Ability to specify client cert for http client in scraper input
mscrivo opened this issue · 2 comments
Hi Luke,
Thanks for producing this great addon. We're attempting to use the scraper input against our TLS protected metrics endpoint. We're not having any luck pulling in metrics yet. At first, we were getting:
x509: certificate signed by unknown authority
We put the root cert into the root CA store on the machine, and that made the error go away, but it still won't pull the metrics in and there are no other errors. I assume we need to specify the client cert, but there doesn't seem to be any way to do that?
@mscrivo Is your metrics endpoint configured to expect mutual SSL authentication? That would be the only reason that adding a client cert would be useful I think.
At least for testing purposes, can you use the "InsecureSkipVerify" option in inputs.conf and see if that fixes the issue.
Also check:
- You are using a metrics type index
- This add-on is installed at the first full instance encountered: i.e. if you are collecting metrics on a Universal Forwarder this TA also needs to be installed on the indexer or HF you are forwarding to
Both the above situations are a little silent when they have errors.
If not the above, can you drop your inputs.conf and a more complete description of your architecture (i.e. distributed, using Heavy Forwarder, or separate indexer etc.) and I'll see if I can spot the problem.
yes, we do use mutual TLS auth. My colleague ended up modifying the code to allow specifying a client cert and we got it working. Will see if we can contribute it back via PR.