diff --git a/app/vmctl/flags.go b/app/vmctl/flags.go
index 27c9186e60..e6b955f618 100644
--- a/app/vmctl/flags.go
+++ b/app/vmctl/flags.go
@@ -387,6 +387,10 @@ const (
vmNativeSrcPassword = "vm-native-src-password"
vmNativeSrcHeaders = "vm-native-src-headers"
vmNativeSrcBearerToken = "vm-native-src-bearer-token"
+ vmNativeSrcCertFile = "vm-native-src-cert-file"
+ vmNativeSrcKeyFile = "vm-native-src-key-file"
+ vmNativeSrcCAFile = "vm-native-src-ca-file"
+ vmNativeSrcServerName = "vm-native-src-server-name"
vmNativeSrcInsecureSkipVerify = "vm-native-src-insecure-skip-verify"
vmNativeDstAddr = "vm-native-dst-addr"
@@ -394,6 +398,10 @@ const (
vmNativeDstPassword = "vm-native-dst-password"
vmNativeDstHeaders = "vm-native-dst-headers"
vmNativeDstBearerToken = "vm-native-dst-bearer-token"
+ vmNativeDstCertFile = "vm-native-dst-cert-file"
+ vmNativeDstKeyFile = "vm-native-dst-key-file"
+ vmNativeDstCAFile = "vm-native-dst-ca-file"
+ vmNativeDstServerName = "vm-native-dst-server-name"
vmNativeDstInsecureSkipVerify = "vm-native-dst-insecure-skip-verify"
)
@@ -520,6 +528,38 @@ var (
"Non-binary export/import API is less efficient, but supports deduplication if it is configured on vm-native-src-addr side.",
Value: false,
},
+ &cli.StringFlag{
+ Name: vmNativeSrcCertFile,
+ Usage: "Optional path to client-side TLS certificate file to use when connecting to vmNativeSrcAddr",
+ },
+ &cli.StringFlag{
+ Name: vmNativeDstCertFile,
+ Usage: "Optional path to client-side TLS certificate file to use when connecting to vmNativeDstAddr",
+ },
+ &cli.StringFlag{
+ Name: vmNativeSrcKeyFile,
+ Usage: "Optional path to client-side TLS key to use when connecting to vmNativeSrcAddr",
+ },
+ &cli.StringFlag{
+ Name: vmNativeDstKeyFile,
+ Usage: "Optional path to client-side TLS key to use when connecting to vmNativeDstAddr",
+ },
+ &cli.StringFlag{
+ Name: vmNativeSrcCAFile,
+ Usage: "Optional path to TLS CA file to use for verifying connections to vmNativeSrcAddr. By default, system CA is used",
+ },
+ &cli.StringFlag{
+ Name: vmNativeDstCAFile,
+ Usage: "Optional path to TLS CA file to use for verifying connections to vmNativeDstAddr. By default, system CA is used",
+ },
+ &cli.StringFlag{
+ Name: vmNativeSrcServerName,
+ Usage: "Optional TLS server name to use for connections to influxAddr. By default, the server name from vmNativeSrcAddr is used",
+ },
+ &cli.StringFlag{
+ Name: vmNativeDstServerName,
+ Usage: "Optional TLS server name to use for connections to influxAddr. By default, the server name from vmNativeDstAddr is used",
+ },
&cli.BoolFlag{
Name: vmNativeSrcInsecureSkipVerify,
Usage: "Whether to skip TLS certificate verification when connecting to the source address",
diff --git a/app/vmctl/main.go b/app/vmctl/main.go
index 94b41a5198..a32f3c9bd2 100644
--- a/app/vmctl/main.go
+++ b/app/vmctl/main.go
@@ -2,7 +2,6 @@ package main
import (
"context"
- "crypto/tls"
"fmt"
"log"
"net/http"
@@ -245,7 +244,6 @@ func main() {
var srcExtraLabels []string
srcAddr := strings.Trim(c.String(vmNativeSrcAddr), "/")
- srcInsecureSkipVerify := c.Bool(vmNativeSrcInsecureSkipVerify)
srcAuthConfig, err := auth.Generate(
auth.WithBasicAuth(c.String(vmNativeSrcUser), c.String(vmNativeSrcPassword)),
auth.WithBearer(c.String(vmNativeSrcBearerToken)),
@@ -253,16 +251,26 @@ func main() {
if err != nil {
return fmt.Errorf("error initilize auth config for source: %s", srcAddr)
}
+
+ // create TLS config
+ srcCertFile := c.String(vmNativeSrcCertFile)
+ srcKeyFile := c.String(vmNativeSrcKeyFile)
+ srcCAFile := c.String(vmNativeSrcCAFile)
+ srcServerName := c.String(vmNativeSrcServerName)
+ srcInsecureSkipVerify := c.Bool(vmNativeSrcInsecureSkipVerify)
+
+ srcTC, err := httputils.TLSConfig(srcCertFile, srcCAFile, srcKeyFile, srcServerName, srcInsecureSkipVerify)
+ if err != nil {
+ return fmt.Errorf("failed to create TLS Config: %s", err)
+ }
+
srcHTTPClient := &http.Client{Transport: &http.Transport{
DisableKeepAlives: disableKeepAlive,
- TLSClientConfig: &tls.Config{
- InsecureSkipVerify: srcInsecureSkipVerify,
- },
+ TLSClientConfig: srcTC,
}}
dstAddr := strings.Trim(c.String(vmNativeDstAddr), "/")
dstExtraLabels := c.StringSlice(vmExtraLabel)
- dstInsecureSkipVerify := c.Bool(vmNativeDstInsecureSkipVerify)
dstAuthConfig, err := auth.Generate(
auth.WithBasicAuth(c.String(vmNativeDstUser), c.String(vmNativeDstPassword)),
auth.WithBearer(c.String(vmNativeDstBearerToken)),
@@ -270,11 +278,22 @@ func main() {
if err != nil {
return fmt.Errorf("error initilize auth config for destination: %s", dstAddr)
}
+
+ // create TLS config
+ dstCertFile := c.String(vmNativeDstCertFile)
+ dstKeyFile := c.String(vmNativeDstKeyFile)
+ dstCAFile := c.String(vmNativeDstCAFile)
+ dstServerName := c.String(vmNativeDstServerName)
+ dstInsecureSkipVerify := c.Bool(vmNativeDstInsecureSkipVerify)
+
+ dstTC, err := httputils.TLSConfig(dstCertFile, dstCAFile, dstKeyFile, dstServerName, dstInsecureSkipVerify)
+ if err != nil {
+ return fmt.Errorf("failed to create TLS Config: %s", err)
+ }
+
dstHTTPClient := &http.Client{Transport: &http.Transport{
DisableKeepAlives: disableKeepAlive,
- TLSClientConfig: &tls.Config{
- InsecureSkipVerify: dstInsecureSkipVerify,
- },
+ TLSClientConfig: dstTC,
}}
p := vmNativeProcessor{
diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
index e9bad439c5..b3dbed3cdc 100644
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -62,7 +62,7 @@ Released at 2024-03-01
* FEATURE: [vmagent](https://docs.victoriametrics.com/vmagent.html): support reading [Amazon CloudWatch](https://aws.amazon.com/cloudwatch/) metrics in [OpenTelemetry](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-formats-opentelemetry-100.html) format from [Amazon Data Firehose](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Metric-Streams.html).
* FEATURE: [vmagent](https://docs.victoriametrics.com/vmagent.html): add support for `client_id` option into [kuma_sd_configs](https://docs.victoriametrics.com/sd_configs/#kuma_sd_configs) in the same way as Prometheus does. See [this pull request](https://github.com/prometheus/prometheus/pull/13278).
* FEATURE: [vmagent](https://docs.victoriametrics.com/vmagent.html): add support for `enable_compression` option in [scrape_configs](https://docs.victoriametrics.com/sd_configs/#scrape_configs) in order to be compatible with Prometheus scrape configs. See [this pull request](https://github.com/prometheus/prometheus/pull/13166) and [this feature request](https://github.com/prometheus/prometheus/issues/12319). Note that `vmagent` was always supporting [`disable_compression` option](https://docs.victoriametrics.com/vmagent/#scrape_config-enhancements) before Prometheus added `enable_compression` option.
-* FEATURE: [vmctl](https://docs.victoriametrics.com/vmctl.html): support client-side TLS configuration for [InfluxDB](https://docs.victoriametrics.com/vmctl/#migrating-data-from-influxdb-1x), [Remote Read protocol](https://docs.victoriametrics.com/vmctl/#migrating-data-by-remote-read-protocol) and [OpenTSDB](https://docs.victoriametrics.com/vmctl/#migrating-data-from-opentsdb). See [this feature request](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5748). Thanks to @khushijain21 for pull requests [1](https://github.com/VictoriaMetrics/VictoriaMetrics/pull/5783), [2](https://github.com/VictoriaMetrics/VictoriaMetrics/pull/5798), [3](https://github.com/VictoriaMetrics/VictoriaMetrics/pull/5797).
+* FEATURE: [vmctl](https://docs.victoriametrics.com/vmctl.html): support client-side TLS configuration for [InfluxDB](https://docs.victoriametrics.com/vmctl/#migrating-data-from-influxdb-1x), [Remote Read protocol](https://docs.victoriametrics.com/vmctl/#migrating-data-by-remote-read-protocol), [OpenTSDB](https://docs.victoriametrics.com/vmctl/#migrating-data-from-opentsdb) and [vmnative protocol](https://docs.victoriametrics.com/vmctl/#migrating-data-from-victoriametrics). See [this feature request](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5748). Thanks to @khushijain21 for pull requests [1](https://github.com/VictoriaMetrics/VictoriaMetrics/pull/5783), [2](https://github.com/VictoriaMetrics/VictoriaMetrics/pull/5798), [3](https://github.com/VictoriaMetrics/VictoriaMetrics/pull/5797),[4](https://github.com/VictoriaMetrics/VictoriaMetrics/pull/5824)
* FEATURE: [vmui](https://docs.victoriametrics.com/#vmui): preserve [`WITH` templates](https://play.victoriametrics.com/select/accounting/1/6a716b0f-38bc-4856-90ce-448fd713e3fe/expand-with-exprs) when clicking the `prettify query` button at the right side of query input field. See [this feature request](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5383).
* FEATURE: [vmui](https://docs.victoriametrics.com/#vmui): allow filling gaps on graphs with interpolated lines as Grafana does. See [this feature request](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5152) and [this pull request](https://github.com/VictoriaMetrics/VictoriaMetrics/pull/5862).
* FEATURE: [vmalert](https://docs.victoriametrics.com/#vmalert): support filtering by group, rule or labels in [vmalert's UI](https://docs.victoriametrics.com/vmalert/#web) for `/groups` and `/alerts` pages. See [the pull request](https://github.com/VictoriaMetrics/VictoriaMetrics/pull/5791) by @victoramsantos.
@@ -81,7 +81,6 @@ Released at 2024-03-01
* BUGFIX: [MetricsQL](https://docs.victoriametrics.com/MetricsQL.html): properly construct the destination label in [label_join](https://docs.victoriametrics.com/metricsql/#label_join) if it is used as source label. See this [issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5881) for details.
## [v1.98.0](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.98.0)
-
Released at 2024-02-14
* SECURITY: upgrade Go builder from Go1.21.6 to Go1.22.0. See [the list of issues addressed in Go1.21.7](https://github.com/golang/go/issues?q=milestone%3AGo1.21.7+label%3ACherryPickApproved),
diff --git a/docs/vmctl.md b/docs/vmctl.md
index e02e3022f8..885635c876 100644
--- a/docs/vmctl.md
+++ b/docs/vmctl.md
@@ -974,6 +974,14 @@ Requests to make for tenant 1:0: 28 / 28 [████████████
2023/02/28 10:42:49 Total time: 1m7.147971417s
```
+### Configuration
+Run the following command to get all configuration options:
+```sh
+./vmctl vm-native --help
+```
+
+## Tuning
+
## Verifying exported blocks from VictoriaMetrics
In this mode, `vmctl` allows verifying correctness and integrity of data exported via