app/vmctl : support TLS config options for InfluxDB datasource (#5783)

* vmctl: TLS flags for influx DB

* added httputils function

* Add changelog and doc

---------

Co-authored-by: Khushi Jain <khushi.jain@nokia.com>
This commit is contained in:
Khushi Jain 2024-02-16 19:29:18 +05:30 committed by GitHub
parent ecccd2a1cc
commit 7cd1b7d047
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 56 additions and 5 deletions

View File

@ -208,6 +208,11 @@ const (
influxMeasurementFieldSeparator = "influx-measurement-field-separator" influxMeasurementFieldSeparator = "influx-measurement-field-separator"
influxSkipDatabaseLabel = "influx-skip-database-label" influxSkipDatabaseLabel = "influx-skip-database-label"
influxPrometheusMode = "influx-prometheus-mode" influxPrometheusMode = "influx-prometheus-mode"
influxCertFile = "influx-cert-file"
influxKeyFile = "influx-key-file"
influxCAFile = "influx-CA-file"
influxServerName = "influx-server-name"
influxInsecureSkipVerify = "influx-insecure-skip-verify"
) )
var ( var (
@ -275,6 +280,27 @@ var (
Usage: "Wether to restore the original timeseries name previously written from Prometheus to InfluxDB v1 via remote_write.", Usage: "Wether to restore the original timeseries name previously written from Prometheus to InfluxDB v1 via remote_write.",
Value: false, Value: false,
}, },
&cli.StringFlag{
Name: influxCertFile,
Usage: "Optional path to client-side TLS certificate file to use when connecting to influxAddr",
},
&cli.StringFlag{
Name: influxKeyFile,
Usage: "Optional path to client-side TLS key to use when connecting to influxAddr",
},
&cli.StringFlag{
Name: influxCAFile,
Usage: "Optional path to TLS CA file to use for verifying connections to influxAddr. By default, system CA is used",
},
&cli.StringFlag{
Name: influxServerName,
Usage: "Optional TLS server name to use for connections to influxAddr. By default, the server name from influxAddr is used",
},
&cli.BoolFlag{
Name: influxInsecureSkipVerify,
Usage: "Whether to skip tls verification when connecting to infuxAddr",
Value: false,
},
} }
) )

View File

@ -1,6 +1,7 @@
package influx package influx
import ( import (
"crypto/tls"
"fmt" "fmt"
"io" "io"
"log" "log"
@ -33,7 +34,8 @@ type Config struct {
Retention string Retention string
ChunkSize int ChunkSize int
Filter Filter Filter Filter
TLSConfig *tls.Config
} }
// Filter contains configuration for filtering // Filter contains configuration for filtering
@ -86,10 +88,10 @@ type LabelPair struct {
// configured with passed Config // configured with passed Config
func NewClient(cfg Config) (*Client, error) { func NewClient(cfg Config) (*Client, error) {
c := influx.HTTPConfig{ c := influx.HTTPConfig{
Addr: cfg.Addr, Addr: cfg.Addr,
Username: cfg.Username, Username: cfg.Username,
Password: cfg.Password, Password: cfg.Password,
InsecureSkipVerify: true, TLSConfig: cfg.TLSConfig,
} }
hc, err := influx.NewHTTPClient(c) hc, err := influx.NewHTTPClient(c)
if err != nil { if err != nil {

View File

@ -25,6 +25,7 @@ import (
"github.com/VictoriaMetrics/VictoriaMetrics/app/vmctl/prometheus" "github.com/VictoriaMetrics/VictoriaMetrics/app/vmctl/prometheus"
"github.com/VictoriaMetrics/VictoriaMetrics/app/vmctl/vm" "github.com/VictoriaMetrics/VictoriaMetrics/app/vmctl/vm"
"github.com/VictoriaMetrics/VictoriaMetrics/lib/buildinfo" "github.com/VictoriaMetrics/VictoriaMetrics/lib/buildinfo"
"github.com/VictoriaMetrics/VictoriaMetrics/lib/httputils"
"github.com/VictoriaMetrics/VictoriaMetrics/lib/protoparser/common" "github.com/VictoriaMetrics/VictoriaMetrics/lib/protoparser/common"
"github.com/VictoriaMetrics/VictoriaMetrics/lib/protoparser/native/stream" "github.com/VictoriaMetrics/VictoriaMetrics/lib/protoparser/native/stream"
) )
@ -84,6 +85,18 @@ func main() {
Action: func(c *cli.Context) error { Action: func(c *cli.Context) error {
fmt.Println("InfluxDB import mode") fmt.Println("InfluxDB import mode")
// create TLS config
influxCertFile := c.String(influxCertFile)
influxKeyFile := c.String(influxKeyFile)
influxCAFile := c.String(influxCAFile)
influxServerName := c.String(influxServerName)
influxInsecureSkipVerify := c.Bool(influxInsecureSkipVerify)
tc, err := httputils.TLSConfig(influxCertFile, influxCAFile, influxKeyFile, influxServerName, influxInsecureSkipVerify)
if err != nil {
return fmt.Errorf("failed to create TLS Config: %s", err)
}
iCfg := influx.Config{ iCfg := influx.Config{
Addr: c.String(influxAddr), Addr: c.String(influxAddr),
Username: c.String(influxUser), Username: c.String(influxUser),
@ -96,7 +109,9 @@ func main() {
TimeEnd: c.String(influxFilterTimeEnd), TimeEnd: c.String(influxFilterTimeEnd),
}, },
ChunkSize: c.Int(influxChunkSize), ChunkSize: c.Int(influxChunkSize),
TLSConfig: tc,
} }
influxClient, err := influx.NewClient(iCfg) influxClient, err := influx.NewClient(iCfg)
if err != nil { if err != nil {
return fmt.Errorf("failed to create influx client: %s", err) return fmt.Errorf("failed to create influx client: %s", err)

View File

@ -67,6 +67,7 @@ Released at 2024-02-14
* BUGFIX: [vmui](https://docs.victoriametrics.com/#vmui): clear entered text in select after selecting a value. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5727). * BUGFIX: [vmui](https://docs.victoriametrics.com/#vmui): clear entered text in select after selecting a value. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5727).
* BUGFIX: [vmui](https://docs.victoriametrics.com/#vmui): improve the operation of the context for autocomplete. See [this](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5736), [this](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5737) and [this](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5739) issues. * BUGFIX: [vmui](https://docs.victoriametrics.com/#vmui): improve the operation of the context for autocomplete. See [this](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5736), [this](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5737) and [this](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5739) issues.
* BUGFIX: [dashboards](https://grafana.com/orgs/victoriametrics): update `Storage full ETA` panels for Single-node and Cluster dashboards to prevent them from showing negative or blank results caused by increase of deduplicated samples. Deduplicated samples were part of the expression to provide a better estimate for disk usage, but due to sporadic nature of [deduplication](https://docs.victoriametrics.com/#deduplication) in VictoriaMetrics it rather produced skewed results. See [this pull request](https://github.com/VictoriaMetrics/VictoriaMetrics/pull/5747). * BUGFIX: [dashboards](https://grafana.com/orgs/victoriametrics): update `Storage full ETA` panels for Single-node and Cluster dashboards to prevent them from showing negative or blank results caused by increase of deduplicated samples. Deduplicated samples were part of the expression to provide a better estimate for disk usage, but due to sporadic nature of [deduplication](https://docs.victoriametrics.com/#deduplication) in VictoriaMetrics it rather produced skewed results. See [this pull request](https://github.com/VictoriaMetrics/VictoriaMetrics/pull/5747).
* FEATURE: [vmctl](https://docs.victoriametrics.com/vmctl.html): support client-side TLS configuration for migration from influx db. See [this feature request](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5748).
# [v1.97.2](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.97.2) # [v1.97.2](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.97.2)

View File

@ -282,6 +282,13 @@ foo_field2{tag1="value1", tag2="value2"} 40
The configuration flags should contain self-explanatory descriptions. The configuration flags should contain self-explanatory descriptions.
```sh
-influx-cert-file value Optional path to client-side TLS certificate file to use when connecting to influxAddr
-influx-key-file value Optional path to client-side TLS key to use when connecting to influxAddr
-influx-CA-file value Optional path to TLS CA file to use for verifying connections to influxAddr. By default, system CA is used
-influx-server-name value Optional TLS server name to use for connections to influxAddr. By default, the server name from influxAddr is used
-influx-insecure-skip-verify Whether to skip tls verification when connecting to infuxAddr (default: false)
```
### Filtering ### Filtering
The filtering consists of two parts: timeseries and time. The filtering consists of two parts: timeseries and time.