PVE7.0.11 and InfluxDB v2

Z

zeuxprox

Renowned Member
Proxmox Subscriber
Dec 10, 2014
96
6
73
Hi,

I would like to send PVE7.0.11 metrics to a InfluxDB v2 server and I tried the native plug-in InfluxDB in PVE7. Now the problem is that in my InfluxDB v2 Server I used a self signed certificate and when I try to "create" an instance of InfluxDB with protocol HTTPS I receive the following error:
Code: 
500 Can't connect to xxxxx.yyyyyy:8086 (certificate verify failed) (500)

During the creation of InfluxDB instance in Proxmox I filled in the fields as shown below:
  • Name: InfluxDB
  • Server: xxxxx.yyyyyy (the url of my InfluxDB v2 server, it is resolved correctly, I have an internal DNS)
  • Port: 8086
  • Protocol: HTTPS
  • Active: checked
  • Organization: Proxmox Server (this is the organization configured in my InfluxDB v2 Server)
  • Bucket: Proxmox Infra (this is the Buckt configured in my InfluxDB v2 Server)
  • Token: aaabbbcccdddeee (the token that my InfluxDB v2 created)
  • API Path Prefix: nothing (left blank)

I also imported in PVE7 the self generated Certificate Authority that I used in my InfluxDB v2 Server. I put my ca.crt in /usr/local/share/ca-certificates and then run
Code: 
update-ca-certificates
PVE7 shows me:
Code: 
Updating certificates in /etc/ssl/certs...
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.

But this not solve the problem.

Could you help me please?

thank you
 
Last edited:
HTTP can use。 I Already checked 。has data in infuxdb 2.0.8 web gui
but but but。。。。。
no any grafana dashboards can use 。。。and i don‘’t use the infuxdb 2 new query language flux
so。。。
 
You need to use port 443 and Telegraf. I have this setup with InfluxDB 2.0, but with PVE 6. Here is a short blog post.

Your Telegraf config part for submission to InfluxDB2.0 with SSL looks like this:
Code: 
# Configuration for sending metrics to InfluxDB
[[outputs.influxdb_v2]]
  urls = ["https://influx.local.mytld.com"]
  token = "...."
  organization = "yyy"
  bucket = "xxx"

It may be possible to do this with Proxmox Influx form directly, but I am not sure. Try adding your url instead of IP/port, e.g.: https://influx.local.mytld.com

[Edit]
I see, you already used your URL. I always used 443, instead of 8086 when using SSL, as is required with Telegraf, too. Perhaps give it a try.
 
Last edited:
Bumped into this also.
I know that telegraph is an option but I would like to keep my pve host as clean as possible.
Helmut101 said:
I always used 443
Click to expand...
Tried that too, but it's not a port issue, but a verification. Security wise that's a correct error, but sometimes you consciously want to use a self signed cert.

So I filed a feature request:
https://bugzilla.proxmox.com/show_bug.cgi?id=3725
 
  • Like
Reactions: Helmut101 and zeuxprox
I use Let's encrypt SSL certs internally, which are retrieved automatically through Acme and DNS API (cloudflare). No need for self-signing (and no need for opening any port). Not sure though if this is your issue.
 
I experienced the same error connecting to my InfluxDB service using a LetsEncrypt certificate:

Code: 
500 Can't connect to host.example.com:8086 (certificate verify failed) (500)

I fixed it by changing my InfluxDB config, which was loading cert.pem to loading fullchain.pem which includes the whole certificate chain, instead of just the "leaf" certificate.
 
You must log in or register to reply here.
Top Bottom