search

influxdata / influxdb

Scalable datastore for metrics, events, and real-time analytics
https://influxdata.com
Apache License 2.0
28.59k stars 3.54k forks source link

Failed to connect to InfluxDBv2 instance with Kapacitor #20587

Closed ondrej-ivanko closed 2 years ago

ondrej-ivanko commented 3 years ago

Steps to reproduce: List the minimal actions needed to reproduce the behavior.

  1. Create Kubernetes cluster
  2. Use Helm3 and install InfluxDB2 chart with Image version 2.0.3 from quai.io
  3. map bucket to database and retention policy like this: https://docs.influxdata.com/influxdb/v2.0/query-data/influxql/#map-unmapped-buckets
  4. Write your Kapacitor configuration file according the guide here: https://docs.influxdata.com/influxdb/v2.0/tools/kapacitor/#specify-your-influxdb-url in Kubernetes configmap, to be able to connect to InfluxDBv2 instance.
  5. Use Helm3 and install Kapacitor chart with Image version 1.5.7-alpine

Expected behavior: Kapacitor should connect to InfluxDBv2 instance and be able to read/write into bucket

Actual behavior: Kapacitator connecting to InfluxDBv2 instance returns 401 unauthorized error

Environment info: Linux 5.8.0-38-generic x86_64 InfluxDB 2.0.3 (git: fe04d346df) build_date: 2020-12-15T01:00:16Z Kapacitor OSS version 1.5.2 (git: HEAD 3086452d00830e01d932838d8c6d1df818648ad3)

Config: Relevant part of ConfigMap. File is mounted on path /etc/kapacitor/kapacitor.conf

kapacitor.conf: |+
    hostname = "kapacitor-kapacitor"
    data_dir = "/var/lib/kapacitor"
    skip-config-overrides = false
    default-retention-policy = "1440h"

    [http]
      # HTTP API Server for Kapacitor
      # This server is always on,
      # it serves both as a write endpoint
      # and as the API endpoint for all other
      # Kapacitor calls.
      bind-address = ":9092"
      auth-enabled = false
      log-enabled = false
      write-tracing = false
      pprof-enabled = false
      https-enabled = false
      # https-certificate = "/etc/ssl/kapacitor.pem"
      shutdown-timeout = "10s"

    [replay]
      dir = "/var/lib/kapacitor/replay"

    [storage]
      boltdb = "/var/lib/kapacitor/kapacitor.db"

    [task]
      dir = "/var/lib/kapacitor/tasks"
      snapshot-interval = "1m0s"

    [logging]
      file = "STDERR"
      level = "INFO"

    [config-override]
      enabled = true

    [load]
      enabled = true
      # this dir requires there to be a __subdirectory__ called 'tasks'
      dir = "/load/"

[[influxdb]]
      enabled = true
      default = true
      urls = ["http://influx2-influxdb.influx2-test:8086"]
      username = "admin"
      password = "here is the base64 decoded token related to 'admin' account. Admin has all the priviliges to write/read any buckets"
      timeout = 0
      #   ssl-ca = "/etc/kapacitor/ca.pem"
      #   ssl-cert = "/etc/kapacitor/cert.pem"
      #   ssl-key = "/etc/kapacitor/key.pem"

      insecure-skip-verify = false

      startup-timeout = "5m"

      disable-subscriptions = true

      subscription-mode = "cluster"

      subscription-protocol = "http"

      subscriptions-sync-interval = "1m0s"

      kapacitor-hostname = ""

      http-port = 0

      udp-bind = ""
      udp-buffer = 1000
      udp-read-buffer = 0

InfluxDB2 instance current config file mounted in /root/config.toml

bolt-path = /root/.influxdbv2/influxd.bolt
engine-path = /root/.influxdbv2/engine
http-bind-address = 8086
influxql-max-select-buckets = 0
influxql-max-select-point = 0
influxql-max-select-series = 0
query-concurrency = 10
reporting-disabled = false
storage-cache-max-memory-size = 1.073741824e+09
storage-cache-snapshot-memory-size = 2.62144e+07
storage-cache-snapshot-write-cold-duration = 10m0s
storage-compact-full-write-cold-duration = 4h0m0s
storage-compact-throughput-burst = 5.0331648e+07
storage-retention-check-interval = 30m0s
storage-shard-precreator-advance-period = 30m0s
storage-shard-precreator-check-interval = 10m0s
tls-cert = /etc/ssl/influxdb.pem
tls-key =

Logs: Kubernetes logs of Kapacitor pod: Screenshot from 2021-01-25 10-09-48

Bucket mapping: Screenshot from 2021-01-25 10-12-23

org list Screenshot from 2021-01-25 10-12-56

bucket list Screenshot from 2021-01-25 10-13-26

Im at loss, what else should be done to authorize access to Influx instance. I also used different tokens with auths specifically for org and rp related to bucket, which I want to write to. I tried base64 decoded and encoded ones. Did not work.

I do not have limited access to InfluxDB2 instance via RBAC, I set up those instances myself.

Thank you for help.

RaniaMidaoui commented 3 years ago

I spent nearly 3 days trying to solve this, I have the exact same issue. Did you find a solution? Thank you.

filip-we commented 2 years ago

I know this was posted ages ago but here is another issue describing how to connect Kapacitor with an InfluxDB2-instance. It is not very straight forward if I may say. I have not tried it myself but see a problem in the scenario you later want to do kapacitor-tasks on a new database. Then you will need to delete and recreate the user with new permissions, as I understand the influxdb v1-user system.