mirror of https://github.com/Icinga/icinga2.git
ElasticWriter: Add basic auth support for Elasticsearch behind an HTTP proxy
refs #5538
This commit is contained in:
parent
344b047ea0
commit
95fbd75df8
|
@ -1000,6 +1000,8 @@ Configuration Attributes:
|
||||||
enable_send_perfdata | **Optional.** Send parsed performance data metrics for check results. Defaults to `false`.
|
enable_send_perfdata | **Optional.** Send parsed performance data metrics for check results. Defaults to `false`.
|
||||||
flush_interval | **Optional.** How long to buffer data points before transfering to Elasticsearch. Defaults to `10`.
|
flush_interval | **Optional.** How long to buffer data points before transfering to Elasticsearch. Defaults to `10`.
|
||||||
flush_threshold | **Optional.** How many data points to buffer before forcing a transfer to Elasticsearch. Defaults to `1024`.
|
flush_threshold | **Optional.** How many data points to buffer before forcing a transfer to Elasticsearch. Defaults to `1024`.
|
||||||
|
username | **Optional.** Basic auth username if Elasticsearch is hidden behind an HTTP proxy.
|
||||||
|
password | **Optional.** Basic auth password if Elasticsearch is hidden behind an HTTP proxy.
|
||||||
|
|
||||||
Note: If `flush_threshold` is set too low, this will force the feature to flush all data to Elasticsearch too often.
|
Note: If `flush_threshold` is set too low, this will force the feature to flush all data to Elasticsearch too often.
|
||||||
Experiment with the setting, if you are processing more than 1024 metrics per second or similar.
|
Experiment with the setting, if you are processing more than 1024 metrics per second or similar.
|
||||||
|
|
|
@ -27,6 +27,7 @@
|
||||||
#include "icinga/checkcommand.hpp"
|
#include "icinga/checkcommand.hpp"
|
||||||
#include "base/tcpsocket.hpp"
|
#include "base/tcpsocket.hpp"
|
||||||
#include "base/stream.hpp"
|
#include "base/stream.hpp"
|
||||||
|
#include "base/base64.hpp"
|
||||||
#include "base/json.hpp"
|
#include "base/json.hpp"
|
||||||
#include "base/utility.hpp"
|
#include "base/utility.hpp"
|
||||||
#include "base/networkstream.hpp"
|
#include "base/networkstream.hpp"
|
||||||
|
@ -422,12 +423,19 @@ void ElasticWriter::SendRequest(const String& body)
|
||||||
req.AddHeader("Accept", "application/json");
|
req.AddHeader("Accept", "application/json");
|
||||||
req.AddHeader("Content-Type", "application/json");
|
req.AddHeader("Content-Type", "application/json");
|
||||||
|
|
||||||
|
/* Send authentication if configured. */
|
||||||
|
String username = GetUsername();
|
||||||
|
String password = GetPassword();
|
||||||
|
|
||||||
|
if (!username.IsEmpty() && !password.IsEmpty())
|
||||||
|
req.AddHeader("Authorization", "Basic " + Base64::Encode(username + ":" + password));
|
||||||
|
|
||||||
req.RequestMethod = "POST";
|
req.RequestMethod = "POST";
|
||||||
req.RequestUrl = url;
|
req.RequestUrl = url;
|
||||||
|
|
||||||
#ifdef I2_DEBUG /* I2_DEBUG */
|
#ifdef I2_DEBUG /* I2_DEBUG */
|
||||||
Log(LogDebug, "ElasticWriter")
|
Log(LogDebug, "ElasticWriter")
|
||||||
<< "Sending body: " << body;
|
<< "Sending request" << ((!username.IsEmpty() && !password.IsEmpty()) ? " with basic auth " : "" ) << body;
|
||||||
#endif /* I2_DEBUG */
|
#endif /* I2_DEBUG */
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
@ -451,6 +459,20 @@ void ElasticWriter::SendRequest(const String& body)
|
||||||
}
|
}
|
||||||
|
|
||||||
if (resp.StatusCode > 299) {
|
if (resp.StatusCode > 299) {
|
||||||
|
if (resp.StatusCode == 401) {
|
||||||
|
/* More verbose error logging with Elasticsearch is hidden behind a proxy. */
|
||||||
|
if (!username.IsEmpty() && !password.IsEmpty()) {
|
||||||
|
Log(LogCritical, "ElasticWriter")
|
||||||
|
<< "401 Unauthorized. Please ensure that the user '" << username
|
||||||
|
<< "' is able to authenticate against the HTTP API/Proxy.";
|
||||||
|
} else {
|
||||||
|
Log(LogCritical, "ElasticWriter")
|
||||||
|
<< "401 Unauthorized. The HTTP API requires authentication but no username/password has been configured.";
|
||||||
|
}
|
||||||
|
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
Log(LogWarning, "ElasticWriter")
|
Log(LogWarning, "ElasticWriter")
|
||||||
<< "Unexpected response code " << resp.StatusCode;
|
<< "Unexpected response code " << resp.StatusCode;
|
||||||
|
|
||||||
|
@ -459,6 +481,7 @@ void ElasticWriter::SendRequest(const String& body)
|
||||||
resp.Parse(context, true);
|
resp.Parse(context, true);
|
||||||
|
|
||||||
String contentType = resp.Headers->Get("content-type");
|
String contentType = resp.Headers->Get("content-type");
|
||||||
|
|
||||||
if (contentType != "application/json") {
|
if (contentType != "application/json") {
|
||||||
Log(LogWarning, "ElasticWriter")
|
Log(LogWarning, "ElasticWriter")
|
||||||
<< "Unexpected Content-Type: " << contentType;
|
<< "Unexpected Content-Type: " << contentType;
|
||||||
|
|
|
@ -19,6 +19,8 @@ class ElasticWriter : ConfigObject
|
||||||
[config] bool enable_send_perfdata {
|
[config] bool enable_send_perfdata {
|
||||||
default {{{ return false; }}}
|
default {{{ return false; }}}
|
||||||
};
|
};
|
||||||
|
[config] String username;
|
||||||
|
[config] String password;
|
||||||
|
|
||||||
[config] int flush_interval {
|
[config] int flush_interval {
|
||||||
default {{{ return 10; }}}
|
default {{{ return 10; }}}
|
||||||
|
|
Loading…
Reference in New Issue