innov
/
nightingale1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

feat: prom support tls (#1091)

This commit is contained in:
Yening Qin 2022-08-08 12:17:52 +08:00 committed by GitHub
parent ea46401db2
commit b4f267fb01
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 54 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
src/pkg/tls/config.go
View File

@ -12,25 +12,26 @@ import (
// ClientConfig represents the standard client TLS config.
type ClientConfig struct {
TLSCA string
TLSCert string
TLSKey string
TLSKeyPwd string
InsecureSkipVerify bool
ServerName string
TLSMinVersion string
TLSCA string `toml:"tls_ca"`
TLSCert string `toml:"tls_cert"`
TLSKey string `toml:"tls_key"`
TLSKeyPwd string `toml:"tls_key_pwd"`
InsecureSkipVerify bool `toml:"insecure_skip_verify"`
ServerName string `toml:"tls_server_name"`
TLSMinVersion string `toml:"tls_min_version"`
TLSMaxVersion string `toml:"tls_max_version"`
}
// ServerConfig represents the standard server TLS config.
type ServerConfig struct {
TLSCert string
TLSKey string
TLSKeyPwd string
TLSAllowedCACerts []string
TLSCipherSuites []string
TLSMinVersion string
TLSMaxVersion string
TLSAllowedDNSNames []string
TLSCert string `toml:"tls_cert"`
TLSKey string `toml:"tls_key"`
TLSKeyPwd string `toml:"tls_key_pwd"`
TLSAllowedCACerts []string `toml:"tls_allowed_cacerts"`
TLSCipherSuites []string `toml:"tls_cipher_suites"`
TLSMinVersion string `toml:"tls_min_version"`
TLSMaxVersion string `toml:"tls_max_version"`
TLSAllowedDNSNames []string `toml:"tls_allowed_dns_names"`
}
// TLSConfig returns a tls.Config, may be nil without error if TLS is not
@ -70,6 +71,16 @@ func (c *ClientConfig) TLSConfig() (*tls.Config, error) {
tlsConfig.MinVersion = tls.VersionTLS13
}
if c.TLSMaxVersion == "1.0" {
tlsConfig.MaxVersion = tls.VersionTLS10
} else if c.TLSMaxVersion == "1.1" {
tlsConfig.MaxVersion = tls.VersionTLS11
} else if c.TLSMaxVersion == "1.2" {
tlsConfig.MaxVersion = tls.VersionTLS12
} else if c.TLSMaxVersion == "1.3" {
tlsConfig.MaxVersion = tls.VersionTLS13
}
return tlsConfig, nil
}

4
src/webapi/config/config.go
View File

@ -14,6 +14,7 @@ import (
"github.com/didi/nightingale/v5/src/pkg/logx"
"github.com/didi/nightingale/v5/src/pkg/oidcc"
"github.com/didi/nightingale/v5/src/pkg/ormx"
"github.com/didi/nightingale/v5/src/pkg/tls"
"github.com/didi/nightingale/v5/src/storage"
)
@ -112,6 +113,9 @@ type ClusterOptions struct {
DialTimeout int64
KeepAlive int64
UseTLS bool
tls.ClientConfig
MaxIdleConnsPerHost int
}

26
src/webapi/prom/prom.go
View File

@ -65,6 +65,9 @@ func initClustersFromConfig() error {
for i := 0; i < len(opts); i++ {
cluster := newClusterByOption(opts[i])
if cluster == nil {
continue
}
Clusters.Put(opts[i].Name, cluster)
}
@ -165,7 +168,17 @@ func loadClustersFromAPI() {
MaxIdleConnsPerHost: 32,
}
Clusters.Put(item.Name, newClusterByOption(opt))
if strings.HasPrefix(opt.Prom, "https") {
opt.UseTLS = true
opt.InsecureSkipVerify = true
}
cluster := newClusterByOption(opt)
if cluster == nil {
continue
}
Clusters.Put(item.Name, cluster)
continue
}
}
@ -173,7 +186,6 @@ func loadClustersFromAPI() {
func newClusterByOption(opt config.ClusterOptions) *ClusterType {
transport := &http.Transport{
// TLSClientConfig: tlsConfig,
Proxy: http.ProxyFromEnvironment,
DialContext: (&net.Dialer{
Timeout: time.Duration(opt.DialTimeout) * time.Millisecond,
@ -182,6 +194,15 @@ func newClusterByOption(opt config.ClusterOptions) *ClusterType {
MaxIdleConnsPerHost: opt.MaxIdleConnsPerHost,
}
if opt.UseTLS {
tlsConfig, err := opt.TLSConfig()
if err != nil {
logger.Errorf("new cluster %s fail: %v", opt.Name, err)
return nil
}
transport.TLSClientConfig = tlsConfig
}
cli, err := api.NewClient(api.Config{
Address: opt.Prom,
RoundTripper: transport,
@ -189,6 +210,7 @@ func newClusterByOption(opt config.ClusterOptions) *ClusterType {
if err != nil {
logger.Errorf("new client fail: %v", err)
return nil
}
cluster := &ClusterType{