From ad7ee87c9d9bca798e2d06ccc1733b127641ce86 Mon Sep 17 00:00:00 2001 From: Jason Stirnaman Date: Tue, 29 Jul 2025 22:43:28 -0500 Subject: [PATCH 1/2] feat(influxdb3): add v3.3.0 release notes and admin token recovery documentation - Add v3.3.0 release notes with grouped categories for Core and Enterprise features/fixes - Document admin token recovery server feature (--admin-token-recovery-http-bind) - Add recovery server option to CLI serve command reference (alphabetically sorted) - Add configuration details for admin token recovery in config options - Update regenerate token documentation with lost token recovery instructions - Include security warnings about unauthenticated recovery endpoint - Fix Vale linting issues (Parquet capitalization, remove exclamation point) Related to influxdb PR #26594 --- .../core/reference/cli/influxdb3/serve.md | 1 + .../core/reference/config-options.md | 27 +++++++++ .../reference/cli/influxdb3/serve.md | 1 + .../enterprise/reference/config-options.md | 27 +++++++++ .../tokens/admin/regenerate.md | 25 +++++++- .../_index.md | 57 ++++++++++++++++++- data/products.yml | 4 +- 7 files changed, 136 insertions(+), 6 deletions(-) diff --git a/content/influxdb3/core/reference/cli/influxdb3/serve.md b/content/influxdb3/core/reference/cli/influxdb3/serve.md index c6001d47b8..ffc7fe5af6 100644 --- a/content/influxdb3/core/reference/cli/influxdb3/serve.md +++ b/content/influxdb3/core/reference/cli/influxdb3/serve.md @@ -38,6 +38,7 @@ influxdb3 serve [OPTIONS] --node-id | | `--object-store` | _See [configuration options](/influxdb3/core/reference/config-options/#object-store)_ | | | `--bucket` | _See [configuration options](/influxdb3/core/reference/config-options/#bucket)_ | | | `--data-dir` | _See [configuration options](/influxdb3/core/reference/config-options/#data-dir)_ | +| | `--admin-token-recovery-http-bind` | _See [configuration options](/influxdb3/core/reference/config-options/#admin-token-recovery-http-bind)_ | | | `--aws-access-key-id` | _See [configuration options](/influxdb3/core/reference/config-options/#aws-access-key-id)_ | | | `--aws-secret-access-key` | _See [configuration options](/influxdb3/core/reference/config-options/#aws-secret-access-key)_ | | | `--aws-default-region` | _See [configuration options](/influxdb3/core/reference/config-options/#aws-default-region)_ | diff --git a/content/influxdb3/core/reference/config-options.md b/content/influxdb3/core/reference/config-options.md index 7e3f92bfc9..6914536eba 100644 --- a/content/influxdb3/core/reference/config-options.md +++ b/content/influxdb3/core/reference/config-options.md @@ -106,6 +106,7 @@ influxdb3 serve - [HTTP](#http) - [max-http-request-size](#max-http-request-size) - [http-bind](#http-bind) + - [admin-token-recovery-http-bind](#admin-token-recovery-http-bind) - [Memory](#memory) - [exec-mem-pool-bytes](#exec-mem-pool-bytes) - [buffer-mem-limit-mb](#buffer-mem-limit-mb) @@ -752,6 +753,7 @@ Provides custom configuration to DataFusion as a comma-separated list of - [max-http-request-size](#max-http-request-size) - [http-bind](#http-bind) +- [admin-token-recovery-http-bind](#admin-token-recovery-http-bind) #### max-http-request-size @@ -777,6 +779,31 @@ Defines the address on which InfluxDB serves HTTP API requests. --- +#### admin-token-recovery-http-bind + +Enables an admin token recovery HTTP server on a separate port. This server allows regenerating lost admin tokens without existing authentication. The server automatically shuts down after a successful token regeneration. + +> [!Warning] +> This option creates an unauthenticated endpoint that can regenerate admin tokens. Only use this when you have lost access to your admin token and ensure the server is only accessible from trusted networks. + +**Default:** `127.0.0.1:8182` (when enabled) + +| influxdb3 serve option | Environment variable | +| :--------------------- | :------------------- | +| `--admin-token-recovery-http-bind` | `INFLUXDB3_ADMIN_TOKEN_RECOVERY_HTTP_BIND` | + +##### Example usage + +```bash +# Start server with recovery endpoint +influxdb3 serve --admin-token-recovery-http-bind + +# In another terminal, regenerate the admin token +influxdb3 create token --admin --regenerate --host http://127.0.0.1:8182 +``` + +--- + ### Memory - [exec-mem-pool-bytes](#exec-mem-pool-bytes) diff --git a/content/influxdb3/enterprise/reference/cli/influxdb3/serve.md b/content/influxdb3/enterprise/reference/cli/influxdb3/serve.md index 90f3f93c0a..f8e927d750 100644 --- a/content/influxdb3/enterprise/reference/cli/influxdb3/serve.md +++ b/content/influxdb3/enterprise/reference/cli/influxdb3/serve.md @@ -37,6 +37,7 @@ influxdb3 serve [OPTIONS] \ | Option | | Description | | :--------------- | :--------------------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------ | +| | `--admin-token-recovery-http-bind` | _See [configuration options](/influxdb3/enterprise/reference/config-options/#admin-token-recovery-http-bind)_ | | | `--aws-access-key-id` | _See [configuration options](/influxdb3/enterprise/reference/config-options/#aws-access-key-id)_ | | | `--aws-allow-http` | _See [configuration options](/influxdb3/enterprise/reference/config-options/#aws-allow-http)_ | | | `--aws-default-region` | _See [configuration options](/influxdb3/enterprise/reference/config-options/#aws-default-region)_ | diff --git a/content/influxdb3/enterprise/reference/config-options.md b/content/influxdb3/enterprise/reference/config-options.md index e1d4ef4690..ee00c6dd2c 100644 --- a/content/influxdb3/enterprise/reference/config-options.md +++ b/content/influxdb3/enterprise/reference/config-options.md @@ -113,8 +113,10 @@ influxdb3 serve - [HTTP](#http) - [max-http-request-size](#max-http-request-size) - [http-bind](#http-bind) + - [admin-token-recovery-http-bind](#admin-token-recovery-http-bind) - [Memory](#memory) - [exec-mem-pool-bytes](#exec-mem-pool-bytes) + - [buffer-mem-limit-mb](#buffer-mem-limit-mb) - [force-snapshot-mem-threshold](#force-snapshot-mem-threshold) - [Write-Ahead Log (WAL)](#write-ahead-log-wal) - [wal-flush-interval](#wal-flush-interval) @@ -885,6 +887,31 @@ Defines the address on which InfluxDB serves HTTP API requests. --- +#### admin-token-recovery-http-bind + +Enables an admin token recovery HTTP server on a separate port. This server allows regenerating lost admin tokens without existing authentication. The server automatically shuts down after a successful token regeneration. + +> [!Warning] +> This option creates an unauthenticated endpoint that can regenerate admin tokens. Only use this when you have lost access to your admin token and ensure the server is only accessible from trusted networks. + +**Default:** `127.0.0.1:8182` (when enabled) + +| influxdb3 serve option | Environment variable | +| :--------------------- | :------------------- | +| `--admin-token-recovery-http-bind` | `INFLUXDB3_ADMIN_TOKEN_RECOVERY_HTTP_BIND` | + +##### Example usage + +```bash +# Start server with recovery endpoint +influxdb3 serve --admin-token-recovery-http-bind + +# In another terminal, regenerate the admin token +influxdb3 create token --admin --regenerate --host http://127.0.0.1:8182 +``` + +--- + ### Memory - [exec-mem-pool-bytes](#exec-mem-pool-bytes) diff --git a/content/shared/influxdb3-admin/tokens/admin/regenerate.md b/content/shared/influxdb3-admin/tokens/admin/regenerate.md index 76ac054c5a..3c10abcfa1 100644 --- a/content/shared/influxdb3-admin/tokens/admin/regenerate.md +++ b/content/shared/influxdb3-admin/tokens/admin/regenerate.md @@ -16,7 +16,8 @@ To regenerate an operator token, you need the current token string. > Regenerating the operator token invalidates the previous token. > Make sure to update any applications or scripts that use the operator token. -To regenerate the operator token, use the [`influxdb3 serve create token` command] with the `--admin` and `--regenerate` flags: +To regenerate the operator token, use the [`influxdb3 serve create token` command](/influxdb3/version/reference/cli/influxdb3/create/token/) (CLI) or the +[`/api/v3/configure/token/admin/regenerate` endpoint](/influxdb3/version/api/v3/configure/token/admin/regenerate) (HTTP API): {{< tabs-wrapper >}} {{% tabs %}} @@ -70,10 +71,30 @@ The response body contains the new operator token string in plain text, and Infl To use the token as the default for later commands, and to persist the token across sessions, assign the token string to the `INFLUXDB3_AUTH_TOKEN` environment variable. +## Lost admin token recovery + +If you've lost your admin token and cannot regenerate it using the standard method, you can use the admin token recovery server: + +1. Start {{< product-name >}} with the `--admin-token-recovery-http-bind` option: + ```bash + influxdb3 serve --admin-token-recovery-http-bind + ``` + +2. In a separate terminal, regenerate the admin token using the recovery endpoint: + + ```bash + influxdb3 create token --admin --regenerate --host http://127.0.0.1:8182 + ``` + +3. The recovery server automatically shuts down after successful token regeneration. + +> [!Warning] +> The recovery server provides unauthenticated access to regenerate admin tokens. Only use this option when necessary and ensure the recovery endpoint (by default `127.0.0.1:8182`) is only accessible from trusted networks. + ## Important considerations - Regenerating the operator token invalidates the previous token. -- If you lose the operator token, there is no recovery mechanism. +- If you lose the operator token, use the recovery server method described above. - `--regenerate` only works for the operator token. You can't use the `--regenerate` flag with the `influxdb3 create token --admin` command to regenerate a named admin token. - Ensure that you update any applications or scripts that use the operator token with the new token string. - Always store your operator token securely and consider implementing proper secret management practices. diff --git a/content/shared/v3-core-enterprise-release-notes/_index.md b/content/shared/v3-core-enterprise-release-notes/_index.md index 9de837d59f..896487a73a 100644 --- a/content/shared/v3-core-enterprise-release-notes/_index.md +++ b/content/shared/v3-core-enterprise-release-notes/_index.md @@ -5,6 +5,59 @@ > All updates to Core are automatically included in Enterprise. > The Enterprise sections below only list updates exclusive to Enterprise. +## v3.3.0 {date="2025-07-29"} + +### Core + +#### Features + +- **Database management**: + - Add `influxdb_schema` system table for database schema management ([#26640](https://github.com/influxdata/influxdb/pull/26640)) + - Add `system.processing_engine_trigger_arguments` table for trigger configuration management ([#26604](https://github.com/influxdata/influxdb/pull/26604)) + - Add write path logging to capture database name and client IP address for failed writes. The IP address is fetched from `x-forwarded-for` header if available, `x-real-ip` if available, or remote address as reported by TlsStream/AddrStream ([#26616](https://github.com/influxdata/influxdb/pull/26616)) +- **Storage engine**: Introduce `TableIndexCache` for efficient automatic cleanup of expired gen1 Parquet files based on retention policies and hard deletes. Includes new background loop for applying data retention policies with configurable intervals and comprehensive purge operations for tables and retention period expired data ([#26636](https://github.com/influxdata/influxdb/pull/26636)) +- **Authentication and security**: Add admin token recovery server that allows regenerating lost admin tokens without existing authentication. Includes new `--admin-token-recovery-http-bind` option for running recovery server on separate port, with automatic shutdown after successful token regeneration ([#26594](https://github.com/influxdata/influxdb/pull/26594)) +- **Build process**: Allow passing git hash via environment variable in build process ([#26618](https://github.com/influxdata/influxdb/pull/26618)) + +#### Bug Fixes + +- **Database reliability**: + - Fix URL encoded table name handling failures ([#26586](https://github.com/influxdata/influxdb/pull/26586)) + - Allow hard deletion of existing soft-deleted schema ([#26574](https://github.com/influxdata/influxdb/pull/26574)) +- **Authentication**: Fix AWS S3 API error handling when tokens are expired ([#1013](https://github.com/influxdata/influxdb/pull/1013)) +- **Query processing**: Set nanosecond precision as default for V1 query API CSV output ([#26577](https://github.com/influxdata/influxdb/pull/26577)) +- **CLI reliability**: + - Mark `--object-store` CLI argument as explicitly required ([#26575](https://github.com/influxdata/influxdb/pull/26575)) + - Add help text for the new update subcommand ([#26569](https://github.com/influxdata/influxdb/pull/26569)) + +### Enterprise + +All Core updates are included in Enterprise. Additional Enterprise-specific features and fixes: + +#### Features + +- **License management**: + - Improve licensing suggestions for Core users + - Update license information handling +- **Storage engine**: Add experimental PachaTree storage engine with core implementation and server integration +- **Database management**: + - Enhance `TableIndexCache` with advanced features beyond Core's basic cleanup: persistent snapshots, object store integration, merge operations for distributed environments, and recovery capabilities for multi-node clusters + - Add `TableIndexSnapshot`, `TableIndex`, and `TableIndices` types for distributed table index management +- **Support**: Include contact information in trial error messages +- **Telemetry**: Send onboarding telemetry before licensing setup + +#### Bug Fixes + +- **Compaction stability**: + - Fix compactor re-compaction issues on max generation data overwrite + - Fix compactor to treat "all" mode as "ingest" mode +- **Database reliability**: + - Add missing system tables to compact mode +- **Storage integrity**: Update Parquet file paths to use 20 digits of 0-padding +- **General fixes**: + - Only load processing engine in correct server modes + - Remove load generator alias clash + ## v3.2.1 {date="2025-07-03"} ### Core @@ -78,7 +131,7 @@ All Core updates are included in Enterprise. Additional Enterprise-specific feat - **Compaction improvements**: - Address compactor restart issues for better reliability - Track compacted generation durations in catalog for monitoring - - Disable parquet cache for ingest mode to optimize memory usage + - Disable Parquet cache for ingest mode to optimize memory usage #### Bug Fixes @@ -272,7 +325,7 @@ All Core updates are included in Enterprise. Additional Enterprise-specific feat **Enterprise**: revision e530fcd498c593cffec2b56d4f5194afc717d898 -This update brings several backend performance improvements to both Core and Enterprise in preparation for additional new features over the next several weeks! +This update brings several backend performance improvements to both Core and Enterprise in preparation for additional new features over the next several weeks. ## v3.0.0-0.beta.1 {date="2025-03-17"} diff --git a/data/products.yml b/data/products.yml index 1e205816a5..3a4b879689 100644 --- a/data/products.yml +++ b/data/products.yml @@ -6,7 +6,7 @@ influxdb3_core: versions: [core] list_order: 2 latest: core - latest_patch: 3.2.1 + latest_patch: 3.3.0 placeholder_host: localhost:8181 ai_sample_questions: - How do I install and run InfluxDB 3 Core? @@ -21,7 +21,7 @@ influxdb3_enterprise: versions: [enterprise] list_order: 2 latest: enterprise - latest_patch: 3.2.1 + latest_patch: 3.3.0 placeholder_host: localhost:8181 ai_sample_questions: - How do I install and run InfluxDB 3 Enterprise? From 172b9d71a54a90b9ee2e0a25343f19e019a4412f Mon Sep 17 00:00:00 2001 From: Jason Stirnaman Date: Wed, 30 Jul 2025 05:10:44 -0500 Subject: [PATCH 2/2] chore: update Google Tag ID to master GA4 measurement ID:This should roll docs analytics into the Master property with other subdomains --- layouts/partials/header/google-analytics-head.html | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/layouts/partials/header/google-analytics-head.html b/layouts/partials/header/google-analytics-head.html index 0880fb0831..c0c1c80dcf 100644 --- a/layouts/partials/header/google-analytics-head.html +++ b/layouts/partials/header/google-analytics-head.html @@ -1,8 +1,8 @@ {{ if and hugo.IsServer (not (eq .Site.Params.environment "staging")) }} - + {{ else }} - +