Connection check failed

Hello,

I’m trying to deploy PMM in a firewalled setup and I get this error when I try to add a new MariaDB instance on the server: Connection check failed: dial tcp 192.168.2.193:3306: i/o timeout.

But I’m having difficulties understanding this error as I don’t see any requirements regarding this specific port based on this article: https://www.percona.com/blog/2020/12/01/foiled-by-the-firewall-a-tale-of-transition-from-prometheus-to-victoriametrics/

The server is reachable on port 443 from the client and the client from the server on ports 42000, 42001, etc.

So why is the server trying to contact the client on port 3306?

Thanks,

Christian

Are you trying to add a remote instance from within the PMM UI? If so, then PMM server must be able to connect to your MariaDB instance over 3306. How else would PMM log in to Maria to gather statistics?

Ports 42000/01 are used if you are running the local agent on the MariaDB server directly. This is the recommended way. But if you can’t run the agent on the server, then you can use remote monitoring but that requires 3306 be available.

1 Like

The agent is indeed installed on the MariaDB server, so you’re saying that I don’t need to have this port open in this mode?

The documentation is not very clear in this regards: Percona Monitoring and Management

1 Like

If the agent is installed on MariaDB server, then the agent will connect via localhost to MariaDB. PMM server will connect to the agent over 42000/42001.

You need to read the MySQL-specific document section for PMM.

1 Like

It’s working, thanks a lot!

1 Like

Just for historíes sake, PMM server will only connect to the aforementioned ports in PULL mode which is not the default anymore. When the agent is installed on a DB server it will connect to the local instance over the service port (3306 for Mysql/MariaDB) or socket and scrape for metrics which are then relayed to the PMM server via PUSH over whatever port you setup PMM server to run on (typically 443).

2 Likes

Ok so in this mode, there’s no need to whitelist additional ports on the client side anymore (42000, 42001, etc.)?

1 Like

Correct! If you were able to run the pmm-admin config... (and do not pass the --metrics-mode flag) command with success that shows your pmm client is able to communicate with your pmm server. When you then run the pmm-admin add <technology>... it will all communicate internally either via IP/port or socket to gather and send to the server.

2 Likes