Hello dear Percona team,
I am testing PMM 3.7 (Docker container). Setup was all good, but while adding a MySQL database as a target with this command:
sudo pmm-admin add mysql --server-url='https://admin:<pwd>@<host-where-pmm-is-running>:443' --query-source='slowlog' --max-query-length=-1 --username=pmm_user --password='<pwd>' --replication-set='testing' --environment='testing'
I am getting this error:
tls: failed to verify certificate: x509: certificate is valid for localhost, 127.0.0.1, not <host-where-pmm-is-running>
Important to note that the MySQL database being added, is in the same server where the PMM container is running.
This MySQL database is running with “require_secure_transport=ON“ so I cannot use the flag “–server-insecure-tls“ while adding the target.
Any tips on this?
Thanks a lot.
Can you connect via a socket connection?
sudo pmm-admin add mysql \
--server-url='https://admin:<pwd>@<host-where-pmm-is-running>:443' \
--query-source='slowlog' \
--max-query-length=-1 \
--username=pmm_user \
--password='<pwd>' \
--socket=/path/to/mysql.sock \
--replication-set='testing' \
--environment='testing'
Hey jrivera, thanks for the help.
Even using the “–socket“ flag, the same error is thrown:
sudo pmm-admin add mysql --server-url='https://admin:<pwd>@<host-where-pmm-is-running>:443' --query-source='slowlog' --max-query-length=-1 --username=pmm_user --password='<pwd>' --socket=/var/run/mysqld/mysqld.sock --replication-set='testing' --environment='testing'
tls: failed to verify certificate: x509: certificate is valid for localhost, 127.0.0.1, not <host-where-pmm-is-running>
My tests using –socket would work even with require_secure_transport=ON
mysql> select * from performance_schema.global_variables where variable_name in ('have_ssl','require_secure_transport');
+--------------------------+----------------+
| VARIABLE_NAME | VARIABLE_VALUE |
+--------------------------+----------------+
| have_ssl | YES |
| require_secure_transport | ON |
+--------------------------+----------------+
2 rows in set (0.00 sec)
sudo pmm-admin add mysql --username=pmm --password=pmmsecret --socket=/var/lib/mysql/mysql.sock --max-query-length=1024 --environment=testing
MySQL Service added.
Service ID : c72e2b46-9949-4a80-993c-31224a36ac82
Service name: mysqldb-mysql
Table statistics collection enabled (the limit is 1000, the actual table count is 341).
sudo pmm-admin status
Agent ID : d6b6229a-742e-4aa7-9563-dd714d0ee172
Node ID : 6c62d6b3-8894-49e9-a7fd-80211b214477
Node name: mysqldb
PMM Server:
URL : https://192.168.139.74:443/
Version: 3.7.0
PMM Client:
Connected : true
Time drift : 135.292µs
Latency : 241.54µs
Connection uptime: 100
pmm-admin version: 3.7.0
pmm-agent version: 3.7.0
Agents:
4517dfd2-3db4-440a-82f9-766c365f77e5 mysql_slowlog_agent Waiting 0
996fbbbd-c483-4cf3-a4e9-42d41321b591 vmagent Running 42000
a46a2a41-5a94-449c-be4a-093104607ce3 mysqld_exporter Running 42002
bd1405ea-dade-44b1-9e11-7c14775be30c node_exporter Running 42001
Also a small correction, pmm-admin add mysql command should rather be:
sudo pmm-admin add mysql \
--query-source='slowlog' \
--max-query-length=-1 \
--username=pmm_user \
--password='<pwd>' \
--socket=/var/run/mysqld/mysqld.sock \
--replication-set='testing' \
--environment='testing'
Can you run this and share the output:
select user,host,ssl_type,plugin from mysql.user where user='pmm';
Hey jrivera, thanks again.
This did the trick. Removing the flag “–server-url“ worked. So if using “–socket“ I believe there is no need to have “–server-url“ (specially when we run “sudo pmm-admin status“ and see that the client is already pointing to the PMM server and is properly connected).
Thanks a lot for your assistance here.