public/promgate
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

add option to disable tls

Browse source
This commit is contained in:
Stefan Schwarz 2019-02-21 16:54:19 +01:00
parent 4cddb276bc
commit ac8f252a84
1 changed files with 86 additions and 54 deletions
Download patch file Download diff file Expand all files Collapse all files

84
promgate.go
View file

@ -20,8 +20,10 @@ import (
) )
type configStore struct { type configStore struct {
urls []string urls []*url.URL
listen string listen string
disableTLS bool
certFile string certFile string
certKey string certKey string
clientCAs *x509.CertPool clientCAs *x509.CertPool
@ -34,15 +36,30 @@ var (
) )
func init() { func init() {
urls := getEnv("URLS", "http://localhost:9100") urlsString := getEnv("URLS", "http://localhost:9100/metrics")
listen := getEnv("LISTEN", "0.0.0.0:9443") urls := []*url.URL{}
for _, urlString := range strings.Split(urlsString, ",") {
u, err := url.Parse(urlString)
if err != nil {
log.Fatal(err)
}
urls = append(urls, u)
}
listen := getEnv("LISTEN", "0.0.0.0:9443")
_, disableTLS := os.LookupEnv("DISABLE_TLS")
certFile := ""
keyFile := ""
clientCAs := x509.NewCertPool()
crl := &pkix.CertificateList{}
if !disableTLS {
caFile := getEnv("CA", "") caFile := getEnv("CA", "")
caData, err := ioutil.ReadFile(caFile) caData, err := ioutil.ReadFile(caFile)
if err != nil { if err != nil {
log.Fatal("Unable to load ca from $CA.") log.Fatal("Unable to load ca from $CA.")
} }
clientCAs := x509.NewCertPool()
if ok := clientCAs.AppendCertsFromPEM(caData); !ok { if ok := clientCAs.AppendCertsFromPEM(caData); !ok {
log.Fatal("Unable to parse $CA as ca.") log.Fatal("Unable to parse $CA as ca.")
@ -53,27 +70,35 @@ func init() {
if err != nil { if err != nil {
log.Fatal("Unable to load crl from $CRL.") log.Fatal("Unable to load crl from $CRL.")
} }
crl, err := x509.ParseCRL(crlData) crl, err = x509.ParseCRL(crlData)
if err != nil { if err != nil {
log.Fatal("Unable to parse $CRL as crl.") log.Fatal("Unable to parse $CRL as crl.")
} }
certFile := getEnv("CERT", "") certFile = getEnv("CERT", "")
keyFile := getEnv("KEY", "") keyFile = getEnv("KEY", "")
}
config = configStore{ config = configStore{
strings.Split(urls, ","), urls,
listen, listen,
disableTLS,
certFile, certFile,
keyFile, keyFile,
clientCAs, clientCAs,
crl, crl,
} }
re = regexp.MustCompile("^(?P<name>[^#][^ {]+)({(?P<labels>.*)})? (?P<value>.*)") re = regexp.MustCompile("^(?P<name>[^#][^ {]+)(?:{(?P<labels>.*)})? (?P<value>[0-9]+(?:\\.[0-9]+)?)")
} }
func main() { func main() {
if config.disableTLS {
log.Printf("Running WITHOUT TLS!")
http.HandleFunc("/metrics", metrics)
s := &http.Server{Addr: config.listen}
log.Fatal(s.ListenAndServe())
} else {
tlsConfig := &tls.Config{ tlsConfig := &tls.Config{
ClientAuth: tls.RequireAndVerifyClientCert, ClientAuth: tls.RequireAndVerifyClientCert,
ClientCAs: config.clientCAs, ClientCAs: config.clientCAs,
@ -84,6 +109,7 @@ func main() {
} }
http.HandleFunc("/metrics", withTlsClientCheck(metrics)) http.HandleFunc("/metrics", withTlsClientCheck(metrics))
log.Fatal(s.ListenAndServeTLS(config.certFile, config.certKey)) log.Fatal(s.ListenAndServeTLS(config.certFile, config.certKey))
}
} }
func getEnv(key string, fallback string) string { func getEnv(key string, fallback string) string {
@ -117,9 +143,9 @@ func metrics(w http.ResponseWriter, r *http.Request) {
c := make(chan string) c := make(chan string)
var wg sync.WaitGroup var wg sync.WaitGroup
for _, url := range config.urls { for _, urlParsed := range config.urls {
wg.Add(1) wg.Add(1)
go fetch(url, c, ctx, &wg) go fetch(urlParsed, c, ctx, &wg)
} }
go func() { go func() {
wg.Wait() wg.Wait()
@ -131,21 +157,16 @@ func metrics(w http.ResponseWriter, r *http.Request) {
} }
} }
func extend(line string, source string) (string, error) { func extend(line string, label string) (string, error) {
url, err := url.Parse(source)
if err != nil {
return line, err
}
label := fmt.Sprintf("%s%s", url.Host, url.Path)
match := re.FindStringSubmatch(line) match := re.FindStringSubmatch(line)
if len(match) != 5 { if len(match) != 4 {
return line, errors.New("Invalid Line.") return line, errors.New("Invalid Line.")
} }
lineName := match[1] lineName := match[1]
lineLabels := match[3] lineLabels := match[2]
lineValue := match[4] lineValue := match[3]
if lineLabels == "" { if lineLabels == "" {
lineLabels = fmt.Sprintf("sub_instance=\"%s\"", label) lineLabels = fmt.Sprintf("sub_instance=\"%s\"", label)
} else { } else {
@ -155,26 +176,37 @@ func extend(line string, source string) (string, error) {
return line, nil return line, nil
} }
func fetch(url string, c chan string, ctx context.Context, wg *sync.WaitGroup) { func fetch(u *url.URL, c chan string, ctx context.Context, wg *sync.WaitGroup) {
defer wg.Done() defer wg.Done()
req, err := http.NewRequest("GET", url, nil) urlString := u.String()
label := fmt.Sprintf("%s%s", u.Host, u.Path)
up := 0
err := error(nil)
defer func() {
c <- fmt.Sprintf("up {sub_instance=\"%s\"} %d", label, up)
if err != nil {
log.Printf("Error: %s", err)
}
}()
req, err := http.NewRequest("GET", urlString, nil)
if err != nil { if err != nil {
log.Printf("Request Error %s.", err)
return return
} }
req = req.WithContext(ctx) req = req.WithContext(ctx)
resp, err := http.DefaultClient.Do(req) resp, err := http.DefaultClient.Do(req)
if err != nil { if err != nil {
log.Printf("Context Error %s.", err)
return return
} }
scanner := bufio.NewScanner(resp.Body) scanner := bufio.NewScanner(resp.Body)
for scanner.Scan() { for scanner.Scan() {
line := scanner.Text() line := scanner.Text()
line, err = extend(line, url) line, err = extend(line, label)
c <- line c <- line
} }
if err := scanner.Err(); err != nil { if err := scanner.Err(); err != nil {
log.Printf("Scanner Error %s.", err) return
} }
up = 1
} }