一、介绍

权限认证机制，顾名思义，就是对 InfluxDB 数据库添加权限访问控制，在默认情况下，InfluxDB 的权限认证机制是关闭的，也就是说所有用户都有所有权限

$ influx -precision rfc3339
Connected to http://localhost:8086 version 1.7.7
InfluxDB shell version: 1.7.7
> show databases;
ERR: unable to parse authentication credentials
Warning: It is possible this error is due to not setting a database.
Please set a database with the command "use <database>".
>


> auth
username: rw_influxdb_de
password: 
> show databases;
name: databases
name
----
_internal
kwang_db

$ influx -precision rfc3339
Connected to http://localhost:8086 version 1.7.7
InfluxDB shell version: 1.7.7
> show databases;
ERR: unable to parse authentication credentials
Warning: It is possible this error is due to not setting a database.
Please set a database with the command "use <database>".
>


> auth
username: rw_influxdb_de
password: 
> show databases;
name: databases
name
----
_internal
kwang_db

二、开启 InfluxDB 权限认证机制

开启 InfluxDB 权限认证机制有三步：

添加 admin 账号，至少添加一个 admin 账号；
修改 InfluxDB 配置文件；
重启 InfluxDB 服务；

2.1 添加 admin 账号

在初次登录时，InfluxDB 是没有开启权限认证的，可以通过如下操作添加一个 admin 账号：

> create user admin with password '123456' with all privileges;

> create user admin with password '123456' with all privileges;

查看 rw_influxdb 账号是否属于 admin 账号

> show users;
user           admin
----           -----
admin true

> show users;
user           admin
----           -----
admin true

2.2 修改 InfluxDB 配置文件

修改 /etc/influxdb/influxdb.conf 配置文件：

[http]
  enabled = true
  bind-address = ":8086"
  auth-enabled = true
  log-enabled = true
  write-tracing = false
  pprof-enabled = false
  https-enabled = false
  #https-certificate = "/etc/ssl/influxdb.pem"

[http]
  enabled = true
  bind-address = ":8086"
  auth-enabled = true
  log-enabled = true
  write-tracing = false
  pprof-enabled = false
  https-enabled = false
  #https-certificate = "/etc/ssl/influxdb.pem"

2.3 重启 InfluxDB 服务

[root@pg02 ~]# systemctl stop influxdb
[root@pg02 ~]# systemctl start influxdb

[root@pg02 ~]# systemctl stop influxdb
[root@pg02 ~]# systemctl start influxdb

2.4验证

[root@pg02 ~]# influx
Connected to http://localhost:8086 version 1.7.0
InfluxDB shell version: 1.7.0
Enter an InfluxQL query
> show databases;
ERR: unable to parse authentication credentials
Warning: It is possible this error is due to not setting a database.
Please set a database with the command "use <database>".

[root@pg02 ~]# influx
Connected to http://localhost:8086 version 1.7.0
InfluxDB shell version: 1.7.0
Enter an InfluxQL query
> show databases;
ERR: unable to parse authentication credentials
Warning: It is possible this error is due to not setting a database.
Please set a database with the command "use <database>".

认证机制成功

shell

[root@pg02 ~]# influx
Connected to http://localhost:8086 version 1.7.0
InfluxDB shell version: 1.7.0
Enter an InfluxQL query
> show databases;
ERR: unable to parse authentication credentials
Warning: It is possible this error is due to not setting a database.
Please set a database with the command "use <database>".

> auth 
username: admin
password: 
> show databases;
name: databases
name
----
_internal

[root@pg02 ~]# influx
Connected to http://localhost:8086 version 1.7.0
InfluxDB shell version: 1.7.0
Enter an InfluxQL query
> show databases;
ERR: unable to parse authentication credentials
Warning: It is possible this error is due to not setting a database.
Please set a database with the command "use <database>".

> auth 
username: admin
password: 
> show databases;
name: databases
name
----
_internal

三、用户管理

数据库管理：

◦ CREATE DATABASE, 和 DROP DATABASE ◦ DROP SERIES 和 DROP MEASUREMENT ◦ CREATE RETENTION POLICY, ALTER RETENTION POLICY, 和 DROP RETENTION POLICY ◦ CREATE CONTINUOUS QUERY 和 DROP CONTINUOUS QUERY

用户管理： ◦ Admin user management: CREATE USER, GRANT ALL PRIVILEGES, REVOKE ALL PRIVILEGES, 和 SHOW USERS ◦ Non-admin user management: CREATE USER, GRANT [READ,WRITE,ALL], REVOKE [READ,WRITE,ALL], 和 SHOW GRANTS ◦ General user management: SET PASSWORD 和 DROP USER

非管理员用户：

非管理员用户可以赋一种权限： ◦ READ ◦ WRITE ◦ ALL (READ 和 WRITE ) 这三种情况可以赋给每个用户，每个数据库

授权语法

bash

1. 创建用户：CREATE USER <username> WITH PASSWORD '<password>'
2. 授权权限：GRANT [READ,WRITE,ALL] ON <database_name> TO <username>
3. 创建并授权：CREATE USER <username> WITH PASSWORD '<password>' WITH ALL PRIVILEGES
4. 取消授权：REVOKE ALL PRIVILEGES FROM <username>
5. 修改密码：SET PASSWORD FOR <username> = '<password>'
6. 删除用户：DROP USER <username>

1. 创建用户：CREATE USER <username> WITH PASSWORD '<password>'
2. 授权权限：GRANT [READ,WRITE,ALL] ON <database_name> TO <username>
3. 创建并授权：CREATE USER <username> WITH PASSWORD '<password>' WITH ALL PRIVILEGES
4. 取消授权：REVOKE ALL PRIVILEGES FROM <username>
5. 修改密码：SET PASSWORD FOR <username> = '<password>'
6. 删除用户：DROP USER <username>

3.1授权操作

1.创建超级用户

bash

创建用户：monitor
密码：zabbix
权限：全部权限（超级用户）
create user monitor with password 'zabbix' with all privileges

#为一个已有用户授权管理员权限
GRANT ALL PRIVILEGES TO <username>

创建用户：monitor
密码：zabbix
权限：全部权限（超级用户）
create user monitor with password 'zabbix' with all privileges

#为一个已有用户授权管理员权限
GRANT ALL PRIVILEGES TO <username>

2.创建只读用户

用户：monitor_ro
数据库：monitordb
权限：指定数据库的只读权限

create user monitor_ro with password 'zabbix_apipwd'
grant read on monitordb to monitor_ro

用户：monitor_ro
数据库：monitordb
权限：指定数据库的只读权限

create user monitor_ro with password 'zabbix_apipwd'
grant read on monitordb to monitor_ro

3.创建可以写用户

用户：monitor_rw
数据库：monitordb
权限：指定数据库的写权限

create user monitor_rw with password 'zabbix_apipwd'
grant write on monitordb to monitor_rw

用户：monitor_rw
数据库：monitordb
权限：指定数据库的写权限

create user monitor_rw with password 'zabbix_apipwd'
grant write on monitordb to monitor_rw

4.取消用户授权

取消用户授权：

REVOKE ALL PRIVILEGES FROM monitor_rw

REVOKE ALL PRIVILEGES FROM monitor_rw

5.查看所有用户

SHOW USERS
user admin

monitor true
monitor_ro false
monitor_rw false

SHOW USERS
user admin

monitor true
monitor_ro false
monitor_rw false

6.删除用户

DROP USER monitor_rw

DROP USER monitor_rw

3.2非管理员用户管理

1.创建一个新的普通用户

CREATE USER <username> WITH PASSWORD '<password>'

#为一个已有用户授权
GRANT [READ,WRITE,ALL] ON <database_name> TO <username>

#取消权限
REVOKE [READ,WRITE,ALL] ON <database_name> FROM <username>

#展示用户在不同数据库上的权限
SHOW GRANTS FOR <user_name>

#例子：
> show grants for admin
database privilege
-------- ---------
> show grants for admin;
database privilege
-------- ---------
> show databases;
name: databases
name
----
_internal
test
> create user h_user with password '123456';
> show users;
user   admin
----   -----
admin  true
h_user false
> grant read on test to h_user;
> show users;
user   admin
----   -----
admin  true
h_user false
> show grants for h_user;
database privilege
-------- ---------
test     READ

CREATE USER <username> WITH PASSWORD '<password>'

#为一个已有用户授权
GRANT [READ,WRITE,ALL] ON <database_name> TO <username>

#取消权限
REVOKE [READ,WRITE,ALL] ON <database_name> FROM <username>

#展示用户在不同数据库上的权限
SHOW GRANTS FOR <user_name>

#例子：
> show grants for admin
database privilege
-------- ---------
> show grants for admin;
database privilege
-------- ---------
> show databases;
name: databases
name
----
_internal
test
> create user h_user with password '123456';
> show users;
user   admin
----   -----
admin  true
h_user false
> grant read on test to h_user;
> show users;
user   admin
----   -----
admin  true
h_user false
> show grants for h_user;
database privilege
-------- ---------
test     READ

3.3普通用户账号功能管理

1.重设密码

SET PASSWORD FOR <username> = '<password>'

SET PASSWORD FOR <username> = '<password>'

2.删除用户

DROP USER <username>

DROP USER <username>

四、认证下查询

HTTP API

Query:

curl -v -G "http://localhost:8086/query?db=test&u=admin&p=123456" --data-urlencode "q=select * from table"

Write:
[root@pg02 influxdb]# curl -v -XPOST "http://localhost:8086/write?db=test&u=admin&p=123456" --data-binary "table dd=44"
Note: Unnecessary use of -X or --request, POST is already inferred.
*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 8086 (#0)
> POST /write?db=test&u=admin&p=123456 HTTP/1.1
> Host: localhost:8086
> User-Agent: curl/7.61.1
> Accept: */*
> Content-Length: 11
> Content-Type: application/x-www-form-urlencoded
> 
* upload completely sent off: 11 out of 11 bytes
< HTTP/1.1 204 No Content
< Content-Type: application/json
< Request-Id: 3cead2ab-2a3c-11eb-8007-525400a367e0
< X-Influxdb-Build: OSS
< X-Influxdb-Version: 1.7.0
< X-Request-Id: 3cead2ab-2a3c-11eb-8007-525400a367e0
< Date: Thu, 19 Nov 2020 07:52:57 GMT
< 
* Connection #0 to host localhost left intact

Query:

curl -v -G "http://localhost:8086/query?db=test&u=admin&p=123456" --data-urlencode "q=select * from table"

Write:
[root@pg02 influxdb]# curl -v -XPOST "http://localhost:8086/write?db=test&u=admin&p=123456" --data-binary "table dd=44"
Note: Unnecessary use of -X or --request, POST is already inferred.
*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 8086 (#0)
> POST /write?db=test&u=admin&p=123456 HTTP/1.1
> Host: localhost:8086
> User-Agent: curl/7.61.1
> Accept: */*
> Content-Length: 11
> Content-Type: application/x-www-form-urlencoded
> 
* upload completely sent off: 11 out of 11 bytes
< HTTP/1.1 204 No Content
< Content-Type: application/json
< Request-Id: 3cead2ab-2a3c-11eb-8007-525400a367e0
< X-Influxdb-Build: OSS
< X-Influxdb-Version: 1.7.0
< X-Request-Id: 3cead2ab-2a3c-11eb-8007-525400a367e0
< Date: Thu, 19 Nov 2020 07:52:57 GMT
< 
* Connection #0 to host localhost left intact

有密码形式：
curl -G "http://localhost:8086/query" -u admin:admin --data-urlencode "q=SHOW DATABASES"
curl -G "http://localhost:8086/query" --data-urlencode "u=admin" --data-urlencode "p=admin" --data-urlencode "q=SHOW DATABASES"
curl -G "http://localhost:8086/query?u=admin&p=admin&q=SHOW+DATABASES"

有密码形式：
curl -G "http://localhost:8086/query" -u admin:admin --data-urlencode "q=SHOW DATABASES"
curl -G "http://localhost:8086/query" --data-urlencode "u=admin" --data-urlencode "p=admin" --data-urlencode "q=SHOW DATABASES"
curl -G "http://localhost:8086/query?u=admin&p=admin&q=SHOW+DATABASES"

CLI

启动控制台后，再设置用户 auth <username> <password>

[root@pg02 influxdb]# influx
Connected to http://localhost:8086 version 1.7.0
InfluxDB shell version: 1.7.0
Enter an InfluxQL query
>
> auth admin 123456
> show databases;
name: databases
name
----
_internal
test

[root@pg02 influxdb]# influx
Connected to http://localhost:8086 version 1.7.0
InfluxDB shell version: 1.7.0
Enter an InfluxQL query
>
> auth admin 123456
> show databases;
name: databases
name
----
_internal
test

以用户名密码启动

[root@pg02 influxdb]# influx -username admin -password 123456
Connected to http://localhost:8086 version 1.7.0
InfluxDB shell version: 1.7.0
Enter an InfluxQL query
> show databases;
name: databases
name
----
_internal
test

#或者密码不回现
influx -username 'shijiange' -password ''

[root@pg02 influxdb]# influx -username admin -password 123456
Connected to http://localhost:8086 version 1.7.0
InfluxDB shell version: 1.7.0
Enter an InfluxQL query
> show databases;
name: databases
name
----
_internal
test

#或者密码不回现
influx -username 'shijiange' -password ''

2-Harbor

3-Docker

1.安装

4-Containerd

1.安装

3.镜像管理

4.构建镜像

5-Dockerfile

🍂 env案例

6-Docker-Compose

7-Swarm

8-KVM

2-资源对象

2-Pod

5-Deployment

6-StatefulSet

7-Service

9-Job

10-ConfigMap

11-Secret

13-CoreDns

16-发布

3-存储

1- 存储卷概念

2-NFS

4-Minio

1-安装

4-网络

1-Calico

2-Cilium

OpenELB

5-认证与授权

6-安装

1.二进制安装

2.kubeadm安装

7-监控

1-Prometheus

2-Alertmanager

3-PrometheusAlert

4-Grafana

5-VictoriaMetrics

8-备份

9-常用操作

10-Yaml配置

11-Helm

8-Helm项目

12-CICD

1-Jenkins

2-ArgoCD

13-Ingress

1-Ingress_nginx

2-Higress

15-Autoscaler

1-HPA

2-VPA

3-OpenKruise

1-Kruise

16-Scheduler

17-云k8s

1-AWS EKS

5-ingress-nginx

维护手册

18-Kubernetes故障排查

19-Kubernetes排查手册

1-WireShark

20-Kubernetes维护手册

21-Kubernetes面试

1-Go

2-Go框架

3-Go编译

5-Go文档

6-Go日志

10-Go模块

11-Web前端开发

4-vue

5-vue架构

12-Git

13-Client-Go

FAQ

PostgreSQL