Pmm-client connection with pmm-server

Wali_Hasan · April 3, 2024, 3:32am

Description:

Hi,
I’m running pmm-server v2.41.0 on my kubernetes cluster and pmm-client for monitoring my MongoDB running on GCE instances.
I want to know if there is any other way of registering the node with pmm server apart from using admin username & password? maybe through service accounts or api-keys??
The issue is that i wish to push PMM monitoring in production and before i do that i want to put it behind IAP. If i put it behind IAP,then i’m not able to register the node with admin username & password. So is there any other way of registering the node maybe through service accounts,api-keys or maybe creating an internal LB for PMM server.

Expected Result:

It should be able to register the node with pmm-server through some other way too.

Actual Result:

Can only register through username & password.

Any help would be appreciated,thanks.

matthewb · April 3, 2024, 2:50pm

Hello @Wali_Hasan,
Unfortunately, at this time using username/password is the only way to add the local agent to PMM. However, you can add a remote Mongo monitoring instance to PMM using the API/UI. But you won’t get any disk/OS/memory stats this way.

Wali_Hasan · April 4, 2024, 4:18am

Hello @matthewb ,
which means i won’t be able to put PMM behind Google Single Sign on?? This would defeat the purpose…I couldn’t find any official document to implement google authentication,is that also not supported?

matthewb · April 4, 2024, 4:45am

Hello @Wali_Hasan,
Grafana, the UI of PMM, fully supports OAuth2-style authentication.

Our public demo, https://pmmdemo.percona.com/ uses OAuth2 for employee SSO, so it does indeed work.

Wali_Hasan · April 4, 2024, 5:12am

Hello @matthewb ,
I’m trying to implement Google OAuth2 authentication but facing issue.
So i’ve installed pmm server using helm charts,

pmmEnv:
GF_AUTH_GENERIC_OAUTH_ENABLED: “true”
GF_AUTH_GENERIC_OAUTH_SCOPES: “https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email”
GF_AUTH_GENERIC_OAUTH_AUTH_URL: “Sign in - Google Accounts”
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: “https://accounts.google.com/o/oauth2/token”
GF_AUTH_GENERIC_OAUTH_API_URL: “https://accounts.google.com/o/oauth2/authorize”
GF_AUTH_GENERIC_OAUTH_ALLOWED_DOMAINS: “gmail.com”
GF_SERVER_ROOT_URL: “https://pmm-example.com/graph”

I’ve passed these values under pmmEnv in helmchart to pass as environment variables,
and passed clientID & clientSecret as Secrets in helmchart

secret:
GF_AUTH_GENERIC_OAUTH_CLIENT_ID: “base64 encoded value”
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: “base64 encoded value”

My redirect URI at google end is https://pmm-example.com/graph/login/generic_oauth

But it dont seem to work…i get “Error 401: invalid_client” when i try to sigin with OAuth,can please help as to what i’m doing wrong in this??
Any help would be highly appreciated.

Thanks.

Topic		Replies	Views
Pmm-client does not connect with pmm-server PMM 2.x	4	1192	September 22, 2021
Limited user account for PMM client registration PMM 2.x	2	738	April 6, 2021
Best Practice for running PMM Client for MongoDB ReplicaSet PMM 2.x	13	1541	February 26, 2021
Connect PMM agent with service account PMM 2.x	6	835	September 19, 2024
PMM 2.22.0 in k8s PMM 2.x	5	937	October 6, 2021

Pmm-client connection with pmm-server

Description:

Expected Result:

Actual Result:

Related topics