Can PMM2 server in Docker monitor MySQL installed on the same host?

Nickmob · June 10, 2020, 10:29am

Hi!
I have the following setup: PMM server in docker and MySQL (w/o docker) on the same machine.
Then I try to add monitoring using pmm-admin I get the following error:
Failed to register pmm-agent on PMM Server: Post https://192.168.0.200:8443/v1/management/Node/Register: dial tcp 192.168.0.200:8443: i/o timeout
IP is one of the interfaces (tried localhost and others), port is public port for PMM server.
External pmm-clients (on other servers) work just fine.
How to monitor this MySQL instance?

steve.hoffman · June 10, 2020, 11:08am

This is absolutely possible and I’m doing this myself (with docker and installed DB servers all on the same host) I’m curious about your pmm-admin config command but if you can do it elsewhere and not locally I’d be suspect of something around networking or firewall. You running SELinux by chance? Possibly your accepting connections from external ips but not localhost to your pmm server port.

Nickmob · June 10, 2020, 11:15am

Thanks for reply!
My command is:
pmm-admin config --server-insecure-tls --server-url=https://admin:*****@192.168.0.200:8443
I have Ubuntu 18.04 (Apparmor) but I don’t see any problem with firewall.
Here’s my dump of iptables -L -nv and iptables -L -t nat -nv (attached in file to message).

iptables.log (6.49 KB)

steve.hoffman · June 10, 2020, 12:28pm

I think I see the issue…and hopefully I can explain it :neutral: You’re allowing traffic in on 8443 on ingress eth1 and * (but only eth1 has hits on it) you’re NATing traffic to 8080 and 8443 to the respective 80 and 443 but notice you have an explicit ‘!docker0’ so that nat rule won’t work on localhost. Even though you’re specifying a destination IP that would target eth1 as the “destination”, your routing rules are likely optimizing and making the decision that it’s less optimal to go from eth1 to docker0 and instead just originating the request from docker0 which you deny by rule (I think docker does that by rule actually). You could do something like

iptables -I INPUT -i docker0 -j ACCEPT

which should allow all traffic originating from interface docker0 and in a sense override the “rejection” of the !docker0 in the nat rules. (you can tighten it up to be tcp dpt:8443 or possibly figure out where docker establishes that exclusion and make it * but this will be an easy rule to add and then delete just to test.

Nickmob · June 10, 2020, 1:14pm

steve.hoffman said:
``` iptables -I INPUT -i docker0 -j ACCEPT ```

Thanks a lot, Steve! That did the trick. Now I can add my services to monitor itself. Later I'll try to make more specific rule.

Topic		Replies	Views
Monitoring MySQL from docker on host PMM 2.x	3	922	February 20, 2021
[PMM] Failed to register pmm-agent on PMM Server Percona Monitoring and Management (PMM) pmm	3	1805	August 18, 2021
PMM ProxySQL monitoring in docker containers PMM 1.x	1	1619	May 19, 2017
Proper way to monitor a MySQL container by PMM PMM 1.x	3	805	February 4, 2019
How to monitor MYSQL container on other server with PMM Database Monitoring and Management pmm , mysql , percona	2	728	July 10, 2023

Can PMM2 server in Docker monitor MySQL installed on the same host?

Related Topics