innov
/
nightingale1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

feat: prom support tls (#1091)

This commit is contained in:
Yening Qin 2022-08-08 12:17:52 +08:00 committed by GitHub
parent ea46401db2
commit b4f267fb01
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 54 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
src/pkg/tls/config.go
View File

@ -12,25 +12,26 @@ import (
// ClientConfig represents the standard client TLS config. // ClientConfig represents the standard client TLS config.
type ClientConfig struct { type ClientConfig struct {
TLSCA string TLSCA string `toml:"tls_ca"`
TLSCert string TLSCert string `toml:"tls_cert"`
TLSKey string TLSKey string `toml:"tls_key"`
TLSKeyPwd string TLSKeyPwd string `toml:"tls_key_pwd"`
InsecureSkipVerify bool InsecureSkipVerify bool `toml:"insecure_skip_verify"`
ServerName string ServerName string `toml:"tls_server_name"`
TLSMinVersion string TLSMinVersion string `toml:"tls_min_version"`
TLSMaxVersion string `toml:"tls_max_version"`
} }
// ServerConfig represents the standard server TLS config. // ServerConfig represents the standard server TLS config.
type ServerConfig struct { type ServerConfig struct {
TLSCert string TLSCert string `toml:"tls_cert"`
TLSKey string TLSKey string `toml:"tls_key"`
TLSKeyPwd string TLSKeyPwd string `toml:"tls_key_pwd"`
TLSAllowedCACerts []string TLSAllowedCACerts []string `toml:"tls_allowed_cacerts"`
TLSCipherSuites []string TLSCipherSuites []string `toml:"tls_cipher_suites"`
TLSMinVersion string TLSMinVersion string `toml:"tls_min_version"`
TLSMaxVersion string TLSMaxVersion string `toml:"tls_max_version"`
TLSAllowedDNSNames []string TLSAllowedDNSNames []string `toml:"tls_allowed_dns_names"`
} }
// TLSConfig returns a tls.Config, may be nil without error if TLS is not // TLSConfig returns a tls.Config, may be nil without error if TLS is not
@ -70,6 +71,16 @@ func (c *ClientConfig) TLSConfig() (*tls.Config, error) {
tlsConfig.MinVersion = tls.VersionTLS13 tlsConfig.MinVersion = tls.VersionTLS13
} }
if c.TLSMaxVersion == "1.0" {
tlsConfig.MaxVersion = tls.VersionTLS10
} else if c.TLSMaxVersion == "1.1" {
tlsConfig.MaxVersion = tls.VersionTLS11
} else if c.TLSMaxVersion == "1.2" {
tlsConfig.MaxVersion = tls.VersionTLS12
} else if c.TLSMaxVersion == "1.3" {
tlsConfig.MaxVersion = tls.VersionTLS13
}
return tlsConfig, nil return tlsConfig, nil
} }

4
src/webapi/config/config.go
View File

@ -14,6 +14,7 @@ import (
"github.com/didi/nightingale/v5/src/pkg/logx" "github.com/didi/nightingale/v5/src/pkg/logx"
"github.com/didi/nightingale/v5/src/pkg/oidcc" "github.com/didi/nightingale/v5/src/pkg/oidcc"
"github.com/didi/nightingale/v5/src/pkg/ormx" "github.com/didi/nightingale/v5/src/pkg/ormx"
"github.com/didi/nightingale/v5/src/pkg/tls"
"github.com/didi/nightingale/v5/src/storage" "github.com/didi/nightingale/v5/src/storage"
) )
@ -112,6 +113,9 @@ type ClusterOptions struct {
DialTimeout int64 DialTimeout int64
KeepAlive int64 KeepAlive int64
UseTLS bool
tls.ClientConfig
MaxIdleConnsPerHost int MaxIdleConnsPerHost int
} }

26
src/webapi/prom/prom.go
View File

@ -65,6 +65,9 @@ func initClustersFromConfig() error {
for i := 0; i < len(opts); i++ { for i := 0; i < len(opts); i++ {
cluster := newClusterByOption(opts[i]) cluster := newClusterByOption(opts[i])
if cluster == nil {
continue
}
Clusters.Put(opts[i].Name, cluster) Clusters.Put(opts[i].Name, cluster)
} }
@ -165,7 +168,17 @@ func loadClustersFromAPI() {
MaxIdleConnsPerHost: 32, MaxIdleConnsPerHost: 32,
} }
Clusters.Put(item.Name, newClusterByOption(opt)) if strings.HasPrefix(opt.Prom, "https") {
opt.UseTLS = true
opt.InsecureSkipVerify = true
}
cluster := newClusterByOption(opt)
if cluster == nil {
continue
}
Clusters.Put(item.Name, cluster)
continue continue
} }
} }
@ -173,7 +186,6 @@ func loadClustersFromAPI() {
func newClusterByOption(opt config.ClusterOptions) *ClusterType { func newClusterByOption(opt config.ClusterOptions) *ClusterType {
transport := &http.Transport{ transport := &http.Transport{
// TLSClientConfig: tlsConfig,
Proxy: http.ProxyFromEnvironment, Proxy: http.ProxyFromEnvironment,
DialContext: (&net.Dialer{ DialContext: (&net.Dialer{
Timeout: time.Duration(opt.DialTimeout) * time.Millisecond, Timeout: time.Duration(opt.DialTimeout) * time.Millisecond,
@ -182,6 +194,15 @@ func newClusterByOption(opt config.ClusterOptions) *ClusterType {
MaxIdleConnsPerHost: opt.MaxIdleConnsPerHost, MaxIdleConnsPerHost: opt.MaxIdleConnsPerHost,
} }
if opt.UseTLS {
tlsConfig, err := opt.TLSConfig()
if err != nil {
logger.Errorf("new cluster %s fail: %v", opt.Name, err)
return nil
}
transport.TLSClientConfig = tlsConfig
}
cli, err := api.NewClient(api.Config{ cli, err := api.NewClient(api.Config{
Address: opt.Prom, Address: opt.Prom,
RoundTripper: transport, RoundTripper: transport,
@ -189,6 +210,7 @@ func newClusterByOption(opt config.ClusterOptions) *ClusterType {
if err != nil { if err != nil {
logger.Errorf("new client fail: %v", err) logger.Errorf("new client fail: %v", err)
return nil
} }
cluster := &ClusterType{ cluster := &ClusterType{