Mirrors/Munin-Contrib
1
0
Fork 0
mirror of https://github.com/munin-monitoring/contrib.git synced 2025-07-21 18:41:03 +00:00
Code Issues Releases Wiki Activity

Merge pull request #1475 from rwky/redis-tls

Browse source 
Redis Added support for optional TLS connections thanks to Hector Solans
This commit is contained in:
Kenyon Ralph 2025-01-18 16:07:07 -08:00 committed by GitHub
commit b6cafdf869
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 32 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

44
plugins/redis/redis Executable file → Normal file
View file

@ -15,6 +15,8 @@
[redis] [redis]
env.host1 127.0.0.1 env.host1 127.0.0.1
env.port1 6379 env.port1 6379
env.tls1 on
env.tls_verify1 on
env.password1 password env.password1 password
env.title_prefix1 redis-1 env.title_prefix1 redis-1
env.host2 /run/redis.sock env.host2 /run/redis.sock
@ -26,6 +28,8 @@
* port - the redis port to connect to * port - the redis port to connect to
* password - the password to use with the AUTH command * password - the password to use with the AUTH command
* title_prefix - a prefix to put before the title of the graph, this is strongly recommended for multiple instances * title_prefix - a prefix to put before the title of the graph, this is strongly recommended for multiple instances
* tls enable TLS connections if "on"
* tls_verify verify the certificate in TLS connections if "on" (defaults to on if TLS is "on")
Graphs: Graphs:
This generates multigraphs for: This generates multigraphs for:
@ -40,7 +44,8 @@
=head COPYRIGHT =head COPYRIGHT
Copyright (C) 2020 Rowan Wookey <https://www.rwky.net/> Copyright (C) 2024 Rowan Wookey <https://www.rwky.net/>
Copyright (C) 2024 Hector Solans <https://www.bekodo.com>
Copyright (C) 2009 Gleb Voronich <http://stanly.net.ua/> Copyright (C) 2009 Gleb Voronich <http://stanly.net.ua/>
=head LICENSE =head LICENSE
@ -69,17 +74,22 @@
use strict; use strict;
use IO::Socket::INET; use IO::Socket::INET;
use IO::Socket::UNIX; use IO::Socket::UNIX;
use IO::Socket::SSL;
my %INSTANCES; my %INSTANCES;
my $HOST; my $HOST;
my $PORT; my $PORT;
my $PASSWORD; my $PASSWORD;
my $TLS;
my $TLS_VERIFY;
for (my $i = 1; $ENV{"host$i"}; $i++) for (my $i = 1; $ENV{"host$i"}; $i++)
{ {
$HOST = exists $ENV{"host$i"} ? $ENV{"host$i"} : "127.0.0.1"; $HOST = exists $ENV{"host$i"} ? $ENV{"host$i"} : "127.0.0.1";
$PORT = exists $ENV{"port$i"} ? $ENV{"port$i"} : 6379; $PORT = exists $ENV{"port$i"} ? $ENV{"port$i"} : 6379;
$PASSWORD = exists $ENV{"password$i"} ? $ENV{"password$i"} : undef; $PASSWORD = exists $ENV{"password$i"} ? $ENV{"password$i"} : undef;
$TLS = exists $ENV{"tls$i"} ? $ENV{"tls$i"} : "off";
$TLS_VERIFY = exists $ENV{"tls_verify$i"} ? $ENV{"tls_verify$i"} : "on";
my $TITLE_PREFIX = exists $ENV{"title_prefix$i"} ? $ENV{"title_prefix$i"} . ": " : ""; my $TITLE_PREFIX = exists $ENV{"title_prefix$i"} ? $ENV{"title_prefix$i"} . ": " : "";
my $SOCK = &get_conn(); my $SOCK = &get_conn();
$INSTANCES{"instance$i"} = { $INSTANCES{"instance$i"} = {
@ -87,7 +97,9 @@ for (my $i = 1; $ENV{"host$i"}; $i++)
PORT => $PORT, PORT => $PORT,
PASSWORD => $PASSWORD, PASSWORD => $PASSWORD,
TITLE_PREFIX => $TITLE_PREFIX, TITLE_PREFIX => $TITLE_PREFIX,
SOCK => $SOCK SOCK => $SOCK,
TLS => $TLS,
TLS_VERIFY => $TLS_VERIFY,
}; };
} }
@ -410,19 +422,26 @@ sub get_conn {
Type => SOCK_STREAM(), Type => SOCK_STREAM(),
Peer => $HOST, Peer => $HOST,
); );
}else{ } elsif ($TLS eq "on") {
my $verify = $TLS_VERIFY eq "on" ? SSL_VERIFY_PEER : SSL_VERIFY_NONE;
$sock = IO::Socket::SSL->new(
PeerAddr => $HOST,
PeerPort => $PORT,
Timeout => 10,
Proto => 'tcp',
SSL_verify_mode => $verify,
) or die "Unable to connect to $HOST:$PORT TLS: $SSL_ERROR";
} else {
$sock = IO::Socket::INET->new( $sock = IO::Socket::INET->new(
PeerAddr => $HOST, PeerAddr => $HOST,
PeerPort => $PORT, PeerPort => $PORT,
Timeout => 10, Timeout => 10,
Proto => 'tcp' Proto => 'tcp',
); ) or die "Unable to connect to $HOST:$PORT TLS: $SSL_ERROR";
}
if (! defined($sock)) {
die "can't read socket: $!";
} }
if (! defined($sock)) {
die "can't read socket: $!";
}
if ( defined( $PASSWORD ) ) { if ( defined( $PASSWORD ) ) {
print $sock "AUTH ", $PASSWORD, "\r\n"; print $sock "AUTH ", $PASSWORD, "\r\n";
@ -435,6 +454,7 @@ sub get_conn {
sub get_info{ sub get_info{
my $sock = $_[0]; my $sock = $_[0];
print $sock "INFO\r\n"; print $sock "INFO\r\n";
# Reply is in the format $<length>\r\n<data>\r\n
my $result = <$sock> || die "can't read socket: $!"; my $result = <$sock> || die "can't read socket: $!";
my $rep; my $rep;
@ -442,7 +462,7 @@ sub get_info{
read($sock, $rep, substr($result,1)+2) || die "can't read from socket: $!"; read($sock, $rep, substr($result,1)+2) || die "can't read from socket: $!";
my $hash; my $hash;
foreach (split(/\r\n/, substr($rep, 0, -2))) { foreach (split(/\r\n/, substr($rep, 0, -2))) { #Delete the lasts \r\n
my ($key,$val) = split(/:/, $_, 2); my ($key,$val) = split(/:/, $_, 2);
if (defined($key)) { if (defined($key)) {
$hash->{$key} = $val; $hash->{$key} = $val;