diff --git a/app/vmalert/datasource/init.go b/app/vmalert/datasource/init.go index 9738999b3..786f9e174 100644 --- a/app/vmalert/datasource/init.go +++ b/app/vmalert/datasource/init.go @@ -10,6 +10,7 @@ import ( "github.com/VictoriaMetrics/VictoriaMetrics/app/vmalert/utils" "github.com/VictoriaMetrics/VictoriaMetrics/lib/flagutil" + "github.com/VictoriaMetrics/VictoriaMetrics/lib/httputils" "github.com/VictoriaMetrics/VictoriaMetrics/lib/logger" ) @@ -93,7 +94,7 @@ func Init(extraParams url.Values) (QuerierBuilder, error) { logger.Warnf("flag `-datasource.lookback` will be deprecated soon. Please use `-rule.evalDelay` command-line flag instead. See https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5155 for details.") } - tr, err := utils.Transport(*addr, *tlsCertFile, *tlsKeyFile, *tlsCAFile, *tlsServerName, *tlsInsecureSkipVerify) + tr, err := httputils.Transport(*addr, *tlsCertFile, *tlsKeyFile, *tlsCAFile, *tlsServerName, *tlsInsecureSkipVerify) if err != nil { return nil, fmt.Errorf("failed to create transport: %w", err) } diff --git a/app/vmalert/notifier/alertmanager.go b/app/vmalert/notifier/alertmanager.go index 35764be3c..8616f7aef 100644 --- a/app/vmalert/notifier/alertmanager.go +++ b/app/vmalert/notifier/alertmanager.go @@ -11,6 +11,7 @@ import ( "time" "github.com/VictoriaMetrics/VictoriaMetrics/app/vmalert/utils" + "github.com/VictoriaMetrics/VictoriaMetrics/lib/httputils" "github.com/VictoriaMetrics/VictoriaMetrics/lib/promauth" "github.com/VictoriaMetrics/VictoriaMetrics/lib/promrelabel" ) @@ -127,7 +128,7 @@ func NewAlertManager(alertManagerURL string, fn AlertURLGenerator, authCfg proma if authCfg.TLSConfig != nil { tls = authCfg.TLSConfig } - tr, err := utils.Transport(alertManagerURL, tls.CertFile, tls.KeyFile, tls.CAFile, tls.ServerName, tls.InsecureSkipVerify) + tr, err := httputils.Transport(alertManagerURL, tls.CertFile, tls.KeyFile, tls.CAFile, tls.ServerName, tls.InsecureSkipVerify) if err != nil { return nil, fmt.Errorf("failed to create transport: %w", err) } diff --git a/app/vmalert/remoteread/init.go b/app/vmalert/remoteread/init.go index 10f0bcd1c..02836a51f 100644 --- a/app/vmalert/remoteread/init.go +++ b/app/vmalert/remoteread/init.go @@ -8,6 +8,7 @@ import ( "github.com/VictoriaMetrics/VictoriaMetrics/app/vmalert/datasource" "github.com/VictoriaMetrics/VictoriaMetrics/app/vmalert/utils" "github.com/VictoriaMetrics/VictoriaMetrics/lib/flagutil" + "github.com/VictoriaMetrics/VictoriaMetrics/lib/httputils" ) var ( @@ -60,7 +61,7 @@ func Init() (datasource.QuerierBuilder, error) { if *addr == "" { return nil, nil } - tr, err := utils.Transport(*addr, *tlsCertFile, *tlsKeyFile, *tlsCAFile, *tlsServerName, *tlsInsecureSkipVerify) + tr, err := httputils.Transport(*addr, *tlsCertFile, *tlsKeyFile, *tlsCAFile, *tlsServerName, *tlsInsecureSkipVerify) if err != nil { return nil, fmt.Errorf("failed to create transport: %w", err) } diff --git a/app/vmalert/remotewrite/debug_client.go b/app/vmalert/remotewrite/debug_client.go index 482d34de0..17443c731 100644 --- a/app/vmalert/remotewrite/debug_client.go +++ b/app/vmalert/remotewrite/debug_client.go @@ -11,7 +11,7 @@ import ( "github.com/golang/snappy" - "github.com/VictoriaMetrics/VictoriaMetrics/app/vmalert/utils" + "github.com/VictoriaMetrics/VictoriaMetrics/lib/httputils" "github.com/VictoriaMetrics/VictoriaMetrics/lib/prompbmarshal" ) @@ -30,7 +30,7 @@ func NewDebugClient() (*DebugClient, error) { return nil, nil } - t, err := utils.Transport(*addr, *tlsCertFile, *tlsKeyFile, *tlsCAFile, *tlsServerName, *tlsInsecureSkipVerify) + t, err := httputils.Transport(*addr, *tlsCertFile, *tlsKeyFile, *tlsCAFile, *tlsServerName, *tlsInsecureSkipVerify) if err != nil { return nil, fmt.Errorf("failed to create transport: %w", err) } diff --git a/app/vmalert/remotewrite/init.go b/app/vmalert/remotewrite/init.go index 998d076e8..82161f297 100644 --- a/app/vmalert/remotewrite/init.go +++ b/app/vmalert/remotewrite/init.go @@ -8,6 +8,7 @@ import ( "github.com/VictoriaMetrics/VictoriaMetrics/app/vmalert/utils" "github.com/VictoriaMetrics/VictoriaMetrics/lib/flagutil" + "github.com/VictoriaMetrics/VictoriaMetrics/lib/httputils" ) var ( @@ -64,7 +65,7 @@ func Init(ctx context.Context) (*Client, error) { return nil, nil } - t, err := utils.Transport(*addr, *tlsCertFile, *tlsKeyFile, *tlsCAFile, *tlsServerName, *tlsInsecureSkipVerify) + t, err := httputils.Transport(*addr, *tlsCertFile, *tlsKeyFile, *tlsCAFile, *tlsServerName, *tlsInsecureSkipVerify) if err != nil { return nil, fmt.Errorf("failed to create transport: %w", err) } diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index 4ae023ba3..ac01f614b 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -62,6 +62,7 @@ The v1.97.x line will be supported for at least 12 months since [v1.97.0](https: * BUGFIX: [vmagent](https://docs.victoriametrics.com/vmagent.html): fix the increased CPU usage when sending the data to remote storage. The issue has been introduced in [v1.97.0](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.97.0). * BUGFIX: fix `runtime error: slice bounds out of range` panic, which can occur during query execution. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5733). The bug has been introduced in `v1.97.0`. * BUGFIX: [MetricsQL](https://docs.victoriametrics.com/MetricsQL.html): properly handle `avg_over_time({some_filter}[d]) keep_metric_names` queries, where [`some_filter`](https://docs.victoriametrics.com/keyconcepts/#filtering) matches multiple time series with multiple names, while `d` is bigger or equal to `3h`. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5556). +* FEATURE: [vmbackup](https://docs.victoriametrics.com/vmbackup.html): Provide client-side TLS configuration to create/delete snapshot. See [this feature request](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5724) * BUGFIX: [dashboards/single](https://grafana.com/grafana/dashboards/10229): fix typo in query for `version` annotation which falsely produced many version change events. ## [v1.97.0](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.97.0) diff --git a/docs/vmbackup.md b/docs/vmbackup.md index 00fce2441..0608034a8 100644 --- a/docs/vmbackup.md +++ b/docs/vmbackup.md @@ -452,6 +452,17 @@ Run `vmbackup -help` in order to see all the available options: Optional minimum TLS version to use for incoming requests over HTTPS if -tls is set. Supported values: TLS10, TLS11, TLS12, TLS13 -version Show VictoriaMetrics version + -snapshot.tlsInsecureSkipVerify + Optional Whether to skip tls verification when connecting to -snapshotCreateURL + -snapshot.tlsCertFile + Optional path to client-side TLS certificate file to use when connecting to -snapshotCreateURL + -snapshot.tlsKeyFile + Optional path to client-side TLS certificate key to use when connecting to -snapshotCreateURL + -snapshot.tlsCAFile + Optional path to client-side TLS CA file to use when connecting to -snapshotCreateURL + -snapshot.tlsServerName + Optional path to client-side TLS tlsServerName to use when connecting to -snapshotCreateURL + ``` ## How to build from sources diff --git a/app/vmalert/utils/tls.go b/lib/httputils/tls.go similarity index 98% rename from app/vmalert/utils/tls.go rename to lib/httputils/tls.go index 02a25c49d..3a1b042fb 100644 --- a/app/vmalert/utils/tls.go +++ b/lib/httputils/tls.go @@ -1,4 +1,4 @@ -package utils +package httputils import ( "crypto/tls" diff --git a/app/vmalert/utils/tls_test.go b/lib/httputils/tls_test.go similarity index 98% rename from app/vmalert/utils/tls_test.go rename to lib/httputils/tls_test.go index 85888ee3a..8374f5790 100644 --- a/app/vmalert/utils/tls_test.go +++ b/lib/httputils/tls_test.go @@ -1,4 +1,4 @@ -package utils +package httputils import "testing" diff --git a/lib/snapshot/snapshot.go b/lib/snapshot/snapshot.go index 9af1997ca..deb79777f 100644 --- a/lib/snapshot/snapshot.go +++ b/lib/snapshot/snapshot.go @@ -3,6 +3,7 @@ package snapshot import ( "encoding/json" "errors" + "flag" "fmt" "io" "net/http" @@ -12,11 +13,20 @@ import ( "sync/atomic" "time" + "github.com/VictoriaMetrics/VictoriaMetrics/lib/httputils" "github.com/VictoriaMetrics/VictoriaMetrics/lib/logger" ) var snapshotNameRegexp = regexp.MustCompile(`^[0-9]{14}-[0-9A-Fa-f]+$`) +var ( + tlsInsecureSkipVerify = flag.Bool("snapshot.tlsInsecureSkipVerify", false, "Whether to skip tls verification when connecting to -snapshotCreateURL") + tlsCertFile = flag.String("snapshot.tlsCertFile", "", "Optional path to client-side TLS certificate file to use when connecting to -snapshotCreateURL") + tlsKeyFile = flag.String("snapshot.tlsKeyFile", "", "Optional path to client-side TLS certificate key to use when connecting to -snapshotCreateURL") + tlsCAFile = flag.String("snapshot.tlsCAFile", "", `Optional path to TLS CA file to use for verifying connections to -snapshotCreateURL. By default, system CA is used`) + tlsServerName = flag.String("snapshot.tlsServerName", "", `Optional TLS server name to use for connections to -snapshotCreateURL. By default, the server name from -snapshotCreateURL is used`) +) + type snapshot struct { Status string `json:"status"` Snapshot string `json:"snapshot"` @@ -30,7 +40,15 @@ func Create(createSnapshotURL string) (string, error) { if err != nil { return "", err } - resp, err := http.Get(u.String()) + + // create Transport + tr, err := httputils.Transport(createSnapshotURL, *tlsCertFile, *tlsKeyFile, *tlsCAFile, *tlsServerName, *tlsInsecureSkipVerify) + if err != nil { + return "", err + } + hc := &http.Client{Transport: tr} + + resp, err := hc.Get(u.String()) if err != nil { return "", err } @@ -68,7 +86,13 @@ func Delete(deleteSnapshotURL string, snapshotName string) error { if err != nil { return err } - resp, err := http.PostForm(u.String(), formData) + // create Transport + tr, err := httputils.Transport(deleteSnapshotURL, *tlsCertFile, *tlsKeyFile, *tlsCAFile, *tlsServerName, *tlsInsecureSkipVerify) + if err != nil { + return err + } + hc := &http.Client{Transport: tr} + resp, err := hc.PostForm(u.String(), formData) if err != nil { return err }