Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mgr/influx: Add InfluxDB SSL Option #19374

Merged
merged 1 commit into from Jan 10, 2018
Merged

mgr/influx: Add InfluxDB SSL Option #19374

merged 1 commit into from Jan 10, 2018

Conversation

symptog
Copy link
Contributor

@symptog symptog commented Dec 7, 2017

Add possibility to connect to InfluxDB via https.
Also adding the option for verifying the https cert.

@symptog symptog changed the title Add InfluxDB SSL Option mgr/influx: Add InfluxDB SSL Option Dec 8, 2017
@liewegas liewegas added the mgr label Dec 9, 2017
@liewegas liewegas requested a review from jcsp December 9, 2017 00:38
@wido
Copy link
Member

wido commented Dec 13, 2017

Hmm, I have ##19229 open with a bunch more fixes. Should we maybe combine this into one PR?

jcsp
jcsp reviewed Dec 13, 2017
View reviewed changes
src/pybind/mgr/influx/module.py Outdated
ssl = False

# Verify https cert
verify_ssl = self.get_config("verify_ssl", default="false")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we make verify_ssl true by default? It feels a bit dangerous to have a "ssl=true" setting that by default doesn't validate the certs.

Copy link
Contributor Author

@symptog symptog Dec 13, 2017
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the influxdb client also defaults to false
https://github.com/influxdata/influxdb-python/blob/master/influxdb/client.py#L71

@jcsp
Copy link
Contributor

jcsp commented Dec 13, 2017

@symptog thanks for the contribution -- I have just merged another PR (#19229) that modifies how config is done in the influx module, so could you please rebase this PR on master and update it for the new self.config bits in 429718a ?

@symptog symptog force-pushed the master branch 2 times, most recently from a0491a5 to 950ea0c Compare December 13, 2017 18:17
@symptog
Copy link
Contributor Author

symptog commented Dec 13, 2017

@jcsp @wido can you please have a look? :)

wido
wido requested changes Dec 14, 2017
View reviewed changes
src/pybind/mgr/influx/module.py Outdated
@@ -45,6 +45,8 @@ class Module(MgrModule):
'username': None,
'password': None,
'interval': 5
'ssl': 'false',
'verify_ssl': 'false',
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't they both be a boolean instead of a string?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The get_config command returns strings and the influxdb-client expects bool.
In every case I need to cast to bool.
If I would set the defaults to True I would need one more cast, because:

True == 'true'
False

src/pybind/mgr/influx/module.py
self.config['ssl'] = ssl.lower() == 'true'
verify_ssl = \
self.get_config("verify_ssl", default=self.config_keys['verify_ssl'])
self.config['verify_ssl'] = verify_ssl.lower() == 'true'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see you cast from String to Bool here, but how does that work when somebody changes the configuration on runtime?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did not recognized this dynamic option. I will fix this.
Do we want verify_ssl to be true by default?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@wido

@wido
Copy link
Member

wido commented Dec 19, 2017

Sorry, I was a bit busy with a lot of things. Looking good to me! LGTM

@symptog
Add InfluxDB SSL Option
f5efaa2 
Add possibility to connect to InfluxDB via https.
Also adding the option for verifying the https cert.

Signed-off-by: Tobias Gall <tobias.gall@mailbox.org>
@tchaikov
Copy link
Contributor

@tchaikov tchaikov merged commit 1128ac4 into ceph:master Jan 10, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jcsp jcsp jcsp left review comments

@wido wido wido approved these changes

Assignees
No one assigned
Labels
mgr needs-qa wip-kefu-testing
Projects
None yet
Milestone
No milestone
5 participants
@symptog @wido @jcsp @tchaikov @liewegas