Nick Babcock
Nick Babcock

Reputation: 6141

Write to InfluxDB 2.x with 1.x Client

I'm unable to workaround an unauthorized response from InfluxDB 2 when using the 1.x write endpoint.

The setup:

From the InfluxDB 2.0 docs, it states it has some 1.x compatibility:

The InfluxDB v2 API includes InfluxDB 1.x compatibility endpoints that work with InfluxDB 1.x client libraries and third-party integrations like Grafana and others.

Spefically, /write is listed as 1.x compatible

So let's test this and write to a 2.0 server with 1.x api. First we'll spin up a docker image with a username and password

docker run -p 8086:8086 \
      -e DOCKER_INFLUXDB_INIT_MODE=setup \
      -e DOCKER_INFLUXDB_INIT_USERNAME=my-user \
      -e DOCKER_INFLUXDB_INIT_PASSWORD=my-password \
      -e DOCKER_INFLUXDB_INIT_ORG=myorg \
      -e DOCKER_INFLUXDB_INIT_BUCKET=mydb \
      influxdb:2.0

The docs state that we can authenticate with basic authentication, so the following example (also from their docs with only the authentication switched to curl's more ergonomic --user option) should work:

curl -v --request POST http://localhost:8086/write?db=mydb \
  --user my-user:my-password \
  --data-binary "measurement,host=host1 field1=2i,field2=2.0 1577836800000000000"

Unfortunately a 401 is returned with the following payload:

{"code":"unauthorized","message":"Unauthorized"}

What could be the issue? I'm providing the minimum number of required arguments in the docker setup and I've copied and pasted the example from their docs -- there aren't too many areas where it could go wrong.

The endgoal is to have a single client that can write to both 1.x and 2.x as some deployments are 1.x and others are 2.x. Reading the docs make me think this is possible, but following the docs makes me think otherwise. Is the solution really to embed both InfluxDB 1.x and 2.x clients and require users to specify this version before running the app?

Fwiw, adding more verbose logging doesn't yield additional insight -- only the same unauthorized line:

docker run -p 8086:8086 \
      -e DOCKER_INFLUXDB_INIT_MODE=setup \
      -e DOCKER_INFLUXDB_INIT_USERNAME=my-user \
      -e DOCKER_INFLUXDB_INIT_PASSWORD=my-password \
      -e DOCKER_INFLUXDB_INIT_ORG=myorg \
      -e DOCKER_INFLUXDB_INIT_BUCKET=mydb \
      -e INFLUXD_LOG_LEVEL=debug \
      influxdb:2.0

Upvotes: 0

Views: 2021

Answers (1)

decramy
decramy

Reputation: 11

I was digging in this too... Dont have it working yet, but I think we could place Telegraf as proxy in between, using the influxdb_listener-plugin https://docs.influxdata.com/telegraf/v1.18/plugins//#influxdb_listener

Edit:

First, initiate your InfluxDB2 setup; have a bucket and a user etc. Make an accesstoken under 'Load Data' > 'Tokens'.

Then make a telegraf setup (like from docker) and give it this telegraf.conf:

[[inputs.influxdb_listener]]
  ## Address and port to host HTTP listener on
  service_address = ":8186"

  ## maximum duration before timing out read of the request
  read_timeout = "10s"
  ## maximum duration before timing out write of the response
  write_timeout = "10s"

  ## Maximum allowed HTTP request body size in bytes.
  ## 0 means to use the default of 32MiB.
  max_body_size = 0

  ## Maximum line size allowed to be sent in bytes.
  ##   deprecated in 1.14; parser now handles lines of unlimited length and option is ignored
  # max_line_size = 0

  ## Set one or more allowed client CA certificate file names to
  ## enable mutually authenticated TLS connections
  #tls_allowed_cacerts = ["/etc/telegraf/clientca.pem"]

  ## Add service certificate and key
  #tls_cert = "/etc/telegraf/cert.pem"
  #tls_key = "/etc/telegraf/key.pem"

  ## Optional tag name used to store the database name.
  ## If the write has a database in the query string then it will be kept in this tag name.
  ## This tag can be used in downstream outputs.
  ## The default value of nothing means it will be off and the database will not be recorded.
  ## If you have a tag that is the same as the one specified below, and supply a database,
  ## the tag will be overwritten with the database supplied.
  # database_tag = ""

  ## If set the retention policy specified in the write query will be added as
  ## the value of this tag name.
  retention_policy_tag = "Forever"

  ## Optional username and password to accept for HTTP basic authentication.
  ## You probably want to make sure you have TLS configured above for this.
  basic_username = "user"
  basic_password = "pass"


[[outputs.influxdb_v2]]
  ## The URLs of the InfluxDB cluster nodes.
  ##
  ## Multiple URLs can be specified for a single cluster, only ONE of the
  ## urls will be written to each interval.
  ## urls exp: http://127.0.0.1:8086
  urls = ["http://xyz:8086"]

  ## Token for authentication.
  token = "xxx"

  ## Organization is the name of the organization you wish to write to; must exist.
  organization = "default"

  ## Destination bucket to write into.
  bucket = "default"

The input can you generate by clicking in InfluxDB: 'Load Data' > 'Sources' > Search for 'influx' and select the 'InfluxDB Listener' and copy the config. The output can you generate by clicking in InfluxDB: 'Load Data' > 'Telegraf' > Purple button 'InfluxDB Output plugin'.

Good luck!

Upvotes: 1

Related Questions