mirror of
https://github.com/VictoriaMetrics/VictoriaMetrics.git
synced 2025-03-21 15:45:01 +00:00
app/vmctl: Add insecure skip verify flag for remote read protocol (#3611)
* app/vmctl: Add insecure skip verify flag for remote read protocol
This commit is contained in:
Dmytro Kozlov
GitHub
parent
37c52ccaf4
commit
0811000bb0
5 changed files with 58 additions and 22 deletions
|
|
@ -423,6 +423,7 @@ const (
|
||||||
remoteReadPassword = "remote-read-password"
|
remoteReadPassword = "remote-read-password"
|
||||||
remoteReadHTTPTimeout = "remote-read-http-timeout"
|
remoteReadHTTPTimeout = "remote-read-http-timeout"
|
||||||
remoteReadHeaders = "remote-read-headers"
|
remoteReadHeaders = "remote-read-headers"
|
||||||
|
remoteReadInsecureSkipVerify = "remote-read-insecure-skip-verify"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
|
|
@ -493,6 +494,11 @@ var (
|
||||||
"For example, --remote-read-headers='My-Auth:foobar' would send 'My-Auth: foobar' HTTP header with every request to the corresponding remote source storage. \n" +
|
"For example, --remote-read-headers='My-Auth:foobar' would send 'My-Auth: foobar' HTTP header with every request to the corresponding remote source storage. \n" +
|
||||||
"Multiple headers must be delimited by '^^': --remote-read-headers='header1:value1^^header2:value2'",
|
"Multiple headers must be delimited by '^^': --remote-read-headers='header1:value1^^header2:value2'",
|
||||||
},
|
},
|
||||||
|
&cli.BoolFlag{
|
||||||
|
Name: remoteReadInsecureSkipVerify,
|
||||||
|
Usage: "Whether to skip TLS certificate verification when connecting to the remote read address",
|
||||||
|
Value: false,
|
||||||
|
},
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -129,6 +129,7 @@ func main() {
|
||||||
Headers: c.String(remoteReadHeaders),
|
Headers: c.String(remoteReadHeaders),
|
||||||
LabelName: c.String(remoteReadFilterLabel),
|
LabelName: c.String(remoteReadFilterLabel),
|
||||||
LabelValue: c.String(remoteReadFilterLabelValue),
|
LabelValue: c.String(remoteReadFilterLabelValue),
|
||||||
|
InsecureSkipVerify: c.Bool(remoteReadInsecureSkipVerify),
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("error create remote read client: %s", err)
|
return fmt.Errorf("error create remote read client: %s", err)
|
||||||
|
|
|
||||||
|
|
@ -10,6 +10,7 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/VictoriaMetrics/VictoriaMetrics/app/vmctl/utils"
|
||||||
"github.com/VictoriaMetrics/VictoriaMetrics/app/vmctl/vm"
|
"github.com/VictoriaMetrics/VictoriaMetrics/app/vmctl/vm"
|
||||||
"github.com/VictoriaMetrics/VictoriaMetrics/lib/bytesutil"
|
"github.com/VictoriaMetrics/VictoriaMetrics/lib/bytesutil"
|
||||||
"github.com/gogo/protobuf/proto"
|
"github.com/gogo/protobuf/proto"
|
||||||
|
|
@ -60,6 +61,8 @@ type Config struct {
|
||||||
// LabelName, LabelValue stands for label=~value pair used for read requests.
|
// LabelName, LabelValue stands for label=~value pair used for read requests.
|
||||||
// Is optional.
|
// Is optional.
|
||||||
LabelName, LabelValue string
|
LabelName, LabelValue string
|
||||||
|
// TLSSkipVerify defines whether to skip TLS certificate verification when connecting to the remote read address.
|
||||||
|
InsecureSkipVerify bool
|
||||||
}
|
}
|
||||||
|
|
||||||
// Filter defines a list of filters applied to requested data
|
// Filter defines a list of filters applied to requested data
|
||||||
|
|
@ -100,7 +103,7 @@ func NewClient(cfg Config) (*Client, error) {
|
||||||
c := &Client{
|
c := &Client{
|
||||||
c: &http.Client{
|
c: &http.Client{
|
||||||
Timeout: cfg.Timeout,
|
Timeout: cfg.Timeout,
|
||||||
Transport: http.DefaultTransport.(*http.Transport).Clone(),
|
Transport: utils.Transport(cfg.Addr, cfg.InsecureSkipVerify),
|
||||||
},
|
},
|
||||||
addr: strings.TrimSuffix(cfg.Addr, "/"),
|
addr: strings.TrimSuffix(cfg.Addr, "/"),
|
||||||
user: cfg.Username,
|
user: cfg.Username,
|
||||||
|
|
|
||||||
25
app/vmctl/utils/tls.go
Normal file
25
app/vmctl/utils/tls.go
Normal file
|
|
@ -0,0 +1,25 @@
|
||||||
|
package utils
|
||||||
|
|
||||||
|
import (
|
||||||
|
"crypto/tls"
|
||||||
|
"net/http"
|
||||||
|
"strings"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Transport creates http.Transport object based on provided URL.
|
||||||
|
// Returns Transport with TLS configuration if URL contains `https` prefix
|
||||||
|
func Transport(URL string, insecureSkipVerify bool) *http.Transport {
|
||||||
|
t := http.DefaultTransport.(*http.Transport).Clone()
|
||||||
|
if !strings.HasPrefix(URL, "https") {
|
||||||
|
return t
|
||||||
|
}
|
||||||
|
t.TLSClientConfig = TLSConfig(insecureSkipVerify)
|
||||||
|
return t
|
||||||
|
}
|
||||||
|
|
||||||
|
// TLSConfig creates tls.Config object from provided arguments
|
||||||
|
func TLSConfig(insecureSkipVerify bool) *tls.Config {
|
||||||
|
return &tls.Config{
|
||||||
|
InsecureSkipVerify: insecureSkipVerify,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -36,6 +36,7 @@ The following tip changes can be tested by building VictoriaMetrics components f
|
||||||
- `vm_vmselect_concurrent_requests_current` - the current number of concurrently executed requests
|
- `vm_vmselect_concurrent_requests_current` - the current number of concurrently executed requests
|
||||||
- `vm_vmselect_concurrent_requests_limit_reached_total` - the total number of requests, which were put in the wait queue when `-search.maxConcurrentRequests` concurrent requests are being executed
|
- `vm_vmselect_concurrent_requests_limit_reached_total` - the total number of requests, which were put in the wait queue when `-search.maxConcurrentRequests` concurrent requests are being executed
|
||||||
- `vm_vmselect_concurrent_requests_limit_timeout_total` - the total number of canceled requests because they were sitting in the wait queue for more than `-search.maxQueueDuration`
|
- `vm_vmselect_concurrent_requests_limit_timeout_total` - the total number of canceled requests because they were sitting in the wait queue for more than `-search.maxQueueDuration`
|
||||||
|
* FEATURE [vmctl](https://docs.victoriametrics.com/vmctl.html): add `-remote-read-insecure-skip-verify` command-line flag for remote read protocol. It can be used for skipping TLS certificate verification when connecting to the remote read address.
|
||||||
|
|
||||||
* BUGFIX: [vmui](https://docs.victoriametrics.com/#vmui): properly update the `step` value in url after the `step` input field has been manually changed. This allows preserving the proper `step` when copy-n-pasting the url to another instance of web browser. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/3513).
|
* BUGFIX: [vmui](https://docs.victoriametrics.com/#vmui): properly update the `step` value in url after the `step` input field has been manually changed. This allows preserving the proper `step` when copy-n-pasting the url to another instance of web browser. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/3513).
|
||||||
* BUGFIX: [vmui](https://docs.victoriametrics.com/#vmui): properly update tooltip when quickly hovering multiple lines on the graph. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/3530).
|
* BUGFIX: [vmui](https://docs.victoriametrics.com/#vmui): properly update tooltip when quickly hovering multiple lines on the graph. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/3530).
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue