Written on 15. July 2021

Grafana, InfluxDB 2.0 & Telegraf with docker-compose

To Show the performance of my firewall and also the current voltage and load of my homelab equipment I created a small setup to visualize this. It is based on InfluxDB 2.0, Telegraf & Grafana managed and installed with docker-compose.

InfluxDB 2.0 installation

Base configuration

Create a new folder in /home path.

cd /home
mkdir influxdb

Create Docker-Compose file

Switch to the InfluxDB folder and create the docker-compose.yml file.

cd /home/influxdb
vi docker-compose.yml

In this case we will create the containers at once. The container influxdb_cli is for direct creating a InfluxDB instance and is optional. 

version: '3'
services:
  influxdb:
    image: quay.io/influxdb/influxdb:v2.0.3
    container_name: influxdb
    volumes:
      - influxdbv2:/root/.influxdbv2
    ports:
      - "8086:8086"
  influxdb_cli:
    links:
      - influxdb
    image: quay.io/influxdb/influxdb:v2.0.3
    container_name: influxdb_cli
    entrypoint: influx setup --bucket telegraf -t secretToken -o Stangneth --username=admin --password=Passsw0rd! --host=http://influxdb:8086 -f
    restart: on-failure:10
    depends_on:
      - influxdb
  telegraf:
    image: telegraf
    container_name: telegraf
    links:
      - influxdb
    volumes:
      - /home/telegraf/mytelegraf.conf:/etc/telegraf/telegraf.conf
    depends_on:
      - influxdb_cli
volumes:
  influxdbv2:

Telegraf installation

In the next step we need to create the telegraf config. Otherwise the container would not start!

cd /home
mkdir telegraf
cd telegraf
vi mytelegraf.conf

Following my example configuration. In this file later the token and address needs to be inserted.

# Output Configuration for telegraf agent
[[outputs.influxdb_v2]]
  ## Point to your influxdb container
  urls = ["http://172.16.38.251:8086"]
  ## insecure_skip_verify = true

  ## Token for authentication.
  token = "XGGoPXCUIwESpxFmykjsdfhghgAOAXqmlCG2hsDRb8HsYYrsrSNJNf73U8B6EYreuAruZgB2CXnrjBbCEtjg=="
  ## Organization is the name of the organization you wish to write to; must exist.
  organization = "Stangneth"
  ## Destination bucket to write into.
  bucket = "telegraf"

[[inputs.ping]]
  ## Hosts to send ping packets to.
  urls = ["172.16.38.254"]

Create the container

The container and database instance can now be created.

server1:/home/influxdb # docker-compose up -d
Creating volume "influxdb_influxdbv2" with default driver
Creating influxdb ... done
Creating influxdb_cli ... done
Creating telegraf     ... done

InfluxDB configuration

Now open the Webbrowser and call the InfluxDB web UI:
For this example: http://172.16.38.251:8086/

The username and password was created with the container influxdb_cli.
Username: admin – Passwort: Passsw0rd!

After the successfull login a token needs to be created for the new bucket.

This token needs to be copied to the telegraf config as mentioned before. If its not setup correctly telegraf is not able to write to the InfluxDB.

After editing the mytelegraf.conf the container needs to be restarted and within the “Explore” in the web UI you can check if data is flowing in.

docker restart telegraf

Grafana installation

Create a new folder in /home path.

cd /home
mkdir grafana
cd grafana
mkdir provisioning
mkdir data

Afterwards you can create a sample grafaini.ini file from the :latest configuration.

docker run --rm --entrypoint /bin/bash grafana/grafana:latest -c 'cat $GF_PATHS_CONFIG' > grafana.ini

Create Docker-Compose file

Now you can create the docker-compose.yml file.

vi /home/grafana/docker-compose.yml
version: "3.3"
services:
  grafana:
    image: grafana/grafana:latest
    container_name: grafana
    restart: always
    user: "0" # needs to be `id -u` // alternatively chown the grafana/data dir to 472:472
    ports:
      - "3000:3000"
    volumes:
      - /home/grafana/data:/var/lib/grafana # data path
      - /home/grafana/grafana.ini:/etc/grafana/grafana.ini
      - /home/grafana/provisioning:/etc/grafana/provisioning
    environment:
      - GF_INSTALL_PLUGINS=${GF_INSTALL_PLUGINS}
      - GF_SECURITY_ADMIN_USER=${GF_SECURITY_ADMIN_USER}
      - GF_SECURITY_ADMIN_PASSWORD=${GF_SECURITY_ADMIN_PASSWORD}

The variables are stored in the .env file, which is located in /home/grafana path.

vi .env
GF_SECURITY_ADMIN_USER=admin
GF_SECURITY_ADMIN_PASSWORD=admin
GF_INSTALL_PLUGINS=grafana-clock-panel,briangann-gauge-panel,natel-plotly-panel,grafana-simple-json-datasource,vonage-status-panel

Create the Container

Now create the container.

docker-compose up -d

Grafana configuration

You can call the website:
http://172.16.38.251:3000

Initiale Anmeldedaten wurden in der .env konfiguriert
Username: admin & Passwort: admin

After the login you can add the InfluxDB and create the dashboard. For this I’ll create a separate blog post.

Additions

Change InfluxDB password

Due to safety reasons I’ll change the admin password and the token at the end.

docker exec -it influxdb /bin/bash
influx user password -n admin -t secretToken

Telegraf is not detecting SNMP Mibs correctly

If the telegraf container shows the error message that some SNMP mibs are missing you can clone the librenms git to your container.

cd /home
mkdir mibs
git clone https://github.com/librenms/librenms.git
cd /mibs/librenms/mibs
docker cp . telegraf:/usr/share/snmp/mibs/

Change web ui to https

To secure the web ui’s with https you can add a SSL certificate. In this case I’ll use a self-signed and protect it afterwards with a nginx-reverse-proxy.

mkdir /home/docker_ssl
cd /home/docker_ssl/
openssl genrsa -des3 -out server.key 4096
openssl req -new -key server.key -out server.csr
openssl rsa -in server.key -out server.key
Generate self signed cert
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
sudo chmod 644 server.crt
sudo chmod 600 server.key

Next we need to add the path in the docker-compose.yml file to mount it correctly. 

 volumes:
      - /home/docker_ssl:/var/ssl

Now activate https in the grafana.ini.

vi /home/grafana/grafana.ini
[server]
# Protocol (http, https, h2, socket)
protocol = https
# https certs & key file
cert_file = /var/ssl/server.crt
cert_key = /var/ssl/server.key

For InfluxDB its enough to add the parameter in the docker-compose.yml file.

vi /home/influxdb/docker-compose.yml
    environment:
      - INFLUXDB_HTTP_HTTPS_ENABLED=true
      - INFLUXD_TLS_CERT=/var/ssl/server.crt
      - INFLUXD_TLS_KEY=/var/ssl/server.key

Now the sites are reachable via https.

No Comments on Grafana, InfluxDB 2.0 & Telegraf with docker-compose

Leave a Reply

Your email address will not be published. Required fields are marked *

Categories
Last entries
  • Enhancing PowerShell Security with the Activation of Constrained Language Mode
  • Powershell Signing
  • Move FSMO Roles and demote old Domain Controller
  • How to Update VMware ESXi 8.x
  • Basic Security on Debian Server
  • Apache2 as reverse proxy with ModSecurity and OWASP Ruleset on Debian
  • Synology Active Backup for Business - Last backup to USB drive