Uploaded image for project: 'Percona Monitoring and Management'
  1. Percona Monitoring and Management
  2. PMM-1950

pmm-admin (mongodb:metrics) doesn't work well with SSL secured mongodb server

    Details

      Description

      Tried to add mongodb:metrics for a mongodb server using ssl.mode: requireSSL, but the pmm-client is unable to connect to it.

      For the same self-signed certificates, regular mongo client or pt-mongodb-summary work just fine.

      I created the certificates using this script:
      https://gist.githubusercontent.com/kevinadi/96090f6f9973ff8c2d019bbe0d9a0f70/raw/aac6ac2a6716edc75a90d477f9e64eef6885c9f5/mongodb-ssl.sh

      Connecting with mongo client works as expected:
      {{ # mongo --ssl --sslPEMKeyFile /etc/ssl/client2.pem --sslCAFile /etc/ssl/ca.crt mongodb://$hostname}}
      {{ Percona Server for MongoDB shell version v3.4.10-2.10}}
      {{ (...)}}

      But no syntax for pmm-admin seems to work, like:

      # pmm-admin add mongodb:metrics --uri mongodb://$hostname:27017 – -mongodb.tls -mongodb.tls-ca /etc/ssl/ca.crt -mongodb.tls-cert /etc/ssl/client.pem
      {{ Cannot connect to MongoDB using uri mongodb://$hostname:27017: no reachable servers}}

      In the same time, mongod server reports connection attempts not using SSL:
      2018-01-19T13:21:03.843+0100 I - [conn117] AssertionException handling request, closing client connection: 17189 The server is configured to only allow SSL connections


      Before starting exporter, pmm-admin tries to verify that is is possible to connect to MongoDB with the given URI: https://github.com/percona/pmm-client/blob/78df4badb921364b94fe62042d8dbe6ef26422c4/pmm/mongodb.go#L29 Unfortunately, there is no way to tell it to use TLS and pass certificate, etc.


       

       

        Smart Checklist

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  przemyslaw.malkowski@percona.com Przemyslaw Malkowski
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  6 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Time Tracking

                    Estimated:
                    Original Estimate - Not Specified
                    Not Specified
                    Remaining:
                    Remaining Estimate - 0 minutes
                    0m
                    Logged:
                    Time Spent - 3 hours
                    3h