Generate Certificates Automatically

[ashishtilara]

• fluentd or td-agent version.
  3.1.0-0
• Environment information, e.g. OS.
  Ubuntu
• Your configuration

<source>
  @type http
  port 9880
  @log_level trace
</source>
# Input
<source>
	@type forward

    <transport tls>
        # The file path of private CA certificate file. This file must be shared with input plugin. The default is blank, but this parameter must be specified except for the case to use certificates signed by public CA.
        cert_path /home/ubuntu/automegic/ca_cert.pem
        # The path to the private key for private CA certificate key file.
        private_key_path /home/ubuntu/automegic/ca_key.pem
        # The passphrase string for private key file, specified by ca_private_key_path.
        private_key_passphrase 1234

        generate_cert_country AU
        generate_cert_state NSW
        generate_cert_locality Sydney
        generate_cert_common_name ashish.com
    </transport>
</source>

<match **>
    @type stdout
</match>

• Your problem explanation. If you have an error logs, write it together.
  I am under impression that generate_* parameters are there to automatically generate the file mentioned in cert_path, is that correct? is it possible to have some proper documentation about whole secure forward side of things.
  I used secure_forward plugin, which had certificate generation scripts in there that I used. Is there anything like that available?

[repeatedly]

generate_* is used when you use ca cert or insecure mode.
With cert_path, these parameters are ignored. It is same with secure-forward.

Currently, TLS transport document is here: https://www.fluentd.org/blog/fluentd-v0.14.12-has-been-released
We will add transport section to fluentd-docs with several examples.

[ashishtilara]

Thank you @repeatedly

Just one more thing, would be great if documentation also has instructions on how to generate those certs manually.
For secure-forward I used https://github.com/tagomoris/fluent-plugin-secure-forward/blob/master/bin/secure-forward-ca-generate

[repeatedly]

For secure-forward I used https://github.com/tagomoris/fluent-plugin-secure-forward/blob/master/bin/secure-forward-ca-generate

Hmm... adding this command to fluentd looks good.
We will work on it.

[ashishtilara]

is this going to be on your roadmap soon?

[repeatedly]

@okkez @cosmo0920 Do you have a time to port secure-forward's command into fluentd?

[ashishtilara]

@repeatedly I have split out the functionality into separate repo.
https://github.com/ashishtilara/fluentd-ssl-generator

Now should be easy to just port the functionality, if it helps.

[cosmo0920]

I ported secure-forward's command in #1818.