Monitoring rds postgres with pmm docker container

peru_uparkar · August 26, 2019, 12:43pm

I am trying to setup rds postgres monitoring with pmm docker contaner. As part of setup , I created aws user plus following user policy plus separate db user with necessary permissions.

{
“Version”: “2012-10-17”,
“Statement”: [{
“Sid”: “Stmt1508404837003”,
“Effect”: “Allow”,
“Action”: [
“rds:DescribeDBInstances”,
“cloudwatch:GetMetricStatistics”,
“cloudwatch:ListMetrics”
],
“Resource”: [“"]
},
{
“Sid”: “Stmt1508410723001”,
“Effect”: “Allow”,
“Action”: [
“logs:DescribeLogStreams”,
“logs:GetLogEvents”,
“logs:FilterLogEvents”
],
“Resource”: ["arn:aws:logs:::log-group:RDSOSMetrics:”]
}
]

}

CREATE USER pmm_user with ENCRYPTED PASSWORD ‘xxxxzzzzzyyyy’;
grant rds_superuser to pmm_user;

Finally when I try to add rds postgres database using PMM GUI → Add Remote Postgresql Instance, I run into following error

[LEFT][COLOR=#D8D9DA]

Any comments /suggestions ?

peru_uparkar · August 26, 2019, 12:52pm

One more thing, db conection from pmm docker container to rds postgresql database using psql client works with no issues.

peru_uparkar · August 27, 2019, 10:33am

I think this is related to SSL configuration on pmm docker container. I checked the rds postgresql logs, and found following lines relevant to above error.

2019-08-26 20:13:28 UTC:10.40.72.117(41640):pmm_user@postgres:[20063]:FATAL: no pg_hba.conf entry for host “10.40.72.117”, user “pmm_user”, database “postgres”, SSL off 2019-08-26 20:19:45 UTC:10.40.72.117(52212):pmm_user@postgres:[28180]:LOG: connection authorized: user=pmm_user database=postgres SSL enabled (protocol=TLSv1.2, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256, compression=off)

Issue is when I try to do “Add a remote PostgreSQL instance” using “_PMM Add Instance”, it trys to open db connection with SSL option disabled. And thats the reason the db connection is failing.

{{ [LEFT][COLOR=#D8D9DA]

}}

peru_uparkar · August 27, 2019, 8:25pm

I was able to resolve this issue, by using pmm-admin commands from the docker container. Here is what I end up doing,

yum update -y
yum install initscripts

pmm-admin config --server 127.0.0.1 --server-insecure-ssl --client-name 10.xx.xx.xxx

pmm-admin add postgresql --host=postgres-dev.xxxxyyyyzzz.us-east-1.rds.amazonaws.com --user=pmm_user --password=‘secret’ --port=5432 --sslmode require

Topic		Replies	Views
Ignore rdsadmin DB checks for AWS RDS monitoring with PMM 2.x PostgreSQL pmm , percona , closed-no-reply , postgresql	0	976	March 30, 2023
PMM2 with AWS RDS PostgreSQL with rds.force_ssl=0 Percona Monitoring and Management (PMM)	2	35	October 15, 2024
Question on pmm2 beta and rds postgresql monitoring PMM 2.x	3	684	August 29, 2019
Connecting PMM running on Docker on EC2 instance to RDS MariaDB instance PMM 1.x	1	623	May 23, 2018
Monitoring RDS Instances PMM 1.x	3	941	August 17, 2016

Monitoring rds postgres with pmm docker container

CREATE USER pmm_user with ENCRYPTED PASSWORD ‘xxxxzzzzzyyyy’; grant rds_superuser to pmm_user;

Related topics

CREATE USER pmm_user with ENCRYPTED PASSWORD ‘xxxxzzzzzyyyy’;
grant rds_superuser to pmm_user;