diff --git a/CHANGELOG.md b/CHANGELOG.md index d58777b986da1..2c9930f9867ad 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -41,6 +41,7 @@ be deprecated eventually. ### Features +- [#2723](https://github.com/influxdata/telegraf/pull/2723): Added SSL configuration for input haproxy. - [#2494](https://github.com/influxdata/telegraf/pull/2494): Add interrupts input plugin. - [#2094](https://github.com/influxdata/telegraf/pull/2094): Add generic socket listener & writer. - [#2204](https://github.com/influxdata/telegraf/pull/2204): Extend http_response to support searching for a substring in response. Return 1 if found, else 0. diff --git a/plugins/inputs/haproxy/README.md b/plugins/inputs/haproxy/README.md index 81c8fb894b707..fe107b5598839 100644 --- a/plugins/inputs/haproxy/README.md +++ b/plugins/inputs/haproxy/README.md @@ -8,6 +8,12 @@ # SampleConfig [[inputs.haproxy]] servers = ["http://1.2.3.4/haproxy?stats", "/var/run/haproxy*.sock"] +# ssl_ca = "/etc/telegraf/ca.pem" +# ssl_cert = "/etc/telegraf/cert.pem" +# ssl_key = "/etc/telegraf/key.pem" +## Use SSL but skip chain & host verification +# insecure_skip_verify = false + ``` #### `servers` diff --git a/plugins/inputs/haproxy/haproxy.go b/plugins/inputs/haproxy/haproxy.go index 2be418a651a93..151312d6654f8 100644 --- a/plugins/inputs/haproxy/haproxy.go +++ b/plugins/inputs/haproxy/haproxy.go @@ -14,6 +14,7 @@ import ( "time" "github.com/influxdata/telegraf" + "github.com/influxdata/telegraf/internal" "github.com/influxdata/telegraf/plugins/inputs" ) @@ -25,6 +26,15 @@ type haproxy struct { client *http.Client KeepFieldNames bool + + // Path to CA file + SSLCA string `toml:"ssl_ca"` + // Path to host cert file + SSLCert string `toml:"ssl_cert"` + // Path to cert key file + SSLKey string `toml:"ssl_key"` + // Use SSL but skip chain & host verification + InsecureSkipVerify bool } var sampleConfig = ` @@ -45,6 +55,13 @@ var sampleConfig = ` ## Setting this option to true results in the plugin keeping the original ## field names. ## keep_field_names = true + + ## Optional SSL Config + # ssl_ca = "/etc/telegraf/ca.pem" + # ssl_cert = "/etc/telegraf/cert.pem" + # ssl_key = "/etc/telegraf/key.pem" + ## Use SSL but skip chain & host verification + # insecure_skip_verify = false ` func (r *haproxy) SampleConfig() string { @@ -127,7 +144,15 @@ func (g *haproxy) gatherServer(addr string, acc telegraf.Accumulator) error { } if g.client == nil { - tr := &http.Transport{ResponseHeaderTimeout: time.Duration(3 * time.Second)} + tlsCfg, err := internal.GetTLSConfig( + g.SSLCert, g.SSLKey, g.SSLCA, g.InsecureSkipVerify) + if err != nil { + return err + } + tr := &http.Transport{ + ResponseHeaderTimeout: time.Duration(3 * time.Second), + TLSClientConfig: tlsCfg, + } client := &http.Client{ Transport: tr, Timeout: time.Duration(4 * time.Second),