Open cah-jyoti-prakash opened 3 years ago
I am trying this on GCP cloud SQL postgres
tried this but did not work, :-( docker run -v C:\mycert:/etc/ssl/certs --net=host -eDATA_SOURCE_NAME="postgresql://postgres:password@xx.xx.xx.xx:5432/postgres?sslmode=verify-ca&sslrootcert=/etc/ssl/certs/server-ca.pem&sslcert=/etc/ssl/certs/client-cert.pem&sslkey=/etc/ssl/certs/client-key.pem" wrouesnel/postgres_exporter
I'm having an issue that may be the same. I am trying to authenticate using certificates with the following DATA_SOURCE_NAME
:
postgresql://<USER>@<HOST>:5432/<DB_NAME>?ssl=true&sslmode=verify-full&sslrootcert=cachain.pem&sslcert=client_chain.pem&sslkey=client_key.pem
However it seems that the exporter is still attempting to authenticate using a password rather than with certificates:
INFO[9366] Error opening connection to database (postgresql://<USER>@<HOST>:5432/<DB_NAME>?ssl=true&sslmode=verify-full&sslrootcert=cachain.pem&sslcert=client_chain.pem&sslkey=client_key.pem): pq: password authentication failed for user "<USER>" source="postgres_exporter.go:1070"
I also see the same behaviour with sslmode=require
and sslmode=verify-ca
.
Additionally I am able to connect if I provide a valid password in the string with:
postgresql://<USER>:<PASSWORD>@<HOST>:5432/<DB_NAME>?ssl=true&sslmode=verify-full&sslrootcert=cachain.pem&sslcert=client_chain.pem&sslkey=client_key.pem
I have confirmed that the client is validating the DB certificates successfully.
i am also facing authentication issues.
I want to configure SSL and Authentication between PostgresSQL expoter and Prometheus . Can anyone help in this
Has anyone been able to get this to work with TLS and sslmode=verify-ca?
Looking at the code, it looks like the exporter is built with the idea to support multiple auth modules but only userpass is supported today, as far as I can tell.
Guys, I am able to connect the exporter to PG via tls, but I am using Grafana-agent instead of native PG exporter, here is my way:
data_source_names:
- "postgresql://<pg hostname>:<port>/<dbname>?sslmode=require&sslrootcert=<path to ca>&sslcert=<path to user-to-connect-pg cert>&sslkey=<path to user-to-connect-pg key>"
I am not able to connect. FYI - I need to use ssl "sslmode=verify-ca sslrootcert=server-ca.pem sslcert=client-cert.pem sslkey=client-key.pem"
I can login to my psotgres using my credentials and above mentioned certificate through pgadmin client but not through exporter, also exporter does not through any error just info message
Command I run is: docker run -v C:\mycert:/etc/ssl/certs --net=host -e DATA_SOURCE_NAME="postgresql://postgres:password@xx.xx.xx.xx:5432/postgres?sslmode=require" wrouesnel/postgresexporter time="2021-02-17T06:01:03Z" level=info msg="Starting Server: :9187" source="postgres_exporter.go:1825"_