PMM on server with Failover IP

Situation:

PMM Server is running in a docker container on a server with a failover IP.

If I’m using the original ip of the server instead the failover ip all is working fine.

If I’m adding the the server with failover ip on a pmm client, i get tls handshake errors from the real ip of the server and not from the failover ip.

It’s strange.

  • Connection: Client → Server is OK

but

  • Connection: Client ← Server is not possible.

Forcing the failover ip with SNAT doesn’t change the situation.

Any idea?

Hi shoman,

As I understand you have two networks, one public (failover) and private (real).

I have two theories:
[LIST]
[]firewall issues (public IP has more strict rules)
[
]routing issues (connect to the server is going via one network and answers are going via another network)
[/LIST]
Firewall: It is needed to allow traffic:
[LIST]
[]from PMM client any port to PMM server 80 and 443 ports
[
]from PMM server any port to PMM client port 42000 for linux:metrics
[]from PMM server any port to PMM client port 42002 for mysql:metrics
[
]from PMM server any port to PMM client port 42003 for mongodb:metrics
[*]from PMM server any port to PMM client port 42004 for proxysql:metrics
[/LIST] Routing: How to add PMM client over public network

pmm-admin config \
--server ELASTIC-IP-OF-SERVER \
--bind-address INTERNAL-IP-OF-CLIENT \
--client-address PUBLIC-IP-OF-CLIENT