Reputation: 6141
I'm unable to workaround an unauthorized response from InfluxDB 2 when using the 1.x write endpoint.
The setup:
From the InfluxDB 2.0 docs, it states it has some 1.x compatibility:
The InfluxDB v2 API includes InfluxDB 1.x compatibility endpoints that work with InfluxDB 1.x client libraries and third-party integrations like Grafana and others.
Spefically, /write
is listed as 1.x compatible
So let's test this and write to a 2.0 server with 1.x api. First we'll spin up a docker image with a username and password
docker run -p 8086:8086 \
-e DOCKER_INFLUXDB_INIT_MODE=setup \
-e DOCKER_INFLUXDB_INIT_USERNAME=my-user \
-e DOCKER_INFLUXDB_INIT_PASSWORD=my-password \
-e DOCKER_INFLUXDB_INIT_ORG=myorg \
-e DOCKER_INFLUXDB_INIT_BUCKET=mydb \
influxdb:2.0
The docs state that we can authenticate with basic authentication, so the following example (also from their docs with only the authentication switched to curl's more ergonomic --user
option) should work:
curl -v --request POST http://localhost:8086/write?db=mydb \
--user my-user:my-password \
--data-binary "measurement,host=host1 field1=2i,field2=2.0 1577836800000000000"
Unfortunately a 401 is returned with the following payload:
{"code":"unauthorized","message":"Unauthorized"}
What could be the issue? I'm providing the minimum number of required arguments in the docker setup and I've copied and pasted the example from their docs -- there aren't too many areas where it could go wrong.
The endgoal is to have a single client that can write to both 1.x and 2.x as some deployments are 1.x and others are 2.x. Reading the docs make me think this is possible, but following the docs makes me think otherwise. Is the solution really to embed both InfluxDB 1.x and 2.x clients and require users to specify this version before running the app?
Fwiw, adding more verbose logging doesn't yield additional insight -- only the same unauthorized line:
docker run -p 8086:8086 \
-e DOCKER_INFLUXDB_INIT_MODE=setup \
-e DOCKER_INFLUXDB_INIT_USERNAME=my-user \
-e DOCKER_INFLUXDB_INIT_PASSWORD=my-password \
-e DOCKER_INFLUXDB_INIT_ORG=myorg \
-e DOCKER_INFLUXDB_INIT_BUCKET=mydb \
-e INFLUXD_LOG_LEVEL=debug \
influxdb:2.0
Upvotes: 0
Views: 2021
Reputation: 11
I was digging in this too... Dont have it working yet, but I think we could place Telegraf as proxy in between, using the influxdb_listener-plugin https://docs.influxdata.com/telegraf/v1.18/plugins//#influxdb_listener
Edit:
First, initiate your InfluxDB2 setup; have a bucket and a user etc. Make an accesstoken under 'Load Data' > 'Tokens'.
Then make a telegraf setup (like from docker) and give it this telegraf.conf
:
[[inputs.influxdb_listener]]
## Address and port to host HTTP listener on
service_address = ":8186"
## maximum duration before timing out read of the request
read_timeout = "10s"
## maximum duration before timing out write of the response
write_timeout = "10s"
## Maximum allowed HTTP request body size in bytes.
## 0 means to use the default of 32MiB.
max_body_size = 0
## Maximum line size allowed to be sent in bytes.
## deprecated in 1.14; parser now handles lines of unlimited length and option is ignored
# max_line_size = 0
## Set one or more allowed client CA certificate file names to
## enable mutually authenticated TLS connections
#tls_allowed_cacerts = ["/etc/telegraf/clientca.pem"]
## Add service certificate and key
#tls_cert = "/etc/telegraf/cert.pem"
#tls_key = "/etc/telegraf/key.pem"
## Optional tag name used to store the database name.
## If the write has a database in the query string then it will be kept in this tag name.
## This tag can be used in downstream outputs.
## The default value of nothing means it will be off and the database will not be recorded.
## If you have a tag that is the same as the one specified below, and supply a database,
## the tag will be overwritten with the database supplied.
# database_tag = ""
## If set the retention policy specified in the write query will be added as
## the value of this tag name.
retention_policy_tag = "Forever"
## Optional username and password to accept for HTTP basic authentication.
## You probably want to make sure you have TLS configured above for this.
basic_username = "user"
basic_password = "pass"
[[outputs.influxdb_v2]]
## The URLs of the InfluxDB cluster nodes.
##
## Multiple URLs can be specified for a single cluster, only ONE of the
## urls will be written to each interval.
## urls exp: http://127.0.0.1:8086
urls = ["http://xyz:8086"]
## Token for authentication.
token = "xxx"
## Organization is the name of the organization you wish to write to; must exist.
organization = "default"
## Destination bucket to write into.
bucket = "default"
The input can you generate by clicking in InfluxDB: 'Load Data' > 'Sources' > Search for 'influx' and select the 'InfluxDB Listener' and copy the config. The output can you generate by clicking in InfluxDB: 'Load Data' > 'Telegraf' > Purple button 'InfluxDB Output plugin'.
Good luck!
Upvotes: 1