parent/child streaming doesn't work

Help
1

My question was asked before on the forum, but the solution there doesn’t help me.

parent side error:

STREAM_RECEIVER for 'test-app-server': API key is not enabled.

Child side Error:

STREAM prod-app-server [send to 172.16.XXX.XX]: remote server denied access, probably we don't have the right API key? -

Parent

OS: Ubuntu Server 2024 LTS

Netdata version: netdata v1.46.0-311-nightly (installed via Kickstarter)
Config:
netdata.conf - all standard values except:

[web]
         allow connections from = localhost 172.16.152.*
         bind to = 127.0.0.1  172.16.152.64
         allow netdata.conf from = localhost 172.16.152.*

stream.conf - all standard values except:

[stream]
    enabled = yes
    api key = 11111111-2222-3333-4444-555555555555
[API_KEY]
    type = api
    enabled = yes
    allow from = *

Child

OS: Ubuntu Server 2024 LTS

Netdata version: netdata v1.46.0-311-nightly (installed via Kickstarter)
Config:
netdata.conf - all standard values except:

[web]
         allow connections from = localhost 172.16.152.*
         bind to = 127.0.0.1  172.16.152.63
         allow netdata.conf from = localhost 172.16.152.*

stream.conf - all standard values except:

[stream]
    enabled = yes
    destination = 172.16.152.64:19999
    api key = 11111111-2222-3333-4444-555555555555
[API_KEY]
    type = api
    enabled = yes
    allow from = *

Both machines appear to see each other and communicate. Only the message on the parent side “API key is not enabled” is not understandable. The API key is already enabled.
The same applies to the child site. The message “remote server denied access, probably we don’t have the right API key?” is misleading. Both keys (parent/child) are identical.
The file encoding is the same for all configuration files (text/plain; charset=us-ascii). This allows me to exclude a file encoding error.
Both machines are in the same network and at the local net all ports are open in the firewall.

But what could be the problem? Does anyone have the same problem with a similar configuration?

2

Hi,

In the stream.conf examples you included, the section with the literal [API_KEY] should have the actual API key as the section name. So if the API key is 11111111-2222-3333-4444-555555555555, that section should be named [11111111-2222-3333-4444-555555555555].

This section has to exist only on Agents that receive streaming connections (i.e. Parents). So child Agents that are not also Parents (e.g. in a active-active setup), should not have such a section. Similarly, Agents that are not streaming to other Agents, don’t need a [stream] section.

These are the rewritten correct stream.conf files:

Parent

[11111111-2222-3333-4444-555555555555]
    enabled = yes

Child

[stream]
    enabled = yes
    destination = 172.16.152.64:19999
    api key = 11111111-2222-3333-4444-555555555555

Other Notes

  • The type = api is usually not needed, as it can be inferred from the incoming connection, but it maybe more clear for complex setups where you need different configuration for individual child Agents (type = machine).
  • You should generate your own UUID instead of the example 11111111-2222-3333-4444-555555555555, using uuidgen(1).

References

3

Thanks Ralph. Inserting the API key on the parent side within the square brackets really solved the problem.
Regarding your second recommendation: My real API key in the configuration file looks different. I have already created it using uuidgen. What I have given here in the forum was intended as an example.

4

Splendid. I assumed you did, but just making sure (and for whoever else is reading this).

Happy troubleshooting!