Authentication

Performance Co-Pilot supports the following authentication mechanisms through the SASL authentication framework: plain, login, digest-md5, and gssapi. This guide shows how to setup authentication using the digest-md5 authentication mechanism and a local user database.

Note

Authentication methods login and digest-md5 require PCP 5.1.0 or later.

Requisites

Install the following package, which provides support for the digest-md5 authentication method:

$ sudo dnf install -y cyrus-sasl-md5

Configuring PMCD

First, open the /etc/sasl2/pmcd.conf file and specify the supported authentication mechanism and the path to the user database:

mech_list: digest-md5
sasldb_path: /etc/pcp/passwd.db

Then create a new unix user (in this example pcptestuser) and add it to the user database:

$ sudo useradd -r pcptestuser
$ sudo saslpasswd2 -a pmcd pcptestuser

Note

For every user in the user database, a unix user with the same name must exist. The passwords of the unix user and the /etc/pcp/passwd.db database are not synchronized, and (only) the password of the saslpasswd2 command is used for authentication.

Make sure that the permissions of the user database are correct (readable only by root and the pcp user):

$ sudo chown root:pcp /etc/pcp/passwd.db
$ sudo chmod 640 /etc/pcp/passwd.db

Finally, restart pmcd:

$ sudo systemctl restart pmcd

Test Authentication

To test if the authentication is set up correctly, execute the following command:

$ pminfo -f -h "pcp://127.0.0.1?username=pcptestuser" disk.dev.read

Configuring the Grafana Datasource

Go to the Grafana datasource settings, enable Basic auth, and enter the username and password. Click the Save & Test button to check if the authentication is working.

Note

Due to security reasons, the access mode Browser is not supported with authentication.