Upgrade grafana on PMM2 on AWS AMI

Description:

I installed PMM from AWS AMI images, I did yum update and updated all packages, I am using AWS Inspector to monitor servers vulnerabilities, the inspector show that there are 5 critical vulnerabilities on Grafan, I need to find how can I upgrade Grafana version to latest and fix these vulnerabilities

Steps to Reproduce:

install PMM 2 on AWS from AMI image

Version:

[root@pmm-server grafana]# grafana -v
grafana version 9.2.20
PMM version: 2.44.0

more details from Vanta about this issue

Package name

Installed version

v0.0.0-20240319182150-590c657828b5

Fixed version

5.2.3

Remediation

None Provided

Vulnerabilities

CVE-2018-15727

Hello, as we use forked version of grafana it’s not possible to upgrade to upstream grafana. We are finishing PMM 3 release preparation where we have Grafana 11. I recommend to wait for PMM 3 release and then upgrade to it.

Hi Nurian,

Thanks for your reply, I saw in the PMM website that PMM 3 is released, but the migration instructions is for docker setup, I want to ask when I can do the upgrade on my AMI image installed version, using Oracle linux 9 on AWS

Thanks

Hi Khaled,

Normally we need a few more days until we get the AMI image scanned and approved by AWS. It will then show up as available on their Marketplace.

Hi Ademidoff

Thanks for your reply, great to hear this,
but I want to ask if I can do inplace upgrade to the new release or I should create new instance from new AMI, also if I need to export old data from PMM2 running on docker setup, can I do this and how

Thanks in advance

Hi @khaled1, it will require setting up separate PMM 3 instance and copy your data from old one. PTAL Migrate PMM 2 to PMM 3 - Percona Monitoring and Management. Exporting old data from PMM 2 running on docker setup can be done by copying data from /srv directory in PMM container using docker cp command and then pasting it. in the page I shared above there are multiple options to migrate from PMM 2 to PMM 3

Hi Nurlan,

I want to ask about AMI image estimated release date, because my Vanta vulnarabilties deadline is February 28, do you think the PMM 3 AMI image will be ready before that date,

Thanks