Details
-
Bug
-
Status: Done
-
Medium
-
Resolution: Fixed
-
None
-
None
-
1
-
Yes
-
Yes
-
Yes
-
[obsolete] Observability
-
Description
From PMM 2.26, advanced metric collectors are included. When enabling the advanced metrics (see here), the existing user created as mentioned in https://docs.percona.com/percona-monitoring-and-management/setting-up/client/mongodb.html#create-pmm-account-and-set-permissions will fail.
Log:
May 24 16:05:05 host.com pmm-agent[43698]: INFO[2022-05-23T16:05:05.959-05:00] time="2022-05-23T16:05:05-05:00" level=error msg="cannot get $indexStats cursor for collection auditDb.system.profile: (Unauthorized) not authorized on auditDb to execute command { aggregate: \"system.profile\", pipeline: [ { $indexStats: {} } ], cursor: {}, lsid: { id: UUID(\"d744d0eb-9c3a-4cfc-a0f9-e685a12f718e\") }, $clusterTime: { clusterTime: Timestamp(1653339904, 1), signature: { hash: BinData(0, 2D391D8744A230BA092DC5B456D01C88367B9BE8), keyId: 7062423455928418306 } }, $db: \"auditDb\", $readPreference: { mode: \"primaryPreferred\" } }" agentID=/agent_id/b3ad1adc-0fe8-418e-8db2-3591d7435aab component=agent-process type=mongodb_exporter
Workaround:
Provide extra privilege to the pmm user as follows:
{ resource : { db : "", collection : "system.profile" }, actions : [ "collStats", "dbStats", "indexStats" ] }
Need to add this in the doc to make sure the customer provides this privilege to make the pmm user fetch those advanced metrics:
If already the role "explainRole" exists, then below command can be used to add extra privileges to it:
db.runCommand( { grantPrivilegesToRole: "explainRole", privileges: [ { "resource" : { "db" : "", "collection" : "system.profile" }, "actions" : [ "indexStats", "dbStats", "collStats" ] } ] } )