TI-Stack with docker-compose

I am playing around with telegraf and influxdb v2. I want to get both running in Docker, using docker-compose. This post explains how to do it, but it lets telegraf use the admin token, which I do not like.
I want to create a special user with only write access to a specific bucket.

There are a lot of OS solutions for this out there using InfluxDB 1, but in InfluxDB 2 this has gotten difficult: The telegraf plugin now requires a token. The influx CLI does not let me choose a token. Hence, there is this temporal dependency where I first have to run InfluxDB, then create the user and the token, and then set the token in telegraf (e.g. as an environment variable). This is not possible with a single docker-compose file. Curiously enough, the influx setup script actually would let me specify the token myself, but I can only run this once for an org. Am I missing something?

So my current solution uses two docker-compose files and the following script to up both:

docker-compose -f docker-compose.influxdb.yaml up -d
INFLUXDB_TELEGRAF_TOKEN=$token docker-compose -f docker-compose.telegraf.yaml up -d

This is the script I currently use to setup the metrics bucket:

set -e
metrics_bucket_id=$(influx bucket create -n metrics -o myorg --hide-headers | awk '{print $1}')
influx user create -n telegraf -o myorg
influx auth create -u telegraf -d telegraf_token -o myorg --write-bucket $metrics_bucket_id

My influxdb docker-compose file sets the admin account using the DOCKER_INFLUXDB_INIT_* variables, and mounts the above script to /docker-entrypoint-initdb.d.

Are there any better ideas for this? Or is my aversion of using the admin user misguided?

You could use a start script in influxdb like you are to create the user and then do a volume share between the containers but I don’t think it is exactly worth the effort. You can always just start one container at a time with docker-compose on first start.

That helped me a lot!

Your answer contains two bits of information which I did not think/know about:

  1. I only need to create and extract the token on first start, after that the token will persist in the mounted volume
  2. It is possible to start a specific container of a docker-compose file

So what I will try to do is: for the first start extract the token with the script, but then, instead of providing it as an environment variable to the docker-compose command, I persist it in a local .env file. All successive starts are a simple docker-compose up.


Glad to have helped :slight_smile:

Always something new to learn.