Connect an external instance to PMM¶
Add general external services¶
You can collect metrics from an external (custom) exporter on a node when:
- there is already a pmm-agent instance running and,
- this node has been configured using the
pmm-admin config
command.
Usage¶
pmm-admin add external --service-name=<service-name> --listen-port=<listen-port> --metrics-path=<metrics-path> --scheme=<scheme>
pmm-admin add external-serverless --external-name=<external-service-name> --host=<hostname> --listen-port=<listen-port> --metrics-path=<metrics-path> --scheme=<scheme>
TLS certificate verification¶
When connecting to external services over HTTPS, PMM performs TLS certificate validation by default to ensure secure connections. However, in some scenarios you may need to skip this validation. Use the --tls-skip-verify
flag when monitoring services with:
- self-signed certificates
- development environments where proper certificates aren’t configured
- IP-based endpoints that lack proper certificate Subject Alternative Names (SANs)
- PostgreSQL Operator deployments with HAProxy that use self-signed certificates
- encounter errors like
Connection check failed: Get "https://127.0.0.1:8008/metrics": tls: failed to verify certificate: x509: cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs
, you can resolve this by adding the--tls-skip-verify
flag to your command.
Security warning
Using --skip-tls-verify
disables TLS certificate validation and should only be used in development environments or when connecting to trusted services with certificate issues. This makes connections vulnerable to man-in-the-middle attacks.
Examples with TLS skip verification¶
# 🆕 External service with TLS verification skipped
pmm-admin add external --listen-port=8008 --scheme=https --tls-skip-verify
# 🆕 External serverless with TLS verification skipped
pmm-admin add external-serverless --host=example.com --listen-port=9093 --scheme=https --tls-skip-verify
# 🆕 HAProxy with TLS verification skipped (useful for PostgreSQL Operator deployments)
pmm-admin add haproxy --listen-port=8404 --scheme=https --tls-skip-verify
Get data from external exporters¶
There two ways to get metrics from other exporters:
-
external
will collect metrics from the exporter that is run on the same host as PMM Client’s connection to it by a port. (See more details withpmm-admin add external --help
.) -
external-serverless
is useful for collecting metrics from cloud services. You need a host and port number to add it to PMM Server. (See more details withpmm-admin add external-serverless --help
.)
Here are the differences between external
and external-serverless
types.
Connection schema of external exporter:
Connection schema of external serverless exporter:
Add a service not supported by PMM¶
PMM can collect any metrics in Open metrics or Prometheus exposition format. You must specify the host and port of these metrics using the pmm-admin add external
or pmm-admin add external-serverless
commands.
From this point, PMM will collect and store available metrics.
To browse and visualize collected metrics as a first step, we can look at the Advanced Data Exploration dashboard and select informative services and metrics.
Another way is to create a new Grafana Dashboard to PMM as needed.
One more way is to search for an already created dashboard at https://grafana.com/grafana/dashboards for the added exporter and import it into PMM.
Third-party exporters¶
You can find more exporters on the official Prometheus page.
Custom exporter¶
You can create a custom external exporter or extend your application to expose metrics in Prometheus exposition format. This gives you complete control over what metrics are collected and how they’re exposed. To learn how to build your own exporter, see Writing Exporter in the Prometheus Docs.
Example: Add an HTTP exporter
root@mysql1:~# pmm-admin add external --group=processes --listen-port=9256
External Service added.
Service ID : 6485f4fd-745b-4dfb-8b72-328e300f8b50
Service name: mysql1-processes
Group : processes
This command:
- adds an exporter running on local port 9256 to the group called processes
.
- automatically generates the service name using the host and group names.
- uses the default scheme (http) and metrics path (/metrics).
Example: Add an HTTPS exporter (Skip TLS verification)
root@mysql1:~# pmm-admin add external --group=processes --listen-port=8008 --scheme=https --tls-skip-verify
External Service added.
Service ID : 7b96c5fe-856c-4efc-9c83-439f411g9c61
Service name: mysql1-processes
Group : processes
This command:
- adds an HTTPS exporter on local port
8008
. - uses the
--tls-skip-verify
flag to bypass TLS certificate validation (for development or testing only!) - automatically generates the service name using the host and group names.
Add an external service via UI¶
To add an external service via PMM UI:
-
In the PMM web interface, go to PMM Configuration > PMM Inventory > Add Service > External Service.
-
Fill in the form and set the external service endpoint:
-
manually OR:
-
by parsing required data from a URL string. In this case you only need to pass a valid URL:
-
-
For HTTPS connections: If your external service uses HTTPS with self-signed certificates or certificates that don’t properly validate, check the Skip TLS certificate and hostname validation option under PMM Configuration > PMM Inventory > Services section.