|
1 | | -# InfluxDB and Grafana stack |
| 1 | +# InfluxDB and Grafana Monitoring Stack |
2 | 2 |
|
3 | | -This directory contains a package with the files needed to spin up a stack with InfluxDB and Grafana where Grafana comes pre-populated with multiple dashboards useful for monitoring system metrics from the devices and the propagation of configuration parameters. |
| 3 | +This directory contains a complete system monitoring stack designed to work with the **FixedIT Data Agent** running on Axis devices. The stack includes InfluxDB for time-series data storage and Grafana with pre-built dashboards for visualizing system metrics and device health from your Axis device fleet. |
4 | 4 |
|
5 | | -## Running the stack |
| 5 | + |
6 | 6 |
|
7 | | -This stack (defined in `docker-compose.yml`) will run: |
| 7 | +## What This Stack Provides |
8 | 8 |
|
9 | | -- InfluxDB storing time series data (system metrics and configuration parameters) |
10 | | -- Grafana to create dashboards |
| 9 | +This monitoring solution gives you comprehensive visibility into your Axis devices through three specialized dashboards: |
11 | 10 |
|
12 | | -To run it: |
| 11 | +- **System Overview**: Fleet-wide metrics including connected devices, recently lost devices, and performance outliers |
| 12 | +- **Overview of Devices**: Individual device information with detailed metrics, IP addresses, and system health |
| 13 | +- **Device Details**: Deep-dive into specific device performance including CPU, RAM, network, and geo-location data |
13 | 14 |
|
14 | | -1. Run `docker compose up -d` |
15 | | -2. Then go to [http://127.0.0.1:8086](http://127.0.0.1:8086) and log in with username `test` and password `testtest` (from the `docker-compose.yml` file) |
16 | | -3. Open grafana UI on [http://127.0.0.1:3000](http://127.0.0.1:3000) and log in with username `admin` and password `test` (from the `docker-compose.yml` file). |
| 15 | +The stack is designed for DevOps and IT professionals who want to deploy monitoring infrastructure for devices running the FixedIT Data Agent, without needing to create dashboards from scratch. |
17 | 16 |
|
18 | | -### Example of more secure setup |
| 17 | +## The Database and Query Language |
19 | 18 |
|
20 | | -The supplied `docker-compose.yml` file is for development usage with hardcoded ports and credentials for simplicity. For production, you should handle keys in a more secure way. One example of a better setup is to use the `docker-compose.prod.yml` override file. |
| 19 | +This monitoring stack uses **InfluxDB 2** with the **Flux query language** for all data queries and dashboard visualizations. |
21 | 20 |
|
22 | | -**Helper Script Available**: There's a helper script to generate the `env.sh` file with secure random values for all environment variables required by the production docker-compose setup (`docker-compose.prod.yml`), see [helper_scripts/README.md](./helper_scripts/README.md) for more details. |
| 21 | +**Important Note**: InfluxDB 3 has moved away from Flux to SQL-based queries. However, we chose to use InfluxDB 2 with Flux for this stack because: |
23 | 22 |
|
24 | | -```bash |
25 | | -# Use the helper script to generate secure environment variables |
26 | | -./helper_scripts/generate-env.sh |
27 | | -source env.sh |
| 23 | +- InfluxDB 2 with Flux is still the most widely adopted version in the community |
| 24 | +- Most existing time-series monitoring setups use Flux |
| 25 | +- The Flux query language is well-suited for time-series data analysis |
28 | 26 |
|
29 | | -docker compose -f docker-compose.yml -f docker-compose.prod.yml up -d |
30 | | -``` |
| 27 | +If you're already using InfluxDB 3 in your environment, you would need to adapt the dashboard queries from Flux to SQL syntax. |
31 | 28 |
|
32 | | -**Note**: The production setup uses configurable ports to allow running multiple instances on the same server. The development setup uses hardcoded ports (8086 for InfluxDB, 3000 for Grafana) for simplicity. This can be changed by editing the `env.sh` file after generation with the `helper_scripts/generate-env.sh` script or by manually setting the environment variables before launching the stack. |
| 29 | +## Prerequisites |
33 | 30 |
|
34 | | -## Grafana |
| 31 | +- Docker and Docker Compose installed on your server |
| 32 | +- Network connectivity between your Axis devices (running FixedIT Data Agent) and the server hosting this stack |
| 33 | +- Basic familiarity with InfluxDB and Grafana (helpful but not required) |
35 | 34 |
|
36 | | -Open the grafana UI on [http://127.0.0.1:3000](http://127.0.0.1:3000), login with user `admin` and password `test` (specified in the [./docker-compose.yml](./docker-compose.yml) file). Click on "Dashboards" and you should see the pre-populated dashboards in the "Cameras" folder. |
| 35 | +## Quick Start |
37 | 36 |
|
38 | | -## Helper scripts |
| 37 | +Choose one of the deployment options below: |
| 38 | + |
| 39 | +### Option A: Simple Demo (Recommended for Testing) |
| 40 | + |
| 41 | +This is the quickest way to test the monitoring stack on your local machine. Everything is pre-configured with hardcoded values. |
| 42 | + |
| 43 | +1. **Start the stack:** |
| 44 | + |
| 45 | + ```bash |
| 46 | + docker compose up -d |
| 47 | + ``` |
| 48 | + |
| 49 | +2. **Verify it's running:** |
| 50 | + - **InfluxDB**: [http://127.0.0.1:8086](http://127.0.0.1:8086) - login with `test` / `testtest` |
| 51 | + - **Grafana**: [http://127.0.0.1:3000](http://127.0.0.1:3000) - login with `admin` / `test` |
| 52 | + - Dashboards will be in the "Cameras" folder |
| 53 | + |
| 54 | +⚠️ **Note**: This uses hardcoded credentials and ports. Only use for local testing. |
| 55 | + |
| 56 | +### Option B: Production-Like Example |
| 57 | + |
| 58 | +This provides a more secure example with environment variables and additional monitoring features. It's still an **example to build upon**, not a complete production solution. |
| 59 | + |
| 60 | +1. **Generate secure environment variables:** |
| 61 | + |
| 62 | + ```bash |
| 63 | + ./helper_scripts/generate-env.sh |
| 64 | + source env.sh |
| 65 | + ``` |
| 66 | + |
| 67 | +2. **Start the enhanced stack:** |
| 68 | + ```bash |
| 69 | + docker compose -f docker-compose.yml -f docker-compose.prod.yml up -d |
| 70 | + ``` |
| 71 | + |
| 72 | +This example includes: |
| 73 | + |
| 74 | +- Environment variables for all sensitive data |
| 75 | +- Configurable ports for multiple instances |
| 76 | +- Health checks for both services (needs some more work) |
| 77 | + |
| 78 | +⚠️ **Note**: This is still an example configuration. For actual production use, you'll need additional security hardening, backup strategies, and monitoring. |
| 79 | + |
| 80 | +### Port Configuration |
| 81 | + |
| 82 | +The production-like setup uses configurable ports to allow running multiple instances on the same server. The demo setup uses hardcoded ports (8086 for InfluxDB, 3000 for Grafana) for simplicity. You can change the production ports by editing the `env.sh` file after generation with the `helper_scripts/generate-env.sh` script or by manually setting the environment variables before launching the stack. |
| 83 | + |
| 84 | +### Deployment Organization |
| 85 | + |
| 86 | +The intended deployment pattern is to use **separate folders for different deployments**: |
| 87 | + |
| 88 | +- Copy the content of this directory to separate folders (e.g., `site-1-dashboard/`, `site-2-dashboard/`, etc.) |
| 89 | +- Each folder contains the same code and has its own `env.sh` file with unique credentials and ports |
| 90 | +- Data volumes mount to consistent folder names within each deployment directory |
| 91 | +- This makes it easy to see which code version was used for each deployment and keeps credentials isolated. |
| 92 | + |
| 93 | +## Configure Your FixedIT Data Agent |
| 94 | + |
| 95 | +After deploying the stack, configure your Axis devices to send data to it: |
| 96 | + |
| 97 | +**For Simple Demo (Option A):** |
| 98 | + |
| 99 | +- **InfluxDBHost**: `http://YOUR_SERVER_IP:8086` |
| 100 | +- **InfluxDBToken**: `KLoG_Z0NsDIbVzS7zVn_VwhgxUgvwaGWE1wwO9SsGfNEeMaopLMsAA2aAGbCshpetVdu86Ig3-WTKugv6Srg6w==` (demo admin token) |
| 101 | +- **InfluxDBOrganization**: `Whisperer` |
| 102 | +- **InfluxDBBucket**: `Cameras` |
| 103 | + |
| 104 | +_Note: The demo uses the admin token for simplicity. For any real testing beyond local evaluation, create dedicated tokens as described below._ |
| 105 | + |
| 106 | +**For Production-Like Example (Option B):** |
| 107 | + |
| 108 | +- **InfluxDBHost**: `http://YOUR_SERVER_IP:${INFLUXDB_PORT}` (check your env.sh for port) |
| 109 | +- **InfluxDBToken**: Create a dedicated token in InfluxDB (see security note below) |
| 110 | +- **InfluxDBOrganization**: `Whisperer` (hardcoded in docker-compose.yml) |
| 111 | +- **InfluxDBBucket**: `Cameras` (hardcoded in docker-compose.yml) |
| 112 | + |
| 113 | +⚠️ **Security Best Practice**: Do NOT use `${INFLUXDB_ADMIN_TOKEN}` for your cameras. Instead, log into InfluxDB and create dedicated tokens with write-only permissions to the `Cameras` bucket. Ideally create one token per camera, or at minimum a shared token with restricted permissions. |
| 114 | + |
| 115 | +**To create a camera token in InfluxDB:** |
| 116 | + |
| 117 | +1. Log into InfluxDB UI with admin credentials |
| 118 | +2. Go to "Data" → "API Tokens" → "Generate API Token" |
| 119 | +3. Choose "Custom API Token" |
| 120 | +4. Grant only "Write" permission to the `Cameras` bucket |
| 121 | +5. Use this token for your FixedIT Data Agent configuration |
| 122 | + |
| 123 | +**⚠️ Grafana Security Note**: Grafana also uses the admin token by default (configured via environment variables in docker-compose files). For better security, you should: |
| 124 | + |
| 125 | +1. Create a separate token for Grafana with only "Read" permission to the `Cameras` bucket |
| 126 | +2. Log into Grafana → Configuration → Data Sources → InfluxDB |
| 127 | +3. Update the token field with your new read-only token |
| 128 | +4. Test the connection to ensure it works |
| 129 | + |
| 130 | +**Summary of recommended tokens for secure setup:** |
| 131 | + |
| 132 | +- **Admin token**: Keep for InfluxDB administration only |
| 133 | +- **Camera tokens**: Write-only access to `Cameras` bucket (one per camera ideally) |
| 134 | +- **Grafana token**: Read-only access to `Cameras` bucket |
| 135 | + |
| 136 | +Once configured, metrics will appear in the Grafana dashboards within a few minutes. |
| 137 | + |
| 138 | +## Grafana Dashboards |
| 139 | + |
| 140 | +Open the Grafana UI to access the pre-built dashboards. The URL and credentials depend on your deployment option: |
| 141 | + |
| 142 | +- **Option A (Simple Demo)**: [http://127.0.0.1:3000](http://127.0.0.1:3000) - login with `admin` / `test` |
| 143 | +- **Option B (Production-Like)**: Check your `env.sh` file for the port and admin password |
| 144 | + |
| 145 | +Click on "Dashboards" and you'll find the monitoring dashboards in the "Cameras" folder. |
| 146 | + |
| 147 | +### Accessing the Dashboards |
| 148 | + |
| 149 | +After logging into Grafana, navigate to the dashboards by clicking on the Grafana icon and selecting "Dashboards": |
| 150 | + |
| 151 | + |
| 152 | + |
| 153 | +The dashboards are organized in a "Cameras" folder for easy organization: |
| 154 | + |
| 155 | + |
| 156 | + |
| 157 | +### Pre-built Dashboard Overview |
| 158 | + |
| 159 | +This stack includes three comprehensive dashboards designed specifically for monitoring Axis devices running the FixedIT Data Agent: |
| 160 | + |
| 161 | +#### 1. System Overview Dashboard |
| 162 | + |
| 163 | +Provides fleet-wide visibility including connected device counts, recently lost devices, and performance outliers. This dashboard is designed to give you a high-level view of your entire device ecosystem without overwhelming detail on individual devices. |
| 164 | + |
| 165 | + |
| 166 | + |
| 167 | +#### 2. Overview of Devices Dashboard |
| 168 | + |
| 169 | +Shows detailed information for all connected devices including last report times, AXIS OS versions, IP addresses, and individual device performance metrics. Perfect for monitoring the health and status of your device fleet. |
| 170 | + |
| 171 | + |
| 172 | + |
| 173 | +#### 3. Device Details Dashboard |
| 174 | + |
| 175 | +Provides deep-dive analytics for individual devices, including detailed system metrics, geographic tagging information, and network performance data. Access this dashboard by clicking on any device identifier from the other dashboards. |
| 176 | + |
| 177 | + |
| 178 | + |
| 179 | +### Integration with FixedIT Data Agent |
| 180 | + |
| 181 | +These dashboards are designed to work seamlessly with the default configuration of the FixedIT Data Agent. The agent automatically collects and sends system metrics to InfluxDB, which are then visualized through these Grafana dashboards. No additional configuration is needed beyond setting up the InfluxDB connection details in your FixedIT Data Agent settings. |
| 182 | + |
| 183 | +## Known Issues and Limitations |
| 184 | + |
| 185 | +**A note on efficiency**: Some of the dashboard visualizations are rather compute-intensive and may perform slowly when used with many cameras, a large amount of data or insufficient server resources. We will continue to optimize the dashboards and the data model to improve performance. |
| 186 | + |
| 187 | +## Helper Scripts |
39 | 188 |
|
40 | 189 | The directory [helper_scripts](./helper_scripts/) contains scripts that can assist with deployment, see the [README](./helper_scripts/README.md) for more details. |
0 commit comments