InfluxDB Deployment Guide

The following instructions are for deploying the InfluxDB server.

Prerequisites

This guide is written for a Red Hat Enterprise Linux 8 based operating system which is operating within a cluster of systems and the following are the prerequisites:

• InfluxDB OS Installation Guide

• IdM Client Deployment Guide

• NFS Client Deployment Guide

If deploying as a standalone service, adjust the hostname fields accordingly and omit steps involving IdM, NFS, and follow-on deployment guides.

Follow-on Deployments

The following guides can be applied after the deployment of their associated nodes.

• RSyslog Deployment Guide

• Telegraf Deployment Guide

References

These instructions were written for InfluxDB v2.4.0

Official InfluxDB installation instructions:
https://docs.influxdata.com/influxdb/v2.4/install/?t=Linux

Post Deployment

The InfluxDB Dashboard can be accessed at the following URL:
https://influxdb.engwsc.example.com

Username: INFLUXDB_ADMIN_USERNAME
Password: INFLUXDB_ADMIN_PASSWORD (from step 11)

Deployment Scripts

An example bash script of the instructions has been provided: deploy-influxdb.sh

Deployment Steps

Note

Instructions assume execution using the root account.

1. Connect the system to the NFS Server:

See Guide: NFS Client Deployment Guide

2. Connect the system to the IdM Server:

See Guide: IdM Client Deployment Guide

3. Add the InfluxDB Yum Repository:

# influxdb.key GPG Fingerprint: 05CE15085FC09D18E99EFB22684A14CF2582E0C5

cat > /etc/yum.repos.d/influxdb.repo <<EOF
[influxdb]
name = InfluxDB Repository - RHEL \$releasever
baseurl = https://repos.influxdata.com/rhel/\$releasever/\$basearch/stable
enabled = 1
gpgcheck = 1
gpgkey = https://repos.influxdata.com/influxdb.key
EOF

4. Install InfluxDB:

dnf -y distro-sync
dnf -y install influxdb2 influxdb2-cli telegraf

5. Disable InfluxData Telemetry:

sed -i 's@/usr/bin/influxd@/usr/bin/influxd --reporting-disabled@g' /usr/lib/influxdb/scripts/influxd-systemd-start.sh

6. Start the InfluxDB service:

systemctl daemon-reload
systemctl enable --now influxdb

7. Set up InfluxDB:

Important

Replace ORGANIZATION with the name of the organization (ex engwsc)
Replace INFLUXDB_DEFAULT_BUCKET with the name of the default bucket (ex engwsc-cluster)
Replace INFLUXDB_ADMIN_USERNAME with the user name of the administrator (ex admin)
Replace INFLUXDB_ADMIN_PASSWORD with a confidential secure password that will be used for InfluxDB INFLUXDB_ADMIN_USERNAME account.

influx setup --force --skip-verify \
    --host "http://localhost:8086" \
    --org "ORGANIZATION" \
    --bucket "INFLUXDB_DEFAULT_BUCKET" \
    --username "INFLUXDB_ADMIN_USERNAME" \
    --password "INFLUXDB_ADMIN_PASSWORD" \
    --retention "0"

8. Install NGINX:

dnf -y distro-sync
dnf -y install nginx

9. Create Self-Signed SSL Certificate:

Important

Replace values with the specifics of your network.

# Create directory structure
mkdir -p  /etc/pki/nginx/
chmod 755 /etc/pki/nginx/

# Country Name (2 letter code) [XX]:US
# State or Province Name (full name) []:New York
# Locality Name (eg, city) [Default City]:New York
# Organization Name (eg, company) [Default Company Ltd]:engwsc
# Organizational Unit Name (eg, section) []:
# Common Name (eg, your name or your server's hostname) []:influxdb.engwsc.example.com
# Email Address []:

# Create certificate
openssl req -x509 -nodes -newkey rsa:4096 \
    -keyout "/etc/pki/nginx/influxdb.engwsc.example.com.key" \
    -out    "/etc/pki/nginx/influxdb.engwsc.example.com.crt" \
    -subj   "/CN=influxdb.engwsc.example.com/C=US/ST=New York/L=New York/O=engwsc" \
    -days   365

# Set certificate permissions
chown root:root /etc/pki/nginx/influxdb.engwsc.example.com.key
chown root:root /etc/pki/nginx/influxdb.engwsc.example.com.crt
chmod 600       /etc/pki/nginx/influxdb.engwsc.example.com.key

10. Configure NGINX:

Important

Replace example values with the specifics of your network.

mkdir -p /etc/nginx/conf.d/
cat > /etc/nginx/conf.d/influxdb.conf <<EOF
server {
    listen 80;
    server_name influxdb.engwsc.example.com;
    root /nowhere;
    rewrite ^ https://\$server_name\$request_uri permanent;
}
server
{
    listen      443 ssl http2;
    server_name influxdb.engwsc.example.com;

    ssl_certificate "/etc/pki/nginx/influxdb.engwsc.example.com.crt";
    ssl_certificate_key "/etc/pki/nginx/influxdb.engwsc.example.com.key";
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout 10m;
    ssl_ciphers PROFILE=SYSTEM;
    ssl_prefer_server_ciphers on;

    location /
    {
      proxy_set_header Host \$http_host;
      proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
      proxy_pass       http://127.0.0.1:8086;
    }
}
EOF

11. Configure SELinux:

setsebool -P httpd_can_network_connect 1
semanage port -a -t http_port_t -p tcp 8086

12. Enable NGINX service:

systemctl daemon-reload
systemctl enable --now nginx

13. Set firewalld rules:

Important

Replace the IPv4 Address and Subnet mask with the value of your network.

systemctl enable --now firewalld
firewall-cmd --zone=public --add-source=192.168.1.0/24 --permanent
firewall-cmd --zone=public --add-service=http --permanent
firewall-cmd --zone=public --add-service=https --permanent
firewall-cmd --reload