Uploaded image for project: 'Percona Monitoring and Management'
  1. Percona Monitoring and Management
  2. PMM-1950

pmm-admin (mongodb:metrics) doesn't work well with SSL secured mongodb server

    XMLWordPrintable

    Details

      Description

      Tried to add mongodb:metrics for a mongodb server using ssl.mode: requireSSL, but the pmm-client is unable to connect to it.

      For the same self-signed certificates, regular mongo client or pt-mongodb-summary work just fine.

      I created the certificates using this script:
      https://gist.githubusercontent.com/kevinadi/96090f6f9973ff8c2d019bbe0d9a0f70/raw/aac6ac2a6716edc75a90d477f9e64eef6885c9f5/mongodb-ssl.sh

      Connecting with mongo client works as expected:
      {{ # mongo --ssl --sslPEMKeyFile /etc/ssl/client2.pem --sslCAFile /etc/ssl/ca.crt mongodb://$hostname}}
      {{ Percona Server for MongoDB shell version v3.4.10-2.10}}
      {{ (...)}}

      But no syntax for pmm-admin seems to work, like:

      # pmm-admin add mongodb:metrics --uri mongodb://$hostname:27017 – -mongodb.tls -mongodb.tls-ca /etc/ssl/ca.crt -mongodb.tls-cert /etc/ssl/client.pem
      {{ Cannot connect to MongoDB using uri mongodb://$hostname:27017: no reachable servers}}

      In the same time, mongod server reports connection attempts not using SSL:
      2018-01-19T13:21:03.843+0100 I - [conn117] AssertionException handling request, closing client connection: 17189 The server is configured to only allow SSL connections


      Before starting exporter, pmm-admin tries to verify that is is possible to connect to MongoDB with the given URI: https://github.com/percona/pmm-client/blob/78df4badb921364b94fe62042d8dbe6ef26422c4/pmm/mongodb.go#L29 Unfortunately, there is no way to tell it to use TLS and pass certificate, etc.


       

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                przemyslaw.malkowski@percona.com Przemyslaw Malkowski
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 3 hours
                  3h