Kapacitor -> influxdb 'influxdb.Service: failed to link subscription on startup: unable to parse authentication credentials'

Hi, just trying to connect my kapacitor docker container via auth to the influxdb docker container.
With disable auth everything works fine. Here is my config with auth.

#cat docker-stack.yml
version: '3.4'
services:
  kapacitor:
    image: "kapacitor:1.4"
    hostname: monitoring-kapacitor
    environment:
      KAPACITOR_HOSTNAME: kapacitor
      KAPACITOR_INFLUXDB_0_URLS_0: "http://influxdb:8086"
      KAPACITOR_INFLUXDB_ENABLED: "true"
      KAPACITOR_INFLUXDB_NAME: "monitoring"
      KAPACITOR_INFLUXDB_USERNAME: "admin"
      KAPACITOR_INFLUXDB_PASSWORD: "verysecretpassword"
      KAPACITOR_INFLUXDB_STARTUP_TIMEOUT: "5m"
      KAPACITOR_INFLUXDB_SUBSCRIPTION_MODE: "server"
      KAPACITOR_INFLUXDB_SUBSCRIPTION_PROTOCOL: "http"
      KAPACITOR_INFLUXDB_KAPACITOR_HOSTNAME: "kapacitor"
    deploy:
      replicas: 1
      placement:
        constraints:
          - node.role == manager
    volumes:
      - /mnt/docker/stacks/tick-auth/staging/kapacitor:/etc/kapacitor
      - /mnt/docker/data/tick-auth/kapacitor/var-lib-kapacitor:/var/lib/kapacitor
      - /etc/localtime:/etc/localtime:ro
    ports:
     # Kapacitor API
      - "9092:9092"
  influxdb:
    image: "influxdb:1.4"
    hostname: monitoring-influxdb
    environment:
    # this is the ADMIN/root user, please define the user for monitoring in .env
      INFLUXDB_ADMIN_USER: "admin"
      INFLUXDB_ADMIN_PASSWORD: "verysecretpassword"
      INFLUXDB_HTTP_AUTH_ENABLED: "true"
      INFLUXDB_DB: monitoring
      INFLUXDB_READ_USER: readonly
      INFLUXDB_READ_USER_PASSWORD: readonly
      INFLUXDB_WRITE_USER: writeonly
      INFLUXDB_WRITE_USER_PASSWORD: writeonly
    volumes:
      - /mnt/docker/stacks/tick-auth/bashrc:/root/.bashrc:ro
      - /mnt/docker/data/tick-auth/influxdb/var-lib-influxdb:/var/lib/influxdb
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "8086:8086"
    deploy:
      replicas: 1
      placement:
        constraints:
          - node.role == manager

#cat /mnt/docker/stacks/tick-auth/staging/kapacitor/kapacitor.conf 
hostname = "kapacitor"                                                                                                                                                                                                                       
data_dir = "/var/lib/kapacitor"                                                                                                                                                                                                              
skip-config-overrides = false
default-retention-policy = ""

[http]
  bind-address = ":9092"
  auth-enabled = false
  log-enabled = true
  write-tracing = false
  pprof-enabled = false
  https-enabled = false
  https-certificate = "/etc/ssl/kapacitor.pem"
  shutdown-timeout = "10s"
  shared-secret = ""

[replay]
  dir = "/var/lib/kapacitor/replay"

[storage]
  boltdb = "/var/lib/kapacitor/kapacitor.db"

[task]
  dir = "/root/.kapacitor/tasks"
  snapshot-interval = "1m0s"

[load]
  enabled = false
  dir = "/root/.kapacitor/load"

[[influxdb]]
  enabled = true
  name = "influxdb"
  user = "admin"
  password = "verysecretpassword" 
  default = true
  urls = ["http://influxdb:8086"]
  ssl-ca = ""
  ssl-cert = ""
  ssl-key = ""
  insecure-skip-verify = true
  timeout = "0s"
  disable-subscriptions = false
  subscription-protocol = "http"
  subscription-mode = "server"
  kapacitor-hostname = "kapacitor"
  http-port = 0
  udp-bind = ""
  udp-buffer = 1000
  udp-read-buffer = 0
  startup-timeout = "5m"
  subscriptions-sync-interval = "1m0s"
  [influxdb.excluded-subscriptions]
    _kapacitor = ["autogen"]

[logging]
  file = "STDERR"
  level = "DEBUG"

[config-override]
  enabled = true

[smtp]
  enabled = false
  host = "localhost"
  port = 25
  username = ""
  password = ""
  no-verify = false
  global = false
  state-changes-only = false
  from = ""
  idle-timeout = "30s"

[stats]
  enabled = true
  stats-interval = "10s"
  database = "_kapacitor"
  retention-policy = "autogen"
  timing-sample-rate = 0.1
  timing-movavg-size = 1000

[udf]

[deadman]
  interval = "10s"
  threshold = 0.0
  id = "{{ .Group }}:NODE_NAME for task '{{ .TaskName }}'"
  message = "{{ .ID }} is {{ if eq .Level \"OK\" }}alive{{ else }}dead{{ end }}: {{ index .Fields \"emitted\" | printf \"%0.3f\" }} points/INTERVAL."
  global = false

# cat /mnt/docker/stacks/tick-auth/staging/influxdb/influxdb.conf 
reporting-disabled = false
bind-address = "127.0.0.1:8088"

[meta]
  dir = "/var/lib/influxdb/meta"
  retention-autocreate = true
  logging-enabled = true

[data]
  dir = "/var/lib/influxdb/data"
  index-version = "inmem"
  wal-dir = "/var/lib/influxdb/wal"
  wal-fsync-delay = "0s"
  query-log-enabled = true
  cache-max-memory-size = 1073741824
  cache-snapshot-memory-size = 26214400
  cache-snapshot-write-cold-duration = "10m0s"
  compact-full-write-cold-duration = "4h0m0s"
  max-series-per-database = 1000000
  max-values-per-tag = 100000
  max-concurrent-compactions = 0
  trace-logging-enabled = false

[coordinator]
  write-timeout = "10s"
  max-concurrent-queries = 0
  query-timeout = "0s"
  log-queries-after = "0s"
  max-select-point = 0
  max-select-series = 0
  max-select-buckets = 0

[retention]
  enabled = true
  check-interval = "30m0s"

[shard-precreation]
  enabled = true
  check-interval = "10m0s"
  advance-period = "30m0s"

[monitor]
  store-enabled = true
  store-database = "_internal"
  store-interval = "10s"

[subscriber]
  enabled = true
  http-timeout = "30s"
  insecure-skip-verify = false
  ca-certs = ""
  write-concurrency = 40
  write-buffer-size = 1000

[http]
  enabled = true
  bind-address = ":8086"
  auth-enabled = false
  log-enabled = true
  write-tracing = false
  pprof-enabled = true
  https-enabled = false
  https-certificate = "/etc/ssl/influxdb.pem"
  https-private-key = ""
  max-row-limit = 0
  max-connection-limit = 0
  shared-secret = ""
  realm = "InfluxDB"
  unix-socket-enabled = false
  bind-socket = "/var/run/influxdb.sock"

[[graphite]]
  enabled = false
  bind-address = ":2003"
  database = "graphite"
  retention-policy = ""
  protocol = "tcp"
  batch-size = 5000
  batch-pending = 10
  batch-timeout = "1s"
  consistency-level = "one"
  separator = "."
  udp-read-buffer = 0

[[collectd]]
  enabled = false
  bind-address = ":25826"
  database = "collectd"
  retention-policy = ""
  batch-size = 5000
  batch-pending = 10
  batch-timeout = "10s"
  read-buffer = 0
  typesdb = "/usr/share/collectd/types.db"
  security-level = "none"
  auth-file = "/etc/collectd/auth_file"

[[opentsdb]]
  enabled = false
  bind-address = ":4242"
  database = "opentsdb"
  retention-policy = ""
  consistency-level = "one"
  tls-enabled = false
  certificate = "/etc/ssl/influxdb.pem"
  batch-size = 1000
  batch-pending = 5
  batch-timeout = "1s"
  log-point-errors = true

[[udp]]
  enabled = false
  bind-address = ":8089"
  database = "udp"
  retention-policy = ""
  batch-size = 5000
  batch-pending = 10
  read-buffer = 0
  batch-timeout = "1s"
  precision = ""

[continuous_queries]
  log-enabled = true
  enabled = true
  run-interval = "1s"

The log of kapacitor can be found here:
https://raw.githubusercontent.com/rdxmb/kapacitor-debug/master/docker-service-logs

1. Whats wrong here?

2. a) Does it matter if the configs are described in the conf-Files or with the docker-environments?
   b) If different values were defined, which one would be priorised? The conf-File or the environments?

3. Which grants does kapacitor really need?

Is there any update for what happened here? I’m getting the same error.

Below change worked for me since influxdb section is a table array [[influxdb]] ->

KAPACITOR_INFLUXDB_USERNAME: “admin”
KAPACITOR_INFLUXDB_PASSWORD: “verysecretpassword”

to

KAPACITOR_INFLUXDB_0_USERNAME: “admin”
KAPACITOR_INFLUXDB_0_PASSWORD: “verysecretpassword”

@ganeshdudwadkar

works for me. Kapacitor needs the admin-account for influxdb.
Thanks!

is it possible to edit the title of this thread - so I could add a [solved]- prefix?