Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mysqld_exporter configuration for ssl not possible #604

Open
moon-hawk opened this issue Jan 19, 2022 · 3 comments
Open

mysqld_exporter configuration for ssl not possible #604

moon-hawk opened this issue Jan 19, 2022 · 3 comments

Comments

@moon-hawk
Copy link

Affected Puppet, Ruby, OS and module versions/distributions

  • Puppet:
  • Ruby:
  • Distribution:
  • Module version:

How to reproduce (e.g Puppet code you use)

configured mysqld_exporter with DB Connection

What are you seeing

no conection to DB possible, when DB is configured for ssl conections

What behaviour did you expect instead

connection to DB like the mysql cli

Output log

caller=exporter.go:149 msg="Error pinging mysqld" err="Error 3159: Connections using insecure transport are prohibited while --require_secure_transport=ON."

Any additional information you'd like to impart

I'm not sure if this is the right place for this.
mysqld_exporter decides if it does a ssl connection on the value ssl-ca in my.cnf file provided.
https://github.com/prometheus/mysqld_exporter/blob/e2ff660f50422245cdae9516dbf167e8c889c8bf/mysqld_exporter.go#L142
So it fails in case of this puppet modul, because the value istn't there.
With this puppet module i cannot set thsi config value ( e.g. to ssl-ca=/etc/ssl/certs/ca-certificates.crt ). So it will always try an unsecure conection.

FYI: I also can not use manage_service false because of the notify command expects the service to be there

Server Error: Could not find resource 'Service[mysqld_exporter]' in parameter 'notify' (file: /etc/puppetlabs/code/environments/production/modules/prometheus/manifests/mysqld_exporter.pp, line: 124)
@moon-hawk
Copy link
Author

Workaround

  • rollout with normal configuration
  • disable rollout in puppet config
  • manually set ssl-ca (and if necessary ssl-key, ssl-cert) in the defined config file
  • restart exporter

@moon-hawk
Copy link
Author

moon-hawk commented Jan 20, 2022
edited

I have thought about the problem and i think that the modul should have support for ssl connections to the mysql server, regardless how its implemented in the mysqld_exporter.

I have written changes (in my limited understanding of the code) for mysqld_exporter.pp and my.cnf.epp
At the moment i struggeling hard with getting a pull request on the way ;)

Sorry i work mostly directly with git cli, not github... so i'm stuck there, hopefully i will figure it out next week when i have a little bit more time on my hand.

@moon-hawk moon-hawk mentioned this issue Apr 3, 2023
Closed
@moon-hawk
Copy link
Author

the initial week turned into over a year, but now i created the pull request
also fixed the test failures with the static validations

i think the archlinux test failures are not connected..

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

issue #604 : compatibility for ssl connections to the database
1 participant
@moon-hawk