Configure PMM2 for Azure MySQL Database with SSL

Azure MySQL with SSL

Registering AzureDB without SSL in PMM

server=db-server.mysql.database.azure.com
monitoruser=monitor_mysql@db-server
monitorpwd=xxxxxxxx
server_name=MyProdDB1
pmm-admin add mysql --username=$monitoruser --password=$monitorpwd --host=$server --service-name=$server_name --query-source=perfschema

DB connectivity with ssl

Successful connection with SSL
mysql --user=$monitoruser --password=$monitorpwd --host=$server
Unsuccessful connection with verify ca SSLmysql --user=$monitoruser --password=$monitorpwd --host=$server --ssl-mode=VERIFY_CA
ERROR 2026 (HY000): SSL connection error: CA certificate is required if ssl-mode is VERIFY_CA or VERIFY_IDENTITY
Successful connection with verify ca SSL
mysql --user=$monitoruser --password=$monitorpwd --host=$server --ssl-mode=VERIFY_CA --ssl-ca=azure-ca.crt

Error Registering SSL DB

Error trying to connect without SSL
pmm-admin add mysql --username=$monitoruser --password=$monitorpwd --host=$server --service-name=$server_name --query-source=perfschema
Connection check failed: Error 9002: SSL connection is required. Please specify SSL options and retry..Error trying to connect with SSL
pmm-admin add mysql --username=$monitoruser --password=$monitorpwd --host=$server --service-name=$server_name --query-source=perfschema -tls
TLS is on. You must also define tls-ca, tls-cert and tls-key flags.Error trying to connect with SSL & azure provided certificate
pmm-admin add mysql --username=$monitoruser --password=$monitorpwd --host=$server --service-name=$server_name --query-source=perfschema -tls --tls-ca=azure-ca.crt
TLS is on. You must also define tls-ca, tls-cert and tls-key flags.

Generate new SSL

mysql_ssl_rsa_setup --datadir ssl/
ls ssl/
-rw------- 1 nirav nirav 1679 Jun 17 14:52 ca-key.pem
-rw-r--r-- 1 nirav nirav 1107 Jun 17 14:52 ca.pem
-rw-r--r-- 1 nirav nirav 1107 Jun 17 14:52 client-cert.pem
-rw------- 1 nirav nirav 1679 Jun 17 14:52 client-key.pem
-rw------- 1 nirav nirav 1675 Jun 17 14:52 private_key.pem
-rw-r--r-- 1 nirav nirav 451 Jun 17 14:52 public_key.pem
-rw-r--r-- 1 nirav nirav 1107 Jun 17 14:52 server-cert.pem
-rw------- 1 nirav nirav 1679 Jun 17 14:52 server-key.pem

Register Azure DB with SSL

Successful register with SSL & azure provided certificate
pmm-admin add mysql --username=$monitoruser --password=$monitorpwd --host=$server --service-name=$server_name --query-source=perfschema -tls --tls-ca=azure-ca.crt --tls-cert=client-cert.pem --tls-key=client-key.pem

Reference:

--

--

--

Working as Cloud Architect & Software enthusiastic

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

A SQL Cheat Sheet

The first step to becoming a Docker Expert!!!

How to cope with a legacy codebase — survival guide

UST as the native gas token of Dela

Why do I write GoLang in 2021?

Windows Server Monitoring using Prometheus and WMI Exporter

Software Engineer or Data Scientist?

How to Setup WordPress in Docker

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
NIRAV SHAH

NIRAV SHAH

Working as Cloud Architect & Software enthusiastic

More from Medium

MSSQL Server Database’s Transaction Log Shrink

Azure Automation Configuring Desired State Configuration

OAuth 2.0 Client Credential Flow with Certificate-based Authentication on Microsoft Identity…

Oracle Rest Data Services and OpenAPI