grafana: make influxdb listen on local ip for RPC protocol

See https://docs.influxdata.com/influxdb/v1.4/administration/config/#bind-address-127-0-0-1-8088 This should not be reachable from outside because it can be used to pull a backup. Because we usually have reachable ipv6 and local only ipv4, make it ipv4 and add a note in README because this is not always true. Also make ports use explicit names in profile and fix promise that should check http-port and not rpc-port

grafana: make influxdb listen on local ip for RPC protocol
See https://docs.influxdata.com/influxdb/v1.4/administration/config/#bind-address-127-0-0-1-8088 This should not be reachable from outside because it can be used to pull a backup. Because we usually have reachable ipv6 and local only ipv4, make it ipv4 and add a note in README because this is not always true. Also make ports use explicit names in profile and fix promise that should check http-port and not rpc-port
ebba6fca · Jérome Perrin · 3665350d · ebba6fca · ebba6fca · ebba6fca
Commit ebba6fca authored Feb 09, 2018 by Jérome Perrin
4 changed files
--- a/software/grafana/README.md
+++ b/software/grafana/README.md
@@ -26,6 +26,14 @@ browser query influxdb directly, which also uses a self signed certificate.
 One workaround is to configure your browser to also accept influxdb certificate
 before using grafana, but using proxy seems easier.
+## Influxdb
+Influxdb backups are not done automatically by this software release.
+One important thing to notice is that the backup protocol is enabled on ipv4
+provided by slapos, so make sure this ip is not reachable from untrusted
+sources.
 ## TODO
 * influxdb and telegraf runs with very low priority, this could become an option

--- a/software/grafana/buildout.hash.cfg
+++ b/software/grafana/buildout.hash.cfg
@@ -16,11 +16,11 @@
 [instance-profile]
 filename = instance.cfg.in
-md5sum = 3991cc23a43da437a12c5af0edb1de9f
+md5sum = 7fb6806b139b3a8d0054308397be1dd9
 [influxdb-config-file]
 filename = influxdb-config-file.cfg.in
-md5sum = 3867923a2798517bc72c265066317843
+md5sum = 7ce85159c0664b251e249eac4b37bea4
 [telegraf-config-file]
 filename = telegraf-config-file.cfg.in

--- a/software/grafana/influxdb-config-file.cfg.in
+++ b/software/grafana/influxdb-config-file.cfg.in
 reporting-disabled = false
-bind-address = "[{{ influxdb['host'] }}]:{{ influxdb['port'] }}"
+bind-address = "[{{ influxdb['local-host'] }}]:{{ influxdb['rpc-port'] }}"
 [meta]
  dir = "{{ influxdb['data-dir'] }}/meta"

--- a/software/grafana/instance.cfg.in
+++ b/software/grafana/instance.cfg.in
@@ -77,8 +77,10 @@ path = ${directory:promise}/${:_buildout_section_name_}
 [influxdb]
 ipv6 = ${instance-parameter:ipv6-random}
+ipv4 = ${instance-parameter:ipv4-random}
 host = ${:ipv6}
-port = 8088
+local-host = ${:ipv4}
+rpc-port = 8088
 http-port = 8086
 url = https://[${:host}]:${:http-port}
 data-dir = ${directory:influxdb-data-dir}
@@ -108,8 +110,8 @@ username = influxdb
 [influxdb-listen-promise]
 <= check-port-listening-promise
-hostname= ${influxdb:ipv6}
+hostname = ${influxdb:ipv6}
-port = ${influxdb:port}
+port = ${influxdb:http-port}
 [influxdb-password-promise]
 recipe = slapos.cookbook:wrapper