diff --git a/content/enterprise_influxdb/v1/_index.md b/content/enterprise_influxdb/v1/_index.md index 3f4c28728..8ed0e8d53 100644 --- a/content/enterprise_influxdb/v1/_index.md +++ b/content/enterprise_influxdb/v1/_index.md @@ -3,10 +3,10 @@ title: InfluxDB Enterprise documentation description: > Documentation for InfluxDB Enterprise, which adds clustering, high availability, fine-grained authorization, and more to InfluxDB OSS. aliases: - - /enterprise/v1.10/ + - /enterprise/v1.11/ menu: enterprise_influxdb_v1: - name: InfluxDB Enterprise v1.10 + name: InfluxDB Enterprise v1.11 weight: 1 --- diff --git a/content/enterprise_influxdb/v1/about-the-project/release-notes-changelog.md b/content/enterprise_influxdb/v1/about-the-project/release-notes.md similarity index 86% rename from content/enterprise_influxdb/v1/about-the-project/release-notes-changelog.md rename to content/enterprise_influxdb/v1/about-the-project/release-notes.md index 8d83a095f..98e414562 100644 --- a/content/enterprise_influxdb/v1/about-the-project/release-notes-changelog.md +++ b/content/enterprise_influxdb/v1/about-the-project/release-notes.md @@ -1,5 +1,5 @@ --- -title: InfluxDB Enterprise 1.10 release notes +title: InfluxDB Enterprise 1.11 release notes description: > Important changes and what's new in each version InfluxDB Enterprise. menu: @@ -9,7 +9,194 @@ menu: parent: About the project --- -## 1.10 [2022-09-07] +## v1.11.3 [2023/10/12] + +{{% note %}} +#### InfluxDB Enterprise and FIPS-compliance + +**InfluxDB Enterprise 1.11+** introduces builds that are compliant with +[Federal Information Processing Standards (FIPS)](https://www.nist.gov/standardsgov/compliance-faqs-federal-information-processing-standards-fips) +and adhere to a strict set of security standards. Both standard and FIPS-compliant +InfluxDB Enterprise builds are available. For more information, see +[FIPS-compliant InfluxDB Enterprise builds](/enterprise_influxdb/v1/introduction/installation/fips-compliant/). +{{% /note %}} + +### Bug Fixes + +- Surround binary expressions in parenthesis. +- Miscellaneous build-system and continuous integration fixes. + +### Other + +- Generate `DIGESTS.tag` for each release. +- Update `golang.org/x/crypto` version to match `go.mod`. +- Upgrade Go to 1.20.10. + +--- + +## v1.11.2 [2023/09/28] + +### Features + +- Add crypto implementation information to `/debug/vars`. +- Explicitly run a FIPS POST and log results to ensure the POST is run. +- Eliminate false FIPS audit failures for replaced modules. + +### Flux updates + +- Add microsecond and nanosecond support to [`iox.sqlInterval()`](/flux/v0/stdlib/experimental/iox/sqlinterval/). +- Add `onNonmonotonic` parameter to [`histogramQuantile()`](/flux/v0/stdlib/universe/histogramquantile/) + to define behavior when bin counts are not monotonically increasing. +- Add [`geo.totalDistance()`](/flux/v0/stdlib/experimental/geo/totaldistance/) + to aggregate total distance of consecutive points. +- Add [`iox.sqlInterval()`](/flux/v0/stdlib/experimental/iox/sqlinterval/) to + convert Flux durations to SQL interval strings. +- Add the [`contrib/qxip/hash`](/flux/v0/stdlib/contrib/qxip/hash/) package which + includes hashing functions. +- Add the [`contrib/qxip/logql`](/flux/v0/stdlib/contrib/qxip/logql/) package + which provides functions for working with + [Grafana Loki](https://grafana.com/oss/loki/) and [LogQL](https://grafana.com/docs/loki/latest/logql/). +- Add the [`contrib/qxip/clickhouse`](/flux/v0/stdlib/contrib/qxip/clickhouse/) + package which provides functions for querying data from [Clickhouse](https://clickhouse.com/). +- Add [`types.isNumeric()`](/flux/v0/stdlib/types/isnumeric/) to test for numeric values. +- Add [`dynamic.isType()`](/flux/v0/stdlib/experimental/dynamic/istype/) function. +- Add [`dynamic.asArray()`](/flux/v0/stdlib/experimental/dynamic/asarray/) function. +- Add JSON functions that work with dynamic values: + - [`dynamic.jsonParse()`](/flux/v0/stdlib/experimental/dynamic/jsonparse/) + - [`dynamic.jsonEncode()`](/flux/v0/stdlib/experimental/dynamic/jsonencode/) +- Add [`iox.sql()`](/flux/v0/stdlib/experimental/iox/sql/) function. +- Add [dynamic type](/flux/v0/data-types/dynamic/). +- Add dynamic wrapper function. +- Add array type conversion functions to the [experimental `array` package](/flux/v0/stdlib/experimental/array/). +- Add support for piped-forward arrays to [`array.from()`](/flux/v0/stdlib/array/from/). +- Add parameter to [`experimental.unpivot()`](/flux/v0/stdlib/experimental/unpivot/) + for non-field and non-group-key columns. +- Add [`experimental/polyline` package](/flux/v0/stdlib/experimental/polyline) for + downsampling data. +- Support `apiKey` parameter in [`zenoss.event()`](/flux/v0/stdlib/contrib/bonitoo-io/zenoss/event/) + and [`zenoss.endpoint()`](/flux/v0/stdlib/contrib/bonitoo-io/zenoss/endpoint/). +- Optimize the Holt Winters implementation by using the + [gonum Nelder-Mead optimization](https://github.com/gonum/gonum/blob/master/optimize/neldermead.go). +- Add multiple new join functions to the [`join`](/flux/v0/stdlib/join/) package + such as [`join.full()`](/flux/v0/stdlib/join/full/). +- Add [`initialZero`](/flux/v0/stdlib/universe/derivative/#initialzero) parameter + to the derivative function. +- Add builtin function, [`time()`](/flux/v0/stdlib/date/time/), to the `date` + package to convert any timeable into datetime. + +### Bug Fixes + +- Miscellaneous build system and continuous integration fixes. +- Execute `compact-series-file` at startup. +- Pass `CIRCLE_TAG` to package builder. + +### Other + +- Upgrade to Go 1.19.6. +- Fix arm builds for macOS. +- Fix issue when building `boringcrypto` builds on fresh containers. +- Upgrade enterprise license key references. +- Update influxdb to remove `golang.org/x/crypto/ssh` usage. +- Upgrade Flux to 0.194.3. +- Various build-system and continuous integration updates. + +--- + +## v1.11.1 [2023/04/13] + +### Features + +- Audit enabled TLS cipher suites for FIPS builds. +- Implement remote artifact signing. +- Output the log level on startup. +- On `SIGHUP`, restart the anti-entropy service and reload configuration. +- Use BoringCrypto's `PBKDF2` implementation for FIPS builds. +- Implement FIPS-compliant in-memory password hash caching. +- Honor `ensure-fips` for crypto and TLS implementations on startup + +### Bug Fixes + +- Handle an edge case where operator precedence was not handled correctly. +- Surround binary expressions in parenthesis. +- Miscellaneous build system and continuous integration fixes. +- Update Dockerfiles to support Alpine and Ruby. +- Prevent index out of range panic in merge cursor code. +- Add tests for boringcrypto and fipsonly builds. +- Optimize `SHOW FIELD KEY CARDINALITY` metaquery. +- Update Makefile to locate `pkg-config` dependency. + +### Other + +- Upgrade Go to 1.19.8. +- Upgrade Flux to v0.188.0. +- Update log levels to `error` or `warn` where appropriate. +- Update Influxdb to remove the `golang.org/x/crypto/ssh` dependency. +- Use the correct version of Flux for FIPS builds. +- Use `pkg/boringutil/xcrypto` instead of `golang.org/x/crypto` for FIPS builds. +- Remove `golang.org/x/crypto/bcrypt` dependency from FIPS build. +- Eliminate the `golang.org/x/crypto` dependencies. +- Use common semantic PR and commit message checks. +- Automatically resolve git tags for `changelogger`. +- Add peer address and stream ID to logging context. +- Enable FIPS builds. +- Use scheduled pipeline. +- Add script and Makefile rules to audit binaries for packages disallowed by FIPS. + +--- + +## v1.10.4 [2023/06/22] + +### Other + +- Update Influxdb `go.mod` version. +- Upgrade Influxdb reference (1.10). + +--- + +## v1.10.3 [2023/04/13] + +### Features + +- Implement remote artifact signing. + +### Bug Fixes + +- Checkout repo in `changelog_*` workflows. +- Miscellaneous build-system and continuous integration updates. +- Correct spelling of "fingerprints". + +### Other + +- Update CircleCI automation and packages +- Build `digest` and `influx_tools`. + +--- + +## v1.10.2 [2023/03/13] + +### Features + +- Allow limiting authentication methods for meta API. + +--- + +## v1.10.1 [2023/02/10] + +### Bug Fixes + +- Update Dockerfiles to support Alpine and Ruby. +- Add monitoring to the continuous query service. +- Remove unnecessary buffer. + +### Other + +- Update Go to 1.18.9. +- Use scheduled pipeline. +- Prevent `index out of range` panic in merge cursor process. + +--- + +## v1.10.0 [2022-09-07] ### Features - Add [/api/v2/buckets](/enterprise_influxdb/v1/tools/api/#apiv2buckets-http-endpoint) support for create, delete, list, retrieve, and update operations. @@ -21,13 +208,13 @@ menu: #### Flux updates - Add `preview()` to experimental package for limiting return rows and tables (as opposed to just rows with `limit()`). -- Add [date.scale()](/flux/v0.x/stdlib/date/scale/) to let users dynamically scale durations in dates. +- Add [date.scale()](/flux/v0/stdlib/date/scale/) to let users dynamically scale durations in dates. - Add [OpenTracing](https://opentracing.io/docs/overview/spans/) spans to Flux transformations. Lets you monitor Flux scripts more precisely. - Add `trace` option to Flux CLI. -- Rename `addDuration()` to [add](/flux/v0.x/stdlib/date/add/) and `subDuration()` to [sub](/flux/v0.x/stdlib/date/sub/), +- Rename `addDuration()` to [add](/flux/v0/stdlib/date/add/) and `subDuration()` to [sub](/flux/v0/stdlib/date/sub/), and moved both of these functions from the experimental package to the date package. -- Add location support to [date.truncate()](/flux/v0.x/stdlib/date/truncate/). -- Vectorize arithmetic operators in [map()](/flux/v0.x/stdlib/universe/map/). +- Add location support to [date.truncate()](/flux/v0/stdlib/date/truncate/). +- Vectorize arithmetic operators in [map()](/flux/v0/stdlib/universe/map/). - Vectorize logical operations in `map()`. - Enable `movingAverage()` and `cumulativeSum()` optimizations by default. @@ -50,11 +237,13 @@ and moved both of these functions from the experimental package to the date pack - Fix shard confusion when multiple sub-queries reference different retention policies. ### Maintenance updates -- Upgrade to [Flux 0.170.0](/flux/v0.x/release-notes/#v01700-2022-06-02). +- Upgrade to [Flux 0.170.0](/flux/v0/release-notes/#v01700-2022-06-02). - Upgrade to Go 1.18.3. - Fixes issue with OSXCross and Darwin builds. This results in the new minimum OSX version being MacOSX10.14/darwin18. -## 1.9.8 [2022-07-11] +--- + +## v1.9.8 [2022-07-11] ### Features - Expose passive node feature to influxd-ctl and the API. @@ -83,9 +272,11 @@ and moved both of these functions from the experimental package to the date pack ### Maintenance updates - Upgrade to Go 1.17.11 -- Update to [Flux v0.161.0](/flux/v0.x/release-notes/#v01610-2022-03-24). +- Update to [Flux v0.161.0](/flux/v0/release-notes/#v01610-2022-03-24). -## 1.9.7 [2022-05-26] +--- + +## v1.9.7 [2022-05-26] {{% warn %}} An edge case regression was introduced into this version that may cause a constant build-up of hinted handoff if writes are rejected due to malformed requests. If you experience write errors and hinted hand-off growth, we recommend upgrading to 1.9.8 or the latest release. @@ -113,9 +304,11 @@ An edge case regression was introduced into this version that may cause a consta ### Maintenance updates - Upgrade to Go 1.17.9 -- Update to [Flux v0.161.0](/flux/v0.x/release-notes/#v01610-2022-03-24). +- Update to [Flux v0.161.0](/flux/v0/release-notes/#v01610-2022-03-24). -## 1.9.6 [2022-02-16] +--- + +## v1.9.6 [2022-02-16] {{% note %}} InfluxDB Enterprise offerings are no longer available on AWS, Azure, and GCP marketplaces. Please [contact Sales](https://www.influxdata.com/contact-sales/) to request an license key to [install InfluxDB Enterprise in your own environment](/enterprise_influxdb/v1/introduction/installation/). {{% /note %}} @@ -136,7 +329,7 @@ An edge case regression was introduced into this version that may cause a consta ### Maintenance updates -- Update to [Flux v0.140](/flux/v0.x/release-notes/#v01400-2021-11-22). +- Update to [Flux v0.140](/flux/v0/release-notes/#v01400-2021-11-22). - Upgrade to Go 1.17. - Upgrade `protobuf` library. @@ -160,6 +353,8 @@ An edge case regression was introduced into this version that may cause a consta - Improve [`influxd-ctl join`](/enterprise_influxdb/v1/tools/influxd-ctl/join/) robustness and provide better error messages on failure. - Add user friendly error message when accessing a TLS-enabled server without TLS enabled on client. +--- + ## v1.9.5 [2021-10-11] {{% note %}} @@ -182,9 +377,10 @@ Changes below are included in InfluxDB Enterprise 1.9.5. - Improve memory performance by making `compact-full-write-cold-duration` apply to both TSM files and the TSI index. #### Maintenance updates - Update Protocol Buffers library versions. -- Update to Flux [0.131.0](/flux/v0.x/release-notes/#v01310-2021-09-20). +- Update to Flux [0.131.0](/flux/v0/release-notes/#v01310-2021-09-20). ### Bug fixes + #### Data - Fix issue with adjacent shards accidentally overlapping during `influx_tools import`. - Prevent dropped writes with overlapping shards in certain edge cases. @@ -212,6 +408,8 @@ Changes below are included in InfluxDB Enterprise 1.9.5. - Fix incorrect TLS handling for `influxd-ctl entropy` commands. - Use TLS for nested LDAP connections when TLS is enabled. +--- + ## v1.9.3 [2021-07-19] ### Features @@ -235,6 +433,8 @@ Changes below are included in InfluxDB Enterprise 1.9.5. - Make `total-max-memory-bytes` and other flux controller configuration work correctly. - Use a constant amount of RAM as hinted handoff grows, instead of growing RAM usage. +--- + ## v1.9.2 [2021-06-17] The release of InfluxDB Enterprise 1.9 is different from previous InfluxDB Enterprise releases @@ -313,6 +513,8 @@ in that there is no corresponding InfluxDB OSS release. Bug fixes intended for 1.9.0 and 1.9.1 were rolled into InfluxDB Enterprise 1.9.2. {{% /note %}} +--- + ## v1.8.6 [2021-05-21] {{% warn %}} @@ -340,11 +542,13 @@ Versions prior to InfluxDB Enterprise 1.8.5 are not affected. - Previously, the Anti-Entropy service would loop trying to copy an empty shard to a data node missing that shard. Now, an empty shard is successfully created on a new node. - Check for previously ignored errors in `DiffIterator.Next()`. Update to check before possible function exit and ensure handles are closed on error in digest diffs. +--- + ## v1.8.5 [2020-04-20] The InfluxDB Enterprise v1.8.5 release builds on the InfluxDB OSS v1.8.5 release. For details on changes incorporated from the InfluxDB OSS release, see -[InfluxDB OSS release notes](/influxdb/v1/about_the_project/releasenotes-changelog/#v185-2021-04-20). +[InfluxDB OSS release notes](/influxdb/v1/about_the_project/release-notes/#v185-2021-04-20). ### Bug fixes @@ -354,11 +558,13 @@ For details on changes incorporated from the InfluxDB OSS release, see - Add labels to the values returned in SHOW SHARDS output to clarify the node ID and TCP address. - Always forward repairs to the next data node (even if the current data node does not have to take action for the repair). +--- + ## v1.8.4 [2020-02-08] The InfluxDB Enterprise 1.8.4 release builds on the InfluxDB OSS 1.8.4 release. For details on changes incorporated from the InfluxDB OSS release, see -[InfluxDB OSS release notes](/influxdb/v1/about_the_project/releasenotes-changelog/#v1-8-4-unreleased). +[InfluxDB OSS release notes](/influxdb/v1/about_the_project/release-notes/#v1-8-4-unreleased). > **Note:** InfluxDB Enterprise 1.8.3 was not released. Bug fixes intended for 1.8.3 were rolled into InfluxDB Enterprise 1.8.4. @@ -373,13 +579,15 @@ Add the ability to [renew or update your license key or file](/enterprise_influx - Correct output for `influxd-ctl show shards`. - Properly encode/decode `control.Shard.Err`. +--- + ## v1.8.2 [2020-08-24] The InfluxDB Enterprise 1.8.2 release builds on the InfluxDB OSS 1.8.2 and 1.8.1 releases. Due to a defect in InfluxDB OSS 1.8.1, InfluxDB Enterprise 1.8.1 was not released. This release resolves the defect and includes the features and bug fixes listed below. For details on changes incorporated from the InfluxDB OSS release, see -[InfluxDB OSS release notes](/influxdb/v1/about_the_project/releasenotes-changelog/). +[InfluxDB OSS release notes](/influxdb/v1/about_the_project/release-notes/). ### Features @@ -400,11 +608,13 @@ For details on changes incorporated from the InfluxDB OSS release, see - LDAP configuration: `GroupSearchBaseDNs`, `SearchFilter`, `GroupMembershipSearchFilter`, and `GroupSearchFilter` values in the LDAP section of the configuration file are now all escaped. - Eliminate orphaned, temporary directories when an error occurs during `processCreateShardSnapshotRequest()` and provide useful log information regarding the reason a temporary directory is created. -## v1.8 [2020-04-27] +--- + +## v1.8.0 [2020-04-27] The InfluxDB Enterprise 1.8 release builds on the InfluxDB OSS 1.8 release. For details on changes incorporated from the InfluxDB OSS release, see -[InfluxDB OSS release notes](/influxdb/v1/about_the_project/releasenotes-changelog/). +[InfluxDB OSS release notes](/influxdb/v1/about_the_project/release-notes/). ### Features @@ -428,11 +638,13 @@ For more information, see the [`influxd-ctl backup` syntax](/enterprise_influxdb - Update the Anti-Entropy (AE) service to ignore expired shards. +--- + ## v1.7.10 [2020-02-07] The InfluxDB Enterprise 1.7.10 release builds on the InfluxDB OSS 1.7.10 release. For details on changes incorporated from the InfluxDB OSS release, see -[InfluxDB OSS release notes](/influxdb/v1/about_the_project/releasenotes-changelog/). +[InfluxDB OSS release notes](/influxdb/v1/about_the_project/release-notes/). ### Features - Log when meta state file cannot be opened. @@ -441,11 +653,13 @@ For details on changes incorporated from the InfluxDB OSS release, see - Update `MaxShardGroupID` on meta update. - Don't reassign shard ownership when removing a data node. +--- + ## v1.7.9 [2019-10-27] The InfluxDB Enterprise 1.7.9 release builds on the InfluxDB OSS 1.7.9 release. For details on changes incorporated from the InfluxDB OSS release, see -[InfluxDB OSS release notes](/influxdb/v1/about_the_project/releasenotes-changelog/). +[InfluxDB OSS release notes](/influxdb/v1/about_the_project/release-notes/). ### Release notes - This release is built using Go 1.12.10 which eliminates the @@ -457,7 +671,9 @@ For details on changes incorporated from the InfluxDB OSS release, see - Fix RPC pool TLS configuration. - Update example configuration file with new authorization options. -## 1.7.8 [2019-09-03] +--- + +## v1.7.8 [2019-09-03] {{% warn %}} InfluxDB now rejects all non-UTF-8 characters. @@ -467,7 +683,7 @@ InfluxDB Enterprise customers can contact InfluxData support for more informatio {{% /warn %}} The InfluxDB Enterprise 1.7.8 release builds on the InfluxDB OSS 1.7.8 release. -For details on changes incorporated from the InfluxDB OSS release, see [InfluxDB OSS release notes](/influxdb/v1/about_the_project/releasenotes-changelog/). +For details on changes incorporated from the InfluxDB OSS release, see [InfluxDB OSS release notes](/influxdb/v1/about_the_project/release-notes/). ### Bug fixes - Clarified `influxd-ctl` error message when the Anti-Entropy (AE) service is disabled. @@ -478,9 +694,11 @@ For details on changes incorporated from the InfluxDB OSS release, see [InfluxDB ### Features - The Flux Technical Preview has advanced to version [0.36.2](/flux/v0.36/). -## 1.7.7 [2019-07-12] +--- -The InfluxDB Enterprise 1.7.7 release builds on the InfluxDB OSS 1.7.7 release. For details on changes incorporated from the InfluxDB OSS release, see [InfluxDB OSS release notes](/influxdb/v1/about_the_project/releasenotes-changelog/). +## v1.7.7 [2019-07-12] + +The InfluxDB Enterprise 1.7.7 release builds on the InfluxDB OSS 1.7.7 release. For details on changes incorporated from the InfluxDB OSS release, see [InfluxDB OSS release notes](/influxdb/v1/about_the_project/release-notes/). ### Known issues @@ -497,15 +715,19 @@ The InfluxDB Enterprise 1.7.7 release builds on the InfluxDB OSS 1.7.7 release. - Always forward AE repair to next node. - Improve hinted handoff metrics. -## 1.7.6 [2019-05-07] +--- -This InfluxDB Enterprise release builds on the InfluxDB OSS 1.7.6 release. For details on changes incorporated from the InfluxDB OSS release, see [InfluxDB OSS release notes](/influxdb/v1/about_the_project/releasenotes-changelog/). +## v1.7.6 [2019-05-07] + +This InfluxDB Enterprise release builds on the InfluxDB OSS 1.7.6 release. For details on changes incorporated from the InfluxDB OSS release, see [InfluxDB OSS release notes](/influxdb/v1/about_the_project/release-notes/). ### Bug fixes - Reverts v1.7.5 InfluxQL regressions that removed parentheses and resulted in operator precedence causing changing results in complex queries and regular expressions. -## 1.7.5 [2019-03-26] +--- + +## v1.7.5 [2019-03-26] {{% warn %}} @@ -522,7 +744,7 @@ Examples: {{% /warn %}} -This InfluxDB Enterprise release builds on the InfluxDB OSS 1.7.5 release. For details on changes incorporated from the InfluxDB OSS release, see [InfluxDB OSS release notes](/influxdb/v1/about_the_project/releasenotes-changelog/). +This InfluxDB Enterprise release builds on the InfluxDB OSS 1.7.5 release. For details on changes incorporated from the InfluxDB OSS release, see [InfluxDB OSS release notes](/influxdb/v1/about_the_project/release-notes/). ### Features @@ -533,17 +755,21 @@ This InfluxDB Enterprise release builds on the InfluxDB OSS 1.7.5 release. For d - Anti-Entropy: fix `contains no .tsm files` error. - `fix(cluster)`: account for nil result set when writing read response. -## 1.7.4 [2019-02-13] +--- -This InfluxDB Enterprise release builds on the InfluxDB OSS 1.7.4 release. For details on changes incorporated from the InfluxDB OSS release, see [InfluxDB OSS release notes](/influxdb/v1/about_the_project/releasenotes-changelog/). +## v1.7.4 [2019-02-13] + +This InfluxDB Enterprise release builds on the InfluxDB OSS 1.7.4 release. For details on changes incorporated from the InfluxDB OSS release, see [InfluxDB OSS release notes](/influxdb/v1/about_the_project/release-notes/). ### Bug fixes - Use `systemd` for Amazon Linux 2. -## 1.7.3 [2019-01-11] +--- -This InfluxDB Enterprise release builds on the InfluxDB OSS 1.7.3 release. For details on changes incorporated from the InfluxDB OSS release, see the [InfluxDB OSS release notes](/influxdb/v1/about_the_project/releasenotes-changelog/). +## v1.7.3 [2019-01-11] + +This InfluxDB Enterprise release builds on the InfluxDB OSS 1.7.3 release. For details on changes incorporated from the InfluxDB OSS release, see the [InfluxDB OSS release notes](/influxdb/v1/about_the_project/release-notes/). ### Important update [2019-02-13] @@ -580,18 +806,23 @@ Prior to v.1.7.3, the anti-entropy (AE) service was enabled by default. When sha - Update sample configuration. -## 1.6.6 [2019-02-28] -------------------- +--- + +## v1.6.6 [2019-02-28] This release only includes the InfluxDB OSS 1.6.6 changes (no Enterprise-specific changes). -## 1.6.5 [2019-01-10] +--- -This release builds off of the InfluxDB OSS 1.6.0 through 1.6.5 releases. For details about changes incorporated from InfluxDB OSS releases, see [InfluxDB OSS release notes](/influxdb/v1/about_the_project/releasenotes-changelog/). +## v1.6.5 [2019-01-10] -## 1.6.4 [2018-10-23] +This release builds off of the InfluxDB OSS 1.6.0 through 1.6.5 releases. For details about changes incorporated from InfluxDB OSS releases, see [InfluxDB OSS release notes](/influxdb/v1/about_the_project/release-notes/). -This release builds off of the InfluxDB OSS 1.6.0 through 1.6.4 releases. For details about changes incorporated from InfluxDB OSS releases, see the [InfluxDB OSS release notes](/influxdb/v1/about_the_project/releasenotes-changelog/). +--- + +## v1.6.4 [2018-10-23] + +This release builds off of the InfluxDB OSS 1.6.0 through 1.6.4 releases. For details about changes incorporated from InfluxDB OSS releases, see the [InfluxDB OSS release notes](/influxdb/v1/about_the_project/release-notes/). ### Breaking changes @@ -647,9 +878,11 @@ The following summarizes the expected settings for proper configuration of JWT a - Reject `influxd-ctl update-data` from one existing host to another. - Require `internal-shared-secret` if meta auth enabled. -## 1.6.2 [08-27-2018] +--- -This release builds off of the InfluxDB OSS 1.6.0 through 1.6.2 releases. For details about changes incorporated from InfluxDB OSS releases, see the [InfluxDB OSS release notes](/influxdb/v1/about_the_project/releasenotes-changelog/). +## v1.6.2 [08-27-2018] + +This release builds off of the InfluxDB OSS 1.6.0 through 1.6.2 releases. For details about changes incorporated from InfluxDB OSS releases, see the [InfluxDB OSS release notes](/influxdb/v1/about_the_project/release-notes/). ### Features @@ -667,13 +900,17 @@ This release builds off of the InfluxDB OSS 1.6.0 through 1.6.2 releases. For de - Ensure the hinted handoff (hh) queue makes forward progress when segment errors occur. - Add hinted handoff (hh) queue back pressure. -## 1.5.4 [2018-06-21] +--- -This release builds off of the InfluxDB OSS 1.5.4 release. Please see the [InfluxDB OSS release notes](/influxdb/v1/about_the_project/releasenotes-changelog/) for more information about the InfluxDB OSS release. +## v1.5.4 [2018-06-21] -## 1.5.3 [2018-05-25] +This release builds off of the InfluxDB OSS 1.5.4 release. Please see the [InfluxDB OSS release notes](/influxdb/v1/about_the_project/release-notes/) for more information about the InfluxDB OSS release. -This release builds off of the InfluxDB OSS 1.5.3 release. Please see the [InfluxDB OSS release notes](/influxdb/v1/about_the_project/releasenotes-changelog/) for more information about the InfluxDB OSS release. +--- + +## v1.5.3 [2018-05-25] + +This release builds off of the InfluxDB OSS 1.5.3 release. Please see the [InfluxDB OSS release notes](/influxdb/v1/about_the_project/release-notes/) for more information about the InfluxDB OSS release. ### Features @@ -685,25 +922,30 @@ This release builds off of the InfluxDB OSS 1.5.3 release. Please see the [Influ * Hinted-handoff: enforce max queue size per peer node. * TSM files not closed when shard deleted. +--- ## v1.5.2 [2018-04-12] -This release builds off of the InfluxDB OSS 1.5.2 release. Please see the [InfluxDB OSS release notes](/influxdb/v1/about_the_project/releasenotes-changelog/) for more information about the InfluxDB OSS release. +This release builds off of the InfluxDB OSS 1.5.2 release. Please see the [InfluxDB OSS release notes](/influxdb/v1/about_the_project/release-notes/) for more information about the InfluxDB OSS release. ### Bug fixes * Running backup snapshot with client's retryWithBackoff function. * Ensure that conditions are encoded correctly even if the AST is not properly formed. +--- + ## v1.5.1 [2018-03-20] This release builds off of the InfluxDB OSS 1.5.1 release. There are no Enterprise-specific changes. -Please see the [InfluxDB OSS release notes](/influxdb/v1/about_the_project/releasenotes-changelog/) for more information about the InfluxDB OSS release. +Please see the [InfluxDB OSS release notes](/influxdb/v1/about_the_project/release-notes/) for more information about the InfluxDB OSS release. + +--- ## v1.5.0 [2018-03-06] > ***Note:*** This release builds off of the 1.5 release of InfluxDB OSS. Please see the [InfluxDB OSS release -> notes](/influxdb/v1/about_the_project/releasenotes-changelog/) for more information about the InfluxDB OSS release. +> notes](/influxdb/v1/about_the_project/release-notes/) for more information about the InfluxDB OSS release. For highlights of the InfluxDB 1.5 release, see [What's new in InfluxDB 1.5](/influxdb/v1/about_the_project/whats_new/). @@ -759,6 +1001,8 @@ The default logging format has been changed. See [Logging and tracing in InfluxD * Updated yamux resolves race condition when SYN is successfully sent and a write timeout occurs. * Fix no license message. +--- + ## v1.3.9 [2018-01-19] ### Upgrading -- for users of the TSI preview @@ -773,6 +1017,8 @@ so it will require downtime. * Discard remote iterators that label their type as unknown. * Do not queue `partial write` errors to hinted handoff. +--- + ## v1.3.8 [2017-12-04] ### Upgrading -- for users of the TSI preview @@ -786,6 +1032,8 @@ If you have been using the TSI preview with 1.3.6 or earlier 1.3.x releases, you - Fix wildcard when one shard has no data for a measurement with partial replication. - Fix spurious `rpc error: i/o deadline exceeded` errors. +--- + ## v1.3.7 [2017-10-26] ### Upgrading -- for users of the TSI preview @@ -804,6 +1052,8 @@ We will update this release note with operational steps once the utility is avai - Address Deadlock issue in meta server on 1.3.6 - Fix logger panic associated with anti-entropy service and manually removed shards. +--- + ## v1.3.6 [2017-09-28] ### Bugfixes @@ -815,27 +1065,35 @@ We will update this release note with operational steps once the utility is avai Contributed back to the yamux project via: https://github.com/hashicorp/yamux/pull/50 - Address data race reading Len() in connection pool. +--- + ## v1.3.5 [2017-08-29] This release builds off of the 1.3.5 release of OSS InfluxDB. -Please see the OSS [release notes](/influxdb/v1/about_the_project/releasenotes-changelog/#v1-3-5-2017-08-29) for more information about the OSS releases. +Please see the OSS [release notes](/influxdb/v1/about_the_project/release-notes/#v1-3-5-2017-08-29) for more information about the OSS releases. + +--- ## v1.3.4 [2017-08-23] -This release builds off of the 1.3.4 release of OSS InfluxDB. Please see the [OSS release notes](/influxdb/v1/about_the_project/releasenotes-changelog/) for more information about the OSS releases. +This release builds off of the 1.3.4 release of OSS InfluxDB. Please see the [OSS release notes](/influxdb/v1/about_the_project/release-notes/) for more information about the OSS releases. ### Bugfixes - Close connection for remote iterators after EOF to avoid writer hanging indefinitely +--- + ## v1.3.3 [2017-08-10] -This release builds off of the 1.3.3 release of OSS InfluxDB. Please see the [OSS release notes](/influxdb/v1/about_the_project/releasenotes-changelog/) for more information about the OSS releases. +This release builds off of the 1.3.3 release of OSS InfluxDB. Please see the [OSS release notes](/influxdb/v1/about_the_project/release-notes/) for more information about the OSS releases. ### Bugfixes - Connections are not closed when `CreateRemoteIterator` RPC returns no iterators, resolved memory leak +--- + ## v1.3.2 [2017-08-04] ### Bug fixes @@ -846,6 +1104,8 @@ This release builds off of the 1.3.3 release of OSS InfluxDB. Please see the [OS - Switch back to using cluster-tracing config option to enable meta HTTP request logging. - Fix remove-data error. +--- + ## v1.3.1 [2017-07-20] #### Bug fixes @@ -854,6 +1114,8 @@ This release builds off of the 1.3.3 release of OSS InfluxDB. Please see the [OS - Switch back to using cluster-tracing config option to enable meta HTTP request logging. - Fix remove-data error. +--- + ## v1.3.0 [2017-06-21] ### Configuration Changes @@ -889,10 +1151,12 @@ The admin UI is removed and unusable in this release. The `[admin]` configuratio - Writing points outside of retention policy does not return error - Decrement internal database's replication factor when a node is removed. +--- + ## v1.2.5 [2017-05-16] This release builds off of the 1.2.4 release of OSS InfluxDB. -Please see the OSS [release notes](/influxdb/v1/about_the_project/releasenotes-changelog/#v1-2-4-2017-05-08) for more information about the OSS releases. +Please see the OSS [release notes](/influxdb/v1/about_the_project/release-notes/#v1-2-4-2017-05-08) for more information about the OSS releases. #### Bug fixes @@ -904,6 +1168,8 @@ Please see the OSS [release notes](/influxdb/v1/about_the_project/releasenotes-c - Reduce the cost of the admin user check for clusters with large numbers of users. - Fix hinted-handoff remote write batching. +--- + ## v1.2.2 [2017-03-15] This release builds off of the 1.2.1 release of OSS InfluxDB. @@ -942,13 +1208,11 @@ This change only affects users who have disabled the `retention-autocreate` opti - Support restores on meta nodes that are not the raft leader ##### Hinted handoff -
- Fix issue where dropped writes were not recorded when the [hinted handoff](/enterprise_influxdb/v1/concepts/clustering/#hinted-handoff) queue reached the maximum size - Prevent the hinted handoff from becoming blocked if it encounters field type errors ##### Other -
- Return partial results for the [`SHOW TAG VALUES` query](/influxdb/v1/query_language/schema_exploration/#show-tag-values) even if the cluster includes an unreachable data node - Return partial results for the [`SHOW MEASUREMENTS` query](/influxdb/v1/query_language/schema_exploration/#show-measurements) even if the cluster includes an unreachable data node @@ -962,6 +1226,8 @@ This change only affects users who have disabled the `retention-autocreate` opti - Fix the `influxd-ctl`'s [force removal](/enterprise_influxdb/v1/features/cluster-commands/#remove-meta) of meta nodes - Update the meta node and data node sample configuration files +--- + ## v1.2.1 [2017-01-25] #### Cluster-specific Bugfixes @@ -970,6 +1236,8 @@ This change only affects users who have disabled the `retention-autocreate` opti  Fix how the system removes expired shards. - Remove misplaced newlines from cluster logs +--- + ## v1.2.0 [2017-01-24] This release builds off of the 1.2.0 release of OSS InfluxDB. @@ -1008,6 +1276,8 @@ To disable the auto-creation of retention policies, set `retention-autocreate` t - Fix the output for `influxd-ctl show-shards` - Send the correct RPC response for `ExecuteStatementRequestMessage` +--- + ## v1.1.5 [2017-04-28] ### Bug fixes @@ -1015,22 +1285,30 @@ To disable the auto-creation of retention policies, set `retention-autocreate` t - Prevent certain user permissions from having a database-specific scope. - Fix security escalation bug in subscription management. +--- + ## v1.1.3 [2017-02-27] This release incorporates the changes in the 1.1.4 release of OSS InfluxDB. Please see the OSS [changelog](https://github.com/influxdata/influxdb/blob/v1.1.4/CHANGELOG.md) for more information about the OSS release. +--- + ### Bug fixes - Delay when a node listens for network connections until after all requisite services are running. This prevents queries to the cluster from failing unnecessarily. - Allow users to set the `GOMAXPROCS` environment variable. +--- + ## v1.1.2 [internal] This release was an internal release only. It incorporates the changes in the 1.1.3 release of OSS InfluxDB. Please see the OSS [changelog](https://github.com/influxdata/influxdb/blob/v1.1.3/CHANGELOG.md) for more information about the OSS release. +--- + ## v1.1.1 [2016-12-06] This release builds off of the 1.1.1 release of OSS InfluxDB. @@ -1045,6 +1323,8 @@ users currently running on the macOS platform, powered by the Darwin operating s - Fix hinted-handoff issue: Fix record size larger than max size  If a Hinted Handoff write appended a block that was larger than the maximum file size, the queue would get stuck because the maximum size was not updated. When reading the block back out during processing, the system would return an error because the block size was larger than the file size -- which indicates a corrupted block. +--- + ## v1.1.0 [2016-11-14] This release builds off of the 1.1.0 release of InfluxDB OSS. @@ -1089,6 +1369,8 @@ Switches to journald logging for on systemd systems. Logs are no longer sent to - Prevent `copy-shard` from retrying if the `copy-shard` command was killed - Prevent a hanging `influxd-ctl add-data` command by making data nodes check for meta nodes before they join a cluster +--- + ## v1.0.4 [2016-10-19] #### Cluster-specific bug fixes @@ -1096,12 +1378,16 @@ Switches to journald logging for on systemd systems. Logs are no longer sent to - Respect the [Hinted Handoff settings](/enterprise_influxdb/v1/administration/configuration/#hinted-handoff) in the configuration file - Fix expanding regular expressions when all shards do not exist on node that's handling the request +--- + ## v1.0.3 [2016-10-07] #### Cluster-specific bug fixes - Fix a panic in the Hinted Handoff: `lastModified` +--- + ## v1.0.2 [2016-10-06] This release builds off of the 1.0.2 release of OSS InfluxDB. Please see the OSS [release notes](https://github.com/influxdata/influxdb/blob/1.0/CHANGELOG.md#v102-2016-10-05) for more information about the OSS release. @@ -1112,6 +1398,8 @@ This release builds off of the 1.0.2 release of OSS InfluxDB. Please see the OS - Fix a panic around a corrupt block in Hinted Handoff - Fix issue where `systemctl enable` would throw an error if the symlink already exists +--- + ## v1.0.1 [2016-09-28] This release builds off of the 1.0.1 release of OSS InfluxDB. @@ -1126,6 +1414,8 @@ for more information about the OSS release. * Fix a panic in the Hinted Handoff: `runtime error: makeslice: len out of range` * Update the data node configuration file so that only the minimum configuration options are uncommented +--- + ## v1.0.0 [2016-09-07] This release builds off of the 1.0.0 release of OSS InfluxDB. diff --git a/content/enterprise_influxdb/v1/administration/configure/config-data-nodes.md b/content/enterprise_influxdb/v1/administration/configure/config-data-nodes.md index 8185ab99f..4b6097c4c 100644 --- a/content/enterprise_influxdb/v1/administration/configure/config-data-nodes.md +++ b/content/enterprise_influxdb/v1/administration/configure/config-data-nodes.md @@ -622,6 +622,13 @@ Setting the value to `0` disables the slow query logging. Environment variable: `INFLUXDB_CLUSTER_LOG_QUERIES_AFTER` +#### `log-timedout-queries = false` + +Set to `true` to log queries that are killed due to exceeding the `query-timeout`. +The default setting (`false`) will not log timedout queries. + +Environment variable: `INFLUXDB_CLUSTER_LOG_TIMEDOUT_QUERIES` + #### max-select-point Default is `0`. diff --git a/content/enterprise_influxdb/v1/administration/manage/clusters/add-nodes.md b/content/enterprise_influxdb/v1/administration/manage/clusters/add-nodes.md index 816e9d606..3b86df64d 100644 --- a/content/enterprise_influxdb/v1/administration/manage/clusters/add-nodes.md +++ b/content/enterprise_influxdb/v1/administration/manage/clusters/add-nodes.md @@ -12,7 +12,7 @@ weight: 19 To add a data node to an existing cluster, follow the steps below. 1. Install and start a new data node. - Complete steps 1–3 of the [data node installation instructions](/enterprise_influxdb/v1/introduction/installation/data_node_installation/#step-1-add-appropriate-dns-entries-for-each-of-your-servers). + Complete steps 1–3 of the [data node installation instructions](/enterprise_influxdb/v1/introduction/installation/data_node_installation/#add-dns-entries-for-each-of-your-servers). 2. To join the new node to the cluster, do one of the following: - From a meta node, run: diff --git a/content/enterprise_influxdb/v1/introduction/installation/_index.md b/content/enterprise_influxdb/v1/introduction/installation/_index.md index cb611ee2b..c66183152 100644 --- a/content/enterprise_influxdb/v1/introduction/installation/_index.md +++ b/content/enterprise_influxdb/v1/introduction/installation/_index.md @@ -22,4 +22,5 @@ Complete the following steps to install an InfluxDB Enterprise cluster in your o {{< influxdbu title="Installing InfluxDB Enterprise" summary="Learn about InfluxDB architecture and how to install InfluxDB Enterprise with step-by-step instructions." action="Take the course" link="https://university.influxdata.com/courses/installing-influxdb-enterprise-tutorial/" >}} #### Other installation options -- [Install InfluxDB Enterprise on a single server](/enterprise_influxdb/v1/introduction/installation/single-server/) \ No newline at end of file +- [Install InfluxDB Enterprise on a single server](/enterprise_influxdb/v1/introduction/installation/single-server/) +- [Federal Information Processing Standards (FIPS)-compliant InfluxDB Enterprise](/enterprise_influxdb/v1/introduction/installation/fips-compliant/) \ No newline at end of file diff --git a/content/enterprise_influxdb/v1/introduction/installation/data_node_installation.md b/content/enterprise_influxdb/v1/introduction/installation/data_node_installation.md index 79cc274cb..eb46b9921 100644 --- a/content/enterprise_influxdb/v1/introduction/installation/data_node_installation.md +++ b/content/enterprise_influxdb/v1/introduction/installation/data_node_installation.md @@ -21,7 +21,30 @@ If you have not set up your meta nodes, please visit Bad things can happen if you complete the following steps without meta nodes. {{% /warn %}} -## Data node setup description and requirements +- [Requirements](#requirements) + - [Two or more data nodes](#two-or-more-data-nodes) + - [License key or file](#license-key-or-file) + - [Networking](#networking) + - [Load balancer](#load-balancer) + - [User account](#user-account) +- [Set up data nodes](#set-up-data-nodes) + 1. [Add DNS entries for each of your servers](#add-dns-entries-for-each-of-your-servers) + 2. [Set up, configure, and start the data node services](#set-up-configure-and-start-the-data-node-services) + 1. [Download and install the data service](#download-and-install-the-data-service) + 2. [Edit the data node configuration files](#edit-the-data-node-configuration-files) + 3. [Start the data service](#start-the-data-service) + 3. [Join the data nodes to the cluster](#join-the-data-nodes-to-the-cluster) +- [Next steps](#next-steps) + +## Requirements + +- [Two or more data nodes](#two-or-more-data-nodes) +- [License key or file](#license-key-or-file) +- [Networking](#networking) +- [Load balancer](#load-balancer) +- [User account](#user-account) + +### Two or more data nodes The installation process sets up two [data nodes](/enterprise_influxdb/v1/concepts/glossary#data-node) and each data node runs on its own server. @@ -33,20 +56,21 @@ There is no requirement for each data node to run on its own server. However, best practices are to deploy each data node on a dedicated server. {{% /note %}} -See the [Clustering guide](/enterprise_influxdb/v1/concepts/clustering/#optimal-server-counts) -for more on cluster architecture. +_See the [Clustering guide](/enterprise_influxdb/v1/concepts/clustering/#optimal-server-counts) +for more on cluster architecture._ -### Other requirements - -#### License key or file +### License key or file InfluxDB Enterprise requires a license key **or** a license file to run. Your license key is available at [InfluxPortal](https://portal.influxdata.com/licenses). Contact support at the email we provided at signup to receive a license file. -License files are required only if the nodes in your cluster cannot reach -`portal.influxdata.com` on port `80` or `443`. -#### Networking +**License _files_ are required in the following conditions:** + +- Nodes in your cluster cannot reach `portal.influxdata.com` on port `80` or `443` +- You're using a [FIPS-compliant InfluxDB Enterprise build](/enterprise_influxdb/v1/introduction/installation/fips-compliant/) + +### Networking Data nodes communicate over ports `8088`, `8089`, and `8091`. @@ -56,7 +80,7 @@ If the data nodes cannot reach `portal.influxdata.com` on port `80` or `443`, you'll need to set the `license-path` setting instead of the `license-key` setting in the data node configuration file. -#### Load balancer +### Load balancer InfluxDB Enterprise does not function as a load balancer. You will need to configure your own load balancer to send client traffic to the @@ -69,21 +93,29 @@ The `influxdb` user also owns certain files that are needed for the service to s In some cases, local policies may prevent the local user account from being created and the service fails to start. Contact your systems administrator for assistance with this requirement. -# Data node setup -## Step 1: Add appropriate DNS entries for each of your servers +## Set up data nodes + +1. [Add DNS entries for each of your servers](#add-dns-entries-for-each-of-your-servers) +2. [Set up, configure, and start the data node services](#set-up-configure-and-start-the-data-node-services) + 1. [Download and install the data service](#download-and-install-the-data-service) + 2. [Edit the data node configuration files](#edit-the-data-node-configuration-files) + 3. [Start the data service](#start-the-data-service) +3. [Join the data nodes to the cluster](#join-the-data-nodes-to-the-cluster) + +### Add DNS entries for each of your servers Ensure that your servers' hostnames and IP addresses are added to your network's DNS environment. -The addition of DNS entries and IP assignment is usually site and policy specific; -contact your DNS administrator for assistance as necessary. +The addition of DNS entries and IP assignment is usually site and policy specific. +Contact your DNS administrator for assistance as necessary. Ultimately, use entries similar to the following: -| Record Type | Hostname | IP | -|:------------|:-------------------------------------:|------------------:| -| A | ```enterprise-data-01.mydomain.com``` | `````` | -| A | ```enterprise-data-02.mydomain.com``` | `````` | +| Record Type | Hostname | IP | +| :---------- | :-------------------------------: | ------------: | +| A | `enterprise-data-01.mydomain.com` | `` | +| A | `enterprise-data-02.mydomain.com` | `` | -Before proceeding with the installation, verify on each meta and data server that the other -servers are resolvable. Here is an example set of shell commands using `ping`: +Verify on each meta and data server that the other servers are resolvable. +Here is an example set of shell commands using `ping`: ```sh ping -qc 1 enterprise-meta-01 @@ -97,71 +129,129 @@ We highly recommend that each server be able to resolve the IP from the hostname Resolve any connectivity issues before proceeding with the installation. A healthy cluster requires that every meta node and data node in a cluster be able to communicate. -## Step 2: Set up, configure, and start the data node services +### Set up, configure, and start the data node services -Perform the following steps *on each data node*: +Perform the following steps _on each data node_: -- [a. Download and install the data service](#a-download-and-install-the-data-service) -- [b. Edit the data node configuration files](#b-edit-the-data-node-configuration-files) -- [c. Start the data service](#c-start-the-data-service) +1. [Download and install the data service](#download-and-install-the-data-service) +2. [Edit the data node configuration files](#edit-the-data-node-configuration-files) +3. [Start the data service](#start-the-data-service) -### a. Download and install the data service +#### Download and install the data service -#### Ubuntu and Debian (64-bit) +InfluxDB Enterprise 1.11+ provides a standard build and a +[Federal Information Processing Standards (FIPS)-compliant build](/enterprise_influxdb/v1/introduction/installation/fips-compliant/). +Instructions for both are provided below. +##### Ubuntu and Debian (64-bit) + +{{< code-tabs-wrapper >}} +{{% code-tabs %}} +[Standard](#) +[FIPS-compliant](#) +{{% /code-tabs %}} +{{% code-tab-content %}} ```sh wget https://dl.influxdata.com/enterprise/releases/influxdb-data_{{< latest-patch >}}-c{{< latest-patch >}}_amd64.deb sudo dpkg -i influxdb-data_{{< latest-patch >}}-c{{< latest-patch >}}_amd64.deb ``` +{{% /code-tab-content %}} +{{% code-tab-content %}} +```sh +wget https://dl.influxdata.com/enterprise/releases/fips/influxdb-data_{{< latest-patch >}}-c{{< latest-patch >}}_amd64.deb +sudo dpkg -i influxdb-data_{{< latest-patch >}}-c{{< latest-patch >}}_amd64.deb +``` +{{% /code-tab-content %}} +{{< /code-tabs-wrapper >}} -#### RedHat and CentOS (64-bit) +##### RedHat and CentOS (64-bit) +{{< code-tabs-wrapper >}} +{{% code-tabs %}} +[Standard](#) +[FIPS-compliant](#) +{{% /code-tabs %}} +{{% code-tab-content %}} ```sh wget https://dl.influxdata.com/enterprise/releases/influxdb-data-{{< latest-patch >}}_c{{< latest-patch >}}.x86_64.rpm sudo yum localinstall influxdb-data-{{< latest-patch >}}_c{{< latest-patch >}}.x86_64.rpm ``` +{{% /code-tab-content %}} +{{% code-tab-content %}} +```sh +wget https://dl.influxdata.com/enterprise/releases/fips/influxdb-data-{{< latest-patch >}}_c{{< latest-patch >}}.x86_64.rpm +sudo yum localinstall influxdb-data-{{< latest-patch >}}_c{{< latest-patch >}}.x86_64.rpm +``` +{{% /code-tab-content %}} +{{< /code-tabs-wrapper >}} -#### Verify the authenticity of release download (recommended) +{{< expand-wrapper >}} +{{% expand "Recommended: Verify the authenticity of the release download" %}} For added security, follow these steps to verify the signature of your InfluxDB download with `gpg`. -1. Download and import InfluxData's public key: - ``` - curl -s https://repos.influxdata.com/influxdata-archive_compat.key | gpg --import - ``` -2. Download the signature file for the release by adding `.asc` to the download URL. - For example: +1. Download and import InfluxData's public key: + + ```sh + curl -s https://repos.influxdata.com/influxdata-archive_compat.key | gpg --import + ``` +2. Download the signature file for the release by adding `.asc` to the download URL. + For example: - ``` - wget https://dl.influxdata.com/enterprise/releases/influxdb-data-{{< latest-patch >}}_c{{< latest-patch >}}.x86_64.rpm.asc - ``` + {{< code-tabs-wrapper >}} +{{% code-tabs %}} +[Standard](#) +[FIPS-compliant](#) +{{% /code-tabs %}} +{{% code-tab-content %}} +```sh +wget https://dl.influxdata.com/enterprise/releases/influxdb-data-{{< latest-patch >}}_c{{< latest-patch >}}.x86_64.rpm.asc +``` +{{% /code-tab-content %}} +{{% code-tab-content %}} +```sh +wget https://dl.influxdata.com/enterprise/releases/fips/influxdb-data-{{< latest-patch >}}_c{{< latest-patch >}}.x86_64.rpm.asc +``` +{{% /code-tab-content %}} + {{< /code-tabs-wrapper >}} -3. Verify the signature with `gpg --verify`: - ``` - gpg --verify influxdb-data-{{< latest-patch >}}-c{{< latest-patch >}}.x86_64.rpm.asc influxdb-data-{{< latest-patch >}}_c{{< latest-patch >}}.x86_64.rpm - ``` - The output from this command should include the following: - ``` - gpg: Good signature from "InfluxDB Packaging Service " [unknown] - ``` +3. Verify the signature with `gpg --verify`: + + ```sh + gpg --verify influxdb-data-{{< latest-patch >}}-c{{< latest-patch >}}.x86_64.rpm.asc influxdb-data-{{< latest-patch >}}_c{{< latest-patch >}}.x86_64.rpm + ``` + + The output from this command should include the following: + + ```sh + gpg: Good signature from "InfluxDB Packaging Service " [unknown] + ``` +{{% /expand %}} +{{< /expand-wrapper >}} -### b. Edit the data node configuration files +#### Edit the data node configuration files -First, in `/etc/influxdb/influxdb.conf`: +In `/etc/influxdb/influxdb.conf`: -* Uncomment `hostname` at the top of the file and set it to the full hostname of the data node. -* Uncomment `meta-auth-enabled` in the `[meta]` section and set it to `true`. -* Uncomment `meta-internal-shared-secret` in the `[meta]` section and set it to a long pass phrase. +- Uncomment `hostname` at the top of the file and set it to the full hostname of the data node. +- Uncomment `meta-auth-enabled` in the `[meta]` section and set it to `true`. +- Uncomment `meta-internal-shared-secret` in the `[meta]` section and set it to a long passphrase. The internal shared secret is used in JWT authentication for intra-node communication. - This value must be same for all of your data nodes and match the `[meta] internal-shared-secret` value in the configuration files of your meta nodes. + This value must be same for all of your data nodes and match the + `[meta].internal-shared-secret` value in the configuration files of your meta nodes. +- Set `license-key` in the `[enterprise]` section to the license key you received + on InfluxPortal **OR** `license-path` in the `[enterprise]` section to the local + path to the JSON license file you received from InfluxData. -Second, in `/etc/influxdb/influxdb.conf`, set: + {{% warn %}} + The `license-key` and `license-path` settings are mutually exclusive and one must remain set to the empty string. + {{% /warn %}} -`license-key` in the `[enterprise]` section to the license key you received on InfluxPortal **OR** `license-path` in the `[enterprise]` section to the local path to the JSON license file you received from InfluxData. +**If using a FIPS-compliant InfluxDB Enterprise build, also do the following**: -{{% warn %}} -The `license-key` and `license-path` settings are mutually exclusive and one must remain set to the empty string. -{{% /warn %}} +- Set `[enterprise].license-path` to the local path to the JSON license file + you received from InfluxData. +- Set `[meta].password-hash` to `pbkdf2-sha256` or `pbkdf2-sha512`. ```toml # Change this option to true to disable reporting. @@ -184,6 +274,9 @@ hostname="" # This setting must have the same value as the meta nodes' meta.auth-enabled configuration. meta-auth-enabled = true + # FIPS-compliant builds do not support bcrypt for password hashing + password-hash = "pbkdf2-sha512" + [...] [http] @@ -199,23 +292,29 @@ hostname="" shared-secret = "long pass phrase used for signing tokens" ``` -### c. Start the data service - -On sysvinit systems, enter: +#### Start the data service +{{< code-tabs-wrapper >}} +{{% code-tabs %}} +[sysvinit](#) +[systemd](#) +{{% /code-tabs %}} +{{% code-tab-content %}} ```sh service influxdb start ``` - -On systemd systems, enter: - +{{% /code-tab-content %}} +{{% code-tab-content %}} ```sh sudo systemctl start influxdb ``` +{{% /code-tab-content %}} +{{< /code-tabs-wrapper >}} -**Verification steps:** +{{< expand-wrapper >}} +{{% expand "Optional: Verify the `influxdb` service is running" %}} -Check to see that the process is running by entering: +Run the following command to search for a running `influxdb` process: ```sh ps aux | grep -v grep | grep influxdb @@ -232,36 +331,36 @@ Check the [logs](/enterprise_influxdb/v1/administration/logs/) for error messages and verify the previous setup steps are complete. If you see the expected output, repeat for the remaining data nodes. -Once all data nodes have been installed, configured, and launched, move on to the next section to join the data nodes to the cluster. +Once all data nodes have been installed, configured, and launched, move on to +the next section to join the data nodes to the cluster. -## Step 3: Join the data nodes to the cluster +{{% /expand %}} +{{< /expand-wrapper >}} -{{% warn %}}You should join your data nodes to the cluster only when you are adding a brand new node, +### Join the data nodes to the cluster + +{{% warn %}} +You should join your data nodes to the cluster only when you are adding a brand new node, either during the initial creation of your cluster or when growing the number of data nodes. If you are replacing an existing data node with `influxd-ctl update-data`, skip the rest of this guide. {{% /warn %}} -On one and only one of the meta nodes that you set up in the -[previous document](/enterprise_influxdb/v1/introduction/meta_node_installation/), run: +On one and only one of the [meta nodes that you set up](/enterprise_influxdb/v1/introduction/installation/meta_node_installation/), +run the following command for _each_ of your data nodes using the hostname of the +data node and port `8088`: ```sh influxd-ctl add-data enterprise-data-01:8088 - -influxd-ctl add-data enterprise-data-02:8088 -``` - -The expected output is: - -```sh -Added data node y at enterprise-data-0x:8088 ``` Run the `add-data` command once and only once for each data node you are joining to the cluster. -**Verification steps:** +{{< expand-wrapper >}} +{{% expand "Optional: Verify the data node was added to the cluster" %}} -To verify the nodes, issue the following command on any meta node: +To verify the nodes are added to the cluster, run the following command on any +meta node: ```sh influxd-ctl show @@ -293,6 +392,9 @@ If not, there may be artifacts of a previous cluster in the metastore. If you do not see your data nodes in the output, please retry adding them to the cluster. +{{% /expand %}} +{{< /expand-wrapper >}} + ## Next steps Once your data nodes are part of your cluster, do the following: @@ -304,3 +406,5 @@ Once your data nodes are part of your cluster, do the following: - [Enable TLS](/enterprise_influxdb/v1/guides/enable-tls/). - [Set up Chronograf](/enterprise_influxdb/v1/introduction/installation/installation/chrono_install) for UI visualization, dashboards, and management. + +{{< page-nav prev="/enterprise_influxdb/v1/introduction/installation/meta_node_installation/" prevText="Install meta nodes" next="/enterprise_influxdb/v1/introduction/installation/chrono_install" >}} diff --git a/content/enterprise_influxdb/v1/introduction/installation/fips-compliant.md b/content/enterprise_influxdb/v1/introduction/installation/fips-compliant.md new file mode 100644 index 000000000..51be4070c --- /dev/null +++ b/content/enterprise_influxdb/v1/introduction/installation/fips-compliant.md @@ -0,0 +1,170 @@ +--- +title: FIPS-compliant InfluxDB Enterprise builds +description: > + InfluxDB Enterprise 1.11+ provides builds that are compliant with + [Federal Information Processing Standards (FIPS)](https://www.nist.gov/standardsgov/compliance-faqs-federal-information-processing-standards-fips). +menu: + enterprise_influxdb_v1: + name: FIPS-compliant builds + parent: Install +weight: 101 +--- + +InfluxDB Enterprise 1.11+ provides builds that are compliant with +[Federal Information Processing Standards (FIPS)](https://www.nist.gov/standardsgov/compliance-faqs-federal-information-processing-standards-fips). +This page provides information on installing and using FIPS-compliant builds of +InfluxDB Enterprise. + +- [Installation](#installation) +- [Caveats and known issues](#caveats-and-known-issues) + - [You must use a local license file](#you-must-use-a-local-license-file) + - [Flux data source restrictions](#flux-data-source-restrictions) + - [Disabled InfluxDB Insights monitoring](#disabled-influxdb-insights-monitoring) + - [Only amd64 (x86) architectures](#only-amd64-x86-architectures) +- [Security](#security) + - [BoringCrypto cryptography library](#boringcrypto-cryptography-library) + - [TLS](#tls) + - [Digital signatures](#digital-signatures) + - [RSA key size](#rsa-key-size) + - [Elliptic-curve cryptography](#elliptic-curve-cryptography) + +## Installation + +- **For new InfluxDB Enterprise clusters**: + + - Follow the regular [InfluxDB Enterprise installation instructions](/enterprise_influxdb/v1/introduction/installation/) + using the FIPS-compliant packages. + - Ensure that your meta and data node configuration files use a FIPS-compliant + password hash that conforms to + [NIST SP 800](https://www.nist.gov/itl/publications-0/nist-special-publication-800-series-general-information) + and [OWASP](https://owasp.org/) guidelines. + In both meta and data node configuration files, set `[meta].password-hash` to + either `pbkdf2-sha256` or `pbkdf2-sha512`. + Non-FIPS-compliant password hash configurations, like `bcrypt`, cause + FIPS-compliant InfluxDB Enterprise builds to return an error on startup. + +- **Enable FIPS on an _existing_ InfluxDB Enterprise cluster**: + + - Change the password hash from the non-FIPS-compliant default of `bcrypt` to + a FIPS-compliant password hash (`pbkdf2-sha256` or `pbkdf2-sha512`), then + restart all nodes. + - Change passwords on at least one admin account. + Any users with passwords that have not been updated will no longer work once + FIPS-compliance is enabled. + - Follow the process to upgrade a cluster, except use the FIPS-compliant packages. + +{{% note %}} +Please report any errors encountered when upgrading from a non-FIPS-compliant +InfluxDB Enterprise build to FIPS-compliant build to [InfluxData support](https://support.influxdata.com). +{{% /note %}} + +## Caveats and known issues + +- [You must use a local license file](#you-must-use-a-local-license-file) +- [Flux data source restrictions](#flux-data-source-restrictions) +- [Disabled InfluxDB Insights monitoring](#disabled-influxdb-insights-monitoring) +- [Only amd64 (x86) architectures](#only-amd64-x86-architectures) + +### You must use a local license file + +When using a FIPS-compliant build of InfluxDB Enterprise, +**you must use a local license file**. License keys do not work in FIPS mode. +[Contact InfluxData support](https://support.influxdata.com) to request the +license file. +The `[enterprise]` section of your data and meta node configuration files +contains the settings that registered each node with the InfluxDB Enterprise +license portal. + +**In your data and meta node configuration files:** + +1. Update the [`[enterprise].license-path` setting](/enterprise_influxdb/v1/administration/configure/config-data-nodes/#license-path) + to point to your local license file. +2. Remove or comment out the `[enterprise].license-key` setting. + +### Flux data source restrictions + +Flux queries that query or write to MSSQL, SQLServer, or Snowflake using +[`sql.from`](/flux/v0/stdlib/sql/from/) or [`sql.to`](/flux/v0/stdlib/sql/to/) +are not supported. + +### Disabled InfluxDB Insights monitoring + +[InfluxDB Insights monitoring](https://www.influxdata.com/products/influxdb-insights/) +has not been validated as compatible with FIPS-compliance in InfluxDB Enterprise +and is not available when using a FIPS-compliant InfluxDB Enterprise build. + +### Only amd64 (x86) architectures + +FIPS-compliant InfluxDB Enterprise builds only support the amd64 architecture. + +## Security + +To comply with FIPS standards, the following security practices are applied to +FIPS-compliant InfluxDB Enterprise builds: + +- [BoringCrypto cryptography library](#boringcrypto-cryptography-library) +- [TLS](#tls) +- [Digital signatures](#digital-signatures) +- [RSA key size](#rsa-key-size) +- [Elliptic-curve cryptography](#elliptic-curve-cryptography) + +### BoringCrypto cryptography library + +InfluxDB Enterprise FIPS-compliant builds use the FIPS-validated +[BoringCrypto cryptography library](https://boringssl.googlesource.com/boringssl/+/master/crypto/fipsmodule/FIPS.md). + +### TLS + +As mandated by FIPS, TLS uses a restricted set of functionality: + +- TLS 1.2 only +- TLS only supports the following cipher suites: + - ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - ECDHE_RSA_WITH_AES_256_GCM_SHA384 + - ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + - ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + - RSA_WITH_AES_128_GCM_SHA256 + - RSA_WITH_AES_256_GCM_SHA384 + +### Digital signatures + +As mandated by FIPS, supported digital signatures are limited to the following +signature algorithms: + +- PSSWithSHA256 +- PSSWithSHA384 +- PSSWithSHA512 +- PKCS1WithSHA256 +- ECDSAWithP256AndSHA256 +- PKCS1WithSHA384 +- ECDSAWithP384AndSHA384 +- PKCS1WithSHA512 +- ECDSAWithP521AndSHA512 + +{{% note %}} +Digital signature restrictions apply to TLS certificates. +{{% /note %}} + +### RSA key size + +As mandated by FIPS, RSA keys are restricted to the following sizes: + +- 2048 +- 3072 + +{{% note %}} +RSA key size restrictions apply to TLS certificates. +{{% /note %}} + +### Elliptic-curve cryptography + +As mandated by FIPS, supported elliptic-curve (EC) cryptography curves are +restricted to the following: + +- P-256 +- P-384 +- P-521 + +{{% note %}} +EC curve restrictions apply to TLS certificates. +{{% /note %}} diff --git a/content/enterprise_influxdb/v1/introduction/installation/meta_node_installation.md b/content/enterprise_influxdb/v1/introduction/installation/meta_node_installation.md index a2e4aeba1..a364f9190 100644 --- a/content/enterprise_influxdb/v1/introduction/installation/meta_node_installation.md +++ b/content/enterprise_influxdb/v1/introduction/installation/meta_node_installation.md @@ -15,37 +15,48 @@ and a management UI ([via Chronograf](/chronograf/v1)) for working with clusters The installation process is designed for users looking to deploy InfluxDB Enterprise in a production environment. The following steps will get you up and running with the first essential component of -your InfluxDB Enterprise cluster: the meta nodes. +your InfluxDB Enterprise cluster--meta nodes. - -To install InfluxDB Enterprise meta nodes, do the following: - -1. Review [meta node setup and requirements](#meta-node-setup-and-requirements) -2. [Set up meta nodes](#set-up-meta-nodes): - 1. [Add DNS entries](#add-dns-entries) - 2. [Set up, configure, and start the meta services](#set-up-configure-and-start-the-meta-services) - 3. [Join meta nodes to the cluster](#join-meta-nodes-to-the-cluster) +- [Meta node setup and requirements](#meta-node-setup-and-requirements) + - [At least three meta nodes](#at-least-three-meta-nodes) + - [License key or file](#license-key-or-file) + - [Networking](#networking) + - [User account](#user-account) +- [Set up meta nodes](#set-up-meta-nodes): + 1. [Add DNS entries](#add-dns-entries) + 2. [Set up, configure, and start the meta services](#set-up-configure-and-start-the-meta-services) + 1. [Download and install the meta service](#download-and-install-the-meta-service) + 2. [Edit the configuration file](#edit-the-configuration-file) + 3. [Start the meta service](#start-the-meta-service) + 3. [Join meta nodes to the cluster](#join-meta-nodes-to-the-cluster) ## Meta node setup and requirements -The installation process sets up three [meta nodes](/enterprise_influxdb/v1/concepts/glossary/#meta-node), with each meta node running on its own server. +- [At least three meta nodes](#at-least-three-meta-nodes) +- [License key or file](#license-key-or-file) +- [Networking](#networking) +- [User account](#user-account) + +### At least three meta nodes + +The installation process sets up three [meta nodes](/enterprise_influxdb/v1/concepts/glossary/#meta-node), +with each meta node running on its own server. InfluxDB Enterprise clusters require an *odd number* of *at least three* meta nodes for high availability and redundancy. We typically recommend three meta nodes. If your servers have chronic communication or reliability issues, you can try adding nodes. -> **Note**: Deploying multiple meta nodes on the same server is strongly discouraged -> since it creates a larger point of potential failure if that particular server is unresponsive. -> InfluxData recommends deploying meta nodes on relatively small footprint servers. +{{% note %}} +Deploying multiple meta nodes on the same server is strongly discouraged +since it creates a larger point of potential failure if that particular server is unresponsive. +InfluxData recommends deploying meta nodes on relatively small footprint servers. +{{% /note %}} -See the -[Clustering in InfluxDB Enterprise](/enterprise_influxdb/v1/concepts/clustering/) -for more on cluster architecture. +_See [Clustering in InfluxDB Enterprise](/enterprise_influxdb/v1/concepts/clustering/) +for more information about cluster architecture._ -### Other requirements - -#### License key or file +### License key or file InfluxDB Enterprise requires a license key *or* a license file to run. Your license key is available at [InfluxPortal](https://portal.influxdata.com/licenses). @@ -53,7 +64,7 @@ Contact support at the email we provided at signup to receive a license file. License files are required only if the nodes in your cluster cannot reach `portal.influxdata.com` on port `80` or `443`. -#### Ports +### Networking Meta nodes communicate over ports `8088`, `8089`, and `8091`. @@ -63,7 +74,7 @@ If the meta nodes cannot reach `portal.influxdata.com` on port `80` or `443`, you'll need to set the `license-path` setting instead of the `license-key` setting in the meta node configuration file. -#### User account +### User account The installation package creates an `influxdb` user on the operating system. The `influxdb` user runs the InfluxDB meta service. @@ -73,14 +84,18 @@ Contact your systems administrator for assistance with this requirement. ## Set up meta nodes -1. [Add DNS entries](#add-dns-entries) -2. [Set up, configure, and start the meta services](#set-up-configure-and-start-the-meta-services) -3. [Join meta nodes to the cluster](#join-meta-nodes-to-the-cluster) +1. [Add DNS entries](#add-dns-entries) +2. [Set up, configure, and start the meta services](#set-up-configure-and-start-the-meta-services) + 1. [Download and install the meta service](#download-and-install-the-meta-service) + 2. [Edit the configuration file](#edit-the-configuration-file) + 3. [Start the meta service](#start-the-meta-service) +3. [Join meta nodes to the cluster](#join-meta-nodes-to-the-cluster) ### Add DNS entries Ensure that your servers' hostnames and IP addresses are added to your network's DNS environment. -The addition of DNS entries and IP assignment is usually site and policy specific; contact your DNS administrator for assistance as necessary. +The addition of DNS entries and IP assignment is usually site and policy specific. +Contact your DNS administrator for assistance as necessary. Ultimately, use entries similar to the following (hostnames and domain IP addresses are representative). | Record Type | Hostname | IP | @@ -108,66 +123,131 @@ meta node. ### Set up, configure, and start the meta services -Perform the following steps on each meta server. +Perform the following steps _on each meta server_: -#### I. Download and install the meta service +1. [Download and install the meta service](#download-and-install-the-meta-service) +2. [Edit the configuration file](#edit-the-configuration-file) +3. [Start the meta service](#start-the-meta-service) + +#### Download and install the meta service + +InfluxDB Enterprise 1.11+ provides a standard build and a +[Federal Information Processing Standards (FIPS)-compliant build](/enterprise_influxdb/v1/introduction/installation/fips-compliant/). +Instructions for both are provided below. ##### Ubuntu & Debian (64-bit) -``` +{{< code-tabs-wrapper >}} +{{% code-tabs %}} +[Standard](#) +[FIPS-compliant](#) +{{% /code-tabs %}} +{{% code-tab-content %}} +```sh wget https://dl.influxdata.com/enterprise/releases/influxdb-meta_{{< latest-patch >}}-c{{< latest-patch >}}_amd64.deb sudo dpkg -i influxdb-meta_{{< latest-patch >}}-c{{< latest-patch >}}_amd64.deb ``` +{{% /code-tab-content %}} +{{% code-tab-content %}} +```sh +wget https://dl.influxdata.com/enterprise/releases/fips/influxdb-meta_{{< latest-patch >}}-c{{< latest-patch >}}_amd64.deb +sudo dpkg -i influxdb-meta_{{< latest-patch >}}-c{{< latest-patch >}}_amd64.deb +``` +{{% /code-tab-content %}} +{{< /code-tabs-wrapper >}} ##### RedHat & CentOS (64-bit) -``` +{{< code-tabs-wrapper >}} +{{% code-tabs %}} +[Standard](#) +[FIPS-compliant](#) +{{% /code-tabs %}} +{{% code-tab-content %}} +```sh wget https://dl.influxdata.com/enterprise/releases/influxdb-meta-{{< latest-patch >}}_c{{< latest-patch >}}.x86_64.rpm sudo yum localinstall influxdb-meta-{{< latest-patch >}}_c{{< latest-patch >}}.x86_64.rpm ``` +{{% /code-tab-content %}} +{{% code-tab-content %}} +```sh +wget https://dl.influxdata.com/enterprise/releases/fips/influxdb-meta-{{< latest-patch >}}_c{{< latest-patch >}}.x86_64.rpm +sudo yum localinstall influxdb-meta-{{< latest-patch >}}_c{{< latest-patch >}}.x86_64.rpm +``` +{{% /code-tab-content %}} +{{< /code-tabs-wrapper >}} -##### Verify the authenticity of release download (recommended) +{{< expand-wrapper >}} +{{% expand "Recommended: Verify the authenticity of the release download" %}} For added security, follow these steps to verify the signature of your InfluxDB download with `gpg`. -1. Download and import InfluxData's public key: +1. Download and import InfluxData's public key: - ``` + ```sh curl -s https://repos.influxdata.com/influxdata-archive_compat.key | gpg --import ``` -2. Download the signature file for the release by adding `.asc` to the download URL. - For example: +2. Download the signature file for the release by adding `.asc` to the download URL. + For example: - ``` - wget https://dl.influxdata.com/enterprise/releases/influxdb-meta-{{< latest-patch >}}_c{{< latest-patch >}}.x86_64.rpm.asc - ``` + {{< code-tabs-wrapper >}} +{{% code-tabs %}} +[Standard](#) +[FIPS-compliant](#) +{{% /code-tabs %}} +{{% code-tab-content %}} +```sh +wget https://dl.influxdata.com/enterprise/releases/influxdb-meta-{{< latest-patch >}}_c{{< latest-patch >}}.x86_64.rpm.asc +``` +{{% /code-tab-content %}} +{{% code-tab-content %}} +```sh +wget https://dl.influxdata.com/enterprise/releases/fips/influxdb-meta-{{< latest-patch >}}_c{{< latest-patch >}}.x86_64.rpm.asc +``` +{{% /code-tab-content %}} + {{< /code-tabs-wrapper >}} -3. Verify the signature with `gpg --verify`: +3. Verify the signature with `gpg --verify`: - ``` + ```sh gpg --verify influxdb-meta-{{< latest-patch >}}_c{{< latest-patch >}}.x86_64.rpm.asc influxdb-meta-{{< latest-patch >}}_c{{< latest-patch >}}.x86_64.rpm ``` The output from this command should include the following: - ``` + ```sh gpg: Good signature from "InfluxDB Packaging Service " [unknown] ``` +{{% /expand %}} +{{< /expand-wrapper >}} -#### II. Edit the configuration file +#### Edit the configuration file In `/etc/influxdb/influxdb-meta.conf`: -* Uncomment `hostname` and set to the full hostname of the meta node. -* Uncomment `internal-shared-secret` in the `[meta]` section and set it to a long pass phrase to be used in JWT authentication for intra-node communication. This value must the same for all of your meta nodes and match the `[meta] meta-internal-shared-secret` settings in the configuration files of your data nodes. -* Set `license-key` in the `[enterprise]` section to the license key you received on InfluxPortal **OR** `license-path` in the `[enterprise]` section to the local path to the JSON license file you received from InfluxData. +- Uncomment `hostname` and set to the full hostname of the meta node. +- Uncomment `internal-shared-secret` in the `[meta]` section and set it to a + long pass phrase to be used in JWT authentication for intra-node communication. + This value must the same for all of your meta nodes and match the + `[meta] meta-internal-shared-secret` settings in the configuration files of + your data nodes. +- Set `license-key` in the `[enterprise]` section to the license key you received + on InfluxPortal **OR** `license-path` in the `[enterprise]` section to the + local path to the JSON license file you received from InfluxData. -{{% warn %}} -The `license-key` and `license-path` settings are mutually exclusive and one must remain set to the empty string. -{{% /warn %}} + {{% warn %}} +The `license-key` and `license-path` settings are mutually exclusive and one +must remain set to the empty string. + {{% /warn %}} -``` +**If using a FIPS-compliant InfluxDB Enterprise build, also do the following**: + +- Set `[enterprise].license-path` to the local path to the JSON license file + you received from InfluxData. +- Set `[meta].password-hash` to `pbkdf2-sha256` or `pbkdf2-sha512`. + +```toml # Hostname advertised by this host for remote addresses. This must be resolvable by all # other nodes in the cluster hostname="" @@ -178,22 +258,35 @@ hostname="" # license-key and license-path are mutually exclusive, use only one and leave the other blank license-path = "/path/to/readable/JSON.license.file" # Mutually exclusive with license-key + +[meta] + # FIPS-compliant builds do not support bcrypt for password hashing + password-hash = "pbkdf2-sha512" ``` -#### III. Start the meta service +#### Start the meta service -On sysvinit systems, enter: -``` +{{< code-tabs-wrapper >}} +{{% code-tabs %}} +[sysvinit](#) +[systemd](#) +{{% /code-tabs %}} +{{% code-tab-content %}} +```sh service influxdb-meta start ``` - -On systemd systems, enter: -``` +{{% /code-tab-content %}} +{{% code-tab-content %}} +```sh sudo systemctl start influxdb-meta ``` +{{% /code-tab-content %}} +{{< /code-tabs-wrapper >}} -#### Verify meta node process -Check to see that the process is running by entering: +{{< expand-wrapper >}} +{{% expand "Optional: Verify the `influxdb-meta` service is running" %}} + +Run the following command to search for a running `influxdb-meta` process: ``` ps aux | grep -v grep | grep influxdb-meta @@ -205,15 +298,20 @@ You should see output similar to: influxdb 3207 0.8 4.4 483000 22168 ? Ssl 17:05 0:08 /usr/bin/influxd-meta -config /etc/influxdb/influxdb-meta.conf ``` -> **Note:** It is possible to start the cluster with a single meta node but you +{{% note %}} +It is possible to start the cluster with a single meta node but you must pass the `-single-server flag` when starting the single meta node. Please note that a cluster with only one meta node is **not** recommended for production environments. +{{% /note %}} + +{{% /expand %}} +{{< /expand-wrapper >}} ### Join meta nodes to the cluster From one and only one meta node, join all meta nodes including itself. -In our example, from `enterprise-meta-01`, run: +For example, from `enterprise-meta-01`, run: ``` influxd-ctl add-meta enterprise-meta-01:8091 @@ -221,18 +319,17 @@ influxd-ctl add-meta enterprise-meta-02:8091 influxd-ctl add-meta enterprise-meta-03:8091 ``` -> **Note:** Please make sure that you specify the fully qualified host name of +{{% note %}} +Make sure that you specify the fully qualified host name of the meta node during the join process. Please do not specify `localhost` as this can cause cluster connection issues. +{{% /note %}} -The expected output is: -``` -Added meta node x at enterprise-meta-0x:8091 -``` +{{< expand-wrapper >}} +{{% expand "Optional: Verify the meta nodes are added to the cluster" %}} -#### Verify cluster - -To verify the cluster, run the following command on any meta node: +To verify the meta nodes are added to the cluster, run the following command on +any meta node: ``` influxd-ctl show @@ -257,4 +354,10 @@ Note that your cluster must have at least three meta nodes. If you do not see your meta nodes in the output, retry adding them to the cluster. -After your meta nodes are part of your cluster, [install data nodes](/enterprise_influxdb/v1/introduction/installation/installation/data_node_installation/). +{{% /expand %}} +{{< /expand-wrapper >}} + +After your meta nodes are part of your cluster, +[install data nodes](/enterprise_influxdb/v1/introduction/installation/data_node_installation/). + +{{< page-nav next="/enterprise_influxdb/v1/introduction/installation/data_node_installation/" nextText="Install data nodes" >}} diff --git a/content/enterprise_influxdb/v1/troubleshooting/frequently-asked-questions.md b/content/enterprise_influxdb/v1/troubleshooting/frequently-asked-questions.md index eb1d8b53c..84ece3d54 100644 --- a/content/enterprise_influxdb/v1/troubleshooting/frequently-asked-questions.md +++ b/content/enterprise_influxdb/v1/troubleshooting/frequently-asked-questions.md @@ -1283,7 +1283,7 @@ The `journalctl` output can be redirected to print the logs to a text file. With This is the expected behavior if you haven't joined the meta node to the cluster. The `503` errors should stop showing up in the logs once you -[join the meta node to the cluster](/enterprise_influxdb/v1/introduction/installation/installation/meta_node_installation/#step-3-join-the-meta-nodes-to-the-cluster). +[join the meta node to the cluster](/enterprise_influxdb/v1/introduction/installation/installation/meta_node_installation/#join-the-meta-nodes-to-the-cluster). ## Why am I seeing a `409` error in some of my data node logs? diff --git a/content/influxdb/v1/about_the_project/releasenotes-changelog.md b/content/influxdb/v1/about_the_project/release-notes.md similarity index 99% rename from content/influxdb/v1/about_the_project/releasenotes-changelog.md rename to content/influxdb/v1/about_the_project/release-notes.md index ed967c666..4752100b7 100644 --- a/content/influxdb/v1/about_the_project/releasenotes-changelog.md +++ b/content/influxdb/v1/about_the_project/release-notes.md @@ -6,6 +6,8 @@ menu: name: Release notes weight: 10 parent: About the project +aliases: + - /influxdb/v1/about_the_project/releasenotes-changelog/ v2: /influxdb/v2/reference/release-notes/influxdb/ --- @@ -46,7 +48,7 @@ Due to encountering several issues with build dependencies in v.1.8.8, this vers ## v1.8.6 [2021-05-21] -This release is for InfluxDB Enterprise 1.8.6 customers only. No OSS-specific changes were made for InfluxDB 1.8.6--updates were made to the code base to support [InfluxDB Enterprise 1.8.6](/enterprise_influxdb/v1/about-the-project/release-notes-changelog/#v186-2021-05-21). +This release is for InfluxDB Enterprise 1.8.6 customers only. No OSS-specific changes were made for InfluxDB 1.8.6--updates were made to the code base to support [InfluxDB Enterprise 1.8.6](/enterprise_influxdb/v1/about-the-project/release-notes/#v186-2021-05-21). ## v1.8.5 [2021-04-20] diff --git a/data/products.yml b/data/products.yml index d4beaf947..4f43bc3d4 100644 --- a/data/products.yml +++ b/data/products.yml @@ -106,13 +106,14 @@ enterprise_influxdb: list_order: 5 versions: [v1] minor_versions: + - v1.11 - v1.10 - v1.9 - v1.8 - v1.7 - latest: v1.10 + latest: v1.11 latest_patches: - v1: 1.10.0 + v1: 1.11.3 flux: name: Flux diff --git a/layouts/shortcodes/expand.html b/layouts/shortcodes/expand.html index 45273f659..f8943a383 100644 --- a/layouts/shortcodes/expand.html +++ b/layouts/shortcodes/expand.html @@ -1,6 +1,6 @@ {{ $uniqueID := .Get 1 | default "" }} {{ $expandLabel := .Get 0 }} -{{ $expandID := cond (eq $uniqueID "") ($expandLabel | anchorize) (print ($expandLabel | anchorize) "-" $uniqueID)}} +{{ $expandID := cond (eq $uniqueID "") ($expandLabel | plainify | anchorize) (print ($expandLabel | plainify | anchorize) "-" $uniqueID)}}