Not the answer you need?
Register and ask your own question!

Can PMM2 server in Docker monitor MySQL installed on the same host?

NickmobNickmob ContributorCurrent User Role Patron
I have the following setup: PMM server in docker and MySQL (w/o docker) on the same machine.
Then I try to add monitoring using pmm-admin I get the following error:
Failed to register pmm-agent on PMM Server: Post dial tcp i/o timeout
IP is one of the interfaces (tried localhost and others), port is public port for PMM server.
External pmm-clients (on other servers) work just fine.
How to monitor this MySQL instance?

Best Answer

  • steve.hoffmansteve.hoffman Percona Percona Staff Role
    Accepted Answer
    I *think* I see the issue...and hopefully I can explain it :neutral: You're allowing traffic in on 8443 on ingress eth1 and * (but only eth1 has hits on it) you're NATing traffic to 8080 and 8443 to the respective 80 and 443 but notice you have an explicit '!docker0' so that nat rule won't work on localhost.   Even though you're specifying a destination IP that would target eth1 as the "destination", your routing rules are likely optimizing and making the decision that it's less optimal to go from eth1 to docker0 and instead just originating the request from docker0 which you deny by rule (I think docker does that by rule actually).  You could do something like 
    iptables -I INPUT -i docker0 -j ACCEPT
    which should allow all traffic originating from interface docker0 and in a sense override the "rejection" of the !docker0 in the nat rules.  (you can tighten it up to be tcp dpt:8443 or possibly figure out where docker establishes that exclusion and make it * but this will be an easy rule to add and then delete just to test.   


  • steve.hoffmansteve.hoffman Percona Percona Staff Role
    This is absolutely possible and I’m doing this myself (with docker and installed DB servers all on the same host) I’m curious about your pmm-admin config command but if you can do it elsewhere and not locally I’d be suspect of something around networking or firewall. You running SELinux by chance?  Possibly your accepting connections from external ips but not localhost to your pmm server port. 
  • NickmobNickmob Contributor Current User Role Patron
    Thanks for reply!
    My command is:
    pmm-admin config --server-insecure-tls --server-url=https://admin:*****@
    I have Ubuntu 18.04 (Apparmor) but I don't see any problem with firewall.
    Here's my dump of iptables -L -nv and iptables -L -t nat -nv (attached in file to message).

  • NickmobNickmob Contributor Current User Role Patron

    iptables -I INPUT -i docker0 -j ACCEPT
    Thanks a lot, Steve! That did the trick. Now I can add my services to monitor itself. Later I'll try to make more specific rule.
Sign In or Register to comment.

MySQL, InnoDB, MariaDB and MongoDB are trademarks of their respective owners.
Copyright ©2005 - 2020 Percona LLC. All rights reserved.