Not the answer you need?
Register and ask your own question!

PMM on server with Failover IP

shomanshoman ContributorCurrent User Role Beginner

PMM Server is running in a docker container on a server with a failover IP.

If I'm using the original ip of the server instead the failover ip all is working fine.

If I'm adding the the server with failover ip on a pmm client, i get tls handshake errors from the real ip of the server and not from the failover ip.

It's strange.

* Connection: Client --> Server is OK


* Connection: Client <-- Server is not possible.

Forcing the failover ip with SNAT doesn't change the situation.

Any idea?


  • MykolaMykola Percona Percona Staff Role
    Hi shoman,

    As I understand you have two networks, one public (failover) and private (real).

    I have two theories:
    • firewall issues (public IP has more strict rules)
    • routing issues (connect to the server is going via one network and answers are going via another network)
    Firewall: It is needed to allow traffic:
    • from PMM client any port to PMM server 80 and 443 ports
    • from PMM server any port to PMM client port 42000 for linux:metrics
    • from PMM server any port to PMM client port 42002 for mysql:metrics
    • from PMM server any port to PMM client port 42003 for mongodb:metrics
    • from PMM server any port to PMM client port 42004 for proxysql:metrics
    Routing: How to add PMM client over public network
    pmm-admin config \
        --server ELASTIC-IP-OF-SERVER \
        --bind-address INTERNAL-IP-OF-CLIENT \
        --client-address PUBLIC-IP-OF-CLIENT
This discussion has been closed.

MySQL, InnoDB, MariaDB and MongoDB are trademarks of their respective owners.
Copyright ©2005 - 2020 Percona LLC. All rights reserved.