Dear team,
May I ask if changing the admin password on PMM2 will impact the clients that are already registered?
If it does have an impact, what steps should we take? If not, could you please advise on how to change the password safely?
Best regards,
Hi @Ly_Kimmeng1.
Later version of PMM use API keys, so you don’t have to do anything after changing the admin password. On each monitored node, check /usr/local/percona/pmm2/config/pmm-agent.yaml to see if the PMM agent is using an API key or not:
# cat /usr/local/percona/pmm2/config/pmm-agent.yaml
# Updated by `pmm-agent setup`.
---
id: /agent_id/114fc2bc-3335-40d4-a134-605aaeabe499
listen-address: 127.0.0.1
listen-port: 7777
server:
address: 192.168.xxx.xxx:443
username: api_key
password: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
insecure-tls: true
...
If the PMM agent still uses username/password for authentication with PMM server, then you will need to re-configure the node with the force option and also re-add any services on that node:
# cat /usr/local/percona/pmm2/config/pmm-agent.yaml
# Updated by `pmm-agent setup`.
---
id: /agent_id/18bb9be4-21f5-40c7-a88c-8d948c7e12f4
listen-address: 127.0.0.1
listen-port: 7777
server:
address: 192.168.xxx.xxx:443
username: admin
password: xxxxx
insecure-tls: true
...
Also, before changing the admin password, it is recommended to temporarily disable the brute-force login protection in Grafana. This is to avoid locking the admin user when agents are still trying to authenticate with the old password.
docker exec -it pmm-server bash
vi /etc/grafana/grafana.ini
[security]
disable_brute_force_login_protection = true
supervisorctl restart grafana
Once everything is done, you can enable the brute-force login protection in Grafana again.
Unanswered | Unsolved | Solved
MySQL, InnoDB, MariaDB and MongoDB are trademarks of their respective owners.
Copyright © 2006 - 2024 Percona LLC. All rights reserved.