commit 11ec118a29d3beda077ec540191d9b939081e40a
author mcp-jenkins <mcp-jenkins@mirantis.com> Thu Apr 11 13:43:47 2019 +0000
committer Gerrit Code Review <mail@domain.com> Thu Apr 11 13:43:47 2019 +0000
tree be17427363899bb6158285dc99f833607ce77894
parent 234966523f7c500848f6036d0031a9111d85e9c9
parent c5303e44e1420a390a6c1ecd1b60b28ae6e8c6b7

Merge "Add Telegraf SSL support"

defaults/salt/init.yml

diff --git a/defaults/salt/init.yml b/defaults/salt/init.yml
index e71f560..a720189 100644
--- a/defaults/salt/init.yml
+++ b/defaults/salt/init.yml
@@ -55,3 +55,5 @@
     - '@wheel'   # to allow access to all wheel modules
     - '@runner'  # to allow access to all runner modules
     - '@jobs'    # to allow access to the jobs runner and/or wheel mo
+
+    salt_minion_ca_authority: salt_master_ca

docker/swarm/stack/monitoring/prometheus/init.yml

diff --git a/docker/swarm/stack/monitoring/prometheus/init.yml b/docker/swarm/stack/monitoring/prometheus/init.yml
index 65dd5b9..d7db52c 100644
--- a/docker/swarm/stack/monitoring/prometheus/init.yml
+++ b/docker/swarm/stack/monitoring/prometheus/init.yml
@@ -32,6 +32,7 @@
               volumes:
                 - ${prometheus:server:dir:config}:${_param:prometheus_server_config_directory}
                 - ${prometheus:server:dir:data}:${_param:prometheus_server_data_directory}
+                - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro
               environment:
                 PROMETHEUS_CONFIG_DIR: ${_param:prometheus_server_config_directory}
                 PROMETHEUS_DATA_DIR: ${_param:prometheus_server_data_directory}

salt/minion/cert/telegraf_agent.yml

diff --git a/salt/minion/cert/telegraf_agent.yml b/salt/minion/cert/telegraf_agent.yml
new file mode 100644
index 0000000..d54520c
--- /dev/null
+++ b/salt/minion/cert/telegraf_agent.yml
@@ -0,0 +1,14 @@
+parameters:
+  salt:
+    minion:
+      cert:
+        telegraf_agent:
+          host: ${_param:salt_minion_ca_host}
+          authority: ${_param:salt_minion_ca_authority}
+          common_name: telegraf_agent
+          signing_policy: cert_server
+          alternative_names: IP:127.0.0.1,IP:${_param:single_address},DNS:${linux:system:name},DNS:${linux:network:fqdn}
+          key_file: ${telegraf:agent:dir:config}/telegraf-agent.key
+          cert_file: ${telegraf:agent:dir:config}/telegraf-agent.crt
+          mode: '0444'
+          enabled: true

telegraf/agent/output/prometheus_client_ssl.yml

diff --git a/telegraf/agent/output/prometheus_client_ssl.yml b/telegraf/agent/output/prometheus_client_ssl.yml
new file mode 100644
index 0000000..f59335f
--- /dev/null
+++ b/telegraf/agent/output/prometheus_client_ssl.yml
@@ -0,0 +1,10 @@
+parameters:
+  telegraf:
+    agent:
+      output:
+        prometheus_client:
+          scheme: https
+          tls_cert: ${telegraf:agent:dir:config}/telegraf-agent.crt
+          tls_key: ${telegraf:agent:dir:config}/telegraf-agent.key
+          tls_config:
+            ca_file: /etc/ssl/certs/ca-certificates.crt