To Show the performance of my firewall and also the current voltage and load of my homelab equipment I created a small setup to visualize this. It is based on InfluxDB 2.0, Telegraf & Grafana managed and installed with docker-compose.
Table of Contents
Create a new folder in /home path.
cd /home mkdir influxdb
Switch to the InfluxDB folder and create the docker-compose.yml file.
cd /home/influxdb vi docker-compose.yml
In this case we will create the containers at once. The container influxdb_cli is for direct creating a InfluxDB instance and is optional.
version: '3' services: influxdb: image: quay.io/influxdb/influxdb:v2.0.3 container_name: influxdb volumes: - influxdbv2:/root/.influxdbv2 ports: - "8086:8086" influxdb_cli: links: - influxdb image: quay.io/influxdb/influxdb:v2.0.3 container_name: influxdb_cli entrypoint: influx setup --bucket telegraf -t secretToken -o Stangneth --username=admin --password=Passsw0rd! --host=http://influxdb:8086 -f restart: on-failure:10 depends_on: - influxdb telegraf: image: telegraf container_name: telegraf links: - influxdb volumes: - /home/telegraf/mytelegraf.conf:/etc/telegraf/telegraf.conf depends_on: - influxdb_cli volumes: influxdbv2:
In the next step we need to create the telegraf config. Otherwise the container would not start!
cd /home mkdir telegraf cd telegraf vi mytelegraf.conf
Following my example configuration. In this file later the token and address needs to be inserted.
# Output Configuration for telegraf agent [[outputs.influxdb_v2]] ## Point to your influxdb container urls = ["http://172.16.38.251:8086"] ## insecure_skip_verify = true ## Token for authentication. token = "XGGoPXCUIwESpxFmykjsdfhghgAOAXqmlCG2hsDRb8HsYYrsrSNJNf73U8B6EYreuAruZgB2CXnrjBbCEtjg==" ## Organization is the name of the organization you wish to write to; must exist. organization = "Stangneth" ## Destination bucket to write into. bucket = "telegraf" [[inputs.ping]] ## Hosts to send ping packets to. urls = ["172.16.38.254"]
The container and database instance can now be created.
server1:/home/influxdb # docker-compose up -d Creating volume "influxdb_influxdbv2" with default driver Creating influxdb ... done Creating influxdb_cli ... done Creating telegraf ... done
Now open the Webbrowser and call the InfluxDB web UI:
For this example: http://172.16.38.251:8086/
After the successfull login a token needs to be created for the new bucket.
This token needs to be copied to the telegraf config as mentioned before. If its not setup correctly telegraf is not able to write to the InfluxDB.
After editing the mytelegraf.conf the container needs to be restarted and within the “Explore” in the web UI you can check if data is flowing in.
docker restart telegraf
Create a new folder in /home path.
cd /home mkdir grafana cd grafana mkdir provisioning mkdir data
Afterwards you can create a sample grafaini.ini file from the :latest configuration.
docker run --rm --entrypoint /bin/bash grafana/grafana:latest -c 'cat $GF_PATHS_CONFIG' > grafana.ini
Now you can create the docker-compose.yml file.
vi /home/grafana/docker-compose.yml version: "3.3" services: grafana: image: grafana/grafana:latest container_name: grafana restart: always user: "0" # needs to be `id -u` // alternatively chown the grafana/data dir to 472:472 ports: - "3000:3000" volumes: - /home/grafana/data:/var/lib/grafana # data path - /home/grafana/grafana.ini:/etc/grafana/grafana.ini - /home/grafana/provisioning:/etc/grafana/provisioning environment: - GF_INSTALL_PLUGINS=${GF_INSTALL_PLUGINS} - GF_SECURITY_ADMIN_USER=${GF_SECURITY_ADMIN_USER} - GF_SECURITY_ADMIN_PASSWORD=${GF_SECURITY_ADMIN_PASSWORD}
The variables are stored in the .env file, which is located in /home/grafana path.
vi .env GF_SECURITY_ADMIN_USER=admin GF_SECURITY_ADMIN_PASSWORD=admin GF_INSTALL_PLUGINS=grafana-clock-panel,briangann-gauge-panel,natel-plotly-panel,grafana-simple-json-datasource,vonage-status-panel
Now create the container.
docker-compose up -d
You can call the website:
http://172.16.38.251:3000
After the login you can add the InfluxDB and create the dashboard. For this I’ll create a separate blog post.
Due to safety reasons I’ll change the admin password and the token at the end.
docker exec -it influxdb /bin/bash influx user password -n admin -t secretToken
If the telegraf container shows the error message that some SNMP mibs are missing you can clone the librenms git to your container.
cd /home mkdir mibs git clone https://github.com/librenms/librenms.git cd /mibs/librenms/mibs docker cp . telegraf:/usr/share/snmp/mibs/
To secure the web ui’s with https you can add a SSL certificate. In this case I’ll use a self-signed and protect it afterwards with a nginx-reverse-proxy.
mkdir /home/docker_ssl cd /home/docker_ssl/ openssl genrsa -des3 -out server.key 4096 openssl req -new -key server.key -out server.csr openssl rsa -in server.key -out server.key Generate self signed cert openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt sudo chmod 644 server.crt sudo chmod 600 server.key
Next we need to add the path in the docker-compose.yml file to mount it correctly.
volumes: - /home/docker_ssl:/var/ssl
Now activate https in the grafana.ini.
vi /home/grafana/grafana.ini [server] # Protocol (http, https, h2, socket) protocol = https # https certs & key file cert_file = /var/ssl/server.crt cert_key = /var/ssl/server.key
For InfluxDB its enough to add the parameter in the docker-compose.yml file.
vi /home/influxdb/docker-compose.yml environment: - INFLUXDB_HTTP_HTTPS_ENABLED=true - INFLUXD_TLS_CERT=/var/ssl/server.crt - INFLUXD_TLS_KEY=/var/ssl/server.key
Now the sites are reachable via https.
No Comments on Grafana, InfluxDB 2.0 & Telegraf with docker-compose