateway` starts with 'https'
|
46
|
+
|
47
|
+
- `tls_ca_cert_path`: The CA certificate path for TLS (default nil)
|
48
|
+
- `tls_client_cert_path`: The client certificate path for TLS (default nil)
|
49
|
+
- `tls_private_key_path`: The client private key path for TLS (default nil)
|
50
|
+
- `tls_private_key_passphrase`: The client private key passphrase for TLS (default nil)
|
51
|
+
- `tls_verify_mode`: The verify mode of TLS (default :peer)
|
52
|
+
- `tls_version`: The default version of TLS (default :TLSv1_2)
|
53
|
+
- `tls_ciphers`: The cipher configuration of TLS (default ALL:!aNULL:!eNULL:!SSLv2)
|
54
|
+
|
45
55
|
## Development
|
46
56
|
|
47
57
|
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
@@ -17,6 +17,14 @@
|
|
17
17
|
require 'prometheus/client/push'
|
18
18
|
require 'fluent/plugin/output'
|
19
19
|
|
20
|
+
begin
|
21
|
+
require 'fluent/tls'
|
22
|
+
rescue LoadError
|
23
|
+
# compatible layer for fluentd v1.9.1 or earlier
|
24
|
+
# https://github.com/fluent/fluentd/pull/2802
|
25
|
+
require_relative 'prometheus_pushgateway/tls'
|
26
|
+
end
|
27
|
+
|
20
28
|
module Fluent
|
21
29
|
module Plugin
|
22
30
|
class PrometheusPushgatewayOutput < Fluent::Plugin::Output
|
@@ -33,6 +41,21 @@ module Fluent
|
|
33
41
|
desc 'the interval of pushing data to pushgateway'
|
34
42
|
config_param :push_interval, :time, default: 3
|
35
43
|
|
44
|
+
desc 'The CA certificate path for TLS'
|
45
|
+
config_param :tls_ca_cert_path, :string, default: nil
|
46
|
+
desc 'The client certificate path for TLS'
|
47
|
+
config_param :tls_client_cert_path, :string, default: nil
|
48
|
+
desc 'The client private key path for TLS'
|
49
|
+
config_param :tls_private_key_path, :string, default: nil
|
50
|
+
desc 'The client private key passphrase for TLS'
|
51
|
+
config_param :tls_private_key_passphrase, :string, default: nil, secret: true
|
52
|
+
desc 'The verify mode of TLS'
|
53
|
+
config_param :tls_verify_mode, :enum, list: %i[none peer], default: :peer
|
54
|
+
desc 'The default version of TLS'
|
55
|
+
config_param :tls_version, :enum, list: Fluent::TLS::SUPPORTED_VERSIONS, default: Fluent::TLS::DEFAULT_VERSION
|
56
|
+
desc 'The cipher configuration of TLS'
|
57
|
+
config_param :tls_ciphers, :string, default: Fluent::TLS::CIPHERS_DEFAULT
|
58
|
+
|
36
59
|
def initialize
|
37
60
|
super
|
38
61
|
|
@@ -47,6 +70,21 @@ module Fluent
|
|
47
70
|
super
|
48
71
|
|
49
72
|
@push_client = ::Prometheus::Client::Push.new("#{@job_name}:#{fluentd_worker_id}", @instance, @gateway)
|
73
|
+
|
74
|
+
use_tls = gateway && (URI.parse(gateway).scheme == 'https')
|
75
|
+
|
76
|
+
if use_tls
|
77
|
+
# prometheus client doesn't have an interface to set the HTTPS options
|
78
|
+
http = @push_client.instance_variable_get(:@http)
|
79
|
+
if http.nil?
|
80
|
+
log.warn("prometheus client ruby's version unmatched. https setting is ignored")
|
81
|
+
end
|
82
|
+
|
83
|
+
# https://github.com/ruby/ruby/blob/dec802d8b59900e57e18fa6712caf95f12324aea/lib/net/http.rb#L599-L604
|
84
|
+
tls_options.each do |k, v|
|
85
|
+
http.__send__("#{k}=", v)
|
86
|
+
end
|
87
|
+
end
|
50
88
|
end
|
51
89
|
|
52
90
|
def start
|
@@ -60,6 +98,48 @@ module Fluent
|
|
60
98
|
def process(tag, es)
|
61
99
|
# nothing
|
62
100
|
end
|
101
|
+
|
102
|
+
private
|
103
|
+
|
104
|
+
def tls_options
|
105
|
+
opt = {}
|
106
|
+
|
107
|
+
if @tls_ca_cert_path
|
108
|
+
unless File.file?(@tls_ca_cert_path)
|
109
|
+
raise Fluent::ConfigError, "tls_ca_cert_path is wrong: #{@tls_ca_cert_path}"
|
110
|
+
end
|
111
|
+
|
112
|
+
opt[:ca_file] = @tls_ca_cert_path
|
113
|
+
end
|
114
|
+
|
115
|
+
if @tls_client_cert_path
|
116
|
+
unless File.file?(@tls_client_cert_path)
|
117
|
+
raise Fluent::ConfigError, "tls_client_cert_path is wrong: #{@tls_client_cert_path}"
|
118
|
+
end
|
119
|
+
|
120
|
+
opt[:cert] = OpenSSL::X509::Certificate.new(File.read(@tls_client_cert_path))
|
121
|
+
end
|
122
|
+
|
123
|
+
if @tls_private_key_path
|
124
|
+
unless File.file?(@tls_private_key_path)
|
125
|
+
raise Fluent::ConfigError, "tls_private_key_path is wrong: #{@tls_private_key_path}"
|
126
|
+
end
|
127
|
+
|
128
|
+
opt[:key] = OpenSSL::PKey.read(File.read(@tls_private_key_path), @tls_private_key_passphrase)
|
129
|
+
end
|
130
|
+
|
131
|
+
opt[:verify_mode] = case @tls_verify_mode
|
132
|
+
when :none
|
133
|
+
OpenSSL::SSL::VERIFY_NONE
|
134
|
+
when :peer
|
135
|
+
OpenSSL::SSL::VERIFY_PEER
|
136
|
+
end
|
137
|
+
|
138
|
+
opt[:ciphers] = @tls_ciphers
|
139
|
+
opt[:ssl_version] = @tls_version
|
140
|
+
|
141
|
+
opt
|
142
|
+
end
|
63
143
|
end
|
64
144
|
end
|
65
145
|
end
|
@@ -0,0 +1,82 @@
|
|
1
|
+
#
|
2
|
+
# Fluentd
|
3
|
+
#
|
4
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
5
|
+
# you may not use this file except in compliance with the License.
|
6
|
+
# You may obtain a copy of the License at
|
7
|
+
#
|
8
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
9
|
+
#
|
10
|
+
# Unless required by applicable law or agreed to in writing, software
|
11
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
+
# See the License for the specific language governing permissions and
|
14
|
+
# limitations under the License.
|
15
|
+
#
|
16
|
+
|
17
|
+
require 'openssl'
|
18
|
+
require 'fluent/config/error'
|
19
|
+
|
20
|
+
# copy from https://github.com/fluent/fluentd/blob/9d113029d4550ce576d8825bfa9612aa3e55bff0/lib/fluent/tls.rb
|
21
|
+
|
22
|
+
module Fluent
|
23
|
+
module TLS
|
24
|
+
DEFAULT_VERSION = :TLSv1_2
|
25
|
+
SUPPORTED_VERSIONS = if defined?(OpenSSL::SSL::TLS1_3_VERSION)
|
26
|
+
%i[TLSv1_1 TLSv1_2 TLSv1_3 TLS1_1 TLS1_2 TLS1_3].freeze
|
27
|
+
else
|
28
|
+
%i[TLSv1_1 TLSv1_2 TLS1_1 TLS1_2].freeze
|
29
|
+
end
|
30
|
+
### follow httpclient configuration by nahi
|
31
|
+
# OpenSSL 0.9.8 default: "ALL:!ADH:!LOW:!EXP:!MD5:+SSLv2:@STRENGTH"
|
32
|
+
CIPHERS_DEFAULT = 'ALL:!aNULL:!eNULL:!SSLv2'.freeze # OpenSSL >1.0.0 default
|
33
|
+
|
34
|
+
METHODS_MAP = begin
|
35
|
+
map = {
|
36
|
+
TLSv1: OpenSSL::SSL::TLS1_VERSION,
|
37
|
+
TLSv1_1: OpenSSL::SSL::TLS1_1_VERSION,
|
38
|
+
TLSv1_2: OpenSSL::SSL::TLS1_2_VERSION
|
39
|
+
}
|
40
|
+
map[TLSv1_3] = OpenSSL::SSL::TLS1_3_VERSION if defined?(OpenSSL::SSL::TLS1_3_VERSION)
|
41
|
+
MIN_MAX_AVAILABLE = true
|
42
|
+
map.freeze
|
43
|
+
rescue NameError
|
44
|
+
# ruby 2.4 doesn't have OpenSSL::SSL::TLSXXX constants and min_version=/max_version= methods
|
45
|
+
map = {
|
46
|
+
TLS1: :TLSv1,
|
47
|
+
TLS1_1: :TLSv1_1,
|
48
|
+
TLS1_2: :TLSv1_2,
|
49
|
+
}.freeze
|
50
|
+
MIN_MAX_AVAILABLE = false
|
51
|
+
map
|
52
|
+
end
|
53
|
+
private_constant :METHODS_MAP
|
54
|
+
|
55
|
+
# Helper for old syntax/method support:
|
56
|
+
# ruby 2.4 uses ssl_version= but this method is now deprecated.
|
57
|
+
# min_version=/max_version= use 'TLS1_2' but ssl_version= uses 'TLSv1_2'
|
58
|
+
def set_version_to_context(ctx, version, min_version, max_version)
|
59
|
+
if MIN_MAX_AVAILABLE
|
60
|
+
case
|
61
|
+
when min_version.nil? && max_version.nil?
|
62
|
+
min_version = METHODS_MAP[version] || version
|
63
|
+
max_version = METHODS_MAP[version] || version
|
64
|
+
when min_version.nil? && max_version
|
65
|
+
raise Fluent::ConfigError, "When you set max_version, must set min_version together"
|
66
|
+
when min_version && max_version.nil?
|
67
|
+
raise Fluent::ConfigError, "When you set min_version, must set max_version together"
|
68
|
+
else
|
69
|
+
min_version = METHODS_MAP[min_version] || min_version
|
70
|
+
max_version = METHODS_MAP[max_version] || max_version
|
71
|
+
end
|
72
|
+
ctx.min_version = min_version
|
73
|
+
ctx.max_version = max_version
|
74
|
+
else
|
75
|
+
ctx.ssl_version = METHODS_MAP[version] || version
|
76
|
+
end
|
77
|
+
|
78
|
+
ctx
|
79
|
+
end
|
80
|
+
module_function :set_version_to_context
|
81
|
+
end
|
82
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fluent-plugin-prometheus_pushgateway
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Yuta Iwama
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-02-
|
11
|
+
date: 2020-02-20 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: fluent-plugin-prometheus
|
@@ -105,6 +105,7 @@ files:
|
|
105
105
|
- examples/pushgateway.conf
|
106
106
|
- fluent-plugin-prometheus_pushgateway.gemspec
|
107
107
|
- lib/fluent/plugin/out_prometheus_pushgateway.rb
|
108
|
+
- lib/fluent/plugin/prometheus_pushgateway/tls.rb
|
108
109
|
homepage: https://github.com/fluent/fluent-plugin-prometheus_pushgateway
|
109
110
|
licenses:
|
110
111
|
- Apache-2.0
|