Kapacitor -> influxdb 'influxdb.Service: failed to link subscription on startup: unable to parse authentication credentials'

kapacitor
influxdb

#1

Hi, just trying to connect my kapacitor docker container via auth to the influxdb docker container.
With disable auth everything works fine. Here is my config with auth.

#cat docker-stack.yml
version: '3.4'
services:
  kapacitor:
    image: "kapacitor:1.4"
    hostname: monitoring-kapacitor
    environment:
      KAPACITOR_HOSTNAME: kapacitor
      KAPACITOR_INFLUXDB_0_URLS_0: "http://influxdb:8086"
      KAPACITOR_INFLUXDB_ENABLED: "true"
      KAPACITOR_INFLUXDB_NAME: "monitoring"
      KAPACITOR_INFLUXDB_USERNAME: "admin"
      KAPACITOR_INFLUXDB_PASSWORD: "verysecretpassword"
      KAPACITOR_INFLUXDB_STARTUP_TIMEOUT: "5m"
      KAPACITOR_INFLUXDB_SUBSCRIPTION_MODE: "server"
      KAPACITOR_INFLUXDB_SUBSCRIPTION_PROTOCOL: "http"
      KAPACITOR_INFLUXDB_KAPACITOR_HOSTNAME: "kapacitor"
    deploy:
      replicas: 1
      placement:
        constraints:
          - node.role == manager
    volumes:
      - /mnt/docker/stacks/tick-auth/staging/kapacitor:/etc/kapacitor
      - /mnt/docker/data/tick-auth/kapacitor/var-lib-kapacitor:/var/lib/kapacitor
      - /etc/localtime:/etc/localtime:ro
    ports:
     # Kapacitor API
      - "9092:9092"
  influxdb:
    image: "influxdb:1.4"
    hostname: monitoring-influxdb
    environment:
    # this is the ADMIN/root user, please define the user for monitoring in .env
      INFLUXDB_ADMIN_USER: "admin"
      INFLUXDB_ADMIN_PASSWORD: "verysecretpassword"
      INFLUXDB_HTTP_AUTH_ENABLED: "true"
      INFLUXDB_DB: monitoring
      INFLUXDB_READ_USER: readonly
      INFLUXDB_READ_USER_PASSWORD: readonly
      INFLUXDB_WRITE_USER: writeonly
      INFLUXDB_WRITE_USER_PASSWORD: writeonly
    volumes:
      - /mnt/docker/stacks/tick-auth/bashrc:/root/.bashrc:ro
      - /mnt/docker/data/tick-auth/influxdb/var-lib-influxdb:/var/lib/influxdb
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "8086:8086"
    deploy:
      replicas: 1
      placement:
        constraints:
          - node.role == manager

#cat /mnt/docker/stacks/tick-auth/staging/kapacitor/kapacitor.conf 
hostname = "kapacitor"                                                                                                                                                                                                                       
data_dir = "/var/lib/kapacitor"                                                                                                                                                                                                              
skip-config-overrides = false
default-retention-policy = ""

[http]
  bind-address = ":9092"
  auth-enabled = false
  log-enabled = true
  write-tracing = false
  pprof-enabled = false
  https-enabled = false
  https-certificate = "/etc/ssl/kapacitor.pem"
  shutdown-timeout = "10s"
  shared-secret = ""

[replay]
  dir = "/var/lib/kapacitor/replay"

[storage]
  boltdb = "/var/lib/kapacitor/kapacitor.db"

[task]
  dir = "/root/.kapacitor/tasks"
  snapshot-interval = "1m0s"

[load]
  enabled = false
  dir = "/root/.kapacitor/load"

[[influxdb]]
  enabled = true
  name = "influxdb"
  user = "admin"
  password = "verysecretpassword" 
  default = true
  urls = ["http://influxdb:8086"]
  ssl-ca = ""
  ssl-cert = ""
  ssl-key = ""
  insecure-skip-verify = true
  timeout = "0s"
  disable-subscriptions = false
  subscription-protocol = "http"
  subscription-mode = "server"
  kapacitor-hostname = "kapacitor"
  http-port = 0
  udp-bind = ""
  udp-buffer = 1000
  udp-read-buffer = 0
  startup-timeout = "5m"
  subscriptions-sync-interval = "1m0s"
  [influxdb.excluded-subscriptions]
    _kapacitor = ["autogen"]

[logging]
  file = "STDERR"
  level = "DEBUG"

[config-override]
  enabled = true

[smtp]
  enabled = false
  host = "localhost"
  port = 25
  username = ""
  password = ""
  no-verify = false
  global = false
  state-changes-only = false
  from = ""
  idle-timeout = "30s"

[stats]
  enabled = true
  stats-interval = "10s"
  database = "_kapacitor"
  retention-policy = "autogen"
  timing-sample-rate = 0.1
  timing-movavg-size = 1000

[udf]

[deadman]
  interval = "10s"
  threshold = 0.0
  id = "{{ .Group }}:NODE_NAME for task '{{ .TaskName }}'"
  message = "{{ .ID }} is {{ if eq .Level \"OK\" }}alive{{ else }}dead{{ end }}: {{ index .Fields \"emitted\" | printf \"%0.3f\" }} points/INTERVAL."
  global = false

# cat /mnt/docker/stacks/tick-auth/staging/influxdb/influxdb.conf 
reporting-disabled = false
bind-address = "127.0.0.1:8088"

[meta]
  dir = "/var/lib/influxdb/meta"
  retention-autocreate = true
  logging-enabled = true

[data]
  dir = "/var/lib/influxdb/data"
  index-version = "inmem"
  wal-dir = "/var/lib/influxdb/wal"
  wal-fsync-delay = "0s"
  query-log-enabled = true
  cache-max-memory-size = 1073741824
  cache-snapshot-memory-size = 26214400
  cache-snapshot-write-cold-duration = "10m0s"
  compact-full-write-cold-duration = "4h0m0s"
  max-series-per-database = 1000000
  max-values-per-tag = 100000
  max-concurrent-compactions = 0
  trace-logging-enabled = false

[coordinator]
  write-timeout = "10s"
  max-concurrent-queries = 0
  query-timeout = "0s"
  log-queries-after = "0s"
  max-select-point = 0
  max-select-series = 0
  max-select-buckets = 0

[retention]
  enabled = true
  check-interval = "30m0s"

[shard-precreation]
  enabled = true
  check-interval = "10m0s"
  advance-period = "30m0s"

[monitor]
  store-enabled = true
  store-database = "_internal"
  store-interval = "10s"

[subscriber]
  enabled = true
  http-timeout = "30s"
  insecure-skip-verify = false
  ca-certs = ""
  write-concurrency = 40
  write-buffer-size = 1000

[http]
  enabled = true
  bind-address = ":8086"
  auth-enabled = false
  log-enabled = true
  write-tracing = false
  pprof-enabled = true
  https-enabled = false
  https-certificate = "/etc/ssl/influxdb.pem"
  https-private-key = ""
  max-row-limit = 0
  max-connection-limit = 0
  shared-secret = ""
  realm = "InfluxDB"
  unix-socket-enabled = false
  bind-socket = "/var/run/influxdb.sock"

[[graphite]]
  enabled = false
  bind-address = ":2003"
  database = "graphite"
  retention-policy = ""
  protocol = "tcp"
  batch-size = 5000
  batch-pending = 10
  batch-timeout = "1s"
  consistency-level = "one"
  separator = "."
  udp-read-buffer = 0

[[collectd]]
  enabled = false
  bind-address = ":25826"
  database = "collectd"
  retention-policy = ""
  batch-size = 5000
  batch-pending = 10
  batch-timeout = "10s"
  read-buffer = 0
  typesdb = "/usr/share/collectd/types.db"
  security-level = "none"
  auth-file = "/etc/collectd/auth_file"

[[opentsdb]]
  enabled = false
  bind-address = ":4242"
  database = "opentsdb"
  retention-policy = ""
  consistency-level = "one"
  tls-enabled = false
  certificate = "/etc/ssl/influxdb.pem"
  batch-size = 1000
  batch-pending = 5
  batch-timeout = "1s"
  log-point-errors = true

[[udp]]
  enabled = false
  bind-address = ":8089"
  database = "udp"
  retention-policy = ""
  batch-size = 5000
  batch-pending = 10
  read-buffer = 0
  batch-timeout = "1s"
  precision = ""

[continuous_queries]
  log-enabled = true
  enabled = true
  run-interval = "1s"

The log of kapacitor can be found here:
https://raw.githubusercontent.com/rdxmb/kapacitor-debug/master/docker-service-logs

  1. Whats wrong here?

  2. a) Does it matter if the configs are described in the conf-Files or with the docker-environments?
    b) If different values were defined, which one would be priorised? The conf-File or the environments?

  3. Which grants does kapacitor really need?


#2

Is there any update for what happened here? I’m getting the same error.


#3

Below change worked for me since influxdb section is a table array [[influxdb]] ->

KAPACITOR_INFLUXDB_USERNAME: “admin”
KAPACITOR_INFLUXDB_PASSWORD: “verysecretpassword”

to

KAPACITOR_INFLUXDB_0_USERNAME: “admin”
KAPACITOR_INFLUXDB_0_PASSWORD: “verysecretpassword”