Uploaded image for project: 'Percona Monitoring and Management'
  1. Percona Monitoring and Management
  2. PMM-8014

Error when adding Amazon RDS MySQL with TLS over API

    XMLWordPrintable

Details

    • 1
    • Yes
    • Yes
    • [obsolete] C/S Core

    Description

      User Impact:
      User cannot add mysql RDS instance when tls: true property is presented.

      Steps to Reproduce:

      Go to swagger on your instance: [https://127.0.0.1/swagger#/RDS/AddRDS
      ]

      {
  "engine": 1,
  "region": "us-east-1",
  "aws_access_key": "ACCESS KEY",
  "aws_secret_key": "SECRET KEY",
  "instance_id": "rds-mysql57",
  "address": "rds-mysql57.cmtxparzenzi.us-east-1.rds.amazonaws.com",
  "port": 3306,
  "node_name": "rds",
  "service_name": "rdsmysql",
  "username": "USER",
  "password": "PASSWORD",
  "skip_connection_check": false,
  "tls": true,
  "tls_skip_verify": true
}

      Execute code above.

      Actual Result:

      {
  "error": "Connection check failed: invalid value / unknown config name: custom.",
  "code": 9,
  "message": "Connection check failed: invalid value / unknown config name: custom."
}

      Expected Result:

      Instance was added successfully.

      Suggested implementation:

      We need do some code changes in pmm-agent, pmm-managed part for SSL MySQL. 

      https://github.com/percona/pmm-agent/pull/249/files#r624931726

      https://github.com/percona/pmm-managed/pull/720#discussion_r624992455

       

       How to test:
      1. Use new flags in pmm-admin to add instance (tls, tls-ca, tls-cert, tls-key). Use certificates from attachment. Bold ones are needed.
      Example: ./bin/pmm-admin add mysql -username=fry --password=pass ***********tls* tls-ca=mysql/ca.pem tls-cert=mysql/cert.pem -tls-key=mysql/key.pem --server-url=http://admin:[email protected] --tls-skip-verify --query-source=perfschema mysqlssl
      Cases:
      --tls
      --tls --tls-skip-verify
      --tls --skip-connection-check
      --tls --tls-skip-verify  --skip-connection-check

      2. Go to PMM inventory and check if agent running and tls: true property is presented.
      3. Check if you getting data in instance summary and query analytics, also check all possible actions for mysql.
      4. Now try this in way written in Steps to reproduce section.

      Original report: https://perconacorp.slack.com/archives/C03J8FZFU/p1621422676030900

      Attachments

        1. ca.pem
          1 kB
        2. cert.pem
          1 kB
        3. key.pem
          2 kB
        4. Screenshot from 2021-05-20 14-53-08.png
          Screenshot from 2021-05-20 14-53-08.png
          47 kB

        Issue Links

          mentioned in

          Page Loading...

          Activity

            People

              jiri.ctvrtka Jiří Čtvrtka
              jiri.ctvrtka Jiří Čtvrtka
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Smart Checklist