influxdb在刚安装好之后,默认情况下,禁用身份验证,静默忽略所有凭据,并且所有用户都具有所有权限。这样是极不安全的。
我们这里测试通过用户名和密码身份验证方式来提高安全性,但是请注意:在实际生产环境中,不应该依赖身份验证和授权来阻止访问并保护数据库免受恶意攻击者的攻击。如果需要其他安全性或合规性功能,InfluxDB应该在第三方服务后面运行。
1、首先创建管理员用户
[root@imzcy ~]# influx
> CREATE USER zcy WITH PASSWORD '123456' WITH ALL PRIVILEGES
> SHOW USERS
user admin
zcy true
>
> exit
[root@imzcy ~]#
1
2
3
4
5
6
7
8
9
10
[root@imzcy~]# influx
>CREATEUSERzcyWITHPASSWORD'123456'WITHALLPRIVILEGES
>SHOWUSERS
useradmin
zcytrue
>
>exit
[root@imzcy~]#
2、开启身份验证(编辑influxdb配置文件,将165行处配置项的值由false改为true并保存退出)
[root@imzcy ~]# vim /etc/influxdb/influxdb.conf
162 [http]
163 enabled = true
164 bind-address = ":8086"
165 auth-enabled = true
166 log-enabled = true
167 write-tracing = false
168 pprof-enabled = false
169 https-enabled = false
170 https-certificate = "/etc/ssl/influxdb.pem"
171 max-row-limit = 10000
[root@imzcy ~]# systemctl restart influxd
1
2
3
4
5
6
7
8
9
10
11
12
13
[root@imzcy~]# vim /etc/influxdb/influxdb.conf
162[http]
163enabled=true
164bind-address=":8086"
165auth-enabled=true
166log-enabled=true
167write-tracing=false
168pprof-enabled=false
169https-enabled=false
170https-certificate="/etc/ssl/influxdb.pem"
171max-row-limit=10000
[root@imzcy~]# systemctl restart influxd
3.1、此时如果和之前一样直接使用influx登录数据库,进行操作时将会报以下错误(有两种方式使用用户密码认证登录,请看3.2和3.3)
[root@imzcy ~]# influx
Visit https://enterprise.influxdata.com to register for updates, InfluxDB server management, and monitoring.
Connected to http://imzcy:8086 version 0.13.0
InfluxDB shell version: 0.13.0
>
> SHOW DATABASES
ERR: unable to parse Basic Auth credentials
Warning: It is possible this error is due to not setting a database.
Please set a database with the command "use ".
>
> EXIT
[root@imzcy ~]#
1
2
3
4
5
6
7
8
9
10
11
12
[root@imzcy~]# influx
Visithttps://enterprise.influxdata.com to register for updates, InfluxDB server management, and monitoring.
Connectedtohttp://imzcy:8086 version 0.13.0
InfluxDBshellversion:0.13.0
>
>SHOWDATABASES
ERR:unabletoparseBasicAuthcredentials
Warning:Itispossiblethiserrorisduetonotsettingadatabase.
Pleasesetadatabasewiththecommand"use ".
>
>EXIT
[root@imzcy~]#
3.2、启动CLI时,使用刚才创建的管理员用户登录influxdb
[root@imzcy ~]# influx -username zcy -password 123456
Visit https://enterprise.influxdata.com to register for updates, InfluxDB server management, and monitoring.
Connected to http://imzcy:8086 version 0.13.0
InfluxDB shell version: 0.13.0
>
> SHOW DATABASES
name: databases
---------------
name
_internal
zcydb
> exit
[root@imzcy ~]#
1
2
3
4
5
6
7
8
9
10
11
12
13
14
[root@imzcy~]# influx -username zcy -password 123456
Visithttps://enterprise.influxdata.com to register for updates, InfluxDB server management, and monitoring.
Connectedtohttp://imzcy:8086 version 0.13.0
InfluxDBshellversion:0.13.0
>
>SHOWDATABASES
name:databases
---------------
name
_internal
zcydb
>exit
[root@imzcy~]#
3.3、启动CLI后,使用之前创建的管理员用户进行身份验证
[root@imzcy ~]# influx
>
> auth
username: zcy
password:
>
> SHOW DATABASES
name: databases
---------------
name
_internal
zcydb
>
> exit
[root@imzcy ~]#
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
[root@imzcy~]# influx
>
>auth
username:zcy
password:
>
>SHOWDATABASES
name:databases
---------------
name
_internal
zcydb
>
>exit
[root@imzcy~]#