Smoother influx CLI intergration

[SimonHoenscheid]

Use Case

The InfluxDB Module creates a SSL encrypted setup by default, which is great. But this seup creates two pitfalls with the influx CLI:

1. The CLI needs additional parameters to be able to establish a connection. This can be solved with an influx CLI config

influx config create --config-name default --host-url https://$(facter networking.fqdn):8086 --org puppetlabs --token $(cat /root/.influxdb_token) --active

2. Even with this config the connection will not work, because the CA is "self -signed" and not trusted

influx org list
 Error: failed to list orgs: Get "https://****:8086/api/v2/orgs": x509: certificate signed by unknown authority

AFAIK there is no parameter to allow the CA, but it helps to import it to the system store. Maybe it helps to announce the full chain to InfluxDB.

Describe the Solution You Would Like

The module creates a CLI config and imports the puppet CA to the system store

Describe Alternatives You've Considered

Add this information to various readme files

[henriklb]

Just encountered this issue recently. I would certainly appreciate this enhancement.

[henriklb]

To add to this: Setting use_ssl => false, still does not to create a influx config for the CLI.

The regular packaged install of influxdb2 does this, I believe.

[m0dular]

Hi @henriklb and @SimonHoenscheid, I looked into this and it would be a good feature request to add to the module. However, we don't currently set up the cli as it comes from a different package than the influxdb2 one we use. We would need to add more resources for installing this package, setting up the config, etc.

That said, I think the --skip-verify flag is the only thing you need to work around this. I was able to make it work with that.

$ influx org list --skip-verify
ID                      Name
fe6b0c64bbbe9647        puppetlabs

[m0dular]

@henriklb @SimonHoenscheid Does this option work for you?