influxdata/influxdb

Add --no-onboarding flag

Open

#15761 opened on Nov 5, 2019

View on GitHub
 (5 comments) (6 reactions) (0 assignees)Rust (31,498 stars) (3,707 forks)batch import
area/2.xhelp wanted

Description

Proposal: Users should be able to disable onboarding.

Current behavior: When you run influxdb2 for the first time, you have to fill out a one-time form. This sure seems nice for GUI users who are prompted with a handy web page to get started. However, it behaves poorly with automation scripts or resource management softwares such as Terraform. Indeed, the onboarding is not really a resource since it cannot be updated or deleted. Also, automation-wise, it is pretty pointless since one could simply create an admin, an org, buckets, etc.

Desired behavior: Add a --no-onboarding or --disable-onboarding flag to influxdb that does exactly what it says.

But then, we need a way to create the admin account. Here are two solutions:

  • the closest one to the existing behavior: add an API route such as /firstadmin with POST and GET which is only available once and will return {"existing": true}, akin to /onboarding
  • the annoying one: add a command (such as createadmin) which can only be executed by the binary running the current influx server, which means you need container/host access to run the command, which is generally secure but not very handy
  • the standard one: add the ADMIN_PASSWORD environment variable which, if not empty, will be used by influx to create an admin account at start if no account exists already

Alternatives considered: PR https://github.com/influxdata/influxdb/pull/11418 doesn't actually solve the problem because everything needs to be on the command line, included the admin password, which is not secure enough for a production environment. Also, the org and first bucket have to be here, and not in the automation script with the other resources. This doesn't really change anything to the current situation.

Contributor guide

Tech stack
rust
Domain
clibackend
Issue type
feature
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
3
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
1-2 days
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
stale
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
mostly clear
Prerequisites
InfluxDB development setupunderstanding of CLI flag parsing
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
50
Research direction
Start by examining how the current InfluxDB command line flags are defined (likely in cmd/influxd or similar). Look for where the onboarding process is triggered. Then, implement the ` no onboarding` flag, ensuring that when set, the onboarding API endpoints are disabled. The issue suggests three alternative ways to handle admin creation; decide on one and implement it. Consider adding a POST /firstadmin endpoint or an ADMIN PASSWORD environment variable. Review linked PR #11418 for prior attempts but note its shortcomings.