Add SSL certificate verification bypass for prometheus metrics

2024-09-20 06:46:13 +08:00 · 2023-05-27 13:30:45 +02:00 · 2023-05-27 13:30:45 +02:00 · a984eb5501
parent 53d3814546
commit a984eb5501
6 changed files with 17 additions and 6 deletions
--- a/1
+++ b/1
@ -1,5 +1,6 @@
 ## master

+  - Add SSL certificate verification bypass for prometheus metrics
  - Make sure all multiline entries in config files are processed as lists
  - Add exclude-patterns to GUI (was present in CLI version already)
  - Make sure we always quote exclusions patterns or files
--- a/npbackup/core/runner.py
+++ b/npbackup/core/runner.py
@ -7,7 +7,7 @@ __intname__ = "npbackup.gui.core.runner"
 __author__ = "Orsiris de Jong"
 __copyright__ = "Copyright (C) 2022-2023 NetInvent"
 __license__ = "GPL-3.0-only"
-__build__ = "2023020201"
+__build__ = "2023052701"


 from typing import Optional, Callable, Union, List
@ -57,6 +57,10 @@ def metric_writer(config_dict: dict, restic_result: bool, result_string: str):
                )
            except (KeyError, AttributeError):
                destination = None
+            try:
+                no_cert_verify = config_dict["prometheus"]["no_cert_verify"]
+            except (KeyError, AttributeError):
+                no_cert_verify = False
            try:
                prometheus_additional_labels = config_dict["prometheus"][
                    "additional_labels"
@ -99,7 +103,7 @@ def metric_writer(config_dict: dict, restic_result: bool, result_string: str):
                except KeyError:
                    logger.info("No metrics authentication present.")
                    authentication = None
-                upload_metrics(destination, authentication, metrics)
+                upload_metrics(destination, authentication, no_cert_verify, metrics)
    except KeyError as exc:
        logger.info("Metrics not configured: {}".format(exc))
    except OSError as exc:
--- a/npbackup/gui/config.py
+++ b/npbackup/gui/config.py
@ -306,6 +306,10 @@ def config_gui(config_dict: dict, config_file: str):
            sg.Text(_t("config_gui.metrics_destination"), size=(40, 1)),
            sg.Input(key="prometheus---destination", size=(50, 1)),
        ],
+        [
+            sg.Text(_t("config_gui.no_cert_verify"), size=(40, 1)),
+            sg.Checkbox("", key="prometheus---no_cert_verify", size=(41, 1)),
+        ],
        [
            sg.Text(_t("config_gui.metrics_username"), size=(40, 1)),
            sg.Input(key="prometheus---http_username", size=(50, 1)),
--- a/npbackup/restic_metrics/init.py
+++ b/npbackup/restic_metrics/init.py
@ -6,8 +6,8 @@ __intname__ = "restic_metrics"
 __author__ = "Orsiris de Jong"
 __copyright__ = "Copyright (C) 2022-2023 Orsiris de Jong - NetInvent"
 __licence__ = "BSD-3-Clause"
-__version__ = "1.4.3"
-__build__ = "2023020701"
+__version__ = "1.4.4"
+__build__ = "2023052701"
 __description__ = (
    "Converts restic command line output to a text file node_exporter can scrape"
 )
@ -229,7 +229,7 @@ def restic_output_2_metrics(restic_result, output, labels=None):
    return errors, metrics


-def upload_metrics(destination, authentication, metrics):
+def upload_metrics(destination, authentication, no_cert_verify, metrics):
    try:
        headers = {
            "X-Requested-With": "{} {}".format(__intname__, __version__),
@ -241,7 +241,7 @@ def upload_metrics(destination, authentication, metrics):
            data += "{}\n".format(metric)
        logger.debug("metrics:\n{}".format(data))
        result = requests.post(
-            destination, headers=headers, data=data, auth=authentication, timeout=4
+            destination, headers=headers, data=data, auth=authentication, timeout=4, verify=not no_cert_verify
        )
        if result.status_code == 200:
            logger.info("Metrics pushed succesfully.")
--- a/npbackup/translations/config_gui.en.yml
+++ b/npbackup/translations/config_gui.en.yml
@ -36,6 +36,7 @@ en:
  enable_prometheus: Enable prometheus metrics
  job_name: Job name (backup_job)
  metrics_destination: Metrics destination (URI / file)
+  no_cert_verify: Do not verify SSL certificate
  metrics_username: HTTP metrics username
  metrics_password: HTTP metrics password
  instance: Prometheus instance
--- a/npbackup/translations/config_gui.fr.yml
+++ b/npbackup/translations/config_gui.fr.yml
@ -36,6 +36,7 @@ fr:
  enable_prometheus: Activer les métriques prometheus
  job_name: Nom du travail (backup_job)
  metrics_destination: Destination métriques (URI / fichier)
+  no_cert_verify: Ne pas vérifier le certificat SSL
  metrics_username: Nom d'utilisateur métriques HTTP
  metrics_password: Mot de passe métriques HTTP
  instance: Instance Prometheus