diff options
author | Ilya Mashchenko <ilya@netdata.cloud> | 2019-08-06 16:23:12 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-08-06 16:23:12 +0300 |
commit | 32451c28c7a8083438cbb721b60a41dd29feaf7b (patch) | |
tree | c48c0456219c814c9172b119a691cb9347fa13e3 | |
parent | 030df4da685856ccb6042876fade28ec74c0230b (diff) |
mongodb: ssl connection (#6546)
* mongodb ssl connection support
-rw-r--r-- | collectors/python.d.plugin/mongodb/mongodb.chart.py | 70 | ||||
-rw-r--r-- | collectors/python.d.plugin/mongodb/mongodb.conf | 10 |
2 files changed, 72 insertions, 8 deletions
diff --git a/collectors/python.d.plugin/mongodb/mongodb.chart.py b/collectors/python.d.plugin/mongodb/mongodb.chart.py index 5db48cb123..0dbe82ff9a 100644 --- a/collectors/python.d.plugin/mongodb/mongodb.chart.py +++ b/collectors/python.d.plugin/mongodb/mongodb.chart.py @@ -3,6 +3,8 @@ # Author: ilyam8 # SPDX-License-Identifier: GPL-3.0-or-later +import ssl + from copy import deepcopy from datetime import datetime from sys import exc_info @@ -418,18 +420,31 @@ CHARTS = { } } +DEFAULT_HOST = '127.0.0.1' +DEFAULT_PORT = 27017 +DEFAULT_TIMEOUT = 100 +DEFAULT_AUTHDB = 'admin' + +CONN_PARAM_HOST = 'host' +CONN_PARAM_PORT = 'port' +CONN_PARAM_SERVER_SELECTION_TIMEOUT_MS = 'serverselectiontimeoutms' +CONN_PARAM_SSL_SSL = 'ssl' +CONN_PARAM_SSL_CERT_REQS = 'ssl_cert_reqs' +CONN_PARAM_SSL_CA_CERTS = 'ssl_ca_certs' +CONN_PARAM_SSL_CRL_FILE = 'ssl_crlfile' +CONN_PARAM_SSL_CERT_FILE = 'ssl_certfile' +CONN_PARAM_SSL_KEY_FILE = 'ssl_keyfile' +CONN_PARAM_SSL_PEM_PASSPHRASE = 'ssl_pem_passphrase' + class Service(SimpleService): def __init__(self, configuration=None, name=None): SimpleService.__init__(self, configuration=configuration, name=name) self.order = ORDER[:] self.definitions = deepcopy(CHARTS) - self.authdb = self.configuration.get('authdb', 'admin') + self.authdb = self.configuration.get('authdb', DEFAULT_AUTHDB) self.user = self.configuration.get('user') self.password = self.configuration.get('pass') - self.host = self.configuration.get('host', '127.0.0.1') - self.port = self.configuration.get('port', 27017) - self.timeout = self.configuration.get('timeout', 100) self.metrics_to_collect = deepcopy(DEFAULT_METRICS) self.connection = None self.do_replica = None @@ -705,14 +720,53 @@ class Service(SimpleService): return data - def _create_connection(self): - conn_vars = {'host': self.host, 'port': self.port} + def build_ssl_connection_params(self): + conf = self.configuration + + def cert_req(v): + if v is None: + return None + if not v: + return ssl.CERT_NONE + return ssl.CERT_REQUIRED + + ssl_params = { + CONN_PARAM_SSL_SSL: conf.get(CONN_PARAM_SSL_SSL), + CONN_PARAM_SSL_CERT_REQS: cert_req(conf.get(CONN_PARAM_SSL_CERT_REQS)), + CONN_PARAM_SSL_CA_CERTS: conf.get(CONN_PARAM_SSL_CA_CERTS), + CONN_PARAM_SSL_CRL_FILE: conf.get(CONN_PARAM_SSL_CRL_FILE), + CONN_PARAM_SSL_CERT_FILE: conf.get(CONN_PARAM_SSL_CERT_FILE), + CONN_PARAM_SSL_KEY_FILE: conf.get(CONN_PARAM_SSL_KEY_FILE), + CONN_PARAM_SSL_PEM_PASSPHRASE: conf.get(CONN_PARAM_SSL_PEM_PASSPHRASE), + } + + ssl_params = dict((k, v) for k, v in ssl_params.items() if v is not None) + + return ssl_params + + def build_connection_params(self): + conf = self.configuration + params = { + CONN_PARAM_HOST: conf.get(CONN_PARAM_HOST, DEFAULT_HOST), + CONN_PARAM_PORT: conf.get(CONN_PARAM_PORT, DEFAULT_PORT), + } if hasattr(MongoClient, 'server_selection_timeout'): - conn_vars.update({'serverselectiontimeoutms': self.timeout}) + params[CONN_PARAM_SERVER_SELECTION_TIMEOUT_MS] = conf.get('timeout', DEFAULT_TIMEOUT) + + params.update(self.build_ssl_connection_params()) + return params + + def _create_connection(self): + params = self.build_connection_params() + self.debug('creating connection, connection params: {0}'.format(sorted(params))) + try: - connection = MongoClient(**conn_vars) + connection = MongoClient(**params) if self.user and self.password: + self.debug('authenticating, user: {0}, password: {1}'.format(self.user, self.password)) getattr(connection, self.authdb).authenticate(name=self.user, password=self.password) + else: + self.debug('skip authenticating, user and password are not set') # elif self.user: # connection.admin.authenticate(name=self.user, mechanism='MONGODB-X509') server_status = connection.admin.command('serverStatus') diff --git a/collectors/python.d.plugin/mongodb/mongodb.conf b/collectors/python.d.plugin/mongodb/mongodb.conf index 2dded40ae2..9f660f5940 100644 --- a/collectors/python.d.plugin/mongodb/mongodb.conf +++ b/collectors/python.d.plugin/mongodb/mongodb.conf @@ -71,6 +71,16 @@ # user: 'username' # the mongodb username to use # pass: 'password' # the mongodb password to use # +# SSL connection parameters (https://api.mongodb.com/python/current/examples/tls.html): +# +# ssl: yes # connect to the server using TLS +# ssl_cert_reqs: yes # require a certificate from the server when TLS is enabled +# ssl_ca_certs: '/path/to/ca.pem' # use a specific set of CA certificates +# ssl_crlfile: '/path/to/crl.pem' # use a certificate revocation lists +# ssl_certfile: '/path/to/client.pem' # use a client certificate +# ssl_keyfile: '/path/to/key.pem' # use a specific client certificate key +# ssl_pem_passphrase: 'passphrase' # use a passphrase to decrypt encrypted private keys +# # ---------------------------------------------------------------------- # to connect to the mongodb on localhost, without a password: |