fluent-plugin-relp 0.1.4 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -0
- data/README.md +14 -1
- data/lib/fluent/plugin/in_relp.rb +11 -1
- data/test/plugin/test_in_relp.rb +7 -2
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 86b1bb4436e0eefc4fb7b116288b76ad13ae1220
|
4
|
+
data.tar.gz: dd06f38481f0abff643ce6b9e8ae407bed9ea426
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 50e4ef0c5e9c52a4b2d9fd5d80aa9b389de5399548e6023fdd926330c5ae7d9b90f40938e24db8531b17fffa4fef93e0944603011eede704109426ad03899460
|
7
|
+
data.tar.gz: 1a5ba493cbafd9e26dfe61745bcb4b91b3b27b414a7ccbcda091c1ccb6a50c7034e5928f33fb7c7d0d43d328db7a15983596f0bb26c5c55300b785cc3657f4d5
|
data/CHANGELOG.md
CHANGED
@@ -7,6 +7,15 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
|
|
7
7
|
|
8
8
|
## [Unreleased]
|
9
9
|
|
10
|
+
## [0.2.0] - 2017-10-19
|
11
|
+
### Added
|
12
|
+
- TLS encryption
|
13
|
+
- now depends on [openssl](https://github.com/ruby/openssl)
|
14
|
+
- checking length of actually transmitted data
|
15
|
+
|
16
|
+
### Changed
|
17
|
+
- raised minimal required [relp](https://github.com/ViaQ/Relp/) version to 0.2
|
18
|
+
|
10
19
|
## [0.1.4] - 2017-08-08
|
11
20
|
### Added
|
12
21
|
- code coverage testing
|
data/README.md
CHANGED
@@ -36,6 +36,8 @@ To use the plugin just add tou your fluent.conf file:
|
|
36
36
|
tag your_tag_for_relp
|
37
37
|
#optionally, determine remote IP to bind to, by default binds to all incoming connections
|
38
38
|
bind XX.XX.XX.XX
|
39
|
+
#if you want to use TLS encryption, specify this config string
|
40
|
+
ssl_config /path_to/certificate_file:/path_to/key_file:/path_to/certificate_authority_file
|
39
41
|
</source>
|
40
42
|
|
41
43
|
```
|
@@ -47,13 +49,24 @@ module(load="omrelp")
|
|
47
49
|
|
48
50
|
*.* action(type="omrelp"
|
49
51
|
Target="your_fluentd_host_or_ip"
|
50
|
-
Port="5170_or_yours_set"
|
52
|
+
Port="5170_or_yours_set"
|
53
|
+
# Add below part to use SSL encryption
|
54
|
+
tls="on"
|
55
|
+
tls.permittedPeer="SHA1:hash_of_your_certificate_file"
|
56
|
+
tls.authMode="fingerprint"
|
57
|
+
tls.mycert="/path_to/certificate_file"
|
58
|
+
tls.myprivkey="/path_to/key_file"
|
59
|
+
tls.cacert="/path_to/certificate_authority_file"
|
60
|
+
)
|
51
61
|
```
|
52
62
|
make sure you have librelp and rsyslog relp plugin present on your system.
|
53
63
|
|
54
64
|
Also you need to make sure that things lige firewall and selinux are set up
|
55
65
|
so they do not block communication on configured port(s) and adress(es).
|
56
66
|
|
67
|
+
Additionally, if you have problems estabilishing connection over network, it may
|
68
|
+
help to increase timeouts for socket connection and/or RELP session on clients.
|
69
|
+
|
57
70
|
That is all you need to reliably send system logs to remote fluentd instance.
|
58
71
|
|
59
72
|
## Contributing
|
@@ -11,6 +11,8 @@ module Fluent
|
|
11
11
|
config_param :port, :integer, default: 5170
|
12
12
|
desc 'The bind address to listen to.'
|
13
13
|
config_param :bind, :string, default: '0.0.0.0'
|
14
|
+
desc 'SSL configuration string, format "certificate_path":"key_path":"certificate_authority_path"'
|
15
|
+
config_param :ssl_config, :string, default: nil
|
14
16
|
|
15
17
|
def configure(conf)
|
16
18
|
super
|
@@ -18,7 +20,15 @@ module Fluent
|
|
18
20
|
|
19
21
|
def start
|
20
22
|
super
|
21
|
-
|
23
|
+
ssl_context = nil
|
24
|
+
if @ssl_config != nil
|
25
|
+
ssl_context = OpenSSL::SSL::SSLContext.new(:TLSv1_2)
|
26
|
+
ssl_context.ca_file = @ssl_config.split(':')[2]
|
27
|
+
ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
28
|
+
ssl_context.key = OpenSSL::PKey::RSA.new(File.open(@ssl_config.split(':')[1]))
|
29
|
+
ssl_context.cert = OpenSSL::X509::Certificate.new(File.open(@ssl_config.split(':')[0]))
|
30
|
+
end
|
31
|
+
@server = Relp::RelpServer.new(@port, method(:on_message), @bind, ssl_context, log)
|
22
32
|
@thread = Thread.new(&method(:run))
|
23
33
|
end
|
24
34
|
|
data/test/plugin/test_in_relp.rb
CHANGED
@@ -33,9 +33,13 @@ class RelpInputTest < Test::Unit::TestCase
|
|
33
33
|
bind HOST
|
34
34
|
port 1111
|
35
35
|
tag input.relp
|
36
|
+
ssl_config ./cert.pem:./key.pem:./ca.pem
|
36
37
|
]
|
37
38
|
|
38
39
|
def create_driver(conf = CONFIG)
|
40
|
+
File.open("cert.pem", "w")
|
41
|
+
File.open("key.pem", "w")
|
42
|
+
File.open("ca.pem", "w")
|
39
43
|
Fluent::Test::InputTestDriver.new(Fluent::RelpInput).configure(conf)
|
40
44
|
end
|
41
45
|
|
@@ -51,13 +55,14 @@ class RelpInputTest < Test::Unit::TestCase
|
|
51
55
|
assert_equal 'HOST', d.instance.bind
|
52
56
|
assert_equal 1111, d.instance.port
|
53
57
|
assert_equal 'input.relp', d.instance.tag
|
58
|
+
assert_equal './cert.pem:./key.pem:./ca.pem', d.instance.ssl_config
|
54
59
|
end
|
55
60
|
end
|
56
61
|
|
57
62
|
sub_test_case "function" do
|
58
63
|
def test_run_invalid
|
59
64
|
d = create_driver
|
60
|
-
assert_raise(
|
65
|
+
assert_raise(OpenSSL::PKey::RSAError) { #will fail because of no valid cert
|
61
66
|
d.run
|
62
67
|
}
|
63
68
|
end
|
@@ -73,7 +78,7 @@ class RelpInputTest < Test::Unit::TestCase
|
|
73
78
|
def test_message
|
74
79
|
d = create_driver
|
75
80
|
server = RelpServerFake.new(d.instance.method(:on_message))
|
76
|
-
assert_raise(
|
81
|
+
assert_raise(OpenSSL::PKey::RSAError) { #will fail because of no valid cert
|
77
82
|
d.run
|
78
83
|
}
|
79
84
|
d.instance.instance_variable_set(:@server, server)
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fluent-plugin-relp
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jiří Vymazal
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-
|
11
|
+
date: 2017-10-19 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rake
|
@@ -86,14 +86,14 @@ dependencies:
|
|
86
86
|
requirements:
|
87
87
|
- - "~>"
|
88
88
|
- !ruby/object:Gem::Version
|
89
|
-
version: '0.
|
89
|
+
version: '0.2'
|
90
90
|
type: :runtime
|
91
91
|
prerelease: false
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
93
93
|
requirements:
|
94
94
|
- - "~>"
|
95
95
|
- !ruby/object:Gem::Version
|
96
|
-
version: '0.
|
96
|
+
version: '0.2'
|
97
97
|
description: Plugin allowing recieving log messages via RELP protocol from e.g. syslog
|
98
98
|
email:
|
99
99
|
- jvymazal@redhat.com
|