Dec 25 2022

InfluxDB

InfluxDB monitoring and integration with ZabbixInfluxDB is an open-source time series database developed by the company InfluxData. It is written in the Go programming language for storage and retrieval of time series data in fields such as operations monitoring, application metrics, Internet of Things sensor data, and real-time analytics.

Step 1: Install InfluxDB

Add the InfluxDB GPG key to trusted repository

# get -qO- https://repos.influxdata.com/influxdb.key | sudo apt-key add -

Add the InfluxDB package repository to the apt sources /etc/apt/sources.list.d/influxdb.list

# echo "deb https://repos.influxdata.com/debian $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/influxdb.list

Install the InfluxDB software pacakge

# apt install -y influxdb

Edit the InfluxDB configuration file /etc/influxdb/influxdb.conf and define basic configuration settings for the location of the database, logging details or retention

[meta]
  # Where the metadata/raft database is stored
  dir = "/var/lib/influxdb/meta"

[data]
  # The directory where the TSM storage engine stores TSM files.
  dir = "/var/lib/influxdb/data"

  # The directory where the TSM storage engine stores WAL files.
  wal-dir = "/var/lib/influxdb/wal"

  # Trace logging provides more verbose output around the tsm engine. Turning
  # this on can provide more useful output for debugging tsm engine issues.
  trace-logging-enabled = false

  # Whether queries should be logged before execution. Very useful for troubleshooting, but will
  # log any sensitive data contained within a query.
  query-log-enabled = false

[retention]
  # Determines whether retention policy enforcement enabled.
  enabled = true

  # The interval of time when retention policy enforcement checks run.
  check-interval = "30m"

Start and enable InfluxDB

# systemctl enable influxdb
# systemctl start influxdb

Step 2: Enable TLS/SSL

Generate host certificates for this specific service and place them in the system SSL repository with appropriate permissions:

# mkdir /etc/influxdb/ssl

# cp <service-key> /etc/influxdb/ssl/influxdb.key
# cp <service-cert> /etc/influxdb/ssl/influxdb.pem

# chown root:influxdb /etc/influxdb/ssl/influxdb.key
# chown root:influxdb /etc/influxdb/ssl/influxdb.pem

# chmod 640 /etc/influxdb/ssl/influxdb.key
# chmod 644 /etc/influxdb/ssl/influxdb.pem

Edit the InfluxDB configuration file /etc/influxdb/influxdb.conf,

[http]

  # The bind address used by the HTTP service.
  bind-address = ":8086"

  # Determines whether HTTPS is enabled.
  https-enabled = true

  # The SSL certificate to use when HTTPS is enabled.
  https-certificate = "/etc/influxdb/ssl/influxdb.crt"

  # Use a separate private key location.
  https-private-key = "/etc/influxdb/ssl/influxdb.pem"

[subscriber]
  # Determines whether the subscriber service is enabled.
  enabled = true

  # Allows insecure HTTPS connections to subscribers.  This is useful when testing with self-
  # signed certificates.
  insecure-skip-verify = false

  # The path to the PEM encoded CA certs file. If the empty string, the default system certs will be used
  ca-certs = "/etc/ssl/certs/ca-certificates.crt"

[tls]
  # Determines the available set of cipher suites. See https://golang.org/pkg/crypto/tls/#pkg-constants
  # for a list of available ciphers, which depends on the version of Go (use the query
  # SHOW DIAGNOSTICS to see the version of Go used to build InfluxDB). If not specified, uses
  # the default settings from Go's crypto/tls package.
  ciphers = [
     "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
     "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
  ]

  # Minimum version of the tls protocol that will be negotiated. If not specified, uses the
  # default settings from Go's crypto/tls package.
  min-version = "tls1.2"

Restart and enable InfluxDB

# systemctl restart influxdb

Step 3: Create Admin User & Enable Authenticaiton

Connect to the database with the InfluxDB CLI create a new admin user, as we enabled TLS/SSL it will not support connecting to localhost, use the SSL defined hostname:

# influx -ssl -host <hostname>

InfluxDB shell version: 1.8.10
> create user influxadmin with password 'fJJzkkdlsjfklMnb2' with all privileges

Edit the InfluxDB configuration file /etc/influxdb/influxdb.conf and force authentication

[http]

  # Determines whether user authentication is enabled over HTTP/HTTPS.
  auth-enabled = true

  # Enables authentication on pprof endpoints. Users will need admin permissions
  # to access the pprof endpoints when this setting is enabled. This setting has
  # no effect if either auth-enabled or pprof-enabled are set to false.
  pprof-auth-enabled = false

Step 4: Create a Database with Retention

Connect to the database with the InfluxDB CLI create a database for e.g. telegraf with a specific 14 day retention which is also the default and create a dedicated telegraf account with permissions to the telegraf database.

# influx -ssl -host <hostname>

InfluxDB shell version: 1.8.10
> create database telegraf
> create retention policy internal_14d on telegraf duration 14d replication 1 DEFAULT
> create user telegraf with password 'randompassword1234!'
> grant all on telegraf to telegraf