Not the answer you need?
Register and ask your own question!

Monitoring rds postgres with pmm docker container

peru2019peru2019 ContributorCurrent User Role Novice
I am trying to setup rds postgres monitoring with pmm docker contaner. As part of setup , I created aws user plus following user policy plus separate db user with necessary permissions.


{
"Version": "2012-10-17",
"Statement": [{
"Sid": "Stmt1508404837003",
"Effect": "Allow",
"Action": [
"rds:DescribeDBInstances",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics"
],
"Resource": ["*"]
},
{
"Sid": "Stmt1508410723001",
"Effect": "Allow",
"Action": [
"logs:DescribeLogStreams",
"logs:GetLogEvents",
"logs:FilterLogEvents"
],
"Resource": ["arn:aws:logs:*:*:log-group:RDSOSMetrics:*"]
}
]

}

CREATE USER pmm_user with ENCRYPTED PASSWORD 'xxxxzzzzzyyyy';
grant rds_superuser to pmm_user;

Finally when I try to add rds postgres database using PMM GUI -> Add Remote Postgresql Instance, I run into following error



Any comments /suggestions ?

Comments

  • peru2019peru2019 Contributor Current User Role Novice
    One more thing, db conection from pmm docker container to rds postgresql database using psql client works with no issues.
  • peru2019peru2019 Contributor Current User Role Novice
    I think this is related to SSL configuration on pmm docker container. I checked the rds postgresql logs, and found following lines relevant to above error.

    2019-08-26 20:13:28 UTC:10.40.72.117(41640):[email protected]:[20063]:FATAL: no pg_hba.conf entry for host "10.40.72.117", user "pmm_user", database "postgres", SSL off 2019-08-26 20:19:45 UTC:10.40.72.117(52212):[email protected]:[28180]:LOG: connection authorized: user=pmm_user database=postgres SSL enabled (protocol=TLSv1.2, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256, compression=off)

    Issue is when I try to do "Add a remote PostgreSQL instance" using "_PMM Add Instance", it trys to open db connection with SSL option disabled. And thats the reason the db connection is failing.

    {{


    }}
  • peru2019peru2019 Contributor Current User Role Novice
    I was able to resolve this issue, by using pmm-admin commands from the docker container. Here is what I end up doing,

    yum update -y
    yum install initscripts

    pmm-admin config --server 127.0.0.1 --server-insecure-ssl --client-name 10.xx.xx.xxx

    pmm-admin add postgresql --host=postgres-dev.xxxxyyyyzzz.us-east-1.rds.amazonaws.com --user=pmm_user --password='secret' --port=5432 --sslmode require
Sign In or Register to comment.

MySQL, InnoDB, MariaDB and MongoDB are trademarks of their respective owners.
Copyright ©2005 - 2020 Percona LLC. All rights reserved.