Uploaded image for project: 'Percona Monitoring and Management'
  1. Percona Monitoring and Management
  2. PMM-7888 Custom TLS certificates now allow SSL connections to PostgreSQL instances
  3. PMM-7937

[API, CLI] Enabling PMM UI to connect to Postgres using client certificates (for Remote Add)

Details

    • Technical task
    • Status: Done
    • Medium
    • Resolution: Fixed
    • None
    • 2.21.0
    • None
    • Yes
    • Yes
    • [obsolete] C/S Core

    Description

      User story:
      As a PMM use, I want to be able to pass custom SSL keys to be able to connect to my remote PostgreSQL server, so that PMM can monitor it

      UI/UX:

      1. >pmm-admin add postgresql .. --ssl...

      Acceptance criteria

      • user able to pass PG related SSL keys:
        • sslcert
        • sslkey
        • sslrootcert
      • Documentation:
        • updated documentation for UI of adding remote Pg 
        • BD

      Out of scope:

      Suggested implementation:
      TBD

      How to test:
      TBD

      Original report:

      Can we include certificate based login for postgres monitoring? In UI can we add option to select sslmode and path to certificates and keys? we have requirement where all postgres will be ssl enabled and key and certificates will be used for authenetication

       

      Sample connection string:

      DATA_SOURCE_NAME=“postgresql://postgres_exporter:[email protected]:5432/postgres?sslmode=verify-ca&sslrootcert=/etc/ssl/certs/server-ca.pem&sslcert=/etc/ssl/certs/client-cert.pem&sslkey=/etc/ssl/certs/client-key.pem

       Sample connection setting from grafana where you can see the certificate related entries

      Attachments

        Issue Links

          Activity

            People

              andrii.skomorokhov Andrii Skomorokhov (Inactive)
              roma.novikov Roma Novikov
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Smart Checklist