AnswerBun.com

InfluxDB 2.0 | Backup results in `read:dbrp is unauthorized`. How to migrate bucket data?

Server Fault Asked by Kiwi on January 1, 2022

We are running an InfluxDB 2.0 instance in a docker environment. For some weeks we have collected data using telegraf and store them into a bucket. Now, we would like to do a backup of our data.

What we can do to save our data is to make a copy of /root/.influxdbv2/, but we prefere to use build-in features and be able to restore the data into another instance of InfluxDB 2.0. This is were the problems begin.

Influx version

$ influx version
Influx CLI 2.0.0-beta.13 (git: 86796ddf2d) build_date: 2020-07-09T12:15:08Z

Trying to do a backup

$ export INFLUX_TOKEN=<token of admin user>
$ influx bucket find --org myOrg
ID                      Name            Retention       Organization ID
05b89a36ffe01003        _monitoring     168h0m0s        05b89a36ffe01000
05b89a36ffe01002        _tasks          72h0m0s         05b89a36ffe01000
05b89a36ffe01001        myBucket        0s              05b89a36ffe01000

$ influx backup -p /backup/backup_$(date '+%Y-%m-%d_%H-%M')
Error: read:dbrp is unauthorized
See 'influx backup -h' for help

Searching for influx "Error: read:dbrp is unauthorized" would not find anything on the internet.

The only hint I got is from the documentation:

If you set up InfluxDB using v2.0.0-beta.1 or earlier, you cannot back up data. Root tokens created prior to v2.0.0-beta.2 do not have the necessary permissions. To succesfully use the backup tool, set up a new InfluxDB instance using v2.0.0-beta.2+.

I pretty sure we started with a later beta version, from march, but I cannot doublecheck this. However, I would like to find a solution to export our data.

Trying to add missing permissions

As it seemed we do not have the right permissions, I checked the permissions and wanted to try adding the missing permissions to my admin user, which obviously did not work.

Check current permissions

During the check for permissions, I can see, that my admin user token does not have any dbrp permissions. But when I generate a new token in the GUI via Generate -> All access token, then the new token seems to have the required permissions:

$ influx auth list
05f79912b4f73000        <newToken>       myAdmin        05b89a36e7e01000        [... read:orgs/05b89a36ffe01000/dbrp write:orgs/05b89a36ffe01000/dbrp ...]

(I shortened the output)

Error on adding permissions

However, just in case I tried to add the permissions to my admin user anyway.

$ influx auth create --user myAdmin --org myOrg --read-dbrps
Error: Permission read:orgs/05b89a36ffe01000/dbrp is not allowed: read:orgs/05b89a36ffe01000/dbrp is unauthorized.

Trying the new created token

As we saw in the step above, the new token has dprp permissions. When I use this token for the backup, I receive another error message.

$ export INFLUX_TOKEN=<newToken>
$ influx backup -p /backup/backup_$(date '+%Y-%m-%d_%H-%M')
Error: read:authorizations is unauthorized
See 'influx backup -h' for help

Searching for this error, I find one similar issue, which references another.

After reading this, I tried to set my token via the credentials file. But that did not change anything.

Migrating data to a fresh InfluxDB 2.0 instance

When I spawn a fresh Docker container of InfluxDB 2.0, the influx backup command works as expected. So, in order to use the build-in commands, I would like to migrate the collected data from my bucket into another instance. Do you see any possibility or am I missing anything to make these commands work?

Thanks a lot.

PS: Oh, there is no influxdb tag, at all? And I do not have enough reputation to create that tag. I hope it’s the right q&a platform to ask my question?

2 Answers

I posted this answer to an issue yesterday which will help (instructions duplicated below): https://github.com/influxdata/influxdb/issues/18882#issuecomment-663113088

You can manually edit the boltdb file to add those missing permissions to the token. Here's how:

  1. Stop your influxd process
  2. Upgrade to the latest influxd beta (currently beta-15).
  3. Install https://github.com/br0xen/boltbrowser in the machine where the backup is. There are probably other boltdb browsers out there, but this is the one i used to test this.
  4. MAKE A BACKUP OF YOUR ~/.influxdbv2/influxd.bolt . Like, this is really important. If you corrupt this file in any way, you will NOT be able to access any of the data in your database. So heck, maybe make two backups :)
  5. Load up your boltdb file using something like boltbrowser ~/.influxdbv2/influxd.bolt You should see something like this: enter image description here
  6. Navigate to the authorizationsv1 parent and find the key with the id of the root token. If you have more than one token, you can find the mapping for token -> id in the authorizationindexv1 parent.
  7. What we want to do is add the dbrp permission into the json array value. if you hit e, you will be able to manually edit the value. At the very end of the permissions array, and add the following entry for reading and writing the dbrp resource: {"action":"read","resource":{"type":"dbrp"}},{"action":"write","resource":{"type":"dbrp"}} (don't forget the comma). You might find it easier to export the json to a file ( the x key ) and test the editing there.
  8. You might also need to add permissions to the stack resource, which is {"action":"read","resource":{"type":"stack"}},{"action":"write","resource":{"type":"stack"}}. Long story short, if you go through this process and still get a message like Error: read:<resource> is unauthorized, just go back in and add the read/write for that resource.
  9. Hit enter to save the value, and then esc to get back to the terminal.
  10. Fire up your influxd instance, and check that the token is valid by navigating to the tokens page in the UI or running influx auth list in the cli. You should see the new permissions added.
  11. Try the export again.

If anything goes wrong, delete the edited bolt file, restore your backup, and try again.

Answered by Russ Savage on January 1, 2022

This is a pretty frustrating problem. Maybe we could manually change the contents of the boltdb in which influxdb stores the configuration settings.

Edit:
Looks like my hacky idea works.

Edit the influxd.bolt file with boltbrowser:

  • Open authorizationsv1 bucket
  • Find the backup user's token (the value is in json format)
  • Add the following two objects to the permissions array:
 {
    "action": "read",
    "resource": {
      "type": "dbrp"
    }
  }, {
    "action": "write",
    "resource": {
      "type": "dbrp"
   }
 }

Answered by gergo on January 1, 2022

Add your own answers!

Related Questions

ConvertToHTML converting wrong

1  Asked on February 9, 2021 by jonathan-davies

 

Shibboleth in sub-path URL

1  Asked on February 8, 2021 by j-b

 

How to resize docker volume after creation?

1  Asked on February 8, 2021 by gkman

 

Access Denied DHCP Tool

1  Asked on February 8, 2021 by drew-chapin

     

Custom file/folder permissions with S3FS?

1  Asked on February 8, 2021 by t-brian-jones

         

AWS RDS – Bottleneck

0  Asked on February 6, 2021 by tyralcori

     

Zabbix sensor ‘no data’

1  Asked on February 6, 2021 by jakub-kuszneruk

   

How to enable Ookla script to start automatically after server reboot?

1  Asked on February 5, 2021 by mangaldeep-dey

   

iptables port redirect with Docker

2  Asked on February 5, 2021 by jamescun

   

Where to securely deploy Citrix Netscaler?

1  Asked on February 4, 2021 by user54507

   

Kubernetes: How to mount volumes into Windows pods?

1  Asked on February 4, 2021 by rabejens

   

Ask a Question

Get help from others!

© 2023 AnswerBun.com. All rights reserved. Sites we Love: PCI Database, MenuIva, UKBizDB, Menu Kuliner, Sharing RPP, SolveDir