Oct
28
2019
--

Setting up MongoDB with Member x509 auth and SSL + easy-rsa

MongoDB Member with x509 auth

MongoDB Member with x509 authHi everyone! This is one of the most requested subjects to our support team and I’d like to share the steps as a tutorial blog post. Today, we will set up internal authentication using x.509 certificates as well as enabling TSL/SSL.

If using authentication in MongoDB, there are two ways to configure intra-cluster authentication:

  • Using a Key File
  • Using x509 certs

Key files are very straight forward; just create a random text file and share it with all the members in the replicaset/sharding. However, this is not the most secure way and for this reason, it is very common to use certificates instead.

It is perfectly possible to have self-signed certificates, but in this blog, we will use easy-rsa to make real certificates signed by one certificate authority. By the documentation, easy-rsa is a CLI utility to build and manage a PKI CA. In laymen’s terms, this means to create a root certificate authority, and request and sign certificates, including sub-CAs and certificate revocation lists (CRL). This project is hosted on GitHub on https://github.com/OpenVPN/easy-rsa and we are going to use release 2.x for this tutorial.

We will use Percona Server for MongoDB v3.6 – which is currently one of the most used versions – but this works for any MongoDB version starting at 3.2. The steps as to how to create a user will be omitted in this blog. We are considering the primary is configured with authentication and the first user was already created.

Steps:

  1. Download and configure easy-rsa:
    yum install git -y
    mkdir /usr/share/easy-rsa
    git clone -b release/2.x https://github.com/OpenVPN/easy-rsa.git
    cp easy-rsa/easy-rsa/2.0/* /usr/share/easy-rsa
    cd  /usr/share/easy-rsa
  2. Edit the source files with information about your company:
    cd /usr/share/easy-rsa
    nano vars
    
    # These are the default values for fields
    # which will be placed in the certificate.
    # Don't leave any of these fields blank.
    
    export KEY_COUNTRY="US" <your data>
    export KEY_PROVINCE="NC" <your data>
    export KEY_CITY="DURHAM" <your data>
    export KEY_ORG="Percona" <your data>
    export KEY_EMAIL="me@percona.com" <your data>
    export KEY_OU="MongoDB" <your data>
    
    #You may need to add the following variable:
    #Bug: https://bugs.launchpad.net/serverguide/+bug/1504676
    export KEY_ALTNAMES=""
  3. Load the variables with the source command:
    source ./vars
  4.  Edit the openssl-1.0.0.cnf file commenting the keys right after [ usr_cert ]
    #extendedKeyUsage=clientAuth
    #keyUsage = digitalSignature

    More info here on Extended Key Usage

  5. Now everything is prepared to create our CA file. Let’s create the CA and the members’ certificates:
    cd /usr/share/easy-rsa
    # this command will clean all the data in the ./keys folder
    ./clean-all 
    # It will generate a key for the CA as well as a certificate
    ./built-ca 
    # It will generate a key for the server as well as a certificate
    ./built-key <server_name>
  6. We suggest keeping the default values for the CA and informing the FQN or the hostname in the certificates. (It will be validated by MongoDB.)This is the expected output:
    Generating a 2048 bit RSA private key
    ......................................................................................+++
    ............................+++
    writing new private key to 'server_name.key'
    -----
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [US]:
    State or Province Name (full name) [NC]:
    Locality Name (eg, city) [Durham]:
    Organization Name (eg, company) [Percona]:
    Organizational Unit Name (eg, section) [MongoDB]:
    Common Name (eg, your name or your server's hostname) [server_name]:
    Name [EasyRSA]:
    Email Address [percona@percona.com]:
    
    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:
    An optional company name []:
    Using configuration from /usr/share/easy-rsa/openssl-1.0.0.cnf
    Check that the request matches the signature
    Signature ok
    ...
    Certificate is to be certified until Mar  9 11:29:40 2028 GMT (3650 days)
    Sign the certificate? [y/n]:y
    
    1 out of 1 certificate requests certified, commit? [y/n]y
    Write out database with 1 new entries
    Data Base Updated
  7. After creating all the certificates, we need to combine the keys and its certificate in order to create the .pem file.
    cd keys
    -rw-r--r-- 1 root root 1,7K Mar  9 09:35 ca.crt
    -rw------- 1 root root 1,7K Mar  9 09:35 ca.key
    -rw-r--r-- 1 root root 4,1K Mar 12 08:29 server_name.crt
    -rw-r--r-- 1 root root 1,1K Mar 12 08:29 server_name.csr
    -rw------- 1 root root 1,7K Mar 12 08:29 server_name.key
    
    # combining .key and .crt into a single file.
    
    cat server_name.key server_name.crt > server_name.pem

    Repeat this process to all the server keys.

  8. Now that we have the server .pem files prepared we need to edit the mongod.conf, considering the keys were moved to /var/lib/mongodb/ 
    security.clusterAuthMode : x509
    security.authorization : enabled 
    net:
      port: 27017
      bindIp: <ip_number>
      ssl:
        mode: requireSSL
        PEMKeyFile: /var/lib/mongodb/server_name.pem
        CAFile: /var/lib/mongodb/ca.crt
  9. Once the changes are made, the services must be started and the members should start normally.
  10. It is now time to configure the clients, as otherwise, no one will be able to log in to this environment. Again we need to edit the openssl-1.0.0.cnf removing the comments. Clients need to have those keys in the certificate.
    cd /usr/share/easy-rsa 
    extendedKeyUsage=clientAuth
    keyUsage = digitalSignature
  11. After editing the file, create the client file, it is as simple as creating a new key:
    cd /usr/share/easy-rsa 
    ./build-key <client_name>

    There is a caveat here, the Organization Unit must be different than MongoDB. I recommend calling as a MongoDBClient, and once the files are created repeat the process of linking the client_name.crt and the client_name.key file in a single file and using it to log in to the environment.

    ./build-key client_name
    …. 
    Country Name (2 letter code) [US]:
    State or Province Name (full name) [NC]:
    Locality Name (eg, city) [DURHAM]:
    Organization Name (eg, company) [Percona]:
    Organizational Unit Name (eg, section) [MongoDB]:MongoDBClient
    Common Name (eg, your name or your server's hostname) [client_name]:
    
    cd keys
    cat client_name.key client_name.crt > client_name.pem
  12. Connecting to the database is simple; we need to specify the ca file along with the certificate the client is connecting.
    Please be aware you’ll need to connect to the server local IP instead of localhost, and you may need to edit the /etc/hosts in order to force the databases and clients to resolve the hostnames.

    mongo --ssl --host server_name --sslCAFile /usr/share/easy-rsa/keys/ca.crt  \
       --sslPEMKeyFile /usr/share/easy-rsa/keys/client_name.pem --port 27017 \
       -u <user> -p --authenticationDatabase admin

With these described steps you should be able to enable SSL + member authentication in your environment. Please feel free to give us feedback here or tweet to @AdamoTonete or @Percona on Twitter!

Sep
12
2019
--

Percona Server for MongoDB 4.0.12-6 Now Available

Percona Server for MongoDB

Percona Server for MongoDBPercona announces the release of Percona Server for MongoDB 4.0.12-6 on September 12, 2019. Download the latest version from the Percona website or the Percona software repositories.

Percona Server for MongoDB is an enhanced, open source, and highly-scalable database that is a fully-compatible, drop-in replacement for MongoDB 4.0 Community Edition. It supports MongoDB 4.0 protocols and drivers.

Percona Server for MongoDB extends the functionality of the MongoDB 4.0 Community Edition by including the Percona Memory Engine storage engine, encrypted WiredTiger storage engineaudit loggingexternal authenticationhot backups, and enhanced query profilingPercona Server for MongoDB requires no changes to MongoDB applications or code.

Percona Server for MongoDB 4.0.12-6 enables uploading hot backups to Amazon S3 or compatible storage service, such as MinIO. In this release, this feature has the EXPERIMENTAL status. For more information, see the documentation of Percona Server for MongoDB.

This release includes all features of MongoDB 4.0 Community Edition. Most notable among these are:

Note that the MMAPv1 storage engine is deprecated in MongoDB 4.0 Community Edition.

Percona Server for MongoDB 4.0.12-6 is based on MongoDB 4.0.12.

New Features

  • PSMDB-371: Hot backup streaming to a remote destination

Bugs Fixed

  • PSMDB-396: Per database encryption keys were not removed on database drop
  • PSMDB-408: In some cases, the encryption keydb instance was not destroyed on the instance shutdown
  • PSMDB-412: PSMDB was not pulling the ECDHE ciphers from OpenSSL due to upstream bug SERVER-38141.

Known Issues

  • PSMDB-441: Connectivity errors when making backups to GCP on Debian 9 (stretch).

The Percona Server for MongoDB 4.0.12-6 release notes are available in the official documentation.

Sep
09
2019
--

Announcing the Launch of Percona Server for MongoDB 4.2.0-1

Percona Server for MongoDB

Percona Server for MongoDB

We are pleased to announce the launch of Percona Server for MongoDB 4.2.0-1 on September 9, 2019. Our engineers have been hard at work to bring this to you less than a month after the launch of MongoDB Community Edition 4.2.

Percona Server for MongoDB 4.2.0-1 includes all of the new features of the latest Community version, as well as providing our users with Enterprise-level enhancements for free.

Download the latest version from the Percona website or the Percona software repositories.

Percona Server for MongoDB is an enhanced, open source, and highly-scalable database that acts as a fully-compatible, drop-in replacement for MongoDB 4.2 Community Edition. It supports MongoDB 4.2 protocols and drivers.

Percona Server for MongoDB extends the functionality of the MongoDB 4.2 Community Edition by including the Percona Memory Engine storage engine, encrypted WiredTiger storage engineaudit loggingexternal LDAP authenticationhot backups, and enhanced query profilingPercona Server for MongoDB requires no changes to MongoDB applications or code.

Percona Server for MongoDB 4.2.0-1 includes all of the features of MongoDB 4.2 Community Edition. The most notable among these are:

Improving its security, MongoDB 4.2 Community Edition resolves the following CVEs: CVE-2019-2389 and CVE-2019-2386.

MongoDB 4.2 Community Edition removes the MMAPv1 storage engine along with MMAPv1 specific configuration options, parameters and commands. It also removes a number of commands and methods not related to MMAPv1.

Percona Server for MongoDB 4.2.0-1 is based on MongoDB 4.2.0.

There are a number of benefits to downloading the latest version of our software, including the impressive new features referenced above, which make it easier to run and manage your MongoDB database and help to keep your data safe.

For further information on the application of these new features, you can also visit our recent blogs which dig into the pros and cons of each in detail:

We believe that MongoDB 4.2 Community Edition is a great improvement on previous versions, with some long-awaited enhancements, including features which were previously only available in the Enterprise version.

Percona Server for MongoDB is a free and open source drop-in for MongoDB Community Edition and includes all of the new features of 4.2, and more! This makes it an attractive proposition for businesses looking to have a robust database software solution in place and make the most of their IT budget.

The Percona Server for MongoDB 4.2.0-1 release notes are available in the official documentation.

Download our product flyer for more information on Percona’s commitment to MongoDB.

Please contact us if you would like any assistance with your MongoDB database set-up, or if you would like to discuss any of the 4.2 features in more detail.

Aug
09
2019
--

Percona Server for MongoDB 3.4.22-2.20 Now Available

Percona Server for MongoDB 3.4.22-2.20

Percona Server for MongoDB

Percona announces the release of Percona Server for MongoDB 3.4.22-2.20 on August 9, 2019. Download the latest version from the Percona website or the Percona software repositories.

Percona Server for MongoDB is an enhanced, open source, and highly-scalable database that is a fully-compatible, drop-in replacement for MongoDB 3.4 Community Edition. It supports MongoDB 3.4 protocols and drivers.

Percona Server for MongoDB extends Community Edition functionality by including the Percona Memory Engine storage engine, as well as several enterprise-grade features:

Also, it includes MongoRocks storage engine, which is now deprecated. Percona Server for MongoDB requires no changes to MongoDB applications or code.

This release is based on MongoDB 3.4.22. In Percona Server for MongoDB 3.4.22-2.20, there are no additional improvements or new features on top of those upstream fixes.

Release notes are available in the official documentation.

Jul
16
2019
--

Percona Kubernetes Operator for MongoDB 1.1.0 Is Now Available

Kubernetes for MongoDB

Kubernetes for MongoDBWe are glad to announce the 1.1.0 release of the Percona Kubernetes Operator for Percona Server for MongoDB.

The Operator simplifies the deployment and management of the Percona Server for MongoDB in Kubernetes-based environments. It extends the Kubernetes API with a new custom resource for deploying, configuring and managing the application through the whole life cycle.

The Operator source code is available in our Github repository. All of Percona’s software is open-source and free.

New features and improvements

  • Now the Percona Kubernetes Operator allows upgrading Percona Server for MongoDB to newer versions, either in semi-automatic or in manual mode.
  • Also, two modes are implemented for updating the Percona Server for MongoDB mongod.conf configuration file: in automatic configuration update mode Percona Server for MongoDB Pods are immediately re-created to populate changed options from the Operator YAML file, while in manual mode changes are held until Percona Server for MongoDB Pods are re-created manually.
  • Percona Server for MongoDB data-at-rest encryption is now supported by the Operator to ensure that encrypted data files cannot be decrypted by anyone except those with the decryption key.
  • A separate service account is now used by the Operator’s containers which need special privileges, and all other Pods run on default service account with limited permissions.
  • User secrets are now generated automatically if don’t exist: this feature especially helps reduce work in repeated development environment testing and reduces the chance of accidentally pushing predefined development passwords to production environments.
  • The Operator is now able to generate TLS certificates itself which removes the need in manual certificate generation.
  • The list of officially supported platforms now includes the Minikube, which provides an easy way to test the Operator locally on your own machine before deploying it on a cloud.
  • Also, Google Kubernetes Engine 1.14 and OpenShift Platform 4.1 are now supported.

Percona Server for MongoDB is an enhanced, open source and highly-scalable database that is a fully-compatible, drop-in replacement for MongoDB Community Edition. It supports MongoDB® protocols and drivers. Percona Server for MongoDB extends MongoDB Community Edition functionality by including the Percona Memory Engine, as well as several enterprise-grade features. It requires no changes to MongoDB applications or code.

Help us improve our software quality by reporting any bugs you encounter using our bug tracking system.
Jun
21
2019
--

Percona Server for MongoDB 3.6.13-3.3 Is Now Available

Percona Server for MongoDB

Percona Server for MongoDB

Percona announces the release of Percona Server for MongoDB 3.6.13-3.3 on June 21, 2019. Download the latest version from the Percona website or the Percona software repositories.

Percona Server for MongoDB is an enhanced, open source, and highly-scalable database that is a fully-compatible, drop-in replacement for MongoDB 3.6 Community Edition. It supports MongoDB 3.6 protocols and drivers.

Percona Server for MongoDB extends Community Edition functionality by including the Percona Memory Engine storage engine, as well as several enterprise-grade features. Also, it includes MongoRocks storage engine, which is now deprecated. Percona Server for MongoDB requires no changes to MongoDB applications or code.

Percona Server for MongoDB 3.6.13-3.3 introduces the support of HashiCorp Vault key management service. For more information, see Data at Rest Encryption in the documentation of Percona Server for MongoDB.

New Features

The Percona Server for MongoDB 3.6.13-3.3 release notes are available in the official documentation.

Jun
20
2019
--

Percona Server for MongoDB 3.4.21-2.19 Is Now Available

Percona Server for MongoDB

Percona Server for MongoDB

Percona announces the release of Percona Server for MongoDB 3.4.21-2.19 on June 20, 2019. Download the latest version from the Percona website or the Percona software repositories.

Percona Server for MongoDB is an enhanced, open source, and highly-scalable database that is a fully-compatible, drop-in replacement for MongoDB 3.4 Community Edition. It supports MongoDB 3.4 protocols and drivers.

Percona Server for MongoDB extends Community Edition functionality by including the Percona Memory Engine storage engine, as well as several enterprise-grade features:

Also, it includes MongoRocks storage engine, which is now deprecated. Percona Server for MongoDB requires no changes to MongoDB applications or code.

This release is based on MongoDB 3.4.21. In Percona Server for MongoDB 3.4.21-2.19, there are no additional improvements or new features on top of those upstream fixes.

The Percona Server for MongoDB 3.4.21-2.19 release notes are available in the official documentation.

Jun
18
2019
--

Percona Server for MongoDB – Now Featuring HashiCorp Vault Integration

Percona Server for MongoDB

Percona Server for MongoDBLast Friday we announced the release of Percona Server for MongoDB 4.0.10-5. This can be downloaded from the Percona website or the Percona software repositories.

Percona Server for MongoDB is an enhanced, open source, and highly-scalable database. It is a fully compatible, drop-in replacement for MongoDB 4.0 Community Edition and doesn’t require any changes to MongoDB applications or code.

Our latest release includes all the new features of MongoDB 4.0 Community Edition including Multi-Document ACID transactions, type conversion through the new aggregation operators and enhancements to the Change Streams support.

At Percona we pride ourselves on adding new and exciting enterprise-level features to our software, not just duplicating the latest community version. We are also strongly focused on ensuring our software users have the tools they need to securely manage their data.

HashiCorp Vault Integration

As a result, we are excited to announce integration with HashiCorp Vault in our release of Percona Server for MongoDB 4.0.10-5.

Understanding who is accessing private information on your system can be a challenge. Regular password changes, safe storage, and detailed audit logs are essential to ensuring secure systems.

HashiCorp Vault is a product which manages secrets and protects sensitive data. It securely stores and tightly controls access to confidential information.

In previous versions of Percona Server for MongoDB, the data at rest encryption key was stored locally on the server inside the key file. Our integration withHashiCorp Vault now enables you to store the encryption key more securely inside the vault

Further information on the key features and benefits of HashiCorp Vault can be found here.

Specific details on our data at rest encryption support can be found in ’Data at Rest Encryption’ in the documentation of Percona Server for MongoDB.

Additionally, as well as including the latest features from MongoDB 4.0 Community Edition, Percona Server for MongoDB has other added features. These include the Percona Memory Engine storage engine, encrypted WiredTiger storage engineaudit loggingExternal LDAP Authentication with SASLhot backups, and enhanced query profiling.

The Percona Server for MongoDB 4.0.10-5 release notes are available in the official documentation.

We also recently launched the early release of our latest software product Percona Backup for MongoDB 0.5.0. For more insight into Percona’s MongoDB capabilities please look out for our upcoming software announcements, webinars, and blogs.

Percona has extensive experience advising companies on the best way to configure, manage, and run their MongoDB databases. To learn more, please contact us at 1-888-316-9775 or 0-800-051-8984 in Europe or sales@percona.com.

Jun
13
2019
--

Percona Server for MongoDB 4.0.10-5 Now Available

Percona Server for MongoDB

Percona Server for MongoDB

Percona announces the release of Percona Server for MongoDB 4.0.10-5 on June 13, 2019. Download the latest version from the Percona website or the Percona software repositories.

Percona Server for MongoDB is an enhanced, open source, and highly-scalable database that is a fully-compatible, drop-in replacement for MongoDB 4.0 Community Edition. It supports MongoDB 4.0 protocols and drivers.

Percona Server for MongoDB extends the functionality of the MongoDB 4.0 Community Edition by including the Percona Memory Engine storage engine, encrypted WiredTiger storage engineaudit loggingSASL authenticationhot backups, and enhanced query profilingPercona Server for MongoDB requires no changes to MongoDB applications or code.

Percona Server for MongoDB 4.0.10-5 introduces the support of HashiCorp Vault key management service. For more information, see Data at Rest Encryption in the documentation of Percona Server for MongoDB.

This release includes all features of MongoDB 4.0 Community Edition. Most notable among these are:

Note that the MMAPv1 storage engine is deprecated in MongoDB 4.0 Community Edition.

Percona Server for MongoDB 4.0.10-5 is based on MongoDB 4.0.10.

New Features

The Percona Server for MongoDB 4.0.10-5 release notes are available in the official documentation.

May
30
2019
--

Percona Monitoring and Management (PMM) 2 Beta Is Now Available

Percona Monitoring and Management

Percona Monitoring and Management

We are pleased to announce the release of PMM 2 Beta!  PMM (Percona Monitoring and Management) is a free and open-source platform for managing and monitoring MySQL, MongoDB, and PostgreSQL performance.

  • Query Analytics:
    • MySQL and MongoDB – Slow log, PERFORMANCE_SCHEMA, and Profiler data sources
    • Support for large environments – default view all queries from all instances
    • Filtering – display only the results matching filters such as the schema name or the server instance
    • Sorting and more columns – now sort by any column.
    • Modify Columns – Add one or more columns for any field exposed by the data source
    • Sparklines –  restyled sparkline targeted at making data representation more accurate
  • Labels – Prometheus now supports auto-discovered and custom labels
  • Inventory Overview Dashboard – Displays the agents, services, and nodes which are registered with PMM Server
  • Environment Overview Dashboard – See issues at a glance across multiple servers
  • API – View versions and list hosts using the API
  • MySQL, MongoDB, and PostgreSQL Metrics – Visualize database metrics over time
  • pmm-agent – Provides secure remote management of the exporter processes and data collectors on the client

PMM 2 Beta is still a work in progress – you may encounter some bugs and missing features. We are aware of a number of issues, but please report any and all that you find to Percona’s JIRA.

This release is not recommended for Production environments.

PMM 2 is designed to be used as a new installation – please don’t try to upgrade your existing PMM 1 environment.

Query Analytics Dashboard

Query Analytics Dashboard now defaults to display all queries on each of the systems that are configured for MySQL PERFORMANCE_SCHEMA, Slow Log, and MongoDB Profiler, and includes comprehensive filtering capabilities.

Query Analytics Overview

You’ll recognize some of the common elements in PMM 2 Query Analytics such as the Load, Count, and Latency columns. However, there are new elements such as the filter box and more arrows on the columns:

Query Detail

Query Analytics continues to deliver detailed information regarding individual query performance

Filter and Search By

There is a filtering panel on the left, or use the search by bar to set filters using key:value syntax. For example, I’m interested in just the queries related to mysql-sl2 server, I could then type d_server:mysql-sl2:

Sort by any column

This is a much-requested feature from PMM Query Analytics and we’re glad to announce that you can now sort by any column! Just click the small arrow to the right of the column name and:

Sparklines

As you may have already noticed, we have changed the sparkline representation. New sparklines are not points-based lines, but are interval-based, and look like a staircase line with flat values for each of the displayed period:

We also position a single sparkline for only the left-most column and render numeric values for all remaining columns.

Add extra columns

Now you can add a column for each additional field which is exposed by the data source. For example, you can add Rows Examined by clicking the + sign and typing or selecting from the available list of fields:

MySQL Query Analytics Slow Log source

We’ve increased our MySQL support to include both PERFORMANCE_SCHEMA and Slow log – and if you’re using Percona Server with the Extended Slow Log format, you’ll be able to gain deep insight into the performance of individual queries, for example, InnoDB behavior.  Note the difference between the detail available from PERFORMANCE_SCHEMA vs Slow Log:

PERFORMANCE_SCHEMA:

Slow Log:

MongoDB Metrics

Support for MongoDB Metrics included in this release means you can add a local or remote MongoDB instance to PMM 2 and take advantage of the following view of MongoDB performance:

PostgreSQL Metrics

In this release, we’re also including support for PostgreSQL Metrics. We’re launching PMM 2 Beta with just the PostgreSQL Overview dashboard, but we have others under development, so watch for new Dashboards to appear in subsequent releases!

Environment Overview Dashboard

This new dashboard provides a bird’s-eye view, showing a large number of hosts at once. It allows you to easily figure out the hosts which have issues, and move onto other dashboards for a deeper investigation.

The charts presented show the top five hosts by different parameters:

The eye-catching colored hexagons with statistical data show the current values of parameters and allow you to drill-down to a dashboard which has further details on a specific host.

Labels

An important concept we’re introducing in PMM 2 is that when a label is assigned it is persisted in both the Metrics (Prometheus) and Query Analytics (Clickhouse) databases. So, when you browse a target in Prometheus you’ll notice many more labels appear – particularly the auto-discovered (replication_set, environment, node_name, etc.) and (soon to be released) custom labels via custom_label.

Inventory Dashboard

We’ve introduced a new dashboard with several tabs so that users are better able to understand which nodes, agents, and services are registered against PMM Server. We have an established hierarchy with Node at the top, then Service and Agents assigned to a Node.

  • Nodes – Where the service and agents will run. Assigned a node_id, associated with a machine_id (from /etc/machine-id)

    • Examples: bare metal, virtualized, container
  • Services – Individual service names and where they run, against which agents will be assigned. Each instance of a service gets a service_id value that is related to a node_id
    • Examples: MySQL, Amazon Aurora MySQL
    • You can also use this feature to support multiple mysqld instances on a single node, for example: mysql1-3306, mysql1-3307
  • Agents – Each binary (exporter, agent) running on a client will get an agent_id value
    • pmm-agent is the top of the tree, assigned to a node_id
    • node_exporter is assigned to pmm-agent agent_id
    • mysqld_exporter and QAN MySQL Perfschema are assigned to a service_id
    • Examples: pmm-agent, node_exporter, mysqld_exporter, QAN MySQL Perfschema

You can now see which services, agents, and nodes are registered with PMM Server.

Nodes

In this example I have PMM Server (docker) running on the same virtualized compute instance as my Percona Server 5.7 instance, so PMM treats this as two different nodes.

Services

Agents

For a monitored Percona Server instance, you’ll see an agent for each of these:

  1. pmm-agent
  2. node_exporter
  3. mysqld_exporter
  4. QAN Perfschema

API

We are exposing an API for PMM Server! You can view versions, list hosts, and more…

The API is not guaranteed to work until GA release – so be prepared for some errors during Beta release.

Browse the API using Swagger at /swagger

Installation and configuration

The default PMM Server credentials are:

username: admin
password: admin

Install PMM Server with docker

The easiest way to install PMM Server is to deploy it with Docker. Running the PMM 2 Docker container with PMM Server can be done by the following commands (note the version tag of 2.0.0-beta1):

docker create -v /srv --name pmm-data-2-0-0-beta1 perconalab/pmm-server:2.0.0-beta1 /bin/true
docker run -d -p 80:80 -p 443:443 --volumes-from pmm-data-2-0-0-beta1 --name pmm-server-2.0.0-beta1 --restart always perconalab/pmm-server:2.0.0-beta1

Install PMM Client

Since PMM 2 is still not GA, you’ll need to leverage our experimental release of the Percona repository. You’ll need to download and install the official percona-release package from Percona, and use it to enable the Percona experimental component of the original repository. See percona-release official documentation for further details on this new tool.

Specific instructions for a Debian system are as follows:

wget https://repo.percona.com/apt/percona-release_latest.generic_all.deb
sudo dpkg -i percona-release_latest.generic_all.deb

Now enable the experimental repo:

sudo percona-release disable all
sudo percona-release enable original experimental

Install pmm2-client package:

apt-get update
apt-get install pmm2-client

Users who have previously installed pmm2-client alpha version should remove the package and install a new one in order to update to beta1.

Please note that leaving experimental repository enabled may affect further package installation operations with bleeding edge software that may not be suitable for Production. You can revert by disabling experimental via the following commands:

sudo percona-release disable original experimental
sudo apt-get update

Configure PMM

Once PMM Client is installed, run the pmm-admin config command with your PMM Server IP address to register your Node:

# pmm-admin config --server-insecure-tls --server-address=<IP Address>:443

You should see the following:

Checking local pmm-agent status...
pmm-agent is running.
Registering pmm-agent on PMM Server...
Registered.
Configuration file /usr/local/percona/pmm-agent.yaml updated.
Reloading pmm-agent configuration...
Configuration reloaded.

Adding MySQL Metrics and Query Analytics

MySQL server can be added for the monitoring in its normal way. Here is a command which adds it using the PERFORMANCE_SCHEMA source:

sudo pmm-admin add mysql --use-perfschema --username=pmm --password=pmm

where username and password are credentials for accessing MySQL.

The syntax to add MySQL services (Metrics and Query Analytics) using the Slow Log source is the following:

sudo pmm-admin add mysql --use-slowlog --username=pmm --password=pmm

When the server is added, you can check your MySQL dashboards and Query Analytics in order to view its performance information!

Adding MongoDB Metrics and Query Analytics

You can add MongoDB services (Metrics and Query Analytics) with a similar command:

pmm-admin add mongodb --use-profiler --use-exporter  --username=pmm  --password=pmm

Adding PostgreSQL monitoring service

You can add PostgreSQL service as follows:

pmm-admin add postgresql --username=pmm --password=pmm

You can then check your PostgreSQL Overview dashboard.

About PMM

Percona Monitoring and Management (PMM) is a free and open-source platform for managing and monitoring MySQL®, MongoDB®, and PostgreSQL® performance. You can run PMM in your own environment for maximum security and reliability. It provides thorough time-based analysis for MySQL®, MongoDB®, and PostgreSQL® servers to ensure that your data works as efficiently as possible.

Help us improve our software quality by reporting any Percona Monitoring and Management bugs you encounter using our bug tracking system.

Powered by WordPress | Theme: Aeros 2.0 by TheBuckmaker.com