search

vertica / vertica-grafana-datasource

Official Vertica datasource plugin for Grafana.
https://grafana.com/grafana/plugins/vertica-grafana-datasource/
Apache License 2.0
3 stars 8 forks source link

SOCKS5 Proxy with Vertica #47

Open Zeevbd opened 7 months ago

Zeevbd commented 7 months ago

trying to connect to a Vertica DataSource behind a proxy but with no luck

used the Recommendations under the Grafana Document: https://grafana.com/docs/grafana-cloud/connect-externally-hosted/private-data-source-connect/#known-limitations

Below is the example used under Grafana.ini

#################################### Secure Socks5 Datasource Proxy ##################################### [secure_socks_datasource_proxy] enabled = true ; root_ca_cert = /etc/ca.crt ; client_key = /etc/client.key ; client_cert = /etc/client.crt ; server_name = proxy.grafana.svc.cluster.local

The address of the socks5 proxy datasources should connect to

proxy_address = localhost:10020 show_ui = true

######################################################################################################

initiated all the Keys externally, all i need is to be able to use the proxy with the localhost:10020 (with port 10020) (i can connect with DBEAVER to the database: using the proxy tab to the specific port:

below the main TAB would have an IP:5433

image

The Vertica DataSource would not show any other option than the screen shot

image

However when connecting through DBEAVER i do use an IP connection with a proxy connection:

image

image

as can see the definition is located under two tabs: Main - Host IP && Port in my case: (10.228.10.155:5433) Proxy: Host && Port (Localhost:10020)

Only when both are defined it is possible to connect to the DB

Results from the Test Connection:

image

It leads to a Question: how can one define a Grafana Datasource to allow a connection with a DB like shown above via Dbeaver App?

tanvipise commented 7 months ago

Hello Ze'ev,

The data source proxy settings are offered by Grafana and only to the built-in core Grafana plugins and not to the external ones. The list can be found here: https://grafana.com/docs/grafana-cloud/connect-externally-hosted/private-data-source-connect/#pdc-known-limitations. Vertica plugin is an external data source developed by us and not by Grafana and hence it is not supported for Proxy setup in Grafana.

Thanks, Tanvi

sitingren commented 7 months ago

SSH tunnel might be helpful for you: https://docs.vertica.com/23.4.x/en/connecting-to/proxy-connections/

tanvipise commented 7 months ago

@Zeevbd, we have looked through Grafana docs and also reached out to Grafana. Are trying to use the PDC or trying to set up your own socks5 proxy? It would be better to understand if you provided some graphical representation of how your pieces are binding together.

Zeevbd commented 7 months ago

Hi @tanvipise i tried working with the Instruction on the PDC Grafana docs, and used the recommended keys.

it does not seems to be doing something...

#################################### Secure Socks5 Datasource Proxy ##################################### [secure_socks_datasource_proxy] enabled = true ; root_ca_cert = /etc/ca.crt ; client_key = /etc/client.key ; client_cert = /etc/client.crt ; server_name = proxy.grafana.svc.cluster.local

verticacrossman commented 7 months ago

@Zeevbd, We've been in touch with Grafana and it doesn't seem what you are trying is going to work. Grafana server side PDC needs to have a pdc-agent running on the database side. An extract from https://grafana.com/blog/2023/10/05/unify-and-query-private-network-data-in-grafana-cloud-private-data-source-connect-is-now-ga/ describes it. "The PDC agent establishes an SSH tunnel, facilitating data transmission between your private data sources and Grafana Cloud. The SSH client uses reverse dynamic forwarding, acting as a SOCKS proxy to direct queries to Grafana."

They confirmed that Vertica is not on the PDC supported datasource list, and that PDC on the server side will not work with a user's local socks proxy on the database side. It has to talk to the pdc-agent. That same url page shows a graphic of the pdc setup.

They also noted that they do not currently have a developer's toolkit for integrating the PDC, but it is on their roadmap. We're taking a look at what might need ot be added to our datasource for it to talk to the local pdc-agent to see if anything can be implemented in a future release.

Please confirm that your configuration is trying to use PDC on the Grafana server side and your own local proxy on the Vertica side.