DEV Community: lalitpercona The latest articles on DEV Community by lalitpercona (@lalitpercona). https://dev.to/lalitpercona https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F377314%2Fd42434ea-6134-411c-be4b-6eac9879cf28.png DEV Community: lalitpercona https://dev.to/lalitpercona en Percona MongoDB Exporter for MongoDB Monitoring with SSL/TLS lalitpercona Fri, 01 May 2020 08:41:40 +0000 https://dev.to/lalitpercona/percona-mongodb-exporter-for-mongodb-monitoring-with-ssl-tls-47cn https://dev.to/lalitpercona/percona-mongodb-exporter-for-mongodb-monitoring-with-ssl-tls-47cn <p>Percona provides the <a href="https://github.com/percona/mongodb_exporter">mongodb_exporter</a> for monitoring MongoDB. It can feed a Prometheus time-series database by exporting sharding, replication, and storage engine metrics. So basically, it’s the way we monitor MongoDB through <a href="https://www.percona.com/software/database-tools/percona-monitoring-and-management">Percona Monitoring and Management</a>.</p> <p>You can download or build mongodb_exporter from the <a href="https://github.com/percona/mongodb_exporter">Github repository</a>. It also comes with the pmm-client package, and it’s based on the latest available mongodb_exporter version.</p> <p>A simple connection method to MongoDB from mongodb_exporter is described in the mongodb_exporter documentation. But the SSL/TLS connection is a bit tricky due to the option changes between versions of MongoDB and mongodb_exporter.<br> Reference:<br> <a href="https://docs.mongodb.com/manual/reference/connection-string/#tls-options">https://docs.mongodb.com/manual/reference/connection-string/#tls-options</a><br> <a href="https://github.com/percona/mongodb_exporter/releases/tag/v0.10.0">https://github.com/percona/mongodb_exporter/releases/tag/v0.10.0</a></p> <p>This blog post will show how to configure MongoDB Exporter with SSL/TLS options.</p> <h2> Connection Method and Options </h2> <h3> mongodb_exporter v 0.9.0 </h3> <p>For SSL connection mongodb_exporter and MongoDB, here’s a list of <a href="https://www.percona.com/doc/percona-monitoring-and-management/section.exporter.mongodb.html">SSL options</a>.<br> </p> <div class="highlight"><pre class="highlight shell"><code><span class="c"># ./mongodb_exporter --mongodb.uri=mongodb://mongodb_exporter:Admin123@localhost:27017 --mongodb.tls --mongodb.tls-ca /etc/mongodb/rootCA.pem --mongodb.tls-cert /etc/mongodb/mongodb.pem</span> INFO[0000] Starting mongodb_exporter <span class="o">(</span><span class="nv">version</span><span class="o">=</span>0.9.0, <span class="nv">branch</span><span class="o">=</span>v0.9.0, <span class="nv">revision</span><span class="o">=</span>a11b3b515ee219ef9bce6af7f41d3ff47cc71720<span class="o">)</span> <span class="nb">source</span><span class="o">=</span><span class="s2">"mongodb_exporter.go:108"</span> INFO[0000] Build context <span class="o">(</span><span class="nv">go</span><span class="o">=</span>go1.12.9, <span class="nv">user</span><span class="o">=</span>travis@build.travis-ci.com, <span class="nb">date</span><span class="o">=</span>20190830-18:19:56<span class="o">)</span> <span class="nb">source</span><span class="o">=</span><span class="s2">"mongodb_exporter.go:109"</span> INFO[0000] Starting HTTP server <span class="k">for </span>http://:9216/metrics ... <span class="nb">source</span><span class="o">=</span><span class="s2">"server.go:140"</span> </code></pre></div> <p>MongoDB server logs:<br> </p> <div class="highlight"><pre class="highlight shell"><code>I ACCESS <span class="o">[</span>conn1164] Successfully authenticated as principal mongodb_exporter on admin from client 127.0.0.1:40772 </code></pre></div> <h3> mongodb_exporter v 0.10.0 </h3> <p>Now lets test SSL connection with mongodb_exporter v0.10.0 using the same options.<br> </p> <div class="highlight"><pre class="highlight shell"><code><span class="c"># ./mongodb_exporter --mongodb.uri=mongodb://mongodb_exporter:Admin123@localhost:27017 --mongodb.tls --mongodb.tls-ca /etc/mongodb/rootCA.pem --mongodb.tls-cert /etc/mongodb/mongodb.pem</span> mongodb_exporter: error: unknown long flag <span class="s1">'--mongodb.tls'</span>, try <span class="nt">--help</span> </code></pre></div> <p>As we can see, mongodb_exporter v0.10.0 is not able to identify given options in the document. An error occurred due to changes in the mongodb_exporter v.0.10.0 version.</p> <p>Reference: <a href="https://github.com/percona/mongodb_exporter/releases/tag/v0.10.0">https://github.com/percona/mongodb_exporter/releases/tag/v0.10.0</a></p> <ul> <li>-go.mongodb.org/mongo-driver was updated to v1.1.1.</li> <li>-All –mongodb.tls* flags were removed. Use tls-options instead.</li> </ul> <p>Depending on the MongoDB version and the support for SSL/TSL, we will use the following options in mongodb.uri:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>SSL Option</th> <th>TLS Option</th> </tr> </thead> <tbody> <tr> <td>sslclientcertificatekeyfile</td> <td>tlscertificatekeyfile</td> </tr> <tr> <td>sslclientcertificatekeypassword</td> <td>tlscertificatekeyfilepassword</td> </tr> <tr> <td>sslinsecure</td> <td>tlsinsecure</td> </tr> <tr> <td>sslcertificateauthorityfile</td> <td>tlscafile</td> </tr> </tbody> </table></div> <p>We should refer to MongoDB documentation for <a href="https://docs.mongodb.com/manual/reference/connection-string/#tls-options">additional URI options</a>. We will not see these options under mongodb_exporter –help since they are part of mongodb.uri</p> <h3> Examples </h3> <h4> Using TLS Options </h4> <div class="highlight"><pre class="highlight shell"><code><span class="c"># ./mongodb_exporter --mongodb.uri="mongodb://mongodb_exporter:Admin123@localhost:27017/admin?tls=true&amp;tlsCertificateKeyFile=/etc/mongodb/mongodb.pem&amp;tlsAllowInvalidCertificates=true&amp;tlsCAFile=/etc/mongodb/rootCA.pem"</span> INFO[0000] Starting mongodb_exporter <span class="o">(</span><span class="nv">version</span><span class="o">=</span>0.10.0, <span class="nv">branch</span><span class="o">=</span>v0.10.0, <span class="nv">revision</span><span class="o">=</span>bf683745093a9210ebacbeb235bb792e21d17389<span class="o">)</span> <span class="nb">source</span><span class="o">=</span><span class="s2">"mongodb_exporter.go:94"</span> INFO[0000] Build context <span class="o">(</span><span class="nv">go</span><span class="o">=</span>go1.12.9, <span class="nv">user</span><span class="o">=</span>travis@build.travis-ci.com, <span class="nb">date</span><span class="o">=</span>20190918-13:37:48<span class="o">)</span> <span class="nb">source</span><span class="o">=</span><span class="s2">"mongodb_exporter.go:95"</span> INFO[0000] Starting HTTP server <span class="k">for </span>http://:9216/metrics ... <span class="nb">source</span><span class="o">=</span><span class="s2">"server.go:140"</span> </code></pre></div> <p>MongoDB logs:<br> </p> <div class="highlight"><pre class="highlight shell"><code>I NETWORK <span class="o">[</span>listener] connection accepted from 127.0.0.1:52146 <span class="c">#1564 (1 connection now open)</span> I NETWORK <span class="o">[</span>conn1564] received client metadata from 127.0.0.1:52146 conn1564: <span class="o">{</span> driver: <span class="o">{</span> name: <span class="s2">"mongo-go-driver"</span>, version: <span class="s2">"v1.1.1"</span> <span class="o">}</span>, os: <span class="o">{</span> <span class="nb">type</span>: <span class="s2">"linux"</span>, architecture: <span class="s2">"amd64"</span> <span class="o">}</span>, platform: <span class="s2">"go1.12.9"</span> <span class="o">}</span> I NETWORK <span class="o">[</span>listener] connection accepted from 127.0.0.1:52148 <span class="c">#1565 (2 connections now open)</span> I NETWORK <span class="o">[</span>conn1565] received client metadata from 127.0.0.1:52148 conn1565: <span class="o">{</span> driver: <span class="o">{</span> name: <span class="s2">"mongo-go-driver"</span>, version: <span class="s2">"v1.1.1"</span> <span class="o">}</span>, os: <span class="o">{</span> <span class="nb">type</span>: <span class="s2">"linux"</span>, architecture: <span class="s2">"amd64"</span> <span class="o">}</span>, platform: <span class="s2">"go1.12.9"</span>, application: <span class="o">{</span> name: <span class="s2">"mongodb_exporter"</span> <span class="o">}</span> <span class="o">}</span> I ACCESS <span class="o">[</span>conn1565] Successfully authenticated as principal mongodb_exporter on admin from client 127.0.0.1:52148 </code></pre></div> <h4> Using SSL options </h4> <div class="highlight"><pre class="highlight shell"><code>./mongodb_exporter <span class="nt">--mongodb</span>.uri<span class="o">=</span><span class="s2">"mongodb://mongodb_exporter:Admin123@localhost:27017/admin?ssl=true&amp;sslclientcertificatekeyfile=/etc/mongodb/mongodb.pem&amp;sslinsecure=true&amp;sslcertificateauthorityfile=/etc/mongodb/rootCA.pem"</span> INFO[0000] Starting mongodb_exporter <span class="o">(</span><span class="nv">version</span><span class="o">=</span>0.10.0, <span class="nv">branch</span><span class="o">=</span>v0.10.0, <span class="nv">revision</span><span class="o">=</span>bf683745093a9210ebacbeb235bb792e21d17389<span class="o">)</span> <span class="nb">source</span><span class="o">=</span><span class="s2">"mongodb_exporter.go:94"</span> INFO[0000] Build context <span class="o">(</span><span class="nv">go</span><span class="o">=</span>go1.12.9, <span class="nv">user</span><span class="o">=</span>travis@build.travis-ci.com, <span class="nb">date</span><span class="o">=</span>20190918-13:37:48<span class="o">)</span> <span class="nb">source</span><span class="o">=</span><span class="s2">"mongodb_exporter.go:95"</span> INFO[0000] Starting HTTP server <span class="k">for </span>http://:9216/metrics ... <span class="nb">source</span><span class="o">=</span><span class="s2">"server.go:140"</span> </code></pre></div> <p>MongoDB logs:<br> </p> <div class="highlight"><pre class="highlight shell"><code>I NETWORK <span class="o">[</span>listener] connection accepted from 127.0.0.1:51650 <span class="c">#1544 (1 connection now open)</span> I NETWORK <span class="o">[</span>conn1544] received client metadata from 127.0.0.1:51650 conn1544: <span class="o">{</span> driver: <span class="o">{</span> name: <span class="s2">"mongo-go-driver"</span>, version: <span class="s2">"v1.1.1"</span> <span class="o">}</span>, os: <span class="o">{</span> <span class="nb">type</span>: <span class="s2">"linux"</span>, architecture: <span class="s2">"amd64"</span> <span class="o">}</span>, platform: <span class="s2">"go1.12.9"</span> <span class="o">}</span> I NETWORK <span class="o">[</span>listener] connection accepted from 127.0.0.1:51652 <span class="c">#1545 (2 connections now open)</span> I NETWORK <span class="o">[</span>conn1545] received client metadata from 127.0.0.1:51652 conn1545: <span class="o">{</span> driver: <span class="o">{</span> name: <span class="s2">"mongo-go-driver"</span>, version: <span class="s2">"v1.1.1"</span> <span class="o">}</span>, os: <span class="o">{</span> <span class="nb">type</span>: <span class="s2">"linux"</span>, architecture: <span class="s2">"amd64"</span> <span class="o">}</span>, platform: <span class="s2">"go1.12.9"</span>, application: <span class="o">{</span> name: <span class="s2">"mongodb_exporter"</span> <span class="o">}</span> <span class="o">}</span> I ACCESS <span class="o">[</span>conn1545] Successfully authenticated as principal mongodb_exporter on admin from client 127.0.0.1:51652 </code></pre></div> <p>As I mentioned, while the SSL/TLS connection can be a little tricky, I am hopeful that this post helps you properly configure MongoDB Exporter!</p> mongodb monitoring database percona