InfluxDB Enterprise cluster installation experiment 02-deployment
Foreword
Recently, the company intends to purchase the enterprise version cluster of InfluxDB, just to take the time to build a set of hands-on practice to test the basic functions.
lab environment
Operating system: CentOS Linux release 7.3.1611 (Core)
influxdb version: 1.7.9
machine:
| Machine name | ip |
|---|---|
| influxdb01 | 10.11.100.73 |
| influxdb02 | 10.11.100.74 |
| influxdb03 | 10.11.100.75 |
Apply for a key
To use InfluxDB Enterprise Edition cluster, you need to apply for a key license on the official website. Register for an account to apply for a 14-day trial key. If you need to use it for a long time, you need to spend money to buy an official key.
Official website address: https://portal.influxdata.com/
After registering an account through the mailbox, you can apply for a temporary key: After the
application is completed, enter to view the key: The
license key is the required key.
Meta node configuration
1. Configure hosts
Configure the hosts file on each machine to ensure that it can parse each other:
[root@influxdb01 ~]# cat /etc/hosts
10.11.100.73 influxdb01
10.11.100.74 influxdb02
10.11.100.75 influxdb03
Verify connectivity and ping other machines on each machine:
[root@influxdb01 ~]# ping -qc 1 influxdb01
PING influxdb01 (10.11.100.73) 56(84) bytes of data.
--- influxdb01 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.051/0.051/0.051/0.000 ms
[root@influxdb01 ~]# ping -qc 1 influxdb02
PING influxdb02 (10.11.100.74) 56(84) bytes of data.
--- influxdb02 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.194/0.194/0.194/0.000 ms
[root@influxdb01 ~]# ping -qc 1 influxdb03
PING influxdb03 (10.11.100.75) 56(84) bytes of data.
--- influxdb03 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.259/0.259/0.259/0.000 ms
2. Download and install the meta service
Use the wget command to download the rpm package directly:
wget https://dl.influxdata.com/enterprise/releases/influxdb-meta-1.7.9_c1.7.9.x86_64.rpm
To verify the authenticity of the rpm package (optional):
1. Download and import the InfluxData public key:
[root@influxdb01 opt]# curl -sL https://repos.influxdata.com/influxdb.key | gpg --import
gpg: directory `/root/.gnupg' created
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/root/.gnupg/secring.gpg' created
gpg: keyring `/root/.gnupg/pubring.gpg' created
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 2582E0C5: public key "InfluxDB Packaging Service <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
2. Download the label file of the rpm package:
[root@influxdb01 opt]# wget https://dl.influxdata.com/enterprise/releases/influxdb-meta-1.7.9_c1.7.9.x86_64.rpm.asc
--2020-02-26 16:56:28-- https://dl.influxdata.com/enterprise/releases/influxdb-meta-1.7.9_c1.7.9.x86_64.rpm.asc
Resolving dl.influxdata.com (dl.influxdata.com)... 13.35.121.105, 13.35.121.15, 13.35.121.46, ...
Connecting to dl.influxdata.com (dl.influxdata.com)|13.35.121.105|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 819 [text/plain]
Saving to: ‘influxdb-meta-1.7.9_c1.7.9.x86_64.rpm.asc’
100%[=========================================================>] 819 --.-K/s in 0s
2020-02-26 16:56:30 (109 MB/s) - ‘influxdb-meta-1.7.9_c1.7.9.x86_64.rpm.asc’ saved [819/819]
3. Use the gpg command to verify the authenticity of the rpm package:
[root@influxdb01 opt]# gpg --verify influxdb-meta-1.7.9_c1.7.9.x86_64.rpm.asc influxdb-meta-1.7.9_c1.7.9.x86_64.rpm
gpg: Signature made Tue 12 Nov 2019 10:13:25 PM CST using RSA key ID 2582E0C5
gpg: Good signature from "InfluxDB Packaging Service <[email protected]>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 05CE 1508 5FC0 9D18 E99E FB22 684A 14CF 2582 E0C5
See gpg: Good signature from "InfluxDB Packaging Service [email protected] ", indicating that the rpm package is normal.
Use the local installation rpm package:
sudo yum localinstall influxdb-meta-1.7.9_c1.7.9.x86_64.rpm
3. Edit the configuration file
The default path of the meta node configuration file is: /etc/influxdb/influxdb-meta.conf
- Change hostname to the local name of each machine
- Modify the internal-shared-secret in [meta] and set it to a long password, which is used for JWT verification of internal communication in the node. Each meta node must be configured with the same password, and it is the same as the meta-internal-shared-secret of the [meta] configuration of the data node.
- Modify the key configuration and use license-key or license-path authentication (these two authentication methods are mutually exclusive, and only one type can be configured)
Take the influxdb01 machine as an example:
[root@influxdb01 opt]# vim /etc/influxdb/influxdb-meta.conf
···
# Hostname advertised by this host for remote addresses. This must be resolvable by all
# other nodes in the cluster.
hostname = "influxdb01"
###
### [enterprise]
###
### Settings related to enterprise licensing.
###
[enterprise]
# Must be set to true to use the Enterprise Web UI
# registration-enabled = false
# Must include the protocol (http://)
# registration-server-url = ""
# license-key and license-path are mutually exclusive, use only one and leave the other blank
license-key = "5178fc4e-a404-4589-9d89-c9f9d7b6f66e"
# license-key and license-path are mutually exclusive, use only one and leave the other blank
license-path = ""
###
### [meta]
###
### Settings specific to meta node operation.
###
#
[meta]
# Directory where cluster meta data is stored.
dir = "/var/lib/influxdb/meta"
# The default address for raft, cluster, snapshot, etc.
# bind-address = ":8089"
# The default address to bind the API to.
# http-bind-address = ":8091"
[...]
internal-shared-secret = "p@ssw0rd"
I use the license-key verification method here. In actual production, it is recommended to use the license-path verification method to prevent the cluster verification from failing due to external network problems.
4. Start meta service
Start directly with systemctl:
systemctl start influxdb-meta
Confirm status:
[root@influxdb01 influxdb]# ps aux | grep -v grep | grep influxdb-meta
influxdb 45241 0.7 0.2 480840 16312 ? Ssl 03:46 0:01 /usr/bin/influxd-meta -config /etc/influxdb/influxdb-meta.conf
5. Add meta nodes to the cluster
Add all the meta-node machines including this machine in one node, I use the influxdb01 machine here:
[root@influxdb01 ~]# influxd-ctl add-meta influxdb01:8091
Added meta node 1 at influxdb01:8091
[root@influxdb01 ~]# influxd-ctl add-meta influxdb02:8091
Added meta node 2 at influxdb02:8091
[root@influxdb01 ~]# influxd-ctl add-meta influxdb03:8091
Added meta node 3 at influxdb03:8091
Verify the cluster status:
[root@influxdb01 ~]# influxd-ctl show
Data Nodes
==========
ID TCP Address Version
Meta Nodes
==========
TCP Address Version
influxdb01:8091 1.7.9-c1.7.9
influxdb02:8091 1.7.9-c1.7.9
influxdb03:8091 1.7.9-c1.7.9
success!
Data node configuration
In order to save the machine, I reuse the machine of the meta node here, so there is no need to configure the hosts and network.
1. Download and install the data service
Use the wget command to download the rpm package directly:
wget https://dl.influxdata.com/enterprise/releases/influxdb-data-1.7.9_c1.7.9.x86_64.rpm
Verify the authenticity of the rpm package (do not do it):
1. The InfluxData public key has been imported before, and importing again will report an error:
[root@influxdb01 opt]# curl -sL https://repos.influxdata.com/influxdb.key | gpg --import
gpg: key 2582E0C5: "InfluxDB Packaging Service <[email protected]>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
2. Download the label file of the rpm package:
[root@influxdb01 opt]# wget https://dl.influxdata.com/enterprise/releases/influxdb-data-1.7.9_c1.7.9.x86_64.rpm.asc
--2020-02-26 17:28:18-- https://dl.influxdata.com/enterprise/releases/influxdb-data-1.7.9_c1.7.9.x86_64.rpm.asc
Resolving dl.influxdata.com (dl.influxdata.com)... 143.204.202.123, 143.204.202.104, 143.204.202.42, ...
Connecting to dl.influxdata.com (dl.influxdata.com)|143.204.202.123|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 819 [text/plain]
Saving to: ‘influxdb-data-1.7.9_c1.7.9.x86_64.rpm.asc’
100%[=========================================================>] 819 --.-K/s in 0s
2020-02-26 17:28:21 (112 MB/s) - ‘influxdb-data-1.7.9_c1.7.9.x86_64.rpm.asc’ saved [819/819]
3. Use the gpg command to verify the authenticity of the rpm package:
[root@influxdb01 opt]# gpg --verify influxdb-data-1.7.9_c1.7.9.x86_64.rpm.asc influxdb-data-1.7.9_c1.7.9.x86_64.rpm
gpg: Signature made Tue 12 Nov 2019 10:13:24 PM CST using RSA key ID 2582E0C5
gpg: Good signature from "InfluxDB Packaging Service <[email protected]>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 05CE 1508 5FC0 9D18 E99E FB22 684A 14CF 2582 E0C5
See gpg: Good signature from "InfluxDB Packaging Service [email protected] ", indicating that the rpm package is normal.
Use the local installation rpm package:
sudo yum localinstall influxdb-data-1.7.9_c1.7.9.x86_64.rpm
3. Edit the configuration file
The default path of the data point configuration file is: /etc/influxdb/influxdb.conf
- Change hostname to the local name of each machine
- Modify meta-auth-enabled in [meta], set it to true, enable JWT verification
- Modify the meta-internal-shared-secret in [meta] and set it to a long password for JWT verification of internal communication in the node. Each data node must be configured with the same password, and it is the same as the internal-shared-secret of the [meta] configuration of the meta node.
- Modify the key configuration and use license-key or license-path authentication (these two authentication methods are mutually exclusive, and only one type can be configured)
Optional:
- If you need to enable http authentication, you can modify [http] auth-enabled to true
Take the influxdb01 machine as an example:
[root@influxdb01 opt]# vim /etc/influxdb/influxdb.conf
···
# Hostname advertised by this host for remote addresses. This must be resolvable by all
# other nodes in the cluster.
hostname = "influxdb01"
###
### [enterprise]
###
### Settings related to enterprise licensing.
###
[enterprise]
# Must be set to true to use the Enterprise Web UI
# registration-enabled = false
# Must include the protocol (http://)
# registration-server-url = ""
# license-key and license-path are mutually exclusive, use only one and leave the other blank
license-key = "5178fc4e-a404-4589-9d89-c9f9d7b6f66e"
# license-key and license-path are mutually exclusive, use only one and leave the other blank
license-path = ""
###
### [meta]
###
### Settings specific to meta node operation.
###
#
[meta]
# Directory where the cluster metadata is stored.
dir = "/var/lib/influxdb/datameta"
# Whether to use TLS when connecting to meta nodes.
# meta-tls-enabled = false
# The shared secret used by the internal API for JWT authentication. This setting
# must have the same value as the meta nodes' meta.auth-enabled configuration.
meta-auth-enabled = true
[...]
###
### [data]
###
### Controls where the actual shard data for InfluxDB lives and how it is
### compacted from the WAL. "dir" may need to be changed to a suitable place
### for your system. The defaults should work for most systems.
###
[data]
# The directory where the TSM storage engine stores TSM (read-optimized) files.
dir = "/var/lib/influxdb/data"
# The directory where the TSM storage engine stores WAL (write-optimized) files.
wal-dir = "/var/lib/influxdb/wal"
[...]
[http]
# Determines whether HTTP endpoint is enabled.
# enabled = true
# The bind address used by the HTTP service.
# bind-address = ":8086"
# Determines whether HTTP authentication is enabled.
auth-enabled = true
[...]
# The JWT auth shared secret to validate requests using JSON web tokens.
shared-secret = "p@ssw0rd"
I use the license-key verification method here. In actual production, it is recommended to use the license-path verification method to prevent the cluster verification from failing due to external network problems.
Note that since my meta node and data node are on the same machine, the storage path of metadata needs to be modified to prevent conflicts.
4. Start the data service
Start directly with systemctl:
systemctl start influxdb
Confirm status:
[root@influxdb01 opt]# ps aux | grep -v grep | grep influxdb
influxdb 45241 0.6 0.2 638656 19352 ? Ssl Feb14 44:44 /usr/bin/influxd-meta -config /etc/influxdb/influxdb-meta.conf
influxdb 59639 59.6 0.3 782944 29500 ? Ssl 00:35 0:14 /usr/bin/influxd -config /etc/influxdb/influxdb.conf
5. Join the data node to the cluster
Execute the join command on the node set in the previous meta, I use the influxdb01 machine here:
[root@influxdb01 ~]# influxd-ctl add-data influxdb01:8088
Added deta node 4 at influxdb01:8088
[root@influxdb01 ~]# influxd-ctl add-data influxdb02:8088
Added deta node 5 at influxdb02:8088
[root@influxdb01 ~]# influxd-ctl add-data influxdb03:8088
Added deta node 6 at influxdb03:8088
Verify the cluster status:
[root@influxdb02 influxdb]# influxd-ctl show
Data Nodes
==========
ID TCP Address Version
4 influxdb01:8088 1.7.9-c1.7.9
5 influxdb02:8088 1.7.9-c1.7.9
6 influxdb03:8088 1.7.9-c1.7.9
Meta Nodes
==========
TCP Address Version
influxdb01:8091 1.7.9-c1.7.9
influxdb02:8091 1.7.9-c1.7.9
influxdb03:8091 1.7.9-c1.7.9
success!
Visualization tool chronograf build
The official provides the chronograf tool to manage the cluster:
URL https://portal.influxdata.com/downloads/
Download and install
Download the latest version of the rpm package directly by wget and install it:
wget https://dl.influxdata.com/chronograf/releases/chronograf-1.8.0.x86_64.rpm
sudo yum localinstall chronograf-1.8.0.x86_64.rpm
After the installation is complete, start directly:
chronograf
Connect to influxdb cluster
Since I installed chronograf on the influxdb01 machine, I can directly access its 8888 port through a web browser:
