Add support for secure transmission via collectd

[kbabioch]

Feature Request

Proposal: Support for secure communication with collectd should be added. This is described in the manpage of collectd.conf(5). There is support for both authenticated (but unencrypted) as well as encrypted communication built into collectd and the network plugin.

Current behavior:
Simple tests revaled, that influxdb simply ignores any data that is signed and/or encrypted, hence this functionality has to be disabled on the collectd side. Looking through the influxdb code, I don't see any support for authenticated and/or encrypted data.

Desired behavior:
Add support for authenticated and/or encrypted data. Add appropriate options and honor them.

Use case: This is important because right now incoming data is not authenticated. It is possible to change values while they are being transmitted (man in the middle), hence the data within the database is not trustworthy. Since collectd has built-in support for authenticated and/or encrypted data, the influxdb interface should make use of it.

[marcv81]

This would be a very useful feature indeed!

I needed it and my Go is not too strong, so I wrote a lightweight proxy in Python. It receives encrypted/signed collectd packets and forwards them as plain packets. If you bind the InfluxDB collectd service to the loopback interface and install the proxy on the same server it does the trick. https://github.com/marcv81/collectd_proxy

I also detailed the encrypted and signed packets format: https://github.com/marcv81/collectd_proxy/blob/master/packet_format.md

I appreciate this is not the most elegant solution. Hopefully it can be useful in the meantime, and it provides some information to help implement this feature.

[marcv81]

I submitted a PR: #7435

[jwilder]

Fixed via #7435