j***@gmail.com
2016-11-10 22:16:21 UTC
Hi, I'm thinking about add a SSL layer to InfluxDB, Telegraf and Kapacitor.
Between InfluxDB and Telegraf, I don't have any issue but between InfluxDB and Kapacitor I have.
These are the logs of both apps.
kapacitor:
log messages must have 'L!' prefix where L is one of 'D', 'I', 'W', 'E'[log] 2016/11/10 21:21:20 http: TLS handshake error from 127.0.0.1:22865: remote error: bad certificate
influxdb:
Post https://localhost:9092/write?consistency=&db=telegraf&precision=ns&rp=default: x509: certificate signed by unknown authority
But if I run "kapacitor -skipVerify -url https://localhost:9092 list tasks", I will return what I expect, a list of my tasks.
The configuration of influxdb is:
[http]
enabled = true
bind-address = ":8086"
auth-enabled = false
log-enabled = true
write-tracing = false
pprof-enabled = false
https-enabled = true
https-certificate = "/etc/influxdb/internal.cert"
### Use a separate private key location.
https-private-key = "/etc/influxdb/internal.key"
max-row-limit = 10000
realm = "InfluxDB"
And Kapacitor:
[http]
# HTTP API Server for Kapacitor
# This server is always on,
# it servers both as a write endpoint
# and as the API endpoint for all other
# Kapacitor calls.
bind-address = ":9092"
auth-enabled = false
log-enabled = true
write-tracing = false
pprof-enabled = false
https-enabled = true
https-certificate = "/etc/influxdb/internal.kapacitor.pem"
Kapacitor uses the same certificate which is used by influxdb, but this file is a concatenation of the private key and de certiticate.
In the Telegraf's configuration, I'm using the " ssl_ca = "/etc/telegraf/cacert.pem" option. As you can see, telegraf only need the CA certificate to work correctly, but Kapacitor doesn't have this option.
And Influxdb doesn't have the "insecure_skip_verify" option like telegraf does.
So how you can use your own certificates with Kapacitor and Influxdb ?
I'm using Debian 8.6 kapacitor 1.0.2-1, influxdb 1.0.2-1 and telegraf 1.0.1-1.
Thanks.
Between InfluxDB and Telegraf, I don't have any issue but between InfluxDB and Kapacitor I have.
These are the logs of both apps.
kapacitor:
log messages must have 'L!' prefix where L is one of 'D', 'I', 'W', 'E'[log] 2016/11/10 21:21:20 http: TLS handshake error from 127.0.0.1:22865: remote error: bad certificate
influxdb:
Post https://localhost:9092/write?consistency=&db=telegraf&precision=ns&rp=default: x509: certificate signed by unknown authority
But if I run "kapacitor -skipVerify -url https://localhost:9092 list tasks", I will return what I expect, a list of my tasks.
The configuration of influxdb is:
[http]
enabled = true
bind-address = ":8086"
auth-enabled = false
log-enabled = true
write-tracing = false
pprof-enabled = false
https-enabled = true
https-certificate = "/etc/influxdb/internal.cert"
### Use a separate private key location.
https-private-key = "/etc/influxdb/internal.key"
max-row-limit = 10000
realm = "InfluxDB"
And Kapacitor:
[http]
# HTTP API Server for Kapacitor
# This server is always on,
# it servers both as a write endpoint
# and as the API endpoint for all other
# Kapacitor calls.
bind-address = ":9092"
auth-enabled = false
log-enabled = true
write-tracing = false
pprof-enabled = false
https-enabled = true
https-certificate = "/etc/influxdb/internal.kapacitor.pem"
Kapacitor uses the same certificate which is used by influxdb, but this file is a concatenation of the private key and de certiticate.
In the Telegraf's configuration, I'm using the " ssl_ca = "/etc/telegraf/cacert.pem" option. As you can see, telegraf only need the CA certificate to work correctly, but Kapacitor doesn't have this option.
And Influxdb doesn't have the "insecure_skip_verify" option like telegraf does.
So how you can use your own certificates with Kapacitor and Influxdb ?
I'm using Debian 8.6 kapacitor 1.0.2-1, influxdb 1.0.2-1 and telegraf 1.0.1-1.
Thanks.
--
Remember to include the version number!
---
You received this message because you are subscribed to the Google Groups "InfluxData" group.
To unsubscribe from this group and stop receiving emails from it, send an email to influxdb+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/influxdb.
To view this discussion on the web visit https://groups.google.com/d/msgid/influxdb/945e5a45-7c96-4a96-9b62-4f04b6c73141%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Remember to include the version number!
---
You received this message because you are subscribed to the Google Groups "InfluxData" group.
To unsubscribe from this group and stop receiving emails from it, send an email to influxdb+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/influxdb.
To view this discussion on the web visit https://groups.google.com/d/msgid/influxdb/945e5a45-7c96-4a96-9b62-4f04b6c73141%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.