Skip to content

Deployment Overview of Percona Monitoring on Server

Prerequisites and Basic Requirements

The deployment of Percona Monitoring and Management (PMM) requires a Linux environment with the following specifications:

  • Operating System: Ubuntu (compatible with APT package management).

  • Privileges: Root or sudo access is required to install system packages, Docker, and manage services.

  • Domain Configuration: The server must be accessible via the hostkey.in domain.

  • Network: The server must have outbound internet access to download the PMM installer and SSL certificates.

FQDN of the Final Panel

The Percona Monitoring interface is accessible via the following Fully Qualified Domain Name (FQDN) format:

  • percona<Server ID>.hostkey.in

The service operates over standard HTTPS ports once the SSL certificate is issued.

File and Directory Structure

The application utilizes a containerized architecture where configuration and data are managed within the Docker container named pmm-server. Key internal paths include:

  • SSL Certificates: /srv/nginx/certificate.crt, /srv/nginx/certificate.key, /srv/nginx/ca-certs.pem, /srv/nginx/dhparam.pem.

  • Nginx Configuration: /srv/nginx/certificate.conf.

  • Host System Certificates: /etc/letsencrypt/live/percona<Server ID>.hostkey.in/.

Application Installation Process

The Percona Monitoring and Management (PMM) suite is installed using the official Percona installer script. The installation process involves the following steps:

  1. Update and upgrade the system's APT package repository.

  2. Install required system dependencies, including nginx and python3-pip.

  3. Install certbot and certbot-nginx via pip for SSL management.

  4. Install Docker using the managed installation role.

  5. Execute the Percona installer script: 

    curl -fsSL https://www.percona.com/get/pmm | /bin/bash

Access Rights and Security

Security is enforced through the following mechanisms:

  • Firewall: The system relies on the host's firewall configuration to allow traffic to the PMM ports.

  • SSL/TLS: Secure connections are established using Let's Encrypt certificates issued via Certbot.

  • User Permissions: Inside the container, the pmm user and pmm group own the SSL certificate files and configuration.

  • Certificate Issuance: Certificates are issued automatically for the domain percona<Server ID>.hostkey.in without requiring email registration.

Docker Containers and Their Deployment

The application runs within a single Docker container named pmm-server. The deployment includes:

  • Container Name: pmm-server.

  • Service Management: Internal services, including Nginx, are managed via supervisorctl within the container.

  • Certificate Integration: SSL certificates generated on the host are copied into the container using docker cp and permissions are adjusted to ensure the pmm user can access them.

Proxy Servers

Nginx acts as the reverse proxy for the Percona Monitoring interface. The configuration includes:

  • SSL Termination: Nginx handles HTTPS traffic using certificates provided by Let's Encrypt.

  • Certificate Source: Certificates are fetched from the host's /etc/letsencrypt/live/ directory and injected into the container.

  • Custom Domain: The proxy is configured to serve the specific subdomain percona<Server ID>.hostkey.in.

  • DH Parameters: Diffie-Hellman parameters are copied from the host to /srv/nginx/dhparam.pem inside the container.

Permission Settings

File permissions within the Docker container are explicitly set to ensure the application user has the necessary access:

  • Owner: pmm.pmm (user pmm, group pmm).

  • Files:

  • /srv/nginx/certificate.crt

  • /srv/nginx/certificate.key

  • /srv/nginx/ca-certs.pem

  • /srv/nginx/dhparam.pem

  • /srv/nginx/certificate.conf

These permissions are applied using chown commands executed inside the container after the files are copied.

Location of Configuration Files and Data

Configuration and data files are located in the following directories:

  • Host System:

  • SSL Certificates: /etc/letsencrypt/live/percona<Server ID>.hostkey.in/

  • DH Parameters: /etc/letsencrypt/ssl-dhparams.pem

  • Docker Container (pmm-server):

  • Nginx Configuration and Certificates: /srv/nginx/

  • PMM Data: Managed internally by the PMM container.

Available Ports for Connection

The Percona Monitoring interface is accessible via the standard HTTPS port:

  • Port 443: Secure HTTP (HTTPS) traffic for the web interface.

Starting, Stopping, and Updating

Service management for the internal Nginx proxy is handled via the Supervisor process manager inside the Docker container. To restart the Nginx service after configuration changes or certificate updates, execute the following command: 

docker exec -i pmm-server supervisorctl restart nginx
The main PMM services are managed by the Docker container lifecycle. To restart the entire application stack, restart the pmm-server container.

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×