Add support for self-signed certs to InfluxDB input plugin (influxdat…

…a#2773)
vlamug · May 30, 2017 · fab4826 · fab4826
1 parent cf51bc4
commit fab4826
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,9 @@
 
 ### Release Notes
 ### Features
+
+- [#2773](https://github.com/influxdata/telegraf/pull/2773): Add support for self-signed certs to InfluxDB input plugin
+
 ### Bugfixes
 
 - [#2749](https://github.com/influxdata/telegraf/pull/2749): Fixed sqlserver input to work with case sensitive server collation.

diff --git a/plugins/inputs/influxdb/README.md b/plugins/inputs/influxdb/README.md
@@ -19,6 +19,16 @@ InfluxDB-formatted endpoints. See below for more information.
   urls = [
     "http://localhost:8086/debug/vars"
   ]
+
+  ## Optional SSL Config
+  # ssl_ca = "/etc/telegraf/ca.pem"
+  # ssl_cert = "/etc/telegraf/cert.pem"
+  # ssl_key = "/etc/telegraf/key.pem"
+  ## Use SSL but skip chain & host verification
+  # insecure_skip_verify = false
+
+  ## http request & header timeout
+  timeout = "5s"
 ```
 
 ### Measurements & Fields

diff --git a/plugins/inputs/influxdb/influxdb.go b/plugins/inputs/influxdb/influxdb.go
@@ -15,6 +15,14 @@ import (
 
 type InfluxDB struct {
 	URLs []string `toml:"urls"`
+	// Path to CA file
+	SSLCA string `toml:"ssl_ca"`
+	// Path to host cert file
+	SSLCert string `toml:"ssl_cert"`
+	// Path to cert key file
+	SSLKey string `toml:"ssl_key"`
+	// Use SSL but skip chain & host verification
+	InsecureSkipVerify bool
 
 	Timeout internal.Duration
 
@@ -37,6 +45,13 @@ func (*InfluxDB) SampleConfig() string {
     "http://localhost:8086/debug/vars"
   ]
 
+  ## Optional SSL Config
+  # ssl_ca = "/etc/telegraf/ca.pem"
+  # ssl_cert = "/etc/telegraf/cert.pem"
+  # ssl_key = "/etc/telegraf/key.pem"
+  ## Use SSL but skip chain & host verification
+  # insecure_skip_verify = false
+
   ## http request & header timeout
   timeout = "5s"
 `
@@ -48,9 +63,15 @@ func (i *InfluxDB) Gather(acc telegraf.Accumulator) error {
 	}
 
 	if i.client == nil {
+		tlsCfg, err := internal.GetTLSConfig(
+			i.SSLCert, i.SSLKey, i.SSLCA, i.InsecureSkipVerify)
+		if err != nil {
+			return err
+		}
 		i.client = &http.Client{
 			Transport: &http.Transport{
 				ResponseHeaderTimeout: i.Timeout.Duration,
+				TLSClientConfig:       tlsCfg,
 			},
 			Timeout: i.Timeout.Duration,
 		}