feat(inputs/memcached): Support client TLS origination to memcached #10642

LINKIWI · 2022-02-13T17:28:13Z

Required for all PRs:

Updated associated README.md.
Wrote appropriate unit tests.
Pull request title or commits are in conventional commit format

This change adds support for client TLS origination to memcached, leveraging the common TLS plugin library in plugins/common/tls. I also added toml struct tags to make the TOML parsing behavior explicit, which seems to be more in line with other plugins as well.

Test and verification:

Collection with server TLS enabled, using the memcached test fixture certificates in t/server_crt.pem et al.:

# telegraf.conf
[[inputs.memcached]]
    enable_tls = true
    tls_ca = "/path/to/memcached/t/cacert.pem"
    tls_cert = "/path/to/memcached/t/client_crt.pem"
    tls_key = "/path/to/memcached/t/client_key.pem"
    tls_server_name = "test.com"

# Compiled with ./configure --enable-tls
$ ./memcached --enable-ssl --extended ssl_chain_cert=t/server_crt.pem,ssl_key=t/server_key.pem,ssl_ca_cert=t/cacert.pem -vv
slab class   1: chunk size        96 perslab   10922
slab class   2: chunk size       120 perslab    8738
slab class   3: chunk size       152 perslab    6898
slab class   4: chunk size       192 perslab    5461
slab class   5: chunk size       240 perslab    4369
slab class   6: chunk size       304 perslab    3449
slab class   7: chunk size       384 perslab    2730
slab class   8: chunk size       480 perslab    2184
slab class   9: chunk size       600 perslab    1747
slab class  10: chunk size       752 perslab    1394
slab class  11: chunk size       944 perslab    1110
slab class  12: chunk size      1184 perslab     885
slab class  13: chunk size      1480 perslab     708
slab class  14: chunk size      1856 perslab     564
slab class  15: chunk size      2320 perslab     451
slab class  16: chunk size      2904 perslab     361
slab class  17: chunk size      3632 perslab     288
slab class  18: chunk size      4544 perslab     230
slab class  19: chunk size      5680 perslab     184
slab class  20: chunk size      7104 perslab     147
slab class  21: chunk size      8880 perslab     118
slab class  22: chunk size     11104 perslab      94
slab class  23: chunk size     13880 perslab      75
slab class  24: chunk size     17352 perslab      60
slab class  25: chunk size     21696 perslab      48
slab class  26: chunk size     27120 perslab      38
slab class  27: chunk size     33904 perslab      30
slab class  28: chunk size     42384 perslab      24
slab class  29: chunk size     52984 perslab      19
slab class  30: chunk size     66232 perslab      15
slab class  31: chunk size     82792 perslab      12
slab class  32: chunk size    103496 perslab      10
slab class  33: chunk size    129376 perslab       8
slab class  34: chunk size    161720 perslab       6
slab class  35: chunk size    202152 perslab       5
slab class  36: chunk size    252696 perslab       4
slab class  37: chunk size    315872 perslab       3
slab class  38: chunk size    394840 perslab       2
slab class  39: chunk size    524288 perslab       2
<22 server listening (auto-negotiate)
<23 server listening (auto-negotiate)
<24 new auto-negotiating client connection
24: Client using the ascii protocol
<24 stats
<24 connection closed.

$ ./telegraf --config telegraf.conf --test
...
> memcached,server=:11211 accepting_conns=1i,auth_cmds=0i,auth_errors=0i,bytes=0i,bytes_read=7i,bytes_written=0i,cas_badval=0i,cas_hits=0i,cas_misses=0i,cmd_flush=0i,cmd_get=0i,cmd_set=0i,cmd_touch=0i,conn_yields=0i,connection_structures=3i,curr_connections=2i,curr_items=0i,decr_hits=0i,decr_misses=0i,delete_hits=0i,delete_misses=0i,evicted_unfetched=0i,evictions=0i,expired_unfetched=0i,get_hits=0i,get_misses=0i,hash_bytes=524288i,hash_is_expanding=0i,hash_power_level=16i,incr_hits=0i,incr_misses=0i,limit_maxbytes=67108864i,listen_disabled_num=0i,reclaimed=0i,threads=4i,total_connections=3i,total_items=0i,touch_hits=0i,touch_misses=0i,uptime=21i 1644773022000000000

Collection with server TLS disabled, to verify backwards compatibility:

# telegraf.conf
[[inputs.memcached]]

$ ./memcached -vv
slab class   1: chunk size        96 perslab   10922
slab class   2: chunk size       120 perslab    8738
slab class   3: chunk size       152 perslab    6898
slab class   4: chunk size       192 perslab    5461
slab class   5: chunk size       240 perslab    4369
slab class   6: chunk size       304 perslab    3449
slab class   7: chunk size       384 perslab    2730
slab class   8: chunk size       480 perslab    2184
slab class   9: chunk size       600 perslab    1747
slab class  10: chunk size       752 perslab    1394
slab class  11: chunk size       944 perslab    1110
slab class  12: chunk size      1184 perslab     885
slab class  13: chunk size      1480 perslab     708
slab class  14: chunk size      1856 perslab     564
slab class  15: chunk size      2320 perslab     451
slab class  16: chunk size      2904 perslab     361
slab class  17: chunk size      3632 perslab     288
slab class  18: chunk size      4544 perslab     230
slab class  19: chunk size      5680 perslab     184
slab class  20: chunk size      7104 perslab     147
slab class  21: chunk size      8880 perslab     118
slab class  22: chunk size     11104 perslab      94
slab class  23: chunk size     13880 perslab      75
slab class  24: chunk size     17352 perslab      60
slab class  25: chunk size     21696 perslab      48
slab class  26: chunk size     27120 perslab      38
slab class  27: chunk size     33904 perslab      30
slab class  28: chunk size     42384 perslab      24
slab class  29: chunk size     52984 perslab      19
slab class  30: chunk size     66232 perslab      15
slab class  31: chunk size     82792 perslab      12
slab class  32: chunk size    103496 perslab      10
slab class  33: chunk size    129376 perslab       8
slab class  34: chunk size    161720 perslab       6
slab class  35: chunk size    202152 perslab       5
slab class  36: chunk size    252696 perslab       4
slab class  37: chunk size    315872 perslab       3
slab class  38: chunk size    394840 perslab       2
slab class  39: chunk size    524288 perslab       2
<22 server listening (auto-negotiate)
<23 server listening (auto-negotiate)
<24 new auto-negotiating client connection
24: Client using the ascii protocol
<24 stats
<24 connection closed.

$ ./telegraf --config telegraf.conf --test
...
> memcached,server=:11211 accepting_conns=1i,auth_cmds=0i,auth_errors=0i,bytes=0i,bytes_read=7i,bytes_written=0i,cas_badval=0i,cas_hits=0i,cas_misses=0i,cmd_flush=0i,cmd_get=0i,cmd_set=0i,cmd_touch=0i,conn_yields=0i,connection_structures=3i,curr_connections=2i,curr_items=0i,decr_hits=0i,decr_misses=0i,delete_hits=0i,delete_misses=0i,evicted_unfetched=0i,evictions=0i,expired_unfetched=0i,get_hits=0i,get_misses=0i,hash_bytes=524288i,hash_is_expanding=0i,hash_power_level=16i,incr_hits=0i,incr_misses=0i,limit_maxbytes=67108864i,listen_disabled_num=0i,reclaimed=0i,threads=4i,total_connections=3i,total_items=0i,touch_hits=0i,touch_misses=0i,uptime=11i 1644773145000000000

telegraf-tiger · 2022-02-15T01:22:36Z

Download PR build artifacts for linux_amd64.tar.gz, darwin_amd64.tar.gz, and windows_amd64.zip.
Downloads for additional architectures and packages are available below.

☺️ This pull request doesn't significantly change the Telegraf binary size (less than 1%)

📦 Click here to get additional PR build artifacts

Artifact URLs

DEB	RPM	TAR GZ	ZIP
amd64.deb	aarch64.rpm	darwin_amd64.tar.gz	windows_amd64.zip
arm64.deb	armel.rpm	darwin_arm64.tar.gz	windows_i386.zip
armel.deb	armv6hl.rpm	freebsd_amd64.tar.gz
armhf.deb	i386.rpm	freebsd_armv7.tar.gz
i386.deb	ppc64le.rpm	freebsd_i386.tar.gz
mips.deb	riscv64.rpm	linux_amd64.tar.gz
mipsel.deb	s390x.rpm	linux_arm64.tar.gz
ppc64el.deb	x86_64.rpm	linux_armel.tar.gz
riscv64.deb		linux_armhf.tar.gz
s390x.deb		linux_i386.tar.gz
		linux_mips.tar.gz
		linux_mipsel.tar.gz
		linux_ppc64le.tar.gz
		linux_riscv64.tar.gz
		linux_s390x.tar.gz
		static_linux_amd64.tar.gz

srebhan · 2022-02-16T17:06:47Z

plugins/inputs/memcached/memcached.go

 	"github.com/influxdata/telegraf/plugins/inputs"
+	"golang.org/x/net/proxy"


One (maybe off-topic) question, could this eliminate the need for https://github.com/influxdata/telegraf/tree/master/plugins/common/proxy?

Thanks for the review. Looks like the common/proxy package is mostly just a wrapper around x/net/proxy to generate a SOCKS5 or HTTP Dialer from a Telegraf TOML config. I haven't touched that part of the codebase before but I imagine it's useful to keep around.

The reason I'm asking is that I'm a bit hesitant to have both ways in the code-base as it calls for confusion. So ideally you should use common/proxy or we should remove common/proxy altogether (if it replicates an upstream package). Do you think that's possible?

Oh, I see. The usage of golang.org/x/net/proxy in this PR is just to type the dialer variable against the proxy.Dialer interface type. There isn't any actual usage of proxy logic.

If you like, I can restructure the logic so that the golang.org/x/net/proxy import is no longer needed. But there would be more code duplication. Something like

plaintextDialer := ... var tlsDialer *tls.Dialer if enable tls { tlsCfg, err := m.ClientConfig.TLSConfig() ... tlsDialer = ... } ... // following repeated twice, for each of unix socket and TCP address endpoints if enable tls { conn, err := tlsDialer.Dial(...) ... } else { conn, err := plaintextDialer.Dial(...) ... }

srebhan

Looks good to me. Thanks @LINKIWI!

…10642)

telegraf-tiger bot added the feat Improvement on an existing feature such as adding a new setting/mode to an existing plugin label Feb 13, 2022

feat(inputs/memcached): Support client TLS origination to memcached

0d90616

srebhan reviewed Feb 16, 2022

View reviewed changes

srebhan approved these changes Feb 16, 2022

View reviewed changes

srebhan self-assigned this Feb 16, 2022

srebhan added plugin/input 1. Request for new input plugins 2. Issues/PRs that are related to input plugins ready for final review This pull request has been reviewed and/or tested by multiple users and is ready for a final review. labels Feb 16, 2022

powersj approved these changes Feb 22, 2022

View reviewed changes

powersj merged commit 9bdfb21 into influxdata:master Feb 22, 2022

sspaink mentioned this pull request Mar 11, 2022

Allow HTTPS basic auth in memcached connection strings #2613

Closed

MyaLongmire pushed a commit that referenced this pull request Jul 6, 2022

feat(inputs/memcached): Support client TLS origination to memcached (#…

3a49cf9

…10642)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(inputs/memcached): Support client TLS origination to memcached #10642

feat(inputs/memcached): Support client TLS origination to memcached #10642

LINKIWI commented Feb 13, 2022

telegraf-tiger bot commented Feb 15, 2022

Artifact URLs

srebhan Feb 16, 2022

LINKIWI Feb 16, 2022

srebhan Feb 17, 2022

LINKIWI Feb 17, 2022

srebhan left a comment

		"github.com/influxdata/telegraf/plugins/inputs"
		"golang.org/x/net/proxy"

feat(inputs/memcached): Support client TLS origination to memcached #10642

feat(inputs/memcached): Support client TLS origination to memcached #10642

Conversation

LINKIWI commented Feb 13, 2022

Required for all PRs:

telegraf-tiger bot commented Feb 15, 2022

Artifact URLs

srebhan Feb 16, 2022

Choose a reason for hiding this comment

LINKIWI Feb 16, 2022

Choose a reason for hiding this comment

srebhan Feb 17, 2022

Choose a reason for hiding this comment

LINKIWI Feb 17, 2022

Choose a reason for hiding this comment

srebhan left a comment

Choose a reason for hiding this comment