search

inovex / mqtt_blackbox_exporter

Prometheus Exporter for MQTT monitoring
Apache License 2.0
77 stars 24 forks source link

Add insecure option to disable SSL server certifacte verification. #31

Closed hikhvar closed 5 years ago

arnisoph commented 5 years ago

I suggest this config.yaml.dist:

$ cat config.yaml.dist
probes:
#  - name: name of the probe
#    broker_url: ssl://iot.eclipse.org:8883
#    client_cert: /path/to/cert.pem # Use either user/pass auth, certificates or both at the same time.
#    client_key: /path/to/cert.key
#    ca_chain: /path/to/ca-chain.pem
#    insecure_skip_verify: false
#    username: test
#    password: xxx
#    topic: internal/monitoring/mqtt-broker-ssl
#    client_prefix: mqtt_blackbox_exporter.mqtt-broker-ssl
#    messages: 10
#    interval: 30s

  - name: mqtt-broker-ssl
    broker_url: ssl://iot.eclipse.org:8883
    topic: internal/monitoring/mqtt-broker-ssl
    client_prefix: mqtt_blackbox_exporter.mqtt-broker-ssl
    messages: 10
    interval: 30s

  - name: mqtt-broker-insecure-ssl
    broker_url: ssl://test.mosquitto.org:8883
    insecure_skip_verify: true
    topic: internal/monitoring/mqtt-broker-insecure-ssl
    client_prefix: mqtt_blackbox_exporter.mqtt-broker-insecure-ssl
    messages: 10
    interval: 30s

  - name: mqtt-broker-insecure-nonssl
    broker_url: tcp://iot.eclipse.org:1883
    topic: internal/monitoring/mqtt-broker-insecure-nonssl
    client_prefix: mqtt_blackbox_exporter.mqtt-broker-insecure-nonssl
    messages: 10
    interval: 30s
arnisoph commented 5 years ago

@invadersmustdie @dirkcjelli could you verify on macOS please? insecure_skip_verify:true doesn't work for me..

14:06:51.581078 main.go:266: Starting mqtt_blackbox_exporter (build: v0.2.1-20180926-155850+8756d5b)
14:06:51.581691 client.go:161: [client]   Connect()
14:06:51.581848 memstore.go:48: [store]    memorystore initialized
14:06:51.581875 client.go:172: [client]   about to write new connect msg
14:06:51.771965 client.go:206: [client]   x509: certificate signed by unknown authority
14:06:51.771995 client.go:207: [client]   failed to connect to broker, trying next
14:06:51.772008 client.go:213: [client]   Failed to connect to a broker
14:06:51.772027 memstore.go:126: [store]    memorystore closed
14:06:51.772050 main.go:187: Probe mqtt-broker-insecure-ssl: failed to connect client: Network Error : x509: certificate signed by unknown authority

Tested with go 1.10. Will upgrade go compiler soon..

hikhvar commented 5 years ago

Updated the config file. PTAL.

arnisoph commented 5 years ago

works fine, though we haven't found a publicly SSL exposed mqtt broker yet..

arnisoph commented 5 years ago

Please update the test script:

diff --git a/test/run-integration-tests.sh b/test/run-integration-tests.sh
index 26259e4..0435abc 100755
--- a/test/run-integration-tests.sh
+++ b/test/run-integration-tests.sh
@@ -28,5 +28,6 @@ echo "=> Killing exporter (pid=${service_pid})"
 kill $service_pid

 echo "=> Checking result"
-grep 'probe_mqtt_started_total{broker="ssl://broker.mqttdashboard.com:8883",name="mqtt broker SSL"} [[:digit:]]' test/out.log
-grep 'probe_mqtt_started_total{broker="tcp://test.mosquitto.org:1883",name="mqtt broker NONSSL"} [[:digit:]]' test/out.log
+grep 'probe_mqtt_started_total{broker="ssl://iot.eclipse.org:8883",name="mqtt-broker-ssl"} [[:digit:]]' test/out.log
+grep 'probe_mqtt_started_total{broker="ssl://test.mosquitto.org:8883",name="mqtt-broker-insecure-ssl"} [[:digit:]]' test/out.log
+grep 'probe_mqtt_started_total{broker="tcp://iot.eclipse.org:1883",name="mqtt-broker-insecure-nonssl"} [[:digit:]]' test/out.log
hikhvar commented 5 years ago

Thanks for the patch. Applied it. PTAL.