From b4e33f4b413494827d88333230ff11615721c5ab Mon Sep 17 00:00:00 2001
From: Kris Lamoureux <krislamo@uga.edu>
Date: Fri, 24 Jul 2020 11:56:06 -0400
Subject: [PATCH] Use built-in TLS forwarding support

---
 Vagrantfile          | 16 +++++++++++++++-
 td-agent-server.conf | 14 +++++++-------
 td-agent.conf        | 12 ++++--------
 3 files changed, 26 insertions(+), 16 deletions(-)

diff --git a/Vagrantfile b/Vagrantfile
index 5d2c526..2835604 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -56,11 +56,25 @@ Vagrant.configure("2") do |config|
           systemctl restart rsyslog
         fi
 
+        # Setup TLS
+        if [ ! -f /vagrant/tmp/ca_key.pem ]; then
+          echo "Generating TLS certificates..."
+          cd /vagrant/tmp
+          openssl req -newkey rsa:4096 \
+                      -x509 \
+                      -sha256 \
+                      -days 3650 \
+                      -nodes \
+                      -out ca_cert.pem \
+                      -keyout ca_key.pem \
+                      -subj "/C=US/ST=Local/L=Local/O=Org/OU=IT/CN=example.com" \
+                      2> /dev/null
+        fi
+
         # Install td-agent
         cp /vagrant/td-agent.repo /etc/yum.repos.d/
         yum check-update
         yum install -y td-agent
-        td-agent-gem install fluent-plugin-secure-forward
         td-agent-gem install fluent-plugin-gelf-hs gelf
         systemctl -q enable td-agent
 
diff --git a/td-agent-server.conf b/td-agent-server.conf
index a029c7f..d680300 100644
--- a/td-agent-server.conf
+++ b/td-agent-server.conf
@@ -1,12 +1,12 @@
 <source>
-  @type secure_forward
-  shared_key test
-  self_hostname 172.28.128.30
+  @type forward
   port 2514
-  secure true
-  ca_cert_path /vagrant/tmp/ca_cert.pem
-  ca_private_key_path /vagrant/tmp/ca_key.pem
-  ca_private_key_passphrase test
+  <transport tls>
+    version TLSv1_2
+    insecure true
+    cert_path /vagrant/tmp/ca_cert.pem
+    private_key_path /vagrant/tmp/ca_key.pem
+  </transport>
 </source>
 
 <source>
diff --git a/td-agent.conf b/td-agent.conf
index dfd4ebe..03e8463 100644
--- a/td-agent.conf
+++ b/td-agent.conf
@@ -46,15 +46,11 @@
 </match>
 
 <match **>
-  @type secure_forward
-  shared_key test
-  self_hostname 172.28.128.31
-  flush_interval 0s
-  num_threads 2
-  secure true
-  ca_cert_path /vagrant/tmp/ca_cert.pem
-
+  @type forward
+  transport tls
+  tls_cert_path /vagrant/tmp/ca_cert.pem
   <server>
+    name example.com
     host 172.28.128.30
     port 2514
   </server>