Influxdata
/
docs-v2
mirror of https://github.com/influxdata/docs-v2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'master' into gettingstartedtelegraf

pull/3537/head
Sebastian Spaink 2022-01-12 19:47:26 -06:00 committed by GitHub
parent 32d7086c70 f2b250c65c
commit e3ee0512a9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
91 changed files with 1902 additions and 966 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
api-docs/cloud/ref.yml
View File

@ -730,16 +730,16 @@ components:
$ref: '#/components/schemas/Links'
ColorMapping:
additionalProperties:
type: int
type: string
description: >-
A color mapping is an object that maps time series data to a UI color
scheme to allow the UI to render graphs consistent colors across
reloads.
example:
configcat_deployments-autopromotionblocker: 0
measurement_birdmigration_europe: 0
series_id_1: 0
series_id_2: 1
configcat_deployments-autopromotionblocker: '#663cd0'
measurement_birdmigration_europe: '#663cd0'
series_id_1: '#edf529'
series_id_2: '#edf529'
type: object
ColumnDataType:
enum:
@ -5981,7 +5981,7 @@ components:
For more information and examples, see the following:
- [`/authorizations`](#tag/Authorizations) endpoint.
- [Authorize API requests](/influxdb/cloud/api-guide/api_intro/#authentication).
- [Manage API tokens](/influxdb/cloud/security/tokens).
- [Manage API tokens](/influxdb/cloud/security/tokens/).
in: header
name: Authorization
type: apiKey
@ -12236,7 +12236,7 @@ paths:
InfluxDB validated the request data format and accepted the data for
writing to the bucket. `204` doesn't indicate a successful write
operation since writes are asynchronous. See [how to check for write
errors](https://docs.influxdata.com/influxdb/cloud/write-data/troubleshoot).
errors](https://docs.influxdata.com/influxdb/cloud/write-data/troubleshoot/).
'400':
content:
application/json:
@ -12352,7 +12352,7 @@ paths:
description: Internal server error.
'503':
description: >-
The server is temporarily unavailable to accept writes. The
The server is temporarily unavailable to accept writes. The
`Retry-After` header describes when to try the write again.
headers:
Retry-After:
@ -12392,8 +12392,8 @@ tags:
For more information and examples, see the following:
- [Authorize API requests](/influxdb/cloud/api-guide/api_intro/#authentication).
- [Manage API tokens](/influxdb/cloud/security/tokens).
- [Assign a token to a specific user](/influxdb/cloud/security/tokens/create-token).
- [Manage API tokens](/influxdb/cloud/security/tokens/).
- [Assign a token to a specific user](/influxdb/cloud/security/tokens/create-token/).
name: Authorizations
- Bucket Schemas
- Buckets

8
api-docs/cloud/swaggerV1Compat.yml
View File

@ -36,13 +36,13 @@ paths:
type: string
required: true
description: >-
Bucket to write to. If none exist a bucket will be created with
a default 3 day retention policy.
Bucket to write to. If none exists, a bucket will be created with a
default 3-day retention policy.
- in: query
name: rp
schema:
type: string
description: The retention policy name.
description: Retention policy name.
- in: query
name: precision
schema:
@ -113,7 +113,7 @@ paths:
format: int32
'503':
description: >-
Server is temporarily unavailable to accept writes. The Retry-After
Server is temporarily unavailable to accept writes. The Retry-After
header describes when to try the write again.
headers:
Retry-After:

87
api-docs/v2.1/ref.yml
View File

@ -796,16 +796,16 @@ components:
$ref: '#/components/schemas/Links'
ColorMapping:
additionalProperties:
type: int
type: string
description: >-
A color mapping is an object that maps time series data to a UI color
scheme to allow the UI to render graphs consistent colors across
reloads.
example:
configcat_deployments-autopromotionblocker: 0
measurement_birdmigration_europe: 0
series_id_1: 0
series_id_2: 1
configcat_deployments-autopromotionblocker: '#663cd0'
measurement_birdmigration_europe: '#663cd0'
series_id_1: '#edf529'
series_id_2: '#edf529'
type: object
ConditionalExpression:
description: >-
@ -8022,13 +8022,13 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/HealthCheck'
description: The instance is healthy
description: The instance is healthy.
'503':
content:
application/json:
schema:
$ref: '#/components/schemas/HealthCheck'
description: The instance is unhealthy
description: The instance is unhealthy.
default:
$ref: '#/components/responses/ServerError'
description: Unexpected error
@ -8426,6 +8426,71 @@ paths:
summary: Update a password
tags:
- Users
/metrics:
get:
operationId: GetMetrics
parameters:
- $ref: '#/components/parameters/TraceSpan'
responses:
'200':
content:
text/plain:
examples:
expositionResponse:
summary: Metrics in plain text
value: >
# HELP go_threads Number of OS threads created.
# TYPE go_threads gauge
go_threads 19
# HELP http_api_request_duration_seconds Time taken to
respond to HTTP request
# TYPE http_api_request_duration_seconds histogram
http_api_request_duration_seconds_bucket{handler="platform",method="GET",path="/:fallback_path",response_code="200",status="2XX",user_agent="curl",le="0.005"}
4
http_api_request_duration_seconds_bucket{handler="platform",method="GET",path="/:fallback_path",response_code="200",status="2XX",user_agent="curl",le="0.01"}
4
http_api_request_duration_seconds_bucket{handler="platform",method="GET",path="/:fallback_path",response_code="200",status="2XX",user_agent="curl",le="0.025"}
5
schema:
externalDocs:
description: Prometheus exposition formats
url: https://prometheus.io/docs/instrumenting/exposition_formats
type: Prometheus text-based exposition
description: >
Payload body contains metrics about the InfluxDB instance.
Metrics are formatted in the
Prometheus [plain-text exposition
format](https://prometheus.io/docs/instrumenting/exposition_formats).
Each metric is identified by its name and a set of optional
key-value pairs.
The following descriptors precede each metric:
- *`HELP`*: description of the metric
- *`TYPE`*: type of the metric (e.g. `counter`, `gauge`,
`histogram`, or `summary`)
default:
$ref: '#/components/responses/ServerError'
description: Unexpected error
servers:
- url: ''
summary: Get metrics of an instance
tags:
- Metrics
/api/v2/notificationEndpoints:
get:
operationId: GetNotificationEndpoints
@ -12816,7 +12881,7 @@ paths:
InfluxDB validated the request data format and accepted the data for
writing to the bucket. `204` doesn't indicate a successful write
operation since writes are asynchronous. See [how to check for write
errors](https://docs.influxdata.com/influxdb/v2.1/write-data/troubleshoot).
errors](https://docs.influxdata.com/influxdb/v2.1/write-data/troubleshoot/).
'400':
content:
application/json:
@ -12932,7 +12997,7 @@ paths:
description: Internal server error.
'503':
description: >-
The server is temporarily unavailable to accept writes. The
The server is temporarily unavailable to accept writes. The
`Retry-After` header describes when to try the write again.
headers:
Retry-After:
@ -12973,7 +13038,7 @@ tags:
For more information and examples, see the following:
- [Authorize API requests](/influxdb/v2.1/api-guide/api_intro/#authentication).
- [Manage API tokens](/influxdb/v2.1/security/tokens/).
- [Assign a token to a specific user](/influxdb/v2.1/security/tokens/create-token).
- [Assign a token to a specific user](/influxdb/v2.1/security/tokens/create-token/).
name: Authorizations
- Backup
- Buckets
@ -12985,6 +13050,7 @@ tags:
- Health
- Labels
- Legacy Authorizations
- Metrics
- NotificationEndpoints
- NotificationRules
- Organizations
@ -13118,6 +13184,7 @@ x-tagGroups:
- Health
- Labels
- Legacy Authorizations
- Metrics
- NotificationEndpoints
- NotificationRules
- Organizations

10
api-docs/v2.1/swaggerV1Compat.yml
View File

@ -36,13 +36,13 @@ paths:
type: string
required: true
description: >-
The bucket to write to. If none exist a bucket will be created with
a default 3 day retention policy.
Bucket to write to. If none exist a bucket will be created with a
default 3 day retention policy.
- in: query
name: rp
schema:
type: string
description: The retention policy name.
description: Retention policy name.
- in: query
name: precision
schema:
@ -185,12 +185,12 @@ paths:
schema:
type: string
required: true
description: The bucket to query.
description: Bucket to query.
- in: query
name: rp
schema:
type: string
description: The retention policy name.
description: Retention policy name.
- in: query
name: q
description: Defines the influxql query to run.

2
content/enterprise_influxdb/v1.9/administration/configure/ports.md
View File

@ -64,7 +64,7 @@ This port should not be exposed outside the cluster.
### 2003
The default port that runs the Graphite service.
[Enable and configure this port](/enterprise_influxdb/v1.9/administration/config#bind-address-2003)
[Enable and configure this port](/enterprise_influxdb/v1.9/administration/config-data-nodes/#bind-address-2003)
in the configuration file.
**Resources** [Graphite README](https://github.com/influxdata/influxdb/tree/1.8/services/graphite/README.md)

16
content/enterprise_influxdb/v1.9/administration/configure/security/_index.md Normal file
View File

@ -0,0 +1,16 @@
---
title: Configure security
description: Configure security features in InfluxDB Enterprise.
menu:
enterprise_influxdb_1_9:
name: Configure security
weight: 40
parent: Configure
aliases:
- /enterprise_influxdb/v1.9/administration/security/
---
_For user and permission management (authorization),
see [Manage users and permissions](/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/)._
{{< children >}}

114
content/enterprise_influxdb/v1.9/administration/configure/security/authentication.md Normal file
View File

@ -0,0 +1,114 @@
---
title: Configure authentication
description: >
Enable authentication to require credentials for a cluster.
menu:
enterprise_influxdb_1_9:
parent: Configure security
name: Configure authentication
weight: 10
---
To configure authentication, do one of the following:
- [Enable authentication](#enable-authentication)
- [Configure authentication using JWT tokens](#configure-authentication-using-jwt-tokens) ([InfluxDB HTTP API](/enterprise_influxdb/v1.9/tools/api/) only)
## Enable authentication
Authentication is disabled by default in InfluxDB and InfluxDB Enterprise.
After [installing the data nodes](/enterprise_influxdb/v1.9/introduction/install-and-deploy/installation/data_node_installation/),
enable authentication to control access to your cluster.
To enable authentication in a cluster, do the following:
1. Set `auth-enabled` to `true` in the `[http]` section of the configuration files
for all meta **and** data nodes:
```toml
[http]
# ...
auth-enabled = true
```
1. Next, create an admin user (if you haven't already).
Using the [`influx` CLI](/enterprise_influxdb/v1.9/tools/influx-cli/),
run the following command:
```
CREATE USER admin WITH PASSWORD 'mypassword' WITH ALL PRIVILEGES
```
1. Restart InfluxDB Enterprise.
Once restarted, InfluxDB Enterprise checks user credentials on every request
and only processes requests with valid credentials.
## Configure authentication using JWT tokens
For a more secure alternative to using passwords, include JWT tokens in requests to the InfluxDB API.
1. **Add a shared secret in your InfluxDB Enterprise configuration file**.
InfluxDB Enterprise uses the shared secret to encode the JWT signature.
By default, `shared-secret` is set to an empty string (no JWT authentication).
Add a custom shared secret in your [InfluxDB configuration file](/enterprise_influxdb/v1.9/administration/configure/config-data-nodes/#shared-secret--)
for each meta and data node.
Longer strings are more secure:
```toml
[http]
shared-secret = "my super secret pass phrase"
```
Alternatively, to avoid keeping your secret phrase as plain text in your InfluxDB configuration file,
set the value with the `INFLUXDB_HTTP_SHARED_SECRET` environment variable (for example, in Linux: `export INFLUXDB_HTTP_SHARED_SECRET=MYSUPERSECRETPASSPHRASE`).
2. **Generate your JWT token**.
Use an authentication service (such as, [https://jwt.io/](https://jwt.io/))
to generate a secure token using your InfluxDB username, an expiration time, and your shared secret.
The payload (or claims) of the token must be in the following format:
```json
{
"username": "myUserName",
"exp": 1516239022
}
```
- **username** - InfluxDB username.
- **exp** - Token expiration in UNIX [epoch time](/enterprise_influxdb/v1.9/query_language/explore-data/#epoch_time).
For increased security, keep token expiration periods short.
For testing, you can manually generate UNIX timestamps using [https://www.unixtimestamp.com/index.php](https://www.unixtimestamp.com/index.php).
To encode the payload using your shared secret, use a JWT library in your own authentication server or encode by hand at [https://jwt.io/](https://jwt.io/).
3. **Include the token in HTTP requests**.
Include your generated token as part of the `Authorization` header in HTTP requests:
```
Authorization: Bearer <myToken>
```
{{% note %}}
Only unexpired tokens will successfully authenticate.
Verify your token has not expired.
{{% /note %}}
#### Example query request with JWT authentication
```bash
curl -G "http://localhost:8086/query?db=demodb" \
--data-urlencode "q=SHOW DATABASES" \
--header "Authorization: Bearer <header>.<payload>.<signature>"
```
## Authentication and authorization HTTP errors
Requests with no authentication credentials or incorrect credentials yield the `HTTP 401 Unauthorized` response.
Requests by unauthorized users yield the `HTTP 403 Forbidden` response.
## Next steps
After configuring authentication,
you can [manage users and permissions](/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/)
as necessary.
{{% enterprise-warning-authn-b4-authz %}}

5
content/enterprise_influxdb/v1.9/administration/manage/security/configure-password-hashing.md → content/enterprise_influxdb/v1.9/administration/configure/security/configure-password-hashing.md
View File

@ -5,12 +5,13 @@ description: >
menu:
enterprise_influxdb_1_9:
name: Configure password hashing
parent: Manage security
weight: 44
parent: Configure security
weight: 40
related:
- /enterprise_influxdb/v1.9/administration/configuration/
aliases:
- /enterprise_influxdb/v1.9/administration/configure-password-hashing/
- /enterprise_influxdb/v1.9/administration/manage/configure-password-hashing/
---
By default, InfluxDB Enterprise uses `bcrypt` for password hashing.

10
content/enterprise_influxdb/v1.9/guides/enable_tls.md → content/enterprise_influxdb/v1.9/administration/configure/security/enable_tls.md
View File

@ -1,14 +1,16 @@
---
title: Enable HTTPS over TLS for InfluxDB Enterprise
title: Configure HTTPS over TLS
description: >
Enabling HTTPS over TLS encrypts the communication between clients and the InfluxDB Enterprise server, and between nodes in the cluster.
menu:
enterprise_influxdb_1_9:
name: Enable TLS
weight: 100
parent: Guides
name: Configure TLS for cluster
parent: Configure security
weight: 20
aliases:
- /enterprise_influxdb/v1.9/guides/https_setup/
- /enterprise_influxdb/v1.9/guides/enable_tls/
- /enterprise_influxdb/v1.9/guides/enable-tls/
---
Enabling HTTPS over TLS encrypts the communication between clients and the InfluxDB Enterprise server, and between nodes in the cluster.

7
content/enterprise_influxdb/v1.9/administration/manage/security/ldap.md → content/enterprise_influxdb/v1.9/administration/configure/security/ldap.md
View File

@ -1,14 +1,15 @@
---
title: Configure LDAP authentication in InfluxDB Enterprise
title: Configure LDAP authentication
description: >
Configure LDAP authentication in InfluxDB Enterprise and test LDAP connectivity.
menu:
enterprise_influxdb_1_9:
name: Configure LDAP authentication
parent: Manage security
weight: 43
parent: Configure security
weight: 30
aliases:
- /enterprise_influxdb/v1.9/administration/ldap/
- /enterprise_influxdb/v1.9/administration/manage/security/ldap/
---
Configure InfluxDB Enterprise to use LDAP (Lightweight Directory Access Protocol) to:

4
content/enterprise_influxdb/v1.9/administration/manage/clusters/rebalance.md
View File

@ -2,8 +2,8 @@
title: Rebalance InfluxDB Enterprise clusters
description: Manually rebalance an InfluxDB Enterprise cluster.
aliases:
- /enterprise/v1.8/guides/rebalance/
- /enterprise/v1.9/guides/rebalance/
- /enterprise_influxdb/v1.8/guides/rebalance/
- /enterprise_influxdb/v1.9/guides/rebalance/
menu:
enterprise_influxdb_1_9:
name: Rebalance clusters

60
content/enterprise_influxdb/v1.9/administration/manage/security/_index.md
View File

@ -1,60 +0,0 @@
---
title: Manage security
description: Configuration, security, and logging in InfluxDB enterprise.
menu:
enterprise_influxdb_1_9:
name: Manage security
weight: 40
parent: Manage
aliases:
- /enterprise_influxdb/v1.9/administration/security/
---
<!--
Some customers may choose to install InfluxDB Enterprise with public internet access,
however doing so can inadvertently expose your data and invite unwelcome attacks on your database.
Check out the sections below for how protect the data in your InfluxDB Enterprise instance.
## Enable authentication
Password protect your InfluxDB Enterprise instance to keep any unauthorized individuals
from accessing your data.
Resources:
[Set up Authentication](/enterprise_influxdb/v1.9/administration/authentication_and_authorization/#set-up-authentication)
## Manage users and permissions
Restrict access by creating individual users and assigning them relevant
read and/or write permissions.
Resources:
[User types and privileges](/enterprise_influxdb/v1.9/administration/authentication_and_authorization/#user-types-and-privileges),
[User management commands](/enterprise_influxdb/v1.9/administration/authentication_and_authorization/#user-management-commands),
[Fine-grained authorization](/enterprise_influxdb/v1.9/guides/fine-grained-authorization/)
## Enable HTTPS
Using HTTPS secures the communication between clients and the InfluxDB server, and, in
some cases, HTTPS verifies the authenticity of the InfluxDB server to clients (bi-directional authentication).
The communicatio between the meta nodes and the data nodes are also secured via HTTPS.
Resources:
[Enabling HTTPS](/enterprise_influxdb/v1.9/guides/https_setup/)
## Secure your host
### Ports
For InfluxDB Enterprise data nodes, close all ports on each host except for port `8086`.
You can also use a proxy to port `8086`. By default, data nodes and meta nodes communicate with each other over '8088','8089',and'8091'
For InfluxDB Enterprise, [backing up and restoring](/enterprise_influxdb/v1.9/administration/backup-and-restore/) is performed from the meta nodes.
### AWS Recommendations
InfluxData recommends implementing on-disk encryption; InfluxDB does not offer built-in support to encrypt the data.
-->
{{< children >}}

541
content/enterprise_influxdb/v1.9/administration/manage/security/authentication_and_authorization.md
View File

@ -1,541 +0,0 @@
---
title: Manage authentication and authorization
description: >
Set up and manage authentication and authorization in InfluxDB Enterprise.
menu:
enterprise_influxdb_1_9:
name: Manage authentication and authorization
parent: Manage security
weight: 41
related:
- /enterprise_influxdb/v1.9/guides/fine-grained-authorization/
- /{{< latest "chronograf" >}}/administration/managing-influxdb-users/
aliases:
- /enterprise_influxdb/v1.9/administration/authentication_and_authorization/
---
This document covers setting up and managing authentication and authorization in InfluxDB Enterprise.
- [Authentication](#authentication)
- [Enable Authentication](#enable-authentication)
- [Authenticate Requests](#authenticate-requests)
- [Authorization](#authorization)
- [User Types and Privileges](#user-types-and-privileges)
- [User Management Commands](#user-management-commands)
- [HTTP Errors](#authentication-and-authorization-http-errors)
## Authentication
Enable authentication in InfluxDB Enterprise
to only allow requests that are sent with valid credentials to execute.
{{% note %}}
#### Plugins not authenticated
Authentication only occurs at the HTTP request scope.
Plugins do not currently have the ability to authenticate requests and service
endpoints (for example, Graphite, collectd, etc.) are not authenticated.
{{% /note %}}
{{% note %}}
#### Authentication recommended on public endpoints
If InfluxDB Enterprise is being deployed on a publicly accessible endpoint,
we **strongly recommend** enabling authentication.
Otherwise, data and potentially destructive commands will be publicly available to any unauthenticated user.
For additional security,
InfluxDB Enterprise should be run behind a third-party service.
Authentication and authorization should not be soley relied upon
to prevent access and protect data from malicious actors.
{{% /note %}}
### Enable authentication
Authentication is disabled by default in InfluxDB and InfluxDB Enterprise.
All credentials are silently ignored, and all users have all privileges.
To enable authentication in a cluster, do the following:
1. **Create at least one [admin user](#admin-users)**.
To create an admin user,
run the following command using the [`influx` CLI](/enterprise_influxdb/v1.9/tools/influx-cli/):
```
CREATE USER admin WITH PASSWORD 'mypassword' WITH ALL PRIVILEGES
```
2. **Enable authentication in your meta and data configuration files**.
Set the `auth-enabled` options to `true` in the `[http]` section:
```toml
[http]
enabled = true
bind-address = ":8086"
auth-enabled = true # Set to true
log-enabled = true
write-tracing = false
pprof-enabled = true
pprof-auth-enabled = true
debug-pprof-enabled = false
ping-auth-enabled = true
https-enabled = true
https-certificate = "/etc/ssl/influxdb.pem"
```
{{% note %}}
If `pprof-enabled` is set to `true`, set `pprof-auth-enabled` and `ping-auth-enabled`
to `true` to require authentication on profiling and ping endpoints.
{{% /note %}}
3. **Restart InfluxDB Enterprise**.
Once restarted, InfluxDB Enterprise checks user credentials on every request and only
processes requests that have valid credentials for an existing user.
### Authenticate requests
#### Authenticate with the InfluxDB API
Authenticate with the [InfluxDB API](/enterprise_influxdb/v1.9/tools/api/) using one of the following options:
- [Authenticate with basic authentication](#authenticate-with-basic-authentication)
- [Authenticate with query parameters in the URL or request body](#authenticate-with-query-parameters-in-the-url-or-request-body)
If you authenticate with both basic authentication **and** the URL query parameters,
the user credentials specified in the query parameters take precedence.
The following examples demonstrate queries with [admin user](#admin-users) permissions.
To learn about different users types, permissions, and how to manage users, see [authorization](#authorization).
{{% note %}}
InfluxDB Enterprise redacts passwords in log output when you enable authentication.
{{% /note %}}
##### Authenticate with basic authentication
```bash
curl -G http://localhost:8086/query \
-u todd:password4todd \
--data-urlencode "q=SHOW DATABASES"
```
##### Authenticate with query parameters in the URL or request body
Set `u` as the username and `p` as the password.
###### Credentials as query parameters
```bash
curl -G "http://localhost:8086/query?u=todd&p=password4todd" \
--data-urlencode "q=SHOW DATABASES"
```
###### Credentials in the request body
```bash
curl -G http://localhost:8086/query \
--data-urlencode "u=todd" \
--data-urlencode "p=password4todd" \
--data-urlencode "q=SHOW DATABASES"
```
#### Authenticate with the CLI
There are three options for authenticating with the [CLI](/enterprise_influxdb/v1.9/tools/influx-cli/):
- [Authenticate with environment variables](#authenticate-with-environment-variables)
- [Authenticate with CLI flags](#authenticate-with-cli-flags)
- [Authenticate with credentials in the influx shell](#authenticate-with-credentials-in-the-influx-shell)
##### Authenticate with environment variables
Use the `INFLUX_USERNAME` and `INFLUX_PASSWORD` environment variables to provide
authentication credentials to the `influx` CLI.
```bash
export INFLUX_USERNAME=todd
export INFLUX_PASSWORD=password4todd
echo $INFLUX_USERNAME $INFLUX_PASSWORD
todd password4todd
influx
Connected to http://localhost:8086 version {{< latest-patch >}}
InfluxDB shell {{< latest-patch >}}
```
##### Authenticate with CLI flags
Use the `-username` and `-password` flags to provide authentication credentials
to the `influx` CLI.
```bash
influx -username todd -password password4todd
Connected to http://localhost:8086 version {{< latest-patch >}}
InfluxDB shell {{< latest-patch >}}
```
##### Authenticate with credentials in the influx shell
Start the `influx` shell and run the `auth` command.
Enter your username and password when prompted.
```bash
$ influx
Connected to http://localhost:8086 version {{< latest-patch >}}
InfluxDB shell {{< latest-patch >}}
> auth
username: todd
password:
>
```
#### Authenticate using JWT tokens
For a more secure alternative to using passwords, include JWT tokens with requests to the InfluxDB API.
This is currently only possible through the [InfluxDB HTTP API](/enterprise_influxdb/v1.9/tools/api/).
1. **Add a shared secret in your InfluxDB Enterprise configuration file**.
InfluxDB Enterprise uses the shared secret to encode the JWT signature.
By default, `shared-secret` is set to an empty string, in which case no JWT authentication takes place.
<!-- TODO: meta, data, or both? -->
Add a custom shared secret in your [InfluxDB configuration file](/enterprise_influxdb/v1.9/administration/configure/config-data-nodes/#shared-secret--).
The longer the secret string, the more secure it is:
```toml
[http]
shared-secret = "my super secret pass phrase"
```
Alternatively, to avoid keeping your secret phrase as plain text in your InfluxDB configuration file,
set the value with the `INFLUXDB_HTTP_SHARED_SECRET` environment variable.
2. **Generate your JWT token**.
Use an authentication service to generate a secure token
using your InfluxDB username, an expiration time, and your shared secret.
There are online tools, such as [https://jwt.io/](https://jwt.io/), that will do this for you.
The payload (or claims) of the token must be in the following format:
```json
{
"username": "myUserName",
"exp": 1516239022
}
```
- **username** - The name of your InfluxDB user.
- **exp** - The expiration time of the token in UNIX epoch time.
For increased security, keep token expiration periods short.
For testing, you can manually generate UNIX timestamps using [https://www.unixtimestamp.com/index.php](https://www.unixtimestamp.com/index.php).
Encode the payload using your shared secret.
You can do this with either a JWT library in your own authentication server or by hand at [https://jwt.io/](https://jwt.io/).
The generated token follows this format: `<header>.<payload>.<signature>`
3. **Include the token in HTTP requests**.
Include your generated token as part of the `Authorization` header in HTTP requests:
```
Authorization: Bearer <myToken>
```
{{% note %}}
Only unexpired tokens will successfully authenticate.
Be sure your token has not expired.
{{% /note %}}
##### Example query request with JWT authentication
```bash
curl -G "http://localhost:8086/query?db=demodb" \
--data-urlencode "q=SHOW DATABASES" \
--header "Authorization: Bearer <header>.<payload>.<signature>"
```
## Authenticate Telegraf requests to InfluxDB
Authenticating [Telegraf](/{{< latest "telegraf" >}}/) requests to an InfluxDB instance with
authentication enabled requires some additional steps.
In the Telegraf configuration file (`/etc/telegraf/telegraf.conf`), uncomment
and edit the `username` and `password` settings.
```toml
###############################################################################
# OUTPUT PLUGINS #
###############################################################################
# ...
[[outputs.influxdb]]
# ...
username = "example-username" # Provide your username
password = "example-password" # Provide your password
# ...
```
Restart Telegraf and you're all set!
## Authorization
Authorization in InfluxDB Enterprise refers to managing user permissions.
To enable authorization, first [enable authentication](#enable-authentication).
This page shows examples of basic user and permission management using InfluxQL statements.
However, *only a subset of Enterprise permissions can be managed with InfluxQL.*
Consider using [Chronograf](/{{< latest "chronograf" >}}/administration/managing-influxdb-users/)
and/or the [Enterprise meta API](/enterprise_influxdb/v1.9/administration/manage/security/authentication_and_authorization-api/)
to manage InfluxDB Enterprise users and roles.
<!-- You cannot specify per-database permissions (grants) for users via Chronograf. -->
### User types and privileges
InfluxDB Enterprise has the following kinds of users:
- [Admin users](#admin-users)
- [Non-admin users](#non-admin-users)
#### Admin users
Admin users have the following permissions:
| Permission | Description | Token |
|:--------------------------|---------------------------------------------------------|------------------------|
| View Admin | Permission to view or edit admin screens | `ViewAdmin` |
| View Chronograf | Permission to use Chronograf tools | `ViewChronograf` |
| Create Databases | Permission to create databases | `CreateDatabase` |
| Create Users & Roles | Permission to create users and roles | `CreateUserAndRole` |
| Add/Remove Nodes | Permission to add/remove nodes from a cluster | `AddRemoveNode` |
| Drop Databases | Permission to drop databases | `DropDatabase` |
| Drop Data | Permission to drop measurements and series | `DropData` |
| Read | Permission to read data | `ReadData` |
| Write | Permission to write data | `WriteData` |
| Rebalance | Permission to rebalance a cluster | `Rebalance` |
| Manage Shards | Permission to copy and delete shards | `ManageShard` |
| Manage Continuous Queries | Permission to create, show, and drop continuous queries | `ManageContnuousQuery` |
| Manage Queries | Permission to show and kill queries | `ManageQuery` |
| Manage Subscriptions | Permission to show, add, and drop subscriptions | `ManageSubscription` |
| Monitor | Permission to show stats and diagnostics | `Monitor` |
| Copy Shard | Permission to copy shards | `CopyShard` |
{{% caption %}}
For more information about these commands,
see [Database management](/enterprise_influxdb/v1.9/query_language/manage-database/) and
[Continuous queries](/enterprise_influxdb/v1.9/query_language/continuous_queries/).
{{% /caption %}}
<!--
Admin users have access to the following user management commands:
| Admin user management | Non-admin user management | General user management |
|:--------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------|-------------------------------------------|
| [`CREATE USER`](#user-management-commands) | [`CREATE USER`](#user-management-commands) | [`SET PASSWORD`](#reset-a-users-password) |
| [`GRANT ALL PRIVILEGES`](#grant-administrative-privileges-to-an-existing-user) | [`GRANT [READ,WRITE,ALL]`](#grant-read-write-or-all-database-privileges-to-an-existing-user) | [`DROP USER`](#drop-a-user) |
| [`REVOKE ALL PRIVILEGES`](#revoke-administrative-privileges-from-an-admin-user) | [`REVOKE [READ,WRITE,ALL]`](#revoke-read-write-or-all-database-privileges-from-an-existing-user) | |
| [`SHOW USERS`](#show-all-existing-users-and-their-admin-status) | | |
{{% caption %}}
See [below](#user-management-commands) for a complete discussion of the user management commands.
{{% /caption %}}
-->
#### Non-admin users
When authentication is enabled
a new non-admin user has no access to any database
until they are specifically [granted privileges to a database](#grant-read-write-or-all-database-privileges-to-an-existing-user)
by an admin user.
Non-admin users can [`SHOW`](/enterprise_influxdb/v1.9/query_language/explore-schema/#show-databases)
the databases for which they have `ReadData` or `WriteData` permissions.
### User management commands
User management commands apply to either
[admin users](#manage-admin-users),
[non-admin users](#manage-non-admin-users),
or [both](#manage-admin-and-non-admin-users).
#### Manage admin users
Create an admin user with:
```sql
CREATE USER admin WITH PASSWORD '<password>' WITH ALL PRIVILEGES
```
{{% note %}}
Repeating the exact `CREATE USER` statement is idempotent.
If any values change the database will return a duplicate user error.
```sql
> CREATE USER todd WITH PASSWORD '123456' WITH ALL PRIVILEGES
> CREATE USER todd WITH PASSWORD '123456' WITH ALL PRIVILEGES
> CREATE USER todd WITH PASSWORD '123' WITH ALL PRIVILEGES
ERR: user already exists
> CREATE USER todd WITH PASSWORD '123456'
ERR: user already exists
> CREATE USER todd WITH PASSWORD '123456' WITH ALL PRIVILEGES
>
```
{{% /note %}}
##### `GRANT` administrative privileges to an existing user
```sql
GRANT ALL PRIVILEGES TO <username>
```
##### `REVOKE` administrative privileges from an admin user
```sql
REVOKE ALL PRIVILEGES FROM <username>
```
##### `SHOW` all existing users and their admin status
```sql
SHOW USERS
```
###### CLI Example
```sql
> SHOW USERS
user admin
todd false
paul true
hermione false
dobby false
```
#### Manage non-admin users
##### `CREATE` a new non-admin user
```sql
CREATE USER <username> WITH PASSWORD '<password>'
```
###### CLI example
```js
> CREATE USER todd WITH PASSWORD 'influxdb41yf3'
> CREATE USER alice WITH PASSWORD 'wonder\'land'
> CREATE USER "rachel_smith" WITH PASSWORD 'asdf1234!'
> CREATE USER "monitoring-robot" WITH PASSWORD 'XXXXX'
> CREATE USER "$savyadmin" WITH PASSWORD 'm3tr1cL0v3r'
```
{{% note %}}
##### Important notes about providing user credentials
- The user value must be wrapped in double quotes if
it starts with a digit, is an InfluxQL keyword, contains a hyphen,
or includes any special characters (for example: `!@#$%^&*()-`).
- The password [string](/influxdb/v1.8/query_language/spec/#strings) must be wrapped in single quotes.
Do not include the single quotes when authenticating requests.
We recommend avoiding the single quote (`'`) and backslash (`\`) characters in passwords.
For passwords that include these characters, escape the special character with a backslash
(e.g. (`\'`) when creating the password and when submitting authentication requests.
- Repeating the exact `CREATE USER` statement is idempotent.
If any values change the database will return a duplicate user error.
###### CLI example
```sql
> CREATE USER "todd" WITH PASSWORD '123456'
> CREATE USER "todd" WITH PASSWORD '123456'
> CREATE USER "todd" WITH PASSWORD '123'
ERR: user already exists
> CREATE USER "todd" WITH PASSWORD '123456'
> CREATE USER "todd" WITH PASSWORD '123456' WITH ALL PRIVILEGES
ERR: user already exists
> CREATE USER "todd" WITH PASSWORD '123456'
>
```
{{% /note %}}
##### `GRANT` `READ`, `WRITE` or `ALL` database privileges to an existing user
```sql
GRANT [READ,WRITE,ALL] ON <database_name> TO <username>
```
CLI examples:
`GRANT` `READ` access to `todd` on the `NOAA_water_database` database:
```sql
> GRANT READ ON "NOAA_water_database" TO "todd"
```
`GRANT` `ALL` access to `todd` on the `NOAA_water_database` database:
```sql
> GRANT ALL ON "NOAA_water_database" TO "todd"
```
##### `REVOKE` `READ`, `WRITE`, or `ALL` database privileges from an existing user
```
REVOKE [READ,WRITE,ALL] ON <database_name> FROM <username>
```
CLI examples:
`REVOKE` `ALL` privileges from `todd` on the `NOAA_water_database` database:
```sql
> REVOKE ALL ON "NOAA_water_database" FROM "todd"
```
`REVOKE` `WRITE` privileges from `todd` on the `NOAA_water_database` database:
```sql
> REVOKE WRITE ON "NOAA_water_database" FROM "todd"
```
{{% note %}}
If a user with `ALL` privileges has `WRITE` privileges revoked, they are left with `READ` privileges, and vice versa.
{{% /note %}}
##### `SHOW` a user's database privileges
```sql
SHOW GRANTS FOR <user_name>
```
CLI example:
```sql
> SHOW GRANTS FOR "todd"
database privilege
NOAA_water_database WRITE
another_database_name READ
yet_another_database_name ALL PRIVILEGES
one_more_database_name NO PRIVILEGES
```
#### Manage admin and non-admin users
##### Reset a user's password
```sql
SET PASSWORD FOR <username> = '<password>'
```
CLI example:
```sql
> SET PASSWORD FOR "todd" = 'password4todd'
```
{{% note %}}
The password [string](/influxdb/v1.8/query_language/spec/#strings) must be wrapped in single quotes.
Do not include the single quotes when authenticating requests.
We recommend avoiding the single quote (`'`) and backslash (`\`) characters in passwords
For passwords that include these characters, escape the special character with a backslash (e.g. (`\'`) when creating the password and when submitting authentication requests.
{{% /note %}}
##### `DROP` a user
```sql
DROP USER <username>
```
CLI example:
```sql
> DROP USER "todd"
```
## Authentication and authorization HTTP errors
Requests with no authentication credentials or incorrect credentials yield the `HTTP 401 Unauthorized` response.
Requests by unauthorized users yield the `HTTP 403 Forbidden` response.

18
content/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/_index.md Normal file
View File

@ -0,0 +1,18 @@
---
title: Manage users and permissions
description: Manage authorization in InfluxDB Enterprise clusters with users, roles, and permissions.
menu:
enterprise_influxdb_1_9:
name: Manage users and permissions
weight: 40
parent: Manage
aliases:
- /enterprise_influxdb/v1.9/administration/authentication_and_authorization/
---
{{% enterprise-warning-authn-b4-authz %}}
_For information about how to configure HTTPs over TLS, LDAP authentication, and password hashing,
see [Configure security](/enterprise_influxdb/v1.9/administration/configure/security/)._
{{< children >}}

223
content/enterprise_influxdb/v1.9/administration/manage/security/authentication_and_authorization-api.md → content/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/authorization-api.md
View File

@ -1,81 +1,38 @@
---
title: Manage users and privileges with the InfluxDB Enterprise Meta API
title: Manage authorization with the InfluxDB Enterprise Meta API
description: >
Set up and manage authentication and authorization in InfluxDB Enterprise.
Manage users and permissions with the InfluxDB Enterprise Meta API.
menu:
enterprise_influxdb_1_9:
name: Manage security with Meta API
parent: Manage security
weight: 42
name: Manage authorization with the API
parent: Manage users and permissions
weight: 41
aliases:
- /enterprise_influxdb/v1.9/administration/manage/security/authentication_and_authorization-api/
- /enterprise_influxdb/v1.9/administration/security/authentication_and_authorization-api/
---
- [Overview](#overview)
- [API examples](#user-and-privilege-management-over-the-influxdb-enterprise-meta-api)
{{% enterprise-warning-authn-b4-authz %}}
## Overview
Authentication and authorization can be managed using the InfluxDB Enterprise Meta API.
User and privilege management means
managing the contents of a user store and the permissions that users can be granted.
It entails creating and deleting users and roles, granting them privileges, and assigning roles to users.
Managing users, roles and privileges can be done using the Chronograf InfluxDB Admin console.
However, certain operations are only available through the Enterprise meta API.
<!-- TODO which operations are API-only? -->
**Users** are granted a set of privileges.
<!-- which define a set of TICK stack resources and APIs available for use. -->
A **role** is a predefined collection of privileges that can be assigned to a user.
A **permission** (also *privilege*) is the ability to access a resource in some way, including:
- viewing the resource
- copying the resource
- dropping the resource
- writing to the resource
- full management capabilities
The level of access and the resource are combined in predefined keys.
<!-- The enforcement of privileges is handled by the respective TICK stack services. -->
Use the InfluxDB Enterprise Meta API to manage authorization for a cluster.
<!--
## permission "tokens"
Predefined key tokens take the form of verb-object pairs.
When the token lacks the verb part, full management privileges are implied.
These predefined tokens are:
-->
* `ViewAdmin`
* `ViewChronograf`
* `CreateDatabase`
* `CreateUserAndRole`
* `AddRemoveNode`
* `DropDatabase`
* `DropData`
* `ReadData`
* `WriteData`
* `Rebalance`
* `ManageShard`
* `ManageContinuousQuery`
* `ManageQuery`
* `ManageSubscription`
* `Monitor`
* `CopyShard`
For more information, see [Enterprise users and permissions](/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/permissions/).
### Example API requests
{{% note %}}
These privileges are system privileges and are separate from the database-specific privileges
that can be inspected using the `show grants for "<USER>"` command when connected to a data node.
Many of the examples below use the `jq` utility to format JSON output for readability.
[Install `jq`](https://stedolan.github.io/jq/download/) to process JSON output.
If you dont have access to `jq`, remove the `| jq` shown in the example.
{{% /note %}}
In addition, two tokens govern Kapacitor permissions:
* `KapacitorAPI`:
Grants the user permission to create, read, update and delete
tasks, topics, handlers and similar Kapacitor artefacts.
* `KapacitorConfigAPI`:
Grants the user permission to override the Kapacitor configuration
dynamically using the configuration endpoint.
### User and privilege management over the InfluxDB Enterprise meta API
**Users**:
- [List users](#list-users)
@ -87,6 +44,7 @@ In addition, two tokens govern Kapacitor permissions:
- [Remove permissions from a user](#remove-permissions-from-a-user)
- [Remove a user](#remove-a-user)
- [Verify user removal](#verify-user-removal)
- [Change a user's password](#change-a-users-password)
**Roles**:
@ -110,8 +68,11 @@ Use the `/user` endpoint of the InfluxDB Enterprise Meta API to manage users.
##### List users
View a list of existing users.
```sh
curl --location-trusted -u "admin:changeit" -s https://cluster_node_1:8091/user | jq
```
$ curl -u "admin:changeit" -s https://cluster_node_1:8091/user | python -m json.tool
```json
{
"users": [
{
@ -151,8 +112,13 @@ Transactions that modify the user store must be sent to the lead meta node using
If the node returns a 307 redirect message,
try resending the request to the lead node as indicated by the `Location` field in the HTTP response header.
```sh
curl --location-trusted -u "admin:changeit" -s -v \
-d '{"action":"create","user":{"name":"phantom2","password":"changeit"}}' \
https://cluster_node_2:8091/user
```
```
$ curl -u "admin:changeit" -s -v -d '{"action":"create","user":{"name":"phantom2","password":"changeit"}}' https://cluster_node_2:8091/user
* Trying 172.31.16.140...
* Connected to cluster_node_2 (172.31.16.140) port 8091 (#0)
* found 149 certificates in /etc/ssl/certs/ca-certificates.crt
@ -195,8 +161,13 @@ $ curl -u "admin:changeit" -s -v -d '{"action":"create","user":{"name":"phantom2
##### Create a user against the lead node
```sh
curl --location-trusted -u "admin:changeit" -s -v \
-d '{"action":"create","user":{"name":"phantom","password":"changeit"}}' \
https://cluster_node_1:8091/user
```
```
$ curl -u "admin:changeit" -s -v -d '{"action":"create","user":{"name":"phantom","password":"changeit"}}' https://cluster_node_1:8091/user
* Trying 172.31.16.108...
* Connected to cluster_node_1 (172.31.16.108) port 8091 (#0)
* found 149 certificates in /etc/ssl/certs/ca-certificates.crt
@ -237,8 +208,11 @@ $ curl -u "admin:changeit" -s -v -d '{"action":"create","user":{"name":"phantom"
##### Retrieve a user details document
```sh
curl --location-trusted --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/user?name=phantom | jq
```
$ curl --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/user?name=phantom | python -m json.tool
```json
{
"users": [
{
@ -252,7 +226,12 @@ $ curl --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/user?name=
##### Grant permissions to a user
```
$ curl --negotiate -u "admin:changeit" -s -v -d '{"action":"add-permissions","user":{"name":"phantom","permissions":{"":["KapacitorAPI","KapacitorConfigAPI"]}}}' https://cluster_node_1:8091/user
curl --location-trusted --negotiate -u "admin:changeit" -s -v \
-d '{"action":"add-permissions","user":{"name":"phantom","permissions":{"":["KapacitorAPI","KapacitorConfigAPI"]}}}' \
https://cluster_node_1:8091/user
```
```
* Trying 172.31.16.108...
* Connected to cluster_node_1 (172.31.16.108) port 8091 (#0)
* found 149 certificates in /etc/ssl/certs/ca-certificates.crt
@ -291,8 +270,11 @@ $ curl --negotiate -u "admin:changeit" -s -v -d '{"action":"add-permissions","us
##### Verify user permissions
```sh
curl --location-trusted --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/user?name=phantom | jq
```
$ curl --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/user?name=phantom | python -m json.tool
```json
{
"users": [
{
@ -311,8 +293,13 @@ $ curl --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/user?name=
##### Remove permissions from a user
```sh
curl --location-trusted --negotiate -u "admin:changeit" -s -v \
-d '{"action":"remove-permissions","user":{"name":"phantom","permissions":{"":["KapacitorConfigAPI"]}}}' \
https://cluster_node_1:8091/user
```
```
$ curl --negotiate -u "admin:changeit" -s -v -d '{"action":"remove-permissions","user":{"name":"phantom","permissions":{"":["KapacitorConfigAPI"]}}}' https://cluster_node_1:8091/user
* Trying 172.31.16.108...
* Connected to cluster_node_1 (172.31.16.108) port 8091 (#0)
* found 149 certificates in /etc/ssl/certs/ca-certificates.crt
@ -351,8 +338,13 @@ $ curl --negotiate -u "admin:changeit" -s -v -d '{"action":"remove-permissions",
##### Remove a user
```sh
curl --location-trusted --negotiate -u "admin:changeit" -s -v \
-d '{"action":"delete","user":{"name":"phantom2"}}' \
https://cluster_node_1:8091/user
```
```
$ curl --negotiate -u "admin:changeit" -s -v -d '{"action":"delete","user":{"name":"phantom2"}}' https://cluster_node_1:8091/user
* Trying 172.31.16.108...
* Connected to cluster_node_1 (172.31.16.108) port 8091 (#0)
* found 149 certificates in /etc/ssl/certs/ca-certificates.crt
@ -391,19 +383,37 @@ $ curl --negotiate -u "admin:changeit" -s -v -d '{"action":"delete","user":{"nam
##### Verify user removal
```sh
curl --location-trusted --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/user?name=phantom
```
$ curl --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/user?name=phantom
{"error":"user not found"}
```json
{
"error": "user not found"
}
```
##### Change a user's password
```sh
curl --location-trusted -u "admin:changeit" -H "Content-Type: application/json" \
-d '{"action": "change-password", "user": {"name": "<username>", "password": "newpassword"}}' \
localhost:8091/user
```
<!-- TODO -->
#### Roles
The Influxd-Meta API provides an endpoint `/role` for managing roles.
##### List roles
```sh
curl --location-trusted --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/role | jq
```
```
$ curl --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/role | python -m json.tool
{}
```
@ -412,8 +422,13 @@ As when creating a user the lead node must be used.
##### Create a role
```sh
curl --location-trusted --negotiate -u "admin:changeit" -v \
-d '{"action":"create","role":{"name":"spectre"}}' \
https://cluster_node_1:8091/role
```
```
$ curl --negotiate -u "admin:changeit" -v -d '{"action":"create","role":{"name":"spectre"}}' https://cluster_node_1:8091/role
* Trying 172.31.16.108...
* Connected to cluster_node_1 (172.31.16.108) port 8091 (#0)
* found 149 certificates in /etc/ssl/certs/ca-certificates.crt
@ -454,8 +469,11 @@ $ curl --negotiate -u "admin:changeit" -v -d '{"action":"create","role":{"name"
##### Verify roles
Verify the role has been created.
```sh
curl --location-trusted --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/role | jq
```
$ curl --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/role | python -m json.tool
```json
{
"roles": [
{
@ -472,8 +490,11 @@ $ curl --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/role | pyt
##### Retrieve a role document
Retrieve a record for a single node.
```sh
curl --location-trusted --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/role?name=spectre | jq
```
curl --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/role?name=spectre | python -m json.tool
```json
{
"roles": [
{
@ -486,8 +507,13 @@ curl --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/role?name=sp
##### Add permissions to a role
Add permissions to a role.
```sh
curl --location-trusted --negotiate -u "admin:changeit" -s -v \
-d '{"action":"add-permissions","role":{"name":"spectre","permissions":{"":["KapacitorAPI","KapacitorConfigAPI"]}}}' \
https://cluster_node_1:8091/role
```
```
$ curl --negotiate -u "admin:changeit" -s -v -d '{"action":"add-permissions","role":{"name":"spectre","permissions":{"":["KapacitorAPI","KapacitorConfigAPI"]}}}' https://cluster_node_1:8091/role
* Trying 172.31.16.108...
* Connected to cluster_node_1 (172.31.16.108) port 8091 (#0)
* found 149 certificates in /etc/ssl/certs/ca-certificates.crt
@ -528,8 +554,11 @@ $ curl --negotiate -u "admin:changeit" -s -v -d '{"action":"add-permissions","ro
##### Verify role permissions
Verify permissions have been added.
```sh
curl --location-trusted --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/role?name=spectre | jq
```
$ curl --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/role?name=spectre | python -m json.tool
```json
{
"roles": [
{
@ -547,8 +576,13 @@ $ curl --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/role?name=
##### Add a user to a role
```sh
curl --location-trusted --negotiate -u "admin:changeit" -s -v \
-d '{"action":"add-users","role":{"name":"spectre","users":["phantom"]}}' \
https://cluster_node_1:8091/role
```
```
$ curl --negotiate -u "admin:changeit" -s -v -d '{"action":"add-users","role":{"name":"spectre","users":["phantom"]}}' https://cluster_node_1:8091/role
* Trying 172.31.16.108...
* Connected to cluster_node_1 (172.31.16.108) port 8091 (#0)
* found 149 certificates in /etc/ssl/certs/ca-certificates.crt
@ -589,8 +623,11 @@ $ curl --negotiate -u "admin:changeit" -s -v -d '{"action":"add-users","role":{"
##### Verify user in role
Verify user has been added to role.
```sh
curl --location-trusted --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/role?name=spectre | jq
```
$ curl --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/role?name=spectre | python -m json.tool
```json
{
"roles": [
{
@ -611,8 +648,13 @@ $ curl --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/role?name=
##### Remove a user from a role
```sh
curl --location-trusted --negotiate -u "admin:changeit" -s -v \
-d '{"action":"remove-users","role":{"name":"spectre","users":["phantom"]}}' \
https://admin:changeit@cluster_node_1:8091/role
```
```
$ curl --negotiate -u "admin:changeit" -s -v -d '{"action":"remove-users","role":{"name":"spectre","users":["phantom"]}}' https://admin:changeit@cluster_node_1:8091/role
* Trying 172.31.16.108...
* Connected to cluster_node_1 (172.31.16.108) port 8091 (#0)
* found 149 certificates in /etc/ssl/certs/ca-certificates.crt
@ -652,8 +694,13 @@ $ curl --negotiate -u "admin:changeit" -s -v -d '{"action":"remove-users","role"
##### Remove a permission from a role
```sh
curl --location-trusted --negotiate -u "admin:changeit" -s -v \
-d '{"action":"remove-permissions","role":{"name":"spectre","permissions":{"":["KapacitorConfigAPI"]}}}' \
https://cluster_node_1:8091/role
```
```
$ curl --negotiate -u "admin:changeit" -s -v -d '{"action":"remove-permissions","role":{"name":"spectre","permissions":{"":["KapacitorConfigAPI"]}}}' https://cluster_node_1:8091/role
* Trying 172.31.16.108...
* Connected to cluster_node_1 (172.31.16.108) port 8091 (#0)
* found 149 certificates in /etc/ssl/certs/ca-certificates.crt
@ -693,8 +740,13 @@ $ curl --negotiate -u "admin:changeit" -s -v -d '{"action":"remove-permissions",
##### Delete a role
```sh
curl --location-trusted --negotiate -u "admin:changeit" -s -v \
-d '{"action":"delete","role":{"name":"spectre"}}' \
https://cluster_node_1:8091/role
```
```
$ curl --negotiate -u "admin:changeit" -s -v -d '{"action":"delete","role":{"name":"spectre"}}' https://cluster_node_1:8091/role
* Trying 172.31.16.108...
* Connected to cluster_node_1 (172.31.16.108) port 8091 (#0)
* found 149 certificates in /etc/ssl/certs/ca-certificates.crt
@ -734,8 +786,11 @@ $ curl --negotiate -u "admin:changeit" -s -v -d '{"action":"delete","role":{"nam
##### Verify role deletion
```sh
curl --location-trusted --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/role?name=spectre | jq
```
$ curl --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/role?name=spectre | python -m json.tool
```json
{
"error": "role not found"
}

255
content/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/authorization-influxql.md Normal file
View File

@ -0,0 +1,255 @@
---
title: Manage authorization with InfluxQL
description: >
Manage users and permissions with InfluxQL.
menu:
enterprise_influxdb_1_9:
parent: Manage users and permissions
weight: 40
related:
- /enterprise_influxdb/v1.9/administration/manage/security/authorization-api.md
- /{{< latest "chronograf" >}}/administration/managing-influxdb-users/
- /enterprise_influxdb/v1.9/administration/manage/security/fine-grained-authorization/
aliases:
- /enterprise_influxdb/v1.9/administration/manage/security/authentication_and_authorization-api/
---
{{% enterprise-warning-authn-b4-authz %}}
{{% note %}}
We recommend using [Chronograf](/{{< latest "chronograf" >}}/administration/managing-influxdb-users/)
and/or the [Enterprise meta API](/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/authorization-api/)
to manage InfluxDB Enterprise users and roles.
{{% /note %}}
{{% warn %}}
Outside of [creating users](/enterprise_influxdb/v1.9/query_language/spec/#create-user),
we recommend operators *do not* mix and match InfluxQL
with other authorization management methods (Chronograf and the API).
Doing so may lead to inconsistencies in user permissions.
{{% /warn %}}
This page shows examples of basic user and permission management using InfluxQL statements.
However, *only a subset of Enterprise permissions can be managed with InfluxQL.*
Using InfluxQL, you can perform the following actions:
- Create new users and assign them either the admin role (or no role).
- grant `READ` and/or `WRITE` permissions to users. (`READ`, `WRITE`, `ALL`)
- `REVOKE` permissions from users.
- `GRANT` or `REVOKE` specific database access to individual users.
However, InfluxDB Enterprise offers an [*expanded set of permissions*](/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/permissions/#permissions).
You can use the Meta API and Chronograf to access and assign these more granular permissions to individual users.
The [InfluxDB Enterprise meta API](/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/authorization-api/)
provides the most comprehensive way to manage users, roles, permission
and other [fine grained authorization](/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/fine-grained-authorization/) (FGA) capabilities.
#### Non-admin users
When authentication is enabled,
a new non-admin user has no access to any database
until they are specifically [granted privileges to a database](#grant-read-write-or-all-database-privileges-to-an-existing-user)
by an admin user.
Non-admin users can [`SHOW`](/enterprise_influxdb/v1.9/query_language/explore-schema/#show-databases)
the databases for which they have `ReadData` or `WriteData` permissions.
### User management commands
User management commands apply to either
[admin users](#manage-admin-users),
[non-admin users](#manage-non-admin-users),
or [both](#manage-admin-and-non-admin-users).
For more information about these commands,
see [Database management](/enterprise_influxdb/v1.9/query_language/manage-database/) and
[Continuous queries](/enterprise_influxdb/v1.9/query_language/continuous_queries/).
#### Manage admin users
Create an admin user with:
```sql
CREATE USER admin WITH PASSWORD '<password>' WITH ALL PRIVILEGES
```
{{% note %}}
Repeating the exact `CREATE USER` statement is idempotent.
If any values change the database will return a duplicate user error.
```sql
> CREATE USER todd WITH PASSWORD '123456' WITH ALL PRIVILEGES
> CREATE USER todd WITH PASSWORD '123456' WITH ALL PRIVILEGES
> CREATE USER todd WITH PASSWORD '123' WITH ALL PRIVILEGES
ERR: user already exists
> CREATE USER todd WITH PASSWORD '123456'
ERR: user already exists
> CREATE USER todd WITH PASSWORD '123456' WITH ALL PRIVILEGES
>
```
{{% /note %}}
##### `GRANT` administrative privileges to an existing user
```sql
GRANT ALL PRIVILEGES TO <username>
```
##### `REVOKE` administrative privileges from an admin user
```sql
REVOKE ALL PRIVILEGES FROM <username>
```
##### `SHOW` all existing users and their admin status
```sql
SHOW USERS
```
###### CLI Example
```sql
> SHOW USERS
user admin
todd false
paul true
hermione false
dobby false
```
#### Manage non-admin users
##### `CREATE` a new non-admin user
```sql
CREATE USER <username> WITH PASSWORD '<password>'
```
###### CLI example
```js
> CREATE USER todd WITH PASSWORD 'influxdb41yf3'
> CREATE USER alice WITH PASSWORD 'wonder\'land'
> CREATE USER "rachel_smith" WITH PASSWORD 'asdf1234!'
> CREATE USER "monitoring-robot" WITH PASSWORD 'XXXXX'
> CREATE USER "$savyadmin" WITH PASSWORD 'm3tr1cL0v3r'
```
{{% note %}}
##### Important notes about providing user credentials
- The user value must be wrapped in double quotes if
it starts with a digit, is an InfluxQL keyword, contains a hyphen,
or includes any special characters (for example: `!@#$%^&*()-`).
- The password [string](/influxdb/v1.8/query_language/spec/#strings) must be wrapped in single quotes.
Do not include the single quotes when authenticating requests.
We recommend avoiding the single quote (`'`) and backslash (`\`) characters in passwords.
For passwords that include these characters, escape the special character with a backslash
(e.g. (`\'`) when creating the password and when submitting authentication requests.
- Repeating the exact `CREATE USER` statement is idempotent.
If any values change the database will return a duplicate user error.
###### CLI example
```sql
> CREATE USER "todd" WITH PASSWORD '123456'
> CREATE USER "todd" WITH PASSWORD '123456'
> CREATE USER "todd" WITH PASSWORD '123'
ERR: user already exists
> CREATE USER "todd" WITH PASSWORD '123456'
> CREATE USER "todd" WITH PASSWORD '123456' WITH ALL PRIVILEGES
ERR: user already exists
> CREATE USER "todd" WITH PASSWORD '123456'
>
```
{{% /note %}}
##### `GRANT` `READ`, `WRITE` or `ALL` database privileges to an existing user
```sql
GRANT [READ,WRITE,ALL] ON <database_name> TO <username>
```
CLI examples:
`GRANT` `READ` access to `todd` on the `NOAA_water_database` database:
```sql
> GRANT READ ON "NOAA_water_database" TO "todd"
```
`GRANT` `ALL` access to `todd` on the `NOAA_water_database` database:
```sql
> GRANT ALL ON "NOAA_water_database" TO "todd"
```
##### `REVOKE` `READ`, `WRITE`, or `ALL` database privileges from an existing user
```
REVOKE [READ,WRITE,ALL] ON <database_name> FROM <username>
```
CLI examples:
`REVOKE` `ALL` privileges from `todd` on the `NOAA_water_database` database:
```sql
> REVOKE ALL ON "NOAA_water_database" FROM "todd"
```
`REVOKE` `WRITE` privileges from `todd` on the `NOAA_water_database` database:
```sql
> REVOKE WRITE ON "NOAA_water_database" FROM "todd"
```
{{% note %}}
If a user with `ALL` privileges has `WRITE` privileges revoked, they are left with `READ` privileges, and vice versa.
{{% /note %}}
##### `SHOW` a user's database privileges
```sql
SHOW GRANTS FOR <user_name>
```
CLI example:
```sql
> SHOW GRANTS FOR "todd"
database privilege
NOAA_water_database WRITE
another_database_name READ
yet_another_database_name ALL PRIVILEGES
one_more_database_name NO PRIVILEGES
```
#### Manage admin and non-admin users
##### Reset a user's password
```sql
SET PASSWORD FOR <username> = '<password>'
```
CLI example:
```sql
> SET PASSWORD FOR "todd" = 'password4todd'
```
{{% note %}}
The password [string](/influxdb/v1.8/query_language/spec/#strings) must be wrapped in single quotes.
Do not include the single quotes when authenticating requests.
We recommend avoiding the single quote (`'`) and backslash (`\`) characters in passwords
For passwords that include these characters, escape the special character with a backslash (e.g. (`\'`) when creating the password and when submitting authentication requests.
{{% /note %}}
##### `DROP` a user
```sql
DROP USER <username>
```
CLI example:
```sql
> DROP USER "todd"
```

29
content/enterprise_influxdb/v1.9/guides/fine-grained-authorization.md → content/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/fine-grained-authorization.md
View File

@ -1,26 +1,24 @@
---
title: Use fine-grained authorization in InfluxDB Enterprise
title: Manage fine-grained authorization
description: >
Fine-grained authorization (FGA) in InfluxDB Enterprise controls user access at the database, measurement, and series levels.
alias:
-/docs/v1.5/administration/fga
menu:
enterprise_influxdb_1_9:
name: Use fine-grained authorization
weight: 10
parent: Guides
parent: Manage users and permissions
weight: 44
aliases:
- /docs/v1.5/administration/fga
- /enterprise_influxdb/v1.9/guides/fine-grained-authorization/
related:
- /enterprise_influxdb/v1.9/administration/authentication_and_authorization/
- /{{< latest "chronograf" >}}/administration/managing-influxdb-users/
---
Use fine-grained authorization (FGA) in InfluxDB Enterprise to control user access at the database, measurement, and series levels.
{{% enterprise-warning-authn-b4-authz %}}
{{% note %}}
**Note:** InfluxDB OSS controls access at the database level only.
{{% /note %}}
Use fine-grained authorization (FGA) to control user access at the database, measurement, and series levels.
You must have [admin permissions](/enterprise_influxdb/v1.9/administration/authentication_and_authorization/#admin-user-management) to set up FGA.
You must have [admin permissions](/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/permissions/#admin) to set up FGA.
{{% warn %}}
#### FGA does not apply to Flux
@ -28,9 +26,14 @@ FGA does not restrict actions performed by Flux queries (both read and write).
If using FGA, we recommend [disabling Flux](/enterprise_influxdb/v{{< current-version >}}/flux/installation/).
{{% /warn %}}
{{% note %}}
FGA is only available in InfluxDB Enterprise.
InfluxDB OSS 1.x controls access at the database level only.
{{% /note %}}
## Set up fine-grained authorization
1. [Enable authentication](/enterprise_influxdb/v1.9/administration/authentication_and_authorization/#set-up-authentication) in your InfluxDB configuration file.
1. [Enable authentication](/enterprise_influxdb/v1.9/administration/configure/security/authentication/) in your InfluxDB configuration file.
2. Create users through the InfluxDB query API.
@ -38,7 +41,7 @@ If using FGA, we recommend [disabling Flux](/enterprise_influxdb/v{{< current-ve
CREATE USER username WITH PASSWORD 'password'
```
For more information, see [User management commands](/enterprise_influxdb/v1.9/administration/authentication_and_authorization/#user-management-commands).
For more information, see [User management commands](/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/authorization-influxql/#user-management-commands).
3. Ensure that you can access the **meta node** API (port 8091 by default).

84
content/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/introduction-to-auth.md Normal file
View File

@ -0,0 +1,84 @@
---
title: Introduction to authorization in InfluxDB Enterprise
description: >
Learn the basics of managing users and permissions in InfluxDB Enterprise.
menu:
enterprise_influxdb_1_9:
name: Introduction to authorization
parent: Manage users and permissions
weight: 30
related:
- /enterprise_influxdb/v1.9/guides/fine-grained-authorization/
- /{{< latest "chronograf" >}}/administration/managing-influxdb-users/
---
Authorization in InfluxDB Enterprise refers to managing user permissions.
To secure and manage access to an InfluxDB Enterprise cluster,
first [configure authentication](/enterprise_influxdb/v1.9/administration/configure/security/authentication/).
You can then manage users and permissions as necessary.
This page is meant to help new users choose the best method
for managing permissions in InfluxDB Enterprise.
## Permissions in InfluxDB Enterprise
InfluxDB Enterprise has an [expanded set of 16 permissions](/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/permissions/#permissions).
These permissions allow for
controlling read and write access to data for all databases and for individual databases,
as well as permitting certain cluster-management actions like creating or deleting resources.
InfluxDB 1.x OSS only supports database-level privileges: `READ` and `WRITE`.
A third permission, `ALL`, grants admin privileges.
These three permissions exist in InfluxDB Enterprise as well.
They can _only be granted by using InfluxQL_.
## Manage user authorization
Choose one of the following methods manage authorizations in InfluxDB Enterprise:
- using [InfluxQL](#manage-read-and-write-privileges-with-influxql)
{{% note %}}
InfluxQL can can only grant `READ`, `WRITE`, and `ALL PRIVILEGES` privileges.
To use the full set of InfluxDB Enterprise [permissions](/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/permissions/),
use [Chronograf](#manage-specific-privileges-with-chronograf)
or the [Meta API (recommended)](#influxdb-enterprise-meta-api).
{{% /note %}}
- using [Chronograf](#manage-enterprise-permissions-with-chronograf)
- using the [InfluxDB Enterprise meta API](#manage-enterprise-permissions-with-the-meta-api) (**Recommended**)
### Manage read and write privileges with InfluxQL
If you only need to manage basic `READ`, `WRITE`, and `ALL` privileges,
use InfluxQL to manage authorizations.
(For instance, if you upgraded from InfluxDB OSS 1.x
and do not need the more detailed authorization in InfluxDB Enterprise, continue to use InfluxQL.)
{{% warn %}}
We recommend operators *do not* mix and match InfluxQL
with other authorization management methods (Chronograf and the API).
Doing so may lead to inconsistencies in user permissions.
{{% /warn %}}
### Manage Enterprise permissions with Chronograf
The Chronograf user interface can manage the
[full set of InfluxDB Enterprise permissions](/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/permissions/#permissions).
The permissions listed in Chronograf are global for the cluster, and available through the API.
Outside of [FGA](/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/fine-grained-authorization),
the only database-level permissions available are the basic `READ` and `WRITE`.
These can only be managed using [InfluxQL](#manage-read-and-write-privileges-with-influxql).
Chronograf can only set permissions globally, for all databases, within a cluster.
If you need to set permissions at the database level, use the [Meta API](#influxdb-enterprise-meta-api).
See ["Manage InfluxDB users in Chronograf"](/chronograf/v1.9/administration/managing-influxdb-users/)
for instructions.
### Manage Enterprise permissions with the Meta API
The InfluxDB Enterprise API is the
recommended method for managing permissions.
For more information on using the meta API,
see [here](/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/authorization-api).

77
content/enterprise_influxdb/v1.9/features/users.md → content/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/permissions.md
View File

@ -1,19 +1,19 @@
---
title: InfluxDB Enterprise users
description: Overview of users in InfluxDB Enterprise.
aliases:
- /enterprise/v1.8/features/users/
title: Enterprise users and permissions reference
description: >
Detailed reference for users, roles, permissions, and permission-to-statement mappings.
menu:
enterprise_influxdb_1_9:
weight: 0
parent: Enterprise features
parent: Manage users and permissions
weight: 100
aliases:
- /enterprise_influxdb/v1.9/features/users/
---
<!--
Consider:
Penelope, who has a Dev role, w/ permissions: she can Manage Queries, Monitor, Add/remove Nodes.
Jim has role Marketing, w/ permissions: he can View Admin, Graph Role, View Chronograf.
-->
{{% enterprise-warning-authn-b4-authz %}}
- [Users](#users)
- [Permissions](#permissions)
## Users
@ -40,28 +40,45 @@ permissions to:
* Manage Shards
* Rebalance
### Permissions
## Permissions
A **permission** (also *privilege*) is the ability to access a resource in some way, including:
- viewing the resource
- copying the resource
- dropping the resource
- writing to the resource
- full management capabilities
InfluxDB Enterprise clusters have 16 permissions:
| Permission | Description |
|:--------------------------|---------------------------------------------------------|
| View Admin | Permission to view or edit admin screens |
| View Chronograf | Permission to use Chronograf tools |
| Create Databases | Permission to create databases |
| Create Users & Roles | Permission to create users and roles |
| Add/Remove Nodes | Permission to add/remove nodes from a cluster |
| Drop Databases | Permission to drop databases |
| Drop Data | Permission to drop measurements and series |
| Read | Permission to read data |
| Write | Permission to write data |
| Rebalance | Permission to rebalance a cluster |
| Manage Shards | Permission to copy and delete shards |
| Manage Continuous Queries | Permission to create, show, and drop continuous queries |
| Manage Queries | Permission to show and kill queries |
| Manage Subscriptions | Permission to show, add, and drop subscriptions |
| Monitor | Permission to show stats and diagnostics |
| Copy Shard | Permission to copy shards |
| Permission | Description | Token |
|:--------------------------|---------------------------------------------------------|------------------------|
| View Admin | Permission to view or edit admin screens | `ViewAdmin` |
| View Chronograf | Permission to use Chronograf tools | `ViewChronograf` |
| Create Databases | Permission to create databases | `CreateDatabase` |
| Create Users & Roles | Permission to create users and roles | `CreateUserAndRole` |
| Add/Remove Nodes | Permission to add/remove nodes from a cluster | `AddRemoveNode` |
| Drop Databases | Permission to drop databases | `DropDatabase` |
| Drop Data | Permission to drop measurements and series | `DropData` |
| Read | Permission to read data | `ReadData` |
| Write | Permission to write data | `WriteData` |
| Rebalance | Permission to rebalance a cluster | `Rebalance` |
| Manage Shards | Permission to copy and delete shards | `ManageShard` |
| Manage Continuous Queries | Permission to create, show, and drop continuous queries | `ManageContnuousQuery` |
| Manage Queries | Permission to show and kill queries | `ManageQuery` |
| Manage Subscriptions | Permission to show, add, and drop subscriptions | `ManageSubscription` |
| Monitor | Permission to show stats and diagnostics | `Monitor` |
| Copy Shard | Permission to copy shards | `CopyShard` |
In addition, two tokens govern Kapacitor permissions:
* `KapacitorAPI`:
Grants the user permission to create, read, update and delete
tasks, topics, handlers and similar Kapacitor artefacts.
* `KapacitorConfigAPI`:
Grants the user permission to override the Kapacitor configuration
dynamically using the configuration endpoint.
### Permission to Statement

2
content/enterprise_influxdb/v1.9/administration/monitor/logs.md
View File

@ -111,7 +111,7 @@ The service configuration file is `/etc/default/influx-enterprise`.
### Use logrotate
You can use [logrotate](http://manpages.ubuntu.com/manpages/cosmic/en/man8/logrotate.8.html)
You can use [logrotate](https://manpages.ubuntu.com/manpages/jammy/en/man8/logrotate.8.html)
to rotate the log files generated by InfluxDB on systems where logs are written to flat files.
If using the package install on a sysvinit system, the config file for logrotate is installed in `/etc/logrotate.d`.
You can view the file [here](https://github.com/influxdb/influxdb/blob/master/scripts/logrotate).

2
content/enterprise_influxdb/v1.9/administration/monitor/monitor-with-cloud.md
View File

@ -182,4 +182,4 @@ Send a notification to PagerDuty or HTTP endpoints (other webhooks) by [upgradin
For InfluxDB Enterprise customers, Insights and Aware are free services that can monitor your data. InfluxDB Insights sends your data to a private Cloud account and will be monitored with the help of the support team. InfluxDB Aware is a similar service, but you monitor your data yourself.
To apply for this service, please contact the [support team](support@influxdata.com).
To apply for this service, please contact the [InfluxData Support team](mailto:support@influxdata.com).

1
content/enterprise_influxdb/v1.9/concepts/clustering.md
View File

@ -4,6 +4,7 @@ description: >
Learn how meta nodes and data nodes interact in InfluxDB Enterprise.
aliases:
- /enterprise/v1.9/concepts/clustering/
- /enterprise_influxdb/v1.9/high_availability/clusters/
menu:
enterprise_influxdb_1_9:
name: Clustering

69
content/enterprise_influxdb/v1.9/features/_index.md
View File

@ -9,4 +9,71 @@ menu:
weight: 60
---
{{< children hlevel="h2" >}}
InfluxDB Enterprise has additional capabilities that enhance
[availability](#clustering),
[scalability](#clustering), and
[security](#security),
and provide [eventual consistency](#eventual-consistency).
## Clustering
InfluxDB Enterprise runs on a network of independent servers, a *cluster*,
to provide fault tolerance, availability, and horizontal scalability of the database.
While many InfluxDB Enterprise features are available
when run with a single meta node and a single data node, this configuration does not take advantage of the clustering capablity
or ensure high availablity.
Nodes can be added to an existing cluster to improve database performance for querying and writing data.
Certain configurations (e.g., 3 meta and 2 data node) provide high-availability assurances
while making certain tradeoffs in query peformance when compared to a single node.
Further increasing the number of nodes can improve performance in both respects.
For example, a cluster with 4 data nodes and a [replication factor](https://docs.influxdata.com/enterprise_influxdb/v1.9/concepts/glossary/#replication-factor)
of 2 can support a higher volume of write traffic than a single node could.
It can also support a higher *query* workload, as the data is replicated
in two locations. Performance of the queries may be on par with a single
node in cases where the query can be answered directly by the node which
receives the query.
For more information on clustering, see [Clustering in InfluxDB Enterprise](/enterprise_influxdb/v1.9/concepts/clustering/).
## Security
Enterprise authorization uses an expanded set of [*16 user permissions and roles*](/enterprise_influxdb/v1.9/features/users/).
(InfluxDB OSS only has `READ` and `WRITE` permissions.)
Administrators can give users permission to read and write to databases,
create and remove databases, rebalance a cluster, and manage particular resources.
Organizations can automate managing permissions with the [InfluxDB Enterprise Meta API](/enterprise_influxdb/v1.9/administration/manage/security/authentication_and_authorization-api/).
[Fine-grained authorization](/enterprise_influxdb/v1.9/guides/fine-grained-authorization/)
for particular data is also available.
InfluxDB Enterprise can also use [LDAP for managing authentication](/enterprise_influxdb/v1.9/administration/manage/security/ldap/).
For FIPS compliance, InfluxDB Enterprise password hashing alogrithms are configurable.
{{% note %}}
Kapacitor OSS can also delegate its LDAP and security setup to InfluxDB Enterprise.
For details, see ["Set up InfluxDB Enterprise authorizations"](/{{< latest "kapacitor" >}}/administration/auth/influxdb-enterprise-auth/).
{{% /note %}}
## Eventual consistency
### Hinted handoff
Hinted handoff (HH) is how InfluxDB Enterprise deals with data node outages while writes are happening.
HH is essentially a durable disk based queue.
For more information, see ["Hinted handoff"](/enterprise_influxdb/v1.9/concepts/clustering/#hinted-handoff).
### Anti-entropy
Anti-entropy is an optional service to eliminate edge cases related to cluster consistency.
For more information, see ["Use Anti-Entropy service in InfluxDB Enterprise"](/enterprise_influxdb/v1.9/administration/anti-entropy/).
---
{{< children hlevel="h3" >}}

8
content/enterprise_influxdb/v1.9/features/clustering-features.md
View File

@ -10,6 +10,14 @@ menu:
parent: Enterprise features
---
{{% note %}}
_For an overview of InfluxDB Enterprise security features,
see ["InfluxDB Enterprise features - Security"](/enterprise_influxdb/v1.9/features/#security).
To secure your InfluxDB Enterprise cluster, see
["Configure security"](/enterprise_influxdb/v1.9/administration/configure/security/)
and ["Manage security"](/enterprise_influxdb/v1.9/administration/manage/security/)_.
{{% /note %}}
## Entitlements
A valid license key is required in order to start `influxd-meta` or `influxd`.

2
content/enterprise_influxdb/v1.9/flux/flux-vs-influxql.md
View File

@ -106,7 +106,7 @@ join(
### Sort by tags
InfluxQL's sorting capabilities are very limited, allowing you only to control the
sort order of `time` using the `ORDER BY time` clause.
Flux's [`sort()` function](/{{< latest "flux" >}}/stdlib/universer/sort) sorts records based on list of columns.
Flux's [`sort()` function](/{{< latest "flux" >}}/stdlib/universe/sort) sorts records based on list of columns.
Depending on the column type, records are sorted lexicographically, numerically, or chronologically.
```js

191
content/enterprise_influxdb/v1.9/guides/authenticate.md Normal file
View File

@ -0,0 +1,191 @@
---
title: Authenticate requests to InfluxDB Enterprise
description: >
Calculate percentages using basic math operators available in InfluxQL or Flux.
This guide walks through use cases and examples of calculating percentages from two values in a single query.
menu:
enterprise_influxdb_1_9:
weight: 25
parent: Guides
name: Authenticate requests
---
_To require valid credentials for cluster access, see ["Enable authentication"](/enterprise_influxdb/v1.9/administration/configure/security/authentication/)._
## Authenticate requests
### Authenticate with the InfluxDB API
Authenticate with the [InfluxDB API](/enterprise_influxdb/v1.9/tools/api/) using one of the following options:
- [Authenticate with basic authentication](#authenticate-with-basic-authentication)
- [Authenticate with query parameters in the URL or request body](#authenticate-with-query-parameters-in-the-url-or-request-body)
If you authenticate with both basic authentication **and** the URL query parameters,
the user credentials specified in the query parameters take precedence.
The following examples demonstrate queries with [admin user](#admin-users) permissions.
To learn about different users types, permissions, and how to manage users, see [authorization](#authorization).
{{% note %}}
InfluxDB Enterprise redacts passwords in log output when you enable authentication.
{{% /note %}}
#### Authenticate with basic authentication
```bash
curl -G http://localhost:8086/query \
-u todd:password4todd \
--data-urlencode "q=SHOW DATABASES"
```
#### Authenticate with query parameters in the URL or request body
Set `u` as the username and `p` as the password.
##### Credentials as query parameters
```bash
curl -G "http://localhost:8086/query?u=todd&p=password4todd" \
--data-urlencode "q=SHOW DATABASES"
```
##### Credentials in the request body
```bash
curl -G http://localhost:8086/query \
--data-urlencode "u=todd" \
--data-urlencode "p=password4todd" \
--data-urlencode "q=SHOW DATABASES"
```
### Authenticate with the CLI
There are three options for authenticating with the [CLI](/enterprise_influxdb/v1.9/tools/influx-cli/):
- [Authenticate with environment variables](#authenticate-with-environment-variables)
- [Authenticate with CLI flags](#authenticate-with-cli-flags)
- [Authenticate with credentials in the influx shell](#authenticate-with-credentials-in-the-influx-shell)
#### Authenticate with environment variables
Use the `INFLUX_USERNAME` and `INFLUX_PASSWORD` environment variables to provide
authentication credentials to the `influx` CLI.
```bash
export INFLUX_USERNAME=todd
export INFLUX_PASSWORD=password4todd
echo $INFLUX_USERNAME $INFLUX_PASSWORD
todd password4todd
influx
Connected to http://localhost:8086 version {{< latest-patch >}}
InfluxDB shell {{< latest-patch >}}
```
#### Authenticate with CLI flags
Use the `-username` and `-password` flags to provide authentication credentials
to the `influx` CLI.
```bash
influx -username todd -password password4todd
Connected to http://localhost:8086 version {{< latest-patch >}}
InfluxDB shell {{< latest-patch >}}
```
#### Authenticate with credentials in the influx shell
Start the `influx` shell and run the `auth` command.
Enter your username and password when prompted.
```bash
$ influx
Connected to http://localhost:8086 version {{< latest-patch >}}
InfluxDB shell {{< latest-patch >}}
> auth
username: todd
password:
>
```
### Authenticate using JWT tokens
For a more secure alternative to using passwords, include JWT tokens with requests to the InfluxDB API.
This is currently only possible through the [InfluxDB HTTP API](/enterprise_influxdb/v1.9/tools/api/).
1. **Add a shared secret in your InfluxDB Enterprise configuration file**.
InfluxDB Enterprise uses the shared secret to encode the JWT signature.
By default, `shared-secret` is set to an empty string, in which case no JWT authentication takes place.
<!-- TODO: meta, data, or both? -->
Add a custom shared secret in your [InfluxDB configuration file](/enterprise_influxdb/v1.9/administration/configure/config-data-nodes/#shared-secret--).
The longer the secret string, the more secure it is:
```toml
[http]
shared-secret = "my super secret pass phrase"
```
Alternatively, to avoid keeping your secret phrase as plain text in your InfluxDB configuration file,
set the value with the `INFLUXDB_HTTP_SHARED_SECRET` environment variable.
2. **Generate your JWT token**.
Use an authentication service to generate a secure token
using your InfluxDB username, an expiration time, and your shared secret.
There are online tools, such as [https://jwt.io/](https://jwt.io/), that will do this for you.
The payload (or claims) of the token must be in the following format:
```json
{
"username": "myUserName",
"exp": 1516239022
}
```
- **username** - The name of your InfluxDB user.
- **exp** - The expiration time of the token in UNIX epoch time.
For increased security, keep token expiration periods short.
For testing, you can manually generate UNIX timestamps using [https://www.unixtimestamp.com/index.php](https://www.unixtimestamp.com/index.php).
Encode the payload using your shared secret.
You can do this with either a JWT library in your own authentication server or by hand at [https://jwt.io/](https://jwt.io/).
The generated token follows this format: `<header>.<payload>.<signature>`
3. **Include the token in HTTP requests**.
Include your generated token as part of the `Authorization` header in HTTP requests:
```
Authorization: Bearer <myToken>
```
{{% note %}}
Only unexpired tokens will successfully authenticate.
Be sure your token has not expired.
{{% /note %}}
#### Example query request with JWT authentication
```bash
curl -G "http://localhost:8086/query?db=demodb" \
--data-urlencode "q=SHOW DATABASES" \
--header "Authorization: Bearer <header>.<payload>.<signature>"
```
## Authenticate Telegraf requests to InfluxDB
Authenticating [Telegraf](/{{< latest "telegraf" >}}/) requests to an InfluxDB instance with
authentication enabled requires some additional steps.
In the Telegraf configuration file (`/etc/telegraf/telegraf.conf`), uncomment
and edit the `username` and `password` settings.
```toml
###############################################################################
# OUTPUT PLUGINS #
###############################################################################
# ...
[[outputs.influxdb]]
# ...
username = "example-username" # Provide your username
password = "example-password" # Provide your password
# ...
```
Restart Telegraf and you're all set!

2
content/enterprise_influxdb/v1.9/introduction/install-and-deploy/_index.md
View File

@ -4,6 +4,8 @@ description: Install InfluxDB Enterprise to on-premise or cloud providers, inclu
aliases:
- /enterprise_influxdb/v1.9/install-and-deploy/deploying/
- /enterprise_influxdb/v1.9/install-and-deploy/
- /enterprise_influxdb/v1.9/production_installation/
- /enterprise_influxdb/v1.9/introduction/installation/
menu:
enterprise_influxdb_1_9:
name: Install and deploy

8
content/enterprise_influxdb/v1.9/introduction/install-and-deploy/installation/data_node_installation.md
View File

@ -311,8 +311,12 @@ CREATE USER admin WITH PASSWORD '<password>' WITH ALL PRIVILEGES
## Next steps
Once your data nodes are part of your cluster:
Once your data nodes are part of your cluster, do the following:
- Set up [authentication](/enterprise_influxdb/v1.9/administration/configure/security/authentication/).
Once you cluster is configured for authentication,
if you want to add more users in addition to admin user,
see [Manage users and permissions](/enterprise_influxdb/v1.9/administration/manage/security/).
- [Enable TLS](/enterprise_influxdb/v1.9/guides/enable-tls/).
- [Set up Chronograf](/enterprise_influxdb/v1.9/install-and-deploy/installation/chrono_install)
for UI visualization, dashboards, and management.
- [Enable TLS](/enterprise_influxdb/v1.9/guides/enable-tls/) for increased security (recommended).

5
content/enterprise_influxdb/v1.9/introduction/install-and-deploy/installation/meta_node_installation.md
View File

@ -257,7 +257,4 @@ Note that your cluster must have at least three meta nodes.
If you do not see your meta nodes in the output, retry adding them to
the cluster.
Once your meta nodes are part of your cluster move on to [the next steps to
set up your data nodes](/enterprise_influxdb/v1.9/install-and-deploy/installation/data_node_installation/).
Please do not continue to the next steps if your meta nodes are not part of the
cluster.
After your meta nodes are part of your cluster, [install data nodes](/enterprise_influxdb/v1.9/install-and-deploy/installation/data_node_installation/).

2
content/enterprise_influxdb/v1.9/query_language/functions.md
View File

@ -6617,7 +6617,7 @@ KAMA will adjust when the data swings widen and follow data from a greater dista
This trend-following indicator can be used to identify the overall trend,
time turning points and filter data movements.
<sup style="line-height:0; font-size:.7rem; font-style:italic; font-weight:normal;"><a href="http://stockcharts.com/school/doku.php?id=chart_school:technical_indicators:kaufman_s_adaptive_moving_average" target="\_blank">Source</a>
<sup style="line-height:0; font-size:.7rem; font-style:italic; font-weight:normal;"><a href="https://school.stockcharts.com/doku.php?id=technical_indicators:kaufman_s_adaptive_moving_average" target="\_blank">Source</a>
#### Basic syntax

2
content/enterprise_influxdb/v1.9/tools/api_client_libraries.md
View File

@ -96,7 +96,7 @@ To install and use the Python client library, follow the [instructions below](#i
token=token,
```
> **Note:** The database (and retention policy, if applicable) are converted to a [bucket](https://v2. docs.influxdata.com/v2.0/reference/glossary/#bucket) data store compatible with InfluxDB 2.0.
> **Note:** The database (and retention policy, if applicable) are converted to a [bucket](/v2.0/reference/glossary/#bucket) data store compatible with InfluxDB 2.0.
5. Instantiate a writer object using the client object and the write_api method. Use the `write_api` method to configure the writer object.

1
content/enterprise_influxdb/v1.9/tools/influx-cli/use-influx.md
View File

@ -3,6 +3,7 @@ title: Use influx - InfluxDB command line interface
description: InfluxDB's command line interface (`influx`) is an interactive shell for the HTTP API.
aliases:
- /enterprise_influxdb/v1.9/tools/shell
- /enterprise_influxdb/v1.9/tools/use-influx/
menu:
enterprise_influxdb_1_9:
name: Use influx

6
content/enterprise_influxdb/v1.9/tools/influx_inspect.md
View File

@ -428,13 +428,17 @@ The default location is `$HOME/.influxdb`.
#### Syntax
```
influx_inspect report [ options ]
influx_inspect report [ options ] <path>
```
#### Options
Optional arguments are in brackets.
##### `<path>`
The path to the InfluxDB [`data` directory](/enterprise_influxdb/v1.9/concepts/file-system-layout/#file-system-layout).
##### [ `-pattern "<regular expression/wildcard>"` ]
The regular expression or wildcard pattern to match included files.

1
content/flux/v0.x/_index.md
View File

@ -9,6 +9,7 @@ menu:
weight: 1
aliases:
- /influxdb/v2.0/reference/flux/
- /influxdb/v2.1/reference/flux/
- /influxdb/cloud/reference/flux/
---

1
content/flux/v0.x/data-types/basic/string.md
View File

@ -13,6 +13,7 @@ flux/v0.x/tags: ["basic types", "data types"]
aliases:
- /influxdb/v2.0/reference/flux/language/string-interpolation/
- /influxdb/cloud/reference/flux/language/string-interpolation/
- /flux/v0.x/spec/string-interpolation/
related:
- /flux/v0.x/stdlib/universe/string/
- /flux/v0.x/stdlib/universe/tostring/

2
content/flux/v0.x/query-data/sql/_index.md
View File

@ -48,7 +48,7 @@ The following drivers are available:
- `postgres`
- `snowflake`
- `sqlite3`
- `sqlserver`, `mssql`
- `sqlserver`
- `vertica`, `vertigo`
## Data source names

7
content/flux/v0.x/query-data/sql/bigquery.md
View File

@ -60,13 +60,6 @@ Provide your authentication credentials using one of the following methods:
- Set the `GOOGLE_APPLICATION_CREDENTIALS` environment variable to identify the
location of your credential JSON file.
- Provide your BigQuery API key using the **apiKey** URL parameter in your BigQuery DSN.
###### Example apiKey URL parameter
```
bigquery://projectid/?apiKey=AIzaSyB6XK8IO5AzKZXoioQOVNTFYzbDBjY5hy4
```
- Provide your base-64 encoded service account, refresh token, or JSON credentials
using the **credentials** URL parameter in your BigQuery DSN.

8
content/flux/v0.x/query-data/sql/sql-server.md
View File

@ -2,8 +2,8 @@
title: Query SQL Server
list_title: SQL Server
description: >
Use [`sql.from()`](/flux/v0.x/stdlib/sql/from/) with the `sqlserver` or `mssql`
driver to query SQL Server.
Use [`sql.from()`](/flux/v0.x/stdlib/sql/from/) with the `sqlserver` driver to
query SQL Server.
menu:
flux_0_x:
name: SQL Server
@ -28,7 +28,7 @@ To query [Microsoft SQL Server](https://www.microsoft.com/sql-server/) with Flux
1. Import the [`sql` package](/flux/v0.x/stdlib/sql/).
2. Use [`sql.from()`](/flux/v0.x/stdlib/sql/from/) and provide the following parameters:
- **driverName**: sqlserver _or_ mssql
- **driverName**: sqlserver
- **dataSourceName**: _See [data source name](#sql-server-data-source-name)_
- **query**: SQL query to execute
@ -49,7 +49,7 @@ sql.from(
- [SQL Server to Flux data type conversion](#sql-server-to-flux-data-type-conversion)
## SQL Server data source name
The `sqlserver` and `mssql` drivers use the following DSN syntaxes (also known as a **connection string**):
The `sqlserver` driver uses the following DSN syntaxes (also known as a **connection string**):
```
sqlserver://username:password@localhost:1433?database=examplebdb

50
content/flux/v0.x/release-notes.md
View File

@ -10,6 +10,56 @@ aliases:
- /influxdb/cloud/reference/release-notes/flux/
---
## v0.149.0 [2022-01-12]
### Features
- Add `Get` methods to `metadata`.
- Optimized `sort |> limit` operations.
- Add [`location` option](/flux/v0.x/stdlib/universe/#location) support to the `date` package.
- Use reference equality for `Symbol`.
- Add inline documentation to the following packages:
- socket
- sql
- strings
### Bug fixes
- Do not attempt IP validation for BigQuery data source names (DSNs).
---
## v0.148.0 [2022-01-10]
### Features
- Report multiple errors from a single `unify` call.
- Update [`to`](/flux/v0.x/stdlib/influxdata/influxdb/to/) transformation to use
narrow transformation.
- Provide specific error information on function calls.
- Allow errors to be formatted via `codespan`.
- Add an `internal/debug.opaque` function.
- Provide which package exported a symbol.
- Add timeable support to [`experimental.addDuration()`](/flux/v0.x/stdlib/experimental/addduration/)
and [`experimental.subDuration()`](/flux/v0.x/stdlib/experimental/subduration/).
- Add inline documentation to the following packages:
- interpolate
- json
- kafka
- math
- regexp
- runtime
- sampledata
- slack
- system
- pagerduty
- profiler
- pushbullet
### Bug fixes
- Classify IP validation failures as `Invalid`.
- Relocate the mutex in the optimized union to avoid a data race.
- Split the entire pipe chain into multiple lines (if necessary).
---
## v0.147.0 [2021-12-14]
### Features

1
content/flux/v0.x/spec/_index.md
View File

@ -10,6 +10,7 @@ weight: 2
aliases:
- /influxdb/v2.0/reference/flux/language/
- /influxdb/cloud/reference/flux/language/
- /flux/v0.x/language/
flux/v0.x/tags: [flux]
---

4
content/flux/v0.x/stdlib/_index.md
View File

@ -6,7 +6,11 @@ description: >
aliases:
- /influxdb/v2.0/reference/flux/functions/
- /influxdb/v2.0/reference/flux/stdlib/
- /influxdb/v2.1/reference/flux/functions/
- /influxdb/v2.1/reference/flux/stdlib/
- /influxdb/cloud/reference/flux/stdlib/
- /influxdb/cloud/reference/flux/stdlib/
- /flux/v0.x/functions/
flux/v0.x/tags: [flux, functions, package]
menu:
flux_0_x_ref:

1
content/flux/v0.x/stdlib/array/_index.md
View File

@ -9,6 +9,7 @@ aliases:
- /influxdb/cloud/reference/flux/stdlib/experimental/array/
- /influxdb/v2.0/reference/flux/stdlib/array/
- /influxdb/cloud/reference/flux/stdlib/array/
- /flux/v0.x/stdlib/experimental/array/
menu:
flux_0_x_ref:
name: array

1
content/flux/v0.x/stdlib/array/from.md
View File

@ -7,6 +7,7 @@ aliases:
- /influxdb/cloud/reference/flux/stdlib/array/from/
- /influxdb/v2.0/reference/flux/stdlib/experimental/array/from/
- /influxdb/cloud/reference/flux/stdlib/experimental/array/from/
- /flux/v0.x/stdlib/experimental/array/from/
menu:
flux_0_x_ref:
name: array.from

24
content/flux/v0.x/stdlib/experimental/addduration.md
View File

@ -29,8 +29,8 @@ See [influxdata/flux#413](https://github.com/influxdata/flux/issues/413).
import "experimental"
experimental.addDuration(
d: 12h,
to: now(),
d: 12h,
to: now(),
)
```
@ -39,8 +39,10 @@ experimental.addDuration(
### d {data-type="duration"}
The duration to add.
### to {data-type="time"}
### to {data-type="time, duration"}
The time to add the [duration](#d) to.
Use an absolute time or a relative duration.
Durations are relative to [`now()`](/flux/v0.x/stdlib/universe/now/).
## Examples
@ -48,10 +50,18 @@ The time to add the [duration](#d) to.
```js
import "experimental"
experimental.addDuration(
d: 6h,
to: 2019-09-16T12:00:00Z,
)
experimental.addDuration(d: 6h, to: 2019-09-16T12:00:00Z)
// Returns 2019-09-16T18:00:00.000000000Z
```
### Add six hours to a relative duration
```js
import "experimental"
option now = () => 2022-01-01T12:00:00Z
experimental.addDuration(d: 6h, to: 3h)
// Returns 2022-01-01T21:00:00.000000000Z
```

4
content/flux/v0.x/stdlib/experimental/influxdb/api.md
View File

@ -18,6 +18,10 @@ The `influxdb.api()` function submits an HTTP request to the specified InfluxDB
API path and returns a record containing the HTTP status code, response headers,
and response body as a byte array.
`influxdb.api()` uses the authorization of the specified `token` or, if executed from
the InfluxDB UI, the authorization of the InfluxDB user that invokes the script.
Authorization permissions and limits apply to each request.
```js
import "experimental/influxdb"

24
content/flux/v0.x/stdlib/experimental/subduration.md
View File

@ -29,8 +29,8 @@ See [influxdata/flux#413](https://github.com/influxdata/flux/issues/413).
import "experimental"
experimental.subDuration(
d: 12h,
from: now(),
d: 12h,
from: now(),
)
```
@ -39,8 +39,10 @@ experimental.subDuration(
### d {data-type="duration"}
The duration to subtract.
### from {data-type="time"}
### from {data-type="time, duration"}
The time to subtract the [duration](#d) from.
Use an absolute time or a relative duration.
Durations are relative to [`now()`](/flux/v0.x/stdlib/universe/now/).
## Examples
@ -48,10 +50,18 @@ The time to subtract the [duration](#d) from.
```js
import "experimental"
experimental.subDuration(
d: 6h,
from: 2019-09-16T12:00:00Z,
)
experimental.subDuration(d: 6h, from: 2019-09-16T12:00:00Z)
// Returns 2019-09-16T06:00:00.000000000Z
```
### Subtract six hours from a relative duration
```js
import "experimental"
option now = () => 2022-01-01T12:00:00Z
experimental.subDuration(d: 6h, from: -3h)
// Returns 2022-01-01T03:00:00.000000000Z
```

25
content/flux/v0.x/stdlib/experimental/usage/limits.md
View File

@ -11,6 +11,8 @@ aliases:
- /influxdb/v2.0/reference/flux/stdlib/experimental/usage/limits/
- /influxdb/cloud/reference/flux/stdlib/experimental/usage/limits/
weight: 401
related:
- /flux/v0.x/stdlib/influxdata/influxdb/cardinality/
---
The `usage.limits()` function returns a record containing usage limits for an
@ -130,19 +132,20 @@ array.from(
##### Output current cardinality with your cardinality limit
```js
import "array"
import "experimental/usage"
import "influxdata/influxdb"
import "influxdata/influxdb/secrets"
host = "https://cloud2.influxdata.com"
orgID = "x000X0x0xx0X00x0"
token = secrets.get(key: "INFLUX_TOKEN")
limits = usage.limits()
bucketCardinality = (bucket) =>
(influxdb.cardinality(
bucket: bucket,
start: time(v: 0),
)
|> findColumn(fn: (key) => true, column: "_value"))[0]
cardinality = (influxdb.cardinality(bucket: "example-bucket", orgID: orgID, host: host, token: token)
|> findColumn(fn: (key) => true, column: "_value"))[0]
limits = usage.limits(host: host, orgID: orgID, token: token)
array.from(rows: [{cardinality: cardinality, cardinalityLimit: limits.rate.cardinality}])
buckets()
|> filter(fn: (r) => not r.name =~ /^_/)
|> map(fn: (r) => ({bucket: r.name, Cardinality: bucketCardinality(bucket: r.name)}))
|> sum(column: "Cardinality")
|> map(fn: (r) => ({r with "Cardinality Limit": limits.rate.cardinality}))
```

23
content/flux/v0.x/stdlib/influxdata/influxdb/cardinality.md
View File

@ -13,6 +13,7 @@ weight: 302
flux/v0.x/tags: [metadata]
related:
- /{{< latest "influxdb" "v1" >}}/query_language/spec/#show-cardinality, SHOW CARDINALITY in InfluxQL
- /flux/v0.x/stdlib/experimental/usage/limits/
introduced: 0.92.0
---
@ -87,6 +88,11 @@ _Default is `(r) => true`_.
## Examples
- [Query series cardinality in a bucket](#query-series-cardinality-in-a-bucket)
- [Query series cardinality in a measurement](#query-series-cardinality-in-a-measurement)
- [Query series cardinality for a specific tag](#query-series-cardinality-for-a-specific-tag)
- [Query total cardinality across all buckets](#query-total-cardinality-across-all-buckets)
##### Query series cardinality in a bucket
```js
import "influxdata/influxdb"
@ -118,3 +124,20 @@ influxdb.cardinality(
predicate: (r) => r.exampleTag == "foo"
)
```
##### Query total cardinality across all buckets
```js
import "influxdata/influxdb"
bucketCardinality = (bucket) =>
(influxdb.cardinality(
bucket: bucket,
start: time(v: 0),
)
|> findColumn(fn: (key) => true, column: "_value"))[0]
buckets()
|> filter(fn: (r) => not r.name =~ /^_/)
|> map(fn: (r) => ({bucket: r.name, "Total Cardinality": bucketCardinality(bucket: r.name)}))
|> sum(column: "Total Cardinality")
```

1
content/flux/v0.x/stdlib/influxdata/influxdb/monitor/statechangesonly.md
View File

@ -6,6 +6,7 @@ description: >
aliases:
- /influxdb/v2.0/reference/flux/stdlib/monitor/statechangesonly/
- /influxdb/cloud/reference/flux/stdlib/monitor/statechangesonly/
- /cloud/reference/flux/stdlib/monitor/statechangesonly/
menu:
flux_0_x_ref:
name: monitor.stateChangesOnly

2
content/flux/v0.x/stdlib/sql/from.md
View File

@ -42,7 +42,7 @@ The following drivers are available:
- postgres
- snowflake
- sqlite3 _Does not work with InfluxDB OSS or InfluxDB Cloud. For more information, see [Query SQLite](/flux/v0.x/query-data/sql/sqlite/)._
- sqlserver, mssql
- sqlserver
- vertica, vertigo
### dataSourceName {data-type="string"}

2
content/flux/v0.x/stdlib/sql/to.md
View File

@ -40,7 +40,7 @@ The following drivers are available:
- postgres
- snowflake
- sqlite3 _Does not work with InfluxDB OSS or InfluxDB Cloud. For more information, see [Write to SQLite](/flux/v0.x/write-data/sql/sqlite/)._
- sqlserver, mssql
- sqlserver
- vertica, vertigo
{{% warn %}}

28
content/flux/v0.x/stdlib/types/_index.md Normal file
View File

@ -0,0 +1,28 @@
---
title: Flux types package
list_title: types package
description: >
The Flux `types` package provides functions for working with
[Flux basic types](/flux/v0.x/data/data-types/basic/).
Import the `types` package.
menu:
flux_0_x_ref:
name: types
parent: Standard library
weight: 11
flux/v0.x/tags: [types, functions, package]
cascade:
introduced: 0.140.0
---
The Flux `types` package provides functions for working with
[Flux basic types](/flux/v0.x/data/data-types/basic/).
Import the `types` package.
```js
import "types"
```
## Functions
{{< children type="functions" show="pages" >}}

92
content/flux/v0.x/stdlib/types/istype.md Normal file
View File

@ -0,0 +1,92 @@
---
title: types.isType() function
description: >
`types.isType()` tests if a value is a specified
[Flux basic type](/flux/v0.x/data-types/basic/) or
[regular expression type](/flux/v0.x/data-types/regexp/).
menu:
flux_0_x_ref:
name: types.isType
parent: types
weight: 101
flux/v0.x/tags: [tests, types]
---
`types.isType()` tests if a value is a specified
[Flux basic type](/flux/v0.x/data-types/basic/) or
[regular expression type](/flux/v0.x/data-types/regexp/).
```js
import "types"
types.isType(v: 12, type: "int")
// Returns true
```
## Parameters
### v
({{< req >}})
Value to test.
### type {data-type="string"}
({{< req >}})
Flux basic type.
**Supported values:**
- string
- bytes
- int
- uint
- float
- bool
- time
- duration
- regexp
## Examples
### Filter fields by type
```js
import "strings"
data
|> filter(fn: (r) => types.isType(v: r._value, type: "string"))
```
{{< expand-wrapper >}}
{{% expand "View example input and output" %}}
{{< flex >}}
{{% flex-content %}}
##### Input data
| _time | _field | _value <span style="opacity:.5">(int)</span> |
| :------------------- | :----- | -------------------------------------------: |
| 2022-01-01T00:00:00Z | foo | 12 |
| 2022-01-01T00:01:00Z | foo | 15 |
| 2022-01-01T00:02:00Z | foo | 9 |
| _time | _field | _value <span style="opacity:.5">(string)</span> |
| :------------------- | :----- | ----------------------------------------------: |
| 2022-01-01T00:00:00Z | bar | 0jCcsMYM |
| 2022-01-01T00:01:00Z | bar | jHvuDw35 |
| 2022-01-01T00:02:00Z | bar | HE5uCIC2 |
{{% /flex-content %}}
{{% flex-content %}}
##### Output data
| _time | _field | _value <span style="opacity:.5">(string)</span> |
| :------------------- | :----- | ----------------------------------------------: |
| 2022-01-01T00:00:00Z | bar | 0jCcsMYM |
| 2022-01-01T00:01:00Z | bar | jHvuDw35 |
| 2022-01-01T00:02:00Z | bar | HE5uCIC2 |
{{% /flex-content %}}
{{< /flex >}}
{{% /expand %}}
{{< /expand-wrapper >}}

2
content/flux/v0.x/stdlib/universe/_index.md
View File

@ -33,7 +33,7 @@ Function option that, by default, returns the current system time.
The value of `now()` is cached at query time, so all instances of `now()` in a
script return the same time value.
### location {data-type="string"}
### location {data-type="record"}
Location used to determine timezone. Default is [`timezone.utc`](/flux/v0.x/stdlib/timezone/#constants).
Flux uses the timezone information (commonly referred to as "tz" or "zoneinfo")

2
content/flux/v0.x/write-data/sql/_index.md
View File

@ -50,7 +50,7 @@ The following drivers are available:
- `postgres`
- `snowflake`
- `sqlite3`
- `sqlserver`, `mssql`
- `sqlserver`
## Data source names
Each [SQL driver](#drivers) supports unique data source name (DSN) syntaxes

7
content/flux/v0.x/write-data/sql/bigquery.md
View File

@ -67,13 +67,6 @@ Provide your authentication credentials using one of the following methods:
- Set the `GOOGLE_APPLICATION_CREDENTIALS` environment variable to identify the
location of your credential JSON file.
- Provide your BigQuery API key using the **apiKey** URL parameter in your BigQuery DSN.
###### Example apiKey URL parameter
```
bigquery://projectid/?apiKey=AIzaSyB6XK8IO5AzKZXoioQOVNTFYzbDBjY5hy4
```
- Provide your base-64 encoded service account, refresh token, or JSON credentials
using the **credentials** URL parameter in your BigQuery DSN.

8
content/flux/v0.x/write-data/sql/sql-server.md
View File

@ -2,8 +2,8 @@
title: Write to SQL Server
list_title: SQL Server
description: >
Use [`sql.to()`](/flux/v0.x/stdlib/sql/to/) with the `sqlserver` or `mssql`
driver to write data to SQL Server.
Use [`sql.to()`](/flux/v0.x/stdlib/sql/to/) with the `sqlserver` driver to
write data to SQL Server.
menu:
flux_0_x:
name: SQL Server
@ -31,7 +31,7 @@ To write data to [Microsoft SQL Server](https://www.microsoft.com/sql-server/) w
2. Pipe-forward data into [`sql.to()`](/flux/v0.x/stdlib/sql/to/) and provide
the following parameters:
- **driverName**: sqlserver _or_ mssql
- **driverName**: sqlserver
- **dataSourceName**: _See [data source name](#sql-server-data-source-name)_
- **table**: Table to write to
- **batchSize**: Number of parameters or columns that can be queued within
@ -51,7 +51,7 @@ data
---
## SQL Server data source name
The `sqlserver` and `mssql` drivers use the following DSN syntaxes (also known as a **connection string**):
The `sqlserver` driver uses the following DSN syntaxes (also known as a **connection string**):
```
sqlserver://username:password@localhost:1433?database=examplebdb

2
content/influxdb/cloud/account-management/offboarding.md
View File

@ -59,7 +59,7 @@ To request a backup of data in your {{< cloud-name "short" >}} instance, contact
{{% note %}}
Cancelling your usage-based plan will delete your organization.
However, those in multi-user organizations must contact
[InfluxData Support](support@influxdata.com) to delete your organization.
[InfluxData Support](mailto:support@influxdata.com) to delete your organization.
{{% /note %}}
1. Click the **user avatar** in the top right corner of your {{< cloud-name "short" >}}

2
content/influxdb/cloud/account-management/pricing-plans.md
View File

@ -65,7 +65,7 @@ _To request higher soft data limits, contact [InfluxData Support](mailto:support
- **Series cardinality:** 1,000,000 initial limit (higher limits available; [contact InfluxData Support](mailto:support@influxdata.com))
- **Storage:** Unlimited retention
{{% note %}}
Set your retention period to unlimited or up to 1 year by [updating a buckets retention period in the InfluxDB UI](/influxdb/cloud/organizations/buckets/update-bucket/#update-a-buckets-retention-period-in-the-influxdb-ui), or [set a custom retention period](/influxdb/cloud/organizations/buckets/update-bucket/#update-a-buckets-retention-period) using the [`influx` CLI](influxdb/cloud/reference/cli/influx/).
Set your retention period to unlimited or up to 1 year by [updating a buckets retention period in the InfluxDB UI](/influxdb/cloud/organizations/buckets/update-bucket/#update-a-buckets-retention-period-in-the-influxdb-ui), or [set a custom retention period](/influxdb/cloud/organizations/buckets/update-bucket/#update-a-buckets-retention-period) using the [`influx` CLI](/influxdb/cloud/reference/cli/influx/).
{{% /note %}}
### Pricing vectors

13
content/influxdb/cloud/api-guide/client-libraries/dart.md Normal file
View File

@ -0,0 +1,13 @@
---
title: Dart client library
list_title: Dart
seotitle: Use the InfluxDB Dart client library
description: Use the InfluxDB Dart client library to interact with InfluxDB.
external_url: https://github.com/influxdata/influxdb-client-dart
menu:
influxdb_cloud:
name: Dart
parent: Client libraries
url: https://github.com/influxdata/influxdb-client-dart
weight: 201
---

2
content/influxdb/cloud/api-guide/client-libraries/nodejs/query.md
View File

@ -6,7 +6,7 @@ menu:
influxdb_cloud:
name: Query
parent: Node.js
influxdb/cloud/tags: [client libraries, Node.js, JavaScript]
influxdb/cloud/tags: [client libraries, nodejs, JavaScript]
weight: 201
aliases:
- /influxdb/cloud/reference/api/client-libraries/js/query

2
content/influxdb/cloud/api-guide/client-libraries/nodejs/write.md
View File

@ -6,7 +6,7 @@ menu:
influxdb_cloud:
name: Write
parent: Node.js
influxdb/cloud/tags: [client libraries, Node.js, JavaScript]
influxdb/cloud/tags: [client libraries, nodejs, JavaScript]
weight: 101
aliases:
- /influxdb/cloud/reference/api/client-libraries/js/write

3
content/influxdb/cloud/influxdb-templates/monitor.md → content/influxdb/cloud/monitor-alert/templates/monitor.md
View File

@ -12,6 +12,7 @@ influxdb/v2.0/tags: [templates, monitor]
related:
- /influxdb/v2.0/reference/cli/influx/apply/
- /influxdb/v2.0/reference/cli/influx/template/
- /influxdb/cloud/influxdb-templates/monitor
---
{{< duplicate-oss >}}
{{< duplicate-oss >}}

2
content/influxdb/v1.5/administration/config.md
View File

@ -1,5 +1,7 @@
---
title: Configuring InfluxDB OSS
aliases:
- /influxdb/v1.5/administration/subscription-management/
menu:
influxdb_1_5:
name: Configuring InfluxDB

6
content/influxdb/v1.8/tools/influx_inspect.md
View File

@ -430,13 +430,17 @@ The default location is `$HOME/.influxdb`.
#### Syntax
```
influx_inspect report [ options ]
influx_inspect report [ options ] <path>
```
#### Options
Optional arguments are in brackets.
##### `<path>`
The path to the InfluxDB [`data` directory](/influxdb/v1.8/concepts/file-system-layout/#file-system-layout).
##### [ `-pattern "<regular expression/wildcard>"` ]
The regular expression or wildcard pattern to match included files.

13
content/influxdb/v2.0/api-guide/client-libraries/dart.md Normal file
View File

@ -0,0 +1,13 @@
---
title: Dart client library
list_title: Dart
seotitle: Use the InfluxDB Dart client library
description: Use the InfluxDB Dart client library to interact with InfluxDB.
external_url: https://github.com/influxdata/influxdb-client-dart
menu:
influxdb_2_0:
name: Dart
parent: Client libraries
url: https://github.com/influxdata/influxdb-client-dart
weight: 201
---

2
content/influxdb/v2.0/backup-restore/_index.md
View File

@ -4,6 +4,8 @@ seotitle: Backup and restore data with InfluxDB
description: >
InfluxDB provides tools that let you back up and restore data and metadata stored
in InfluxDB.
aliases:
- /influxdb/v2.0/administration/backup_and_restore/
influxdb/v2.0/tags: [backup, restore]
menu:
influxdb_2_0:

2
content/influxdb/v2.0/query-data/_index.md
View File

@ -4,6 +4,8 @@ seotitle: Query data stored in InfluxDB
description: >
Learn to query data stored in InfluxDB using Flux and tools such as the InfluxDB
user interface and the 'influx' command line interface.
aliases:
- /influxdb/v2.0/query_language/data_exploration/
menu:
influxdb_2_0:
name: Query data

1
content/influxdb/v2.0/query-data/flux/group-data.md
View File

@ -11,6 +11,7 @@ menu:
weight: 202
aliases:
- /influxdb/v2.0/query-data/guides/group-data/
- /influxdb/v2.0/query-data/flux/grouping-data/
related:
- /{{< latest "flux" >}}/stdlib/universe/group
- /{{< latest "flux" >}}/stdlib/experimental/group

1
content/influxdb/v2.0/query-data/flux/window-aggregate.md
View File

@ -13,6 +13,7 @@ weight: 204
influxdb/v2.0/tags: [flux, aggregates]
aliases:
- /influxdb/v2.0/query-data/guides/window-aggregate/
- /influxdb/v2.0/query-data/flux/windowing-aggregating/
related:
- /{{< latest "flux" >}}/stdlib/universe/aggregatewindow
- /{{< latest "flux" >}}/stdlib/universe/window

2
content/influxdb/v2.0/reference/syntax/line-protocol.md
View File

@ -11,6 +11,8 @@ influxdb/v2.0/tags: [write, line protocol, syntax]
aliases:
- /influxdb/v2.0/reference/line-protocol
- /influxdb/v2.0/write_protocols/line_protocol_tutorial/
- /influxdb/v2.0/write_protocols/line/
- /influxdb/v2.0/write_protocols/line_protocol_reference/
related:
- /influxdb/v2.0/write-data/
---

13
content/influxdb/v2.1/api-guide/client-libraries/dart.md Normal file
View File

@ -0,0 +1,13 @@
---
title: Dart client library
list_title: Dart
seotitle: Use the InfluxDB Dart client library
description: Use the InfluxDB Dart client library to interact with InfluxDB.
external_url: https://github.com/influxdata/influxdb-client-dart
menu:
influxdb_2_1:
name: Dart
parent: Client libraries
url: https://github.com/influxdata/influxdb-client-dart
weight: 201
---

56
content/influxdb/v2.1/influxdb-templates/_index.md
View File

@ -1,16 +1,16 @@
---
title: InfluxDB templates
description: >
InfluxDB templates are preconfigured InfluxDB resources and can contain everything
InfluxDB templates are prepackaged InfluxDB configurations that contain everything
from dashboards and Telegraf configurations to notifications and alerts.
menu: influxdb_2_1
weight: 9
influxdb/v2.1/tags: [templates]
---
InfluxDB templates are preconfigured InfluxDB resources and can contain everything
InfluxDB templates are prepackaged InfluxDB configurations that contain everything
from dashboards and Telegraf configurations to notifications and alerts.
Use InfluxDB templates to quickly get set up monitoring a specific technology,
Use templates to monitor your technology stack,
set up a fresh instance of InfluxDB, back up your dashboard configuration, or
[share your configuration](https://github.com/influxdata/community-templates/) with the InfluxData community.
@ -26,7 +26,7 @@ set up a fresh instance of InfluxDB, back up your dashboard configuration, or
## Template manifests
A template consists of one or more files known as **manifests** that define the
A template **manifest** is a file that defines
InfluxDB [resources](#template-resources).
Template manifests support the following formats:
@ -41,25 +41,49 @@ Template manifests are compatible with
The `metadata.name` field in manifests uniquely identifies each resource in the template.
`metadata.name` values must be [DNS-1123](https://tools.ietf.org/html/rfc1123) compliant.
If resources in the template depend on other InfluxDB resources, all dependencies
should be included in the template, otherwise, the resources may not be usable.
The `spec` object contains the resource configuration.
#### Example
```yaml
# bucket-template.yml
# Template manifest that defines two buckets.
apiVersion: influxdata.com/v2alpha1
kind: Bucket
metadata:
name: thirsty-shaw-91b005
spec:
description: My IoT Center Bucket
name: iot-center
retentionRules:
- everySeconds: 86400
type: expire
---
apiVersion: influxdata.com/v2alpha1
kind: Bucket
metadata:
name: upbeat-fermat-91b001
spec:
name: air_sensor
---
```
_See [Create an InfluxDB template](/influxdb/v2.1/influxdb-templates/create/) for information about
generating template manifests._
### Template resources
Include the following **resources** in a template:
Templates may contain the following InfluxDB resources:
- buckets
- checks
- dashboards
- dashboard variables
- labels
- notification endpoints
- notification rules
- tasks
- Telegraf configurations
- [buckets](/influxdb/v2.1/organizations/buckets/create-bucket/)
- [checks](/influxdb/v2.1/monitor-alert/checks/create/)
- [dashboards](/influxdb/v2.1/visualize-data/dashboards/create-dashboard/)
- [dashboard variables](/influxdb/v2.1/visualize-data/variables/create-variable/)
- [labels](/influxdb/v2.1/visualize-data/labels/)
- [notification endpoints](/influxdb/v2.1/monitor-alert/notification-endpoints/create/)
- [notification rules](/influxdb/v2.1/monitor-alert/notification-rules/create/)
- [tasks](/influxdb/v2.1/process-data/manage-tasks/create-task/)
- [Telegraf configurations](/influxdb/v2.1/write-data/no-code/use-telegraf/)
## Stacks

184
content/influxdb/v2.1/influxdb-templates/create.md
View File

@ -14,77 +14,84 @@ related:
- /influxdb/v2.1/reference/cli/influx/export/all/
---
Use the InfluxDB user interface (UI) and the `influx export` command to
create InfluxDB templates.
Add resources (buckets, Telegraf configurations, tasks, and more) in the InfluxDB
UI and export the resources as a template.
Use the InfluxDB user interface (UI) and the [`influx export` command](/influxdb/v2.1/reference/cli/influx/export/) to
create InfluxDB templates from [resources](/influxdb/v2.1/influxdb-templates/#template-resources) in an organization.
Add buckets, Telegraf configurations, tasks, and more in the InfluxDB
UI and then export those resources as a template.
{{< youtube 714uHkxKM6U >}}
{{% note %}}
Templatable resources are scoped to a single organization, so the simplest way to create a
template is to create a new organization, build the template within the organization,
and then [export all resources](#export-all-resources) as a template.
{{% /note %}}
- [Create a template](#create-a-template)
- [Export resources to a template](#export-resources-to-a-template)
- [Include user-definable resource names](#include-user-definable-resource-names)
- [Troubleshoot template results and permissions](#troubleshoot-template-results-and-permissions)
- [Share your InfluxDB templates](#share-your-influxdb-templates)
**To create a template:**
## Create a template
Creating a new organization to contain only your template resources is an easy way
to ensure you export the resources you want.
Follow these steps to create a template from a new organization.
1. [Start InfluxDB](/influxdb/v2.1/get-started/).
2. [Create a new organization](/influxdb/v2.1/organizations/create-org/).
3. In the InfluxDB UI add one or more of the following templatable resources:
3. In the InfluxDB UI, add one or more [resources](/influxdb/v2.1/influxdb-templates/#template-resources).
4. [Create an **All-Access** API token](/influxdb/v2.1/security/tokens/create-token/) (or a token that has **read** access to the organization).
5. Use the API token from **Step 4** with the [`influx export all` subcommand](/influxdb/v2.1/reference/cli/influx/export/all/) to [export all resources]() in the organization to a template file.
- [buckets](/influxdb/v2.1/organizations/buckets/create-bucket/)
- [checks](/influxdb/v2.1/monitor-alert/checks/create/)
- [dashboards](/influxdb/v2.1/visualize-data/dashboards/create-dashboard/)
- [dashboard variables](/influxdb/v2.1/visualize-data/variables/create-variable/)
- [labels](/influxdb/v2.1/visualize-data/labels/)
- [notification endpoints](/influxdb/v2.1/monitor-alert/notification-endpoints/create/)
- [notification rules](/influxdb/v2.1/monitor-alert/notification-rules/create/)
- [tasks](/influxdb/v2.1/process-data/manage-tasks/create-task/)
- [Telegraf configurations](/influxdb/v2.1/write-data/no-code/use-telegraf/)
```sh
influx export all \
-o YOUR_INFLUX_ORG \
-t YOUR_ALL_ACCESS_TOKEN \
-f ~/templates/template.yml
```
4. Export the template _(see [below](#export-a-template))_.
## Export resources to a template
## Export a template
The [`influx export` command](/influxdb/v2.1/reference/cli/influx/export/) and subcommands let you
export [resources](#template-resources) from an organization to a template manifest.
Your [API token](/influxdb/v2.1/security/tokens/) must have **read** access to resources that you want to export.
Do one of the following to export a template:
If you want to export resources that depend on other resources, be sure to export the dependencies.
- [Export all resources in an organization](#export-all-resources)
- [Export specific resources in an organization](#export-specific-resources)
- [Export a stack and its associated resources](#export-a-stack)
{{< cli/influx-creds-note >}}
To create a template that **adds, modifies, and deletes resources** when applied to an organization, use [InfluxDB stacks](/influxdb/v2.1/influxdb-templates/stacks/).
First, [initialize the stack](/influxdb/v2.1/influxdb-templates/stacks/init/)
and then [export the stack](#export-a-stack).
To create a template that only **adds resources** when applied to an organization (and doesn't modify existing resources there), choose one of the following:
- [Export all resources](#export-all-resources) to export all resources or a filtered
subset of resources to a template.
- [Export specific resources](#export-specific-resources) by name or ID to a template.
### Export all resources
To export all templatable resources within an organization to a template manifest,
use the `influx export all` command.
To export all [resources](/influxdb/v2.1/influxdb-templates/#template-resources)
within an organization to a template manifest file, use the
[`influx export all` subcommand](/influxdb/v2.1/reference/cli/influx/export/all/)
with the `--file` (`-f`) option.
Provide the following:
- **Organization name** or **ID**
- **API token** with read access to the organization
- **Destination path and filename** for the template manifest.
The filename extension determines the template format—both **YAML** (`.yml`) and
**JSON** (`.json`) are supported.
###### Export all resources to a template
The filename extension determines the output format:
- `your-template.yml`: [YAML](https://yaml.org/) format
- `your-template.json`: [JSON](https://json.org/) format
```sh
# Syntax
influx export all -o <org-name> -f <file-path> -t <token>
# Example
influx export all \
-o my-org \
-f ~/templates/awesome-template.yml \
-t $INFLUX_TOKEN
influx export all -f <file-path>
```
#### Export resources filtered by labelName or resourceKind
The `influx export all` command has an optional `--filter` flag that exports
The [`influx export all` subcommand](/influxdb/v2.1/reference/cli/influx/export/all/)
accepts a `--filter` option that exports
only resources that match specified label names or resource kinds.
Provide multiple filters for both `labelName` and `resourceKind`.
To filter on label name *and* resource kind, provide a `--filter` for each.
###### Export only dashboards and buckets with specific labels
#### Export only dashboards and buckets with specific labels
The following example exports resources that match this predicate logic:
@ -96,52 +103,51 @@ and
```sh
influx export all \
-o my-org \
-f ~/templates/awesome-template.yml \
-t $INFLUX_TOKEN \
-f ~/templates/template.yml \
--filter=resourceKind=Bucket \
--filter=resourceKind=Dashboard \
--filter=labelName=Example1 \
--filter=labelName=Example2
```
For information about flags, see the
[`influx export all` documentation](/influxdb/v2.1/reference/cli/influx/export/all/).
For more options and examples, see the
[`influx export all` subcommand](/influxdb/v2.1/reference/cli/influx/export/all/).
### Export specific resources
To export specific resources within an organization to a template manifest, use the `influx export` with resource flags for each resource to include.
To export specific [resources](/influxdb/v2.1/influxdb-templates/#template-resources) by name or ID, use the **[`influx export` command](/influxdb/v2.1/reference/cli/influx/export/)** with one or more lists of resources to include.
Provide the following:
- **Organization name** or **ID**
- **API token** with read access to the organization
- **Destination path and filename** for the template manifest.
The filename extension determines the template format—both **YAML** (`.yml`) and
**JSON** (`.json`) are supported.
- **Resource flags** with corresponding lists of resource IDs or resource names to include in the template.
For information about what resource flags are available, see the
[`influx export` documentation](/influxdb/v2.1/reference/cli/influx/export/).
###### Export specific resources to a template
The filename extension determines the output format:
- `your-template.yml`: [YAML](https://yaml.org/) format
- `your-template.json`: [JSON](https://json.org/) format
- **Resource options** with corresponding lists of resource IDs or resource names to include in the template.
For information about what resource options are available, see the
[`influx export` command](/influxdb/v2.1/reference/cli/influx/export/).
```sh
# Syntax
influx export all -o <org-name> -f <file-path> -t <token> [resource-flags]
influx export -f <file-path> [resource-flags]
```
# Export specific resources by ID
influx export all \
-o my-org \
-f ~/templates/awesome-template.yml \
#### Export specific resources by ID
```sh
influx export \
--org-id ed32b47572a0137b \
-f ~/templates/template.yml \
-t $INFLUX_TOKEN \
--buckets=00x000ooo0xx0xx,o0xx0xx00x000oo \
--dashboards=00000xX0x0X00x000 \
--telegraf-configs=00000x0x000X0x0X0
```
# Export specific resources by name
influx export all \
-o my-org \
-f ~/templates/awesome-template.yml \
-t $INFLUX_TOKEN \
#### Export specific resources by name
```sh
influx export \
--org-id ed32b47572a0137b \
-f ~/templates/template.yml \
--bucket-names=bucket1,bucket2 \
--dashboard-names=dashboard1,dashboard2 \
--telegraf-config-names=telegrafconfig1,telegrafconfig2
@ -149,18 +155,19 @@ influx export all \
### Export a stack
To export a stack and all its associated resources as a template, use the
To export an InfluxDB [stack](/influxdb/v2.1/influxdb-templates/stacks/) and all its associated resources as a template, use the
`influx export stack` command.
Provide the following:
- **Organization name** or **ID**
- **API token** with read access to the organization
- **Destination path and filename** for the template manifest.
The filename extension determines the template format—both **YAML** (`.yml`) and
**JSON** (`.json`) are supported.
The filename extension determines the output format:
- `your-template.yml`: [YAML](https://yaml.org/) format
- `your-template.json`: [JSON](https://json.org/) format
- **Stack ID**
###### Export a stack as a template
#### Export a stack as a template
```sh
# Syntax
@ -183,14 +190,14 @@ influx export stack \
After exporting a template manifest, replace resource names with **environment references**
to let users customize resource names when installing your template.
1. [Export a template](#export-a-template)
2. Select any of the following resource fields to update:
1. [Export a template](#export-a-template).
2. Select any of the following resource fields to update:
- `metadata.name`
- `associations[].name`
- `endpointName` _(unique to `NotificationRule` resources)_
3. Replace the resource field value with an `envRef` object with a `key` property
3. Replace the resource field value with an `envRef` object with a `key` property
that references the key of a key-value pair the user provides when installing the template.
During installation, the `envRef` object is replaced by the value of the
referenced key-value pair.
@ -254,10 +261,31 @@ Only the following fields support environment references:
- `spec.associations.name`
{{% /note %}}
## Troubleshoot template results and permissions
If you get unexpected results, missing resources, or errors when exporting
templates, check the following:
- [Ensure `read` access](#ensure-read-access)
- [Use Organization ID](#use-organization-id)
- [Check for resource dependencies](#check-for-resource-dependencies)
### Ensure read access
The [API token](/influxdb/v2.1/security/tokens/) must have **read** access to resources that you want to export. The `influx export all` command only exports resources that the API token can read. For example, to export all resources in an organization that has ID `abc123`, the API token must have the `read:/orgs/abc123` permission.
To learn more about permissions, see [how to view authorizations](/influxdb/v2.1/security/tokens/view-tokens/) and [how to create a token](/influxdb/v2.1/security/tokens/create-token/) with specific permissions.
### Use Organization ID
If your token doesn't have **read** access to the organization and you want to [export specific resources](#export-specific-resources), use the `--org-id <org-id>` flag (instead of `-o <org-name>` or `--org <org-name>`) to provide the organization.
### Check for resource dependencies
If you want to export resources that depend on other resources, be sure to export the dependencies as well. Otherwise, the resources may not be usable.
## Share your InfluxDB templates
Share your InfluxDB templates with the entire InfluxData community.
**Contribute your template to the [InfluxDB Community Templates](https://github.com/influxdata/community-templates/)
repository on GitHub.**
Contribute your template to the [InfluxDB Community Templates](https://github.com/influxdata/community-templates/) repository on GitHub.
<a class="btn" href="https://github.com/influxdata/community-templates/" target="\_blank">View InfluxDB Community Templates</a>

18
content/influxdb/v2.1/organizations/buckets/delete-bucket.md
View File

@ -14,12 +14,26 @@ to delete a bucket.
## Delete a bucket in the InfluxDB UI
{{% oss-only %}}
1. In the navigation menu on the left, select **Data (Load Data)** > **Buckets**.
{{< nav-icon "data" >}}
2. Hover over the bucket you would like to delete.
3. Click **{{< icon "delete" >}} Delete Bucket** and **Confirm** to delete the bucket.
3. Click the **{{< icon "delete" >}}** icon located far right of the bucket name.
4. Click **Delete** to delete the bucket.
{{% /oss-only %}}
{{% cloud-only %}}
1. In the navigation menu on the left, select **Load Data** > **Buckets**.
{{< nav-icon "data" >}}
2. Find the bucket that you would like to delete.
3. Click the **{{< icon "delete" >}}** icon located far right of the bucket name.
4. Click **{{< caps >}}Confirm{{< /caps >}}** to delete the bucket.
{{% /cloud-only %}}
## Delete a bucket using the influx CLI

2
content/influxdb/v2.1/query-data/_index.md
View File

@ -4,6 +4,8 @@ seotitle: Query data stored in InfluxDB
description: >
Learn to query data stored in InfluxDB using Flux and tools such as the InfluxDB
user interface and the 'influx' command line interface.
aliases:
- /influxdb/v2.1/query_language/data_exploration/
menu:
influxdb_2_1:
name: Query data

1
content/influxdb/v2.1/query-data/flux/group-data.md
View File

@ -11,6 +11,7 @@ menu:
weight: 202
aliases:
- /influxdb/v2.1/query-data/guides/group-data/
- /influxdb/v2.1/query-data/flux/grouping-data/
related:
- /{{< latest "flux" >}}/stdlib/universe/group
- /{{< latest "flux" >}}/stdlib/experimental/group

1
content/influxdb/v2.1/query-data/flux/window-aggregate.md
View File

@ -13,6 +13,7 @@ weight: 204
influxdb/v2.1/tags: [flux, aggregates]
aliases:
- /influxdb/v2.1/query-data/guides/window-aggregate/
- /influxdb/v2.1/query-data/flux/windowing-aggregating/
related:
- /{{< latest "flux" >}}/stdlib/universe/aggregatewindow
- /{{< latest "flux" >}}/stdlib/universe/window

3
content/influxdb/v2.1/reference/cli/influx/restore/index.md
View File

@ -6,8 +6,9 @@ menu:
influxdb_2_1_ref:
parent: influx
weight: 101
alias:
aliases:
- /influxdb/v2.1/reference/cli/influxd/restore/
- /influxdb/v2.1/administration/backup_and_restore/
related:
- /influxdb/v2.1/backup-restore/restore/
- /influxdb/v2.1/reference/cli/influx/backup/

1
content/influxdb/v2.1/reference/syntax/line-protocol.md
View File

@ -11,6 +11,7 @@ influxdb/v2.1/tags: [write, line protocol, syntax]
aliases:
- /influxdb/v2.1/reference/line-protocol
- /influxdb/v2.1/write_protocols/line_protocol_tutorial/
- /influxdb/v2.1/write_protocols/line_protocol_reference/
related:
- /influxdb/v2.1/write-data/
---

98
content/influxdb/v2.1/security/tokens/create-token.md
View File

@ -15,25 +15,99 @@ Create API tokens using the InfluxDB user interface (UI), the `influx`
command line interface (CLI), or the InfluxDB API.
{{% note %}}
Tokens are visible to the user who created the token.
{{% oss-only %}}Users who own a token with Operator permissions also have access to all tokens.{{% /oss-only %}}
{{% oss-only %}}Tokens are visible to the user who created the token. Users who own a token with Operator permissions also have access to all tokens.
Tokens stop working when the user who created the token is deleted.
**We recommend creating a generic user to create and manage tokens for writing data.**
{{% /oss-only %}}
{{% cloud-only %}}
To follow best practices for secure API token generation and retrieval, InfluxDB Cloud enforces access restrictions on API tokens.
- Tokens are visible to the user who created the token.
- InfluxDB Cloud UI only allows access to the API token value immediately after the token is created.
- You can't change access (**read/write**) permissions for an API token after it's created.
- Tokens stop working when the user who created the token is deleted.
**We recommend the following for managing your tokens:**
- Create a generic user to create and manage tokens for writing data.
- Store your tokens in a secure password vault for future access.
{{% /cloud-only %}}
{{% /note %}}
- [Manage tokens in the InfluxDB UI](#manage-tokens-in-the-influxdb-ui)
- [Create a token in the InfluxDB UI](#create-a-token-in-the-influxdb-ui)
- [Create a token using the influx CLI](#create-a-token-using-the-influx-cli)
- [Create a token using the InfluxDB API](#create-a-token-using-the-influxdb-api)
## Manage tokens in the InfluxDB UI
To manage InfluxDB API Tokens in the InfluxDB UI, navigate to the **API Tokens** management page.
{{% oss-only %}}
In the navigation menu on the left, select **Data (Load Data)** > **Tokens**.
{{% /oss-only %}}
{{% cloud-only %}}
In the navigation menu on the left, select **Load Data** > **API Tokens**.
{{% /cloud-only %}}
{{< nav-icon "load-data" >}}
## Create a token in the InfluxDB UI
1. In the navigation menu on the left, select **Data (Load Data)** > **Tokens**.
{{% oss-only %}}
{{< nav-icon "load-data" >}}
2. Click **{{< icon "plus" >}} Generate** and select a token type
(**Read/Write Token** or **All-Access Token**).
3. In the window that appears, enter a description for your token in the **Description** field.
4. If generating a **read/write token**:
1. From the [API Tokens management page](#manage-tokens-in-the-influxdb-ui),
click **{{< icon "plus" >}} Generate** and select a token type
(**Read/Write Token** or **All Access API Token**).
2. In the window that appears, enter a description for your token in the **Description** field.
3. If generating a **read/write token**:
- Search for and select buckets to read from in the **Read** pane.
- Search for and select buckets to write to in the **Write** pane.
5. Click **Save**.
4. Click **Save**.
{{% /oss-only %}}
{{% cloud-only %}}
### Create an All-Access token
1. From the [API Tokens management page](#manage-tokens-in-the-influxdb-ui),
click the **{{< icon "plus" >}} {{< caps >}}Generate API Token{{< /caps >}}** button.
2. Select **All Access API Token**.
### Create a Custom token
1. From the [API Tokens management page](#manage-tokens-in-the-influxdb-ui),
click the **{{< icon "plus" >}} {{< caps >}}Generate API Token{{< /caps >}}** button.
2. Select **Custom API Token**.
3. When the **Generate a Personal API Token** window appears, enter a description. If you don't provide a description for the token, InfluxDB will generate a description from the permissions you assign.
For example, if you select **Read** for a bucket named "\_monitoring" and **Write** for a bucket named "\_tasks", InfluxDB will generate the description "Read buckets \_monitoring Write buckets \_tasks".
4. Select checkboxes in the **Read** and **Write** columns to assign access permissions for the token. You can enable access to all buckets, individual buckets, Telegraf configurations, and other InfluxDB resources. By default, the new token has no access permissions.
5. When you're finished, click **{{< caps >}}Generate{{< /caps >}}**.
6. When InfluxDB displays the token value, click **{{< caps >}}Copy to Clipboard{{< /caps >}}**. This is your only chance to access and copy the token value from InfluxDB.
7. (Optional) Store the API token value in a secure password vault.
### Clone a token
To create a token with the same authorizations as an existing token, clone the existing token.
1. From the [API Tokens management page](#manage-tokens-in-the-influxdb-ui),
find the token you want to clone and click the **{{< icon "settings" >}}** icon located far right of the token description.
3. Select **Clone**.
3. When InfluxDB UI displays the created token, click **{{< caps >}}Copy to Clipboard{{< /caps >}}**. This is your only chance to access and copy the token value from InfluxDB.
4. (Optional) Store the API token value in a secure password vault.
{{% /cloud-only %}}
## Create a token using the influx CLI
@ -85,13 +159,13 @@ influx auth create \
--read-user
```
See the [`influx auth create` documentation](/influxdb/{{< latest "influxdb" >}}/reference/cli/influx/auth/create) for information about other available flags.
See the [`influx auth create` documentation](/{{< latest "influxdb" >}}/reference/cli/influx/auth/create) for information about other available flags.
## Create a token using the InfluxDB API
Use the `/authorizations` endpoint of the InfluxDB API to create a token.
{{% api-endpoint method="POST" endpoint="http://localhost:8086/api/v2/authorizations" %}}
[{{< api-endpoint method="POST" endpoint="http://localhost:8086/api/v2/authorizations" >}}]((/influxdb/v2.1/api/#operation/PostAuthorizations))
Include the following in your request:

52
content/influxdb/v2.1/security/tokens/delete-token.md
View File

@ -15,15 +15,37 @@ Delete API tokens from the InfluxDB user interface (UI) or the `influx` command
Once deleted, all users and external integrations using the API token will no longer
have access to your InfluxDB instance.
- [Delete tokens in the InfluxDB UI](#delete-tokens-in-the-influxdb-ui)
- [Delete a token using the influx CLI](#delete-a-token-using-the-influx-cli)
- [Delete a token using the InfluxDB API](#delete-a-token-using-the-influxdb-api)
## Delete tokens in the InfluxDB UI
{{% oss-only %}}
1. In the navigation menu on the left, select **Data (Load Data)** > **Tokens**.
{{< nav-icon "load-data" >}}
2. Hover over the token you want to delete and click **Delete** and **Confirm**.
2. Hover over the token you want to delete.
3. Click the **{{< icon "delete" >}}** icon located far right of the token description.
3. Click **Delete** to delete the token.
## Delete tokens using the influx CLI
{{% /oss-only %}}
{{% cloud-only %}}
1. In the navigation menu on the left, select **Load Data** > **API Tokens**.
{{< nav-icon "data" >}}
2. Find the token that you would like to delete.
3. Click the **{{< icon "delete" >}}** icon located far right of the token description.
4. Click **{{< caps >}}Confirm{{< /caps >}}** to delete the token.
{{% /cloud-only %}}
## Delete a token using the influx CLI
Use the [`influx auth delete` command](/influxdb/v2.1/reference/cli/influx/auth/delete)
to delete a token.
@ -37,3 +59,29 @@ influx auth delete -i <auth-id>
# Example
influx auth delete -i 03a2bee5a9c9a000
```
## Delete a token using the InfluxDB API
Use the `/authorizations` endpoint of the InfluxDB API to delete a token.
[{{< api-endpoint method="DELETE" endpoint="http://localhost:8086/api/v2/authorizations/AUTH_ID" >}}](/influxdb/v2.1/api/#operation/DeleteAuthorizationsID)
Include the following in your request:
| Requirement | Include by |
|:----------- |:---------- |
| API token with the [`write: authorizations`](/influxdb/v2.1/api/#operation/PostAuthorizations) permission | Use the `Authorization: Token YOUR_API_TOKEN` header. |
| Authorization ID | URL path parameter. |
```sh
# Delete the first authorization listed for the user.
curl --request GET \
"http://localhost:8086/api/v2/authorizations?user=user2" \
--header "Authorization: Token ${INFLUX_OP_TOKEN}" \
--header 'Content-type: application/json' \
| jq .authorizations[0].id \
| xargs -I authid curl --request DELETE \
http://localhost:8086/api/v2/authorizations/authid \
--header "Authorization: Token ${INFLUX_OP_TOKEN}" \
--header 'Content-type: application/json'
```

102
content/influxdb/v2.1/security/tokens/update-tokens.md
View File

@ -11,7 +11,14 @@ menu:
weight: 203
---
Update an API token's description using the InfluxDB user interface (UI).
Update an API token's description and status.
using the InfluxDB user interface (UI).
- [Update a token in the InfluxDB UI](#update-a-token-in-the-influxdb-ui)
- [Enable or disable a token in the InfluxDB UI](#enable-or-disable-a-token-in-the-influxdb-ui)
- [Enable a token using the influx CLI](#enable-a-token-using-the-influx-cli)
- [Disable a token using the influx CLI](#disable-a-token-using-the-influx-cli)
- [Update a token using the InfluxDB API](#update-a-token-using-the-influxdb-api)
## Update a token in the InfluxDB UI
@ -22,10 +29,101 @@ Update an API token's description using the InfluxDB user interface (UI).
2. Click the pencil icon {{< icon "pencil" >}} next to the token's name in the **Description** column.
3. Update the token description, then click anywhere else to save.
## Enable or disable a token
## Enable or disable a token in the InfluxDB UI
{{% oss-only %}}
1. In the navigation menu on the left, select **Data (Load Data)** > **Tokens**.
{{< nav-icon "load-data" >}}
2. Click the **{{< icon "toggle-green" >}} Status** toggle.
{{% /oss-only %}}
{{% cloud-only %}}
1. In the navigation menu on the left, select **Load Data** > **API Tokens**.
{{< nav-icon "data" >}}
2. Find the token that you would like to enable or disable.
3. Click the token description.
4. Click the **{{< icon "toggle-blue" >}} Status** toggle.
{{% /cloud-only %}}
## Enable a token using the influx CLI
Use the [`influx auth active` command](/influxdb/v2.1/reference/cli/influx/auth/active)
to activate a token.
_This command requires an authorization ID, which is available in the output of `influx auth find`._
```sh
# Syntax
influx auth active -i <auth-id>
# Example
influx auth active -i 0804f74142bbf000
```
To get the current status of a token, use the JSON output of the [`influx auth list` command](/influxdb/v2.1/reference/cli/influx/auth/list).
```sh
influx auth find --json
```
### Disable a token using the influx CLI
Use the [`influx auth inactive` command](/influxdb/v2.1/reference/cli/influx/auth/active)
to deactivate a token.
_This command requires an authorization ID, which is available in the output of `influx auth find`._
```sh
# Syntax
influx auth inactive -i <auth-id>
# Example
influx auth inactive -i 0804f74142bbf000
```
To get the current status of a token, use the JSON output of the [`influx auth list` command](/influxdb/v2.1/reference/cli/influx/auth/list).
```sh
influx auth find --json
```
## Update a token using the InfluxDB API
Use the `/authorizations` endpoint of the InfluxDB API to update the description and status of a token.
[{{< api-endpoint method="PATCH" endpoint="http://localhost:8086/api/v2/authorizations/AUTH_ID" >}}](/influxdb/v2.1/api/#operation/PatchAuthorizationsID)
Include the following in your request:
| Requirement | Include by |
|:----------- |:---------- |
| API token with the [`write: authorizations`](/influxdb/v2.1/api/#operation/PostAuthorizations) permission | Use the `Authorization: Token YOUR_API_TOKEN` header. |
| Authorization ID | URL path parameter. |
| Description and/or Status | Pass as `description`, `status` in the request body. |
### Disable a token
```sh
# Update the description and status of the first authorization listed for the user.
curl --request GET \
"http://localhost:8086/api/v2/authorizations?user=user2" \
--header "Authorization: Token ${INFLUX_TOKEN}" \
--header 'Content-type: application/json' \
| jq .authorizations[0].id \
| xargs -I authid curl --request PATCH \
http://localhost:8086/api/v2/authorizations/authid \
--header "Authorization: Token ${INFLUX_TOKEN}" \
--header 'Content-type: application/json' \
--data '{
"description": "deactivated_auth",
"status": "inactive"
}' | jq .
```

39
content/influxdb/v2.1/security/tokens/view-tokens.md
View File

@ -15,17 +15,46 @@ View API tokens and permissions using the InfluxDB user interface (UI),
the `influx` command line interface (CLI), or the InfluxDB API.
{{% note %}}
Tokens are visible only to the user who created them and stop working when the user is deactivated.
We recommend creating a generic IT user to create and manage tokens for writing data.
{{% oss-only %}}Tokens are visible to the user who created the token. Users who own a token with Operator permissions also have access to all tokens.
Tokens stop working when the user who created the token is deleted.
**We recommend creating a generic user to create and manage tokens for writing data.**
{{% /oss-only %}}
{{% cloud-only %}}
To follow best practices for secure API token generation and retrieval, InfluxDB Cloud enforces access restrictions on API tokens.
- InfluxDB Cloud UI only allows access to the API token value immediately after the token is created.
- You can't change access (**read/write**) permissions for an API token after it's created.
- Tokens stop working when the user who created the token is deleted.
We recommend the following for managing your tokens:
- Create a generic user to create and manage tokens for writing data.
- Store your tokens in a secure password vault for future access.
{{% /cloud-only %}}
{{% /note %}}
## View tokens in the InfluxDB UI
1. In the navigation menu on the left, select **Data (Load Data)** > **Tokens**.
{{% oss-only %}}
1. In the navigation menu on the left, select **Data (Load Data)** > **API Tokens**.
{{< nav-icon "load-data" >}}
2. Click a token name from the list to view the token and a summary of access permissions.
2. Click a token name in the list to view the token and a summary of access permissions.
{{% /oss-only %}}
{{% cloud-only %}}
1. In the navigation menu on the left, select **Load Data** > **API Tokens**.
{{< nav-icon "load-data" >}}
2. Click a token description in the list to view the token status and a list of access permissions.
{{% /cloud-only %}}
## View tokens using the influx CLI
@ -44,7 +73,7 @@ for information about other available flags.
Use the `/authorizations` endpoint of the InfluxDB API to view tokens and permissions.
{{% api-endpoint method="GET" endpoint="/api/v2/authorizations" %}}
[{{< api-endpoint method="GET" endpoint="/api/v2/authorizations" >}}](/influxdb/cloud/api/#operation/GetAuthorizations)
Include the following in your request:

2
content/influxdb/v2.1/tools/influx-cli.md
View File

@ -220,6 +220,8 @@ influx config create --config-name <config-name> \
For more information about managing CLI configurations, see the
[`influx config` documentation](/influxdb/v2.1/reference/cli/influx/config/).
For instructions on how to create API tokens, see [Create a token](/influxdb/v2.1/security/tokens/create-token/).
### Enable shell completion (Optional)
To install `influx` shell completion scripts, see

4
content/telegraf/v1.21/data_formats/input/_index.md
View File

@ -3,7 +3,7 @@ title: Telegraf input data formats
description: Telegraf supports parsing input data formats into Telegraf metrics.
menu:
telegraf_1_21:
name: Input data formats
weight: 1
parent: Data formats
@ -31,7 +31,7 @@ desired parser:
## Each data format has its own unique set of configuration options, read
## more about them here:
## https://github.com/influxdata/telegraf/blob/master/docs/DATA_FORMATS_INPUT.md
data_format = "json"
data_format = "json_v2"
```
[metrics]: /telegraf/v1.15/concepts/metrics/

7
content/telegraf/v1.21/data_formats/input/json.md
View File

@ -3,12 +3,15 @@ title: JSON input data format
description: Use the JSON input data format to parse [JSON][json] objects, or an array of objects, into Telegraf metric fields.
menu:
telegraf_1_21:
name: JSON input
weight: 70
parent: Input data formats
---
{{% note %}}
The following information applies to the legacy JSON input data format. For most cases, we recommend using the [JSON v2 input data format](/{{< latest "telegraf" >}}/data_formats/input/json_v2/) instead.
{{% /note %}}
The JSON input data format parses a [JSON][json] object or an array of objects
into Telegraf metric fields.
@ -189,7 +192,7 @@ Config:
```toml
[[inputs.file]]
files = ["example"]
data_format = "json"
data_format = "json_v2"
tag_keys = ["first"]
json_string_fields = ["last"]
json_query = "obj.friends"

3
content/telegraf/v1.21/data_formats/input/json_v2.md
View File

@ -3,11 +3,10 @@ title: JSON v2 input data format
description: Use the JSON v2 input data format to parse [JSON][json] objects, or an array of objects, into Telegraf metric fields.
menu:
telegraf_1_21:
name: JSON v2 input
weight: 70
parent: Input data formats
draft: true
---
The JSON v2 input data format parses a [JSON][json] object or an array of objects into Telegraf metric fields.

4
content/telegraf/v1.21/guides/using_http.md
View File

@ -3,7 +3,7 @@ title: Using the HTTP input plugin with Citi Bike data
description: Collect live metrics on Citi Bike stations in New York City with the HTTP input plugin.
menu:
telegraf_1_21:
name: Using the HTTP plugin
weight: 30
parent: Guides
@ -66,7 +66,7 @@ The timezone We'll set this to the Unix TZ value where our bike data takes place
tagexclude = ["url", "host"]
#Data from HTTP in JSON format
data_format = "json"
data_format = "json_v2"
#Parse `stationBeanList` array only
json_query = "stationBeanList"

14
deploy/edge.js
View File

@ -97,6 +97,9 @@ exports.handler = (event, context, callback) => {
//////////////////////////// v2 subdomain redirect ///////////////////////////
permanentRedirect(request.headers.host[0].value === 'v2.docs.influxdata.com', `https://docs.influxdata.com${request.uri}`);
///////////////////////// Force v in version numbers /////////////////////////
permanentRedirect(/(^\/[\w]*\/)(\d\.)/.test(request.uri), request.uri.replace(/(^\/[\w]*\/)(\d\.)/, `$1v$2`));
////////////////////////// Latest version redirects //////////////////////////
temporaryRedirect(/\/influxdb\/latest/.test(request.uri), request.uri.replace(/\/latest/, `/${latestVersions['influxdb']}`));
temporaryRedirect(/\/telegraf\/latest/.test(request.uri), request.uri.replace(/\/latest/, `/${latestVersions['telegraf']}`));
@ -130,6 +133,15 @@ exports.handler = (event, context, callback) => {
temporaryRedirect(/\/influxdb\/(?:v2\.[0-9]{1,2}|cloud)\/reference\/flux\/stdlib\/built-in\/transformations\/$/.test(request.uri), `/flux/${latestVersions['flux']}/function-types/`);
temporaryRedirect(/\/influxdb\/(v2\.[0-9]{1,2}|cloud)\/reference\/flux\/stdlib\/built-in\/$/.test(request.uri), `/flux/${latestVersions['flux']}/stdlib/universe/`);
temporaryRedirect(/\/flux\/v0\.x\/stdlib\/built-in\/(?:inputs\/|outputs\/|misc\/|tests\/)(\w+\/$)/.test(request.uri), request.uri.replace(/\/flux\/v0\.x\/stdlib\/built-in\/(?:inputs\/|outputs\/|misc\/|tests\/)(\w+\/$)/, `/flux/${latestVersions['flux']}/stdlib/universe/$1`));
temporaryRedirect(/\/flux\/v0\.x\/stdlib\/built-in\/(?:inputs\/|outputs\/|misc\/|tests\/)$/.test(request.uri), `/flux/${latestVersions['flux']}/function-types/`);
temporaryRedirect(/\/flux\/v0\.x\/stdlib\/built-in\/transformations\/(?:aggregates\/|selectors\/|stream-table\/|type-conversions\/)(\w+\/$)/.test(request.uri), request.uri.replace(/\/flux\/v0\.x\/stdlib\/built-in\/transformations\/(?:aggregates\/|selectors\/|stream-table\/|type-conversions\/)(\w+\/$)/, `/flux/${latestVersions['flux']}/stdlib/universe/$1`));
temporaryRedirect(/\/flux\/v0\.x\/stdlib\/built-in\/transformations\/(?:aggregates\/|selectors\/|stream-table\/|type-conversions\/)/.test(request.uri), `/flux/${latestVersions['flux']}/function-types/`);
temporaryRedirect(/\/flux\/v0\.x\/stdlib\/built-in\/transformations\/(\w+\/$)/.test(request.uri), request.uri.replace(/\/flux\/v0\.x\/stdlib\/built-in\/transformations\/(\w+\/$)/, `/flux/${latestVersions['flux']}/stdlib/universe/$1`));
temporaryRedirect(/\/flux\/v0\.x\/stdlib\/built-in\/transformations\/$/.test(request.uri), `/flux/${latestVersions['flux']}/function-types/`);
temporaryRedirect(/\/flux\/v0\.x\/stdlib\/built-in\/$/.test(request.uri), `/flux/${latestVersions['flux']}/stdlib/universe/`);
temporaryRedirect(/\/flux\/v0\.x\/stdlib\/universe\/(?:inputs\/|outputs\/|misc\/|tests\/|transformations\/|selectors\/|aggregates\/)$/.test(request.uri), `/flux/${latestVersions['flux']}/function-types/`);
// Redirect Flux stdlib/influxdb sections to Flux stdlib/influxdata docs
temporaryRedirect(/\/influxdb\/(v2\.[0-9]{1,2}|cloud)\/reference\/flux\/stdlib\/influxdb\//.test(request.uri), request.uri.replace(/\/influxdb\/(?:v2\.[0-9]{1,2}|cloud)\/reference\/flux\/stdlib\/influxdb\//, `/flux/${latestVersions['flux']}/stdlib/influxdata/influxdb/`));
temporaryRedirect(/\/influxdb\/(v2\.[0-9]{1,2}|cloud)\/reference\/flux\/stdlib\/monitor\//.test(request.uri), request.uri.replace(/\/influxdb\/(?:v2\.[0-9]{1,2}|cloud)\/reference\/flux\/stdlib\/monitor\//, `/flux/${latestVersions['flux']}/stdlib/influxdata/influxdb/monitor/`));
@ -157,6 +169,8 @@ exports.handler = (event, context, callback) => {
// Generic Flux stdlib redirect
temporaryRedirect(/\/influxdb\/(v2\.[0-9]{1,2}|cloud)\/reference\/flux\/stdlib\//.test(request.uri), request.uri.replace(/\/influxdb\/(?:v2\.[0-9]{1,2}|cloud)\/reference\/flux\/stdlib\//, `/flux/${latestVersions['flux']}/stdlib/`));
temporaryRedirect(/\/flux\/v0\.x\/functions\//.test(request.uri), request.uri.replace(/(\/flux\/v0\.x\/)functions\/(.*)/, `$1stdlib/$2`));
temporaryRedirect(/\/flux\/v0\.x\/stdlib\/experimental\/to\/.+/.test(request.uri), request.uri.replace(/(\/flux\/v0\.x\/stdlib\/experimental\/)to\/(.+)/, `$1$2`));
// Redirect outdated Chronograf links
temporaryRedirect(/\/flux\/v[0,1]\.x\/stdlib\/built-in\/(?:inputs\/|outputs\/|misc\/|tests\/)(\w+\/$)/.test(request.uri), request.uri.replace(/\/flux\/v[0,1]\.x\/stdlib\/built-in\/(?:inputs\/|outputs\/|misc\/|tests\/)(\w+\/$)/, `/flux/${latestVersions['flux']}/stdlib/universe/$1`));

20
layouts/shortcodes/enterprise-warning-authn-b4-authz.md Normal file
View File

@ -0,0 +1,20 @@
<!-- don't link to authentication docs
if we're already in the authentication docs.-->
{{ if eq .Page.Title "Configure authentication" }}
<div class="warn block">
**Important**
Authentication _must be enabled **before**_ authorization can be managed.
If authentication is not enabled, *permissions will not be enforced*.
</div>
{{ else }}
<div class="warn block">
**Important**
Authentication _must be enabled **before**_ authorization can be managed.
If authentication is not enabled, *permissions will not be enforced*.
See ["Enable authentication"](/enterprise_influxdb/v1.9/administration/configure/security/authentication/).
</div>
{{ end }}