OtterTune provides an open source agent capable of observing database and CloudWatch metrics that runs on your hosts. This allows OtterTune to optimize and monitor your database without needing direct access.
Selecting OtterTune Agent access method during Database Creation
The source code for OtterTune's agent is available on GitHub: https://github.com/ottertune/ot-agent
When you add a database to OtterTune and choose the Agent option for the Network Access Method, you will be redirected to the Agent Setup page. If you need to return to the Agent Setup page, navigate the Database Overview page, select the settings gear at the bottom left, and choose "View Agent Setup instructions."
OtterTune will provide an external link to create a Fargate Container via AWS CloudFormation. Some fields will be prefilled for you, while others you will need to fill in.
You will need to supply the SecurityGroupIDs and SubnetIDs parameters such that the specified security groups and subnets allow:
- 1.The container to connect to your database
- 2.Outbound https traffic to 0.0.0.0/0 so the container can push data to OtterTune.
OtterTune provides a prebuilt Docker container on DockerHub. A simple
docker runcommand is provided on the Agent Setup page. Some values will be prefilled for you, while others need to be filled in. See Agent Information below for more details.
OtterTune provides a Kubernetes manifest to deploy the OtterTune Agent to your cluster. The Agent Setup page shows a copy of the manifest for you to load into your favorite text editor. The manifest has a few environment variables marked as
<REDACTED>; you will need to fill in these environment variables with your own values before deploying the manifest. The sections Agent Information and Additional Environment Variables below describe each of these environment variables.
Once you've replaced all occurrences of
<REDACTED>with real values, you can deploy the manifest to your cluster with
kubectl apply -f /path/to/manifest.yml, where
/path/to/manifestis the path to the copy of the manifest.
Omitting AWS Credentials: It is possible to omit your AWS credentials from the deployment manifest. AWS offers a mechanism to attach IAM roles to Kubernetes
ServiceAccounts. This allows the OtterTune Agent to connect to AWS RDS, eliminating the need to inject credentials into the Agent's container via environment variables. To do this, you must edit the deployment manifest to use a Kubernetes
ServiceAccountwith the appropriate IAM role.
For example, if you have an IAM Role
OTAgentRole, and the ARN is
arn:aws:iam::123456789:role/OTAgentRole, then you might have a
which you can also deploy with
kubectl apply -f /path/to/sa/manifest.ymlYou could then alter the manifest to attach the
- name: ottertune-agent
- name: "AWS_REGION"
- name: "OTTERTUNE_DB_IDENTIFIER"
- name: "OTTERTUNE_DB_USERNAME"
- name: "OTTERTUNE_DB_PASSWORD"
- name: "OTTERTUNE_API_KEY"
- name: "OTTERTUNE_DB_KEY"
- name: "OTTERTUNE_ORG_ID"
OtterTune provides a Helm chart to deploy the OtterTune agent to your cluster. For quick setup please read on. For more advanced configuration, please go to agent-helm-chart.
To get started, first add the Helm repo with your CLI:
helm repo add ottertune https://ottertune.github.io/agent-helm-chart/
Next, refresh your local Helm index.
helm repo update
Finally, create a YAML file with your values. The OtterTune agent setup UI will provide some of the values listed below for you to fill in. OtterTune will redact certain values that you will need to fill in yourself (such as database username and password).
postgresDBName: "my-database-name" # Only for Postgres Databases
Then install the chart
helm install -f my-values.yaml my-release-name ottertune/ottertune-agent
For more configuration options such as ways to leverage kubernetes secrets to store the OtterTune API Key and ways to integrate IAM roles directly with the agent (as opposed to using IAM user access/secret keys), please see our public repo agent-helm-chart.
OtterTune will generate a secret API Key that can be used to authenticate Agent information being passed to the OtterTune service. This value can be retrieved by navigating to the Agent Setup page for any of your databases.
This API Key is a Secret value. Do not share it publicly.
Amazon Web Services (AWS) db identifier for your database in Relational Database Service (RDS).
Username within DBMS software for OtterTune Agent to act as.
Password for OtterTune to sign into the DBMS.
Secret value used to authenticate your organization's agents with the OtterTune service.
AWS region your DBMS is located in (eg: us-east-2)
Identifier for the DBMS this agent is collecting information from. Should be autofilled by OtterTune.
Public identifier for your organization. Should be autofilled by OtterTune.
Specific database(s) in DBMS to collect metrics from. Only needed by agents connecting to a PostgreSQL database. For multiple databases, enter a comma separated list. OtterTune collects table and index statistics in those databases. Note: the first database in the list is considered the primary database.
Note: You can skip this section if you deployed your agent via CloudFormation since it has already set up the proper policies and roles. This section still applies if you created your account-wide IAM role via CloudFormation in the Create IAM Role step but wish to deploy your agent via another method.
The OtterTune Agent needs valid AWS credentials for a user or role to inspect the database and collect CloudWatch metrics for the database you wish to optimize. We recommend one of the following approaches:
Ensure your environment (e.g., Kubernetes pod, Fargate task, EC2 instance profile) is running as an IAM role with the appropriate AWS permissions.
Additional Environment Variables
In addition to the environment variables mentioned in the Agent Information section, please provide the AWS access and AWS secret access keys for a user with the appropriate AWS permissions.
Access key of IAM user
Secret access key of IAM user
The AWS role or user should contain at least the following permissions :
See possible Agent Statuses below for more information.
OtterTune has never seen an agent successfully report monitoring data for this database. Double-check your agent setup. If you would like help resolving the issue, reach out to [email protected] or contact us on Slack.
OtterTune has never seen an Agent report observations successfully for this database. Double-check your agent setup. If you would like help resolving the issue, reach out to [email protected] or contact us on Slack.
OtterTune has seen your agent report information successfully. No action is needed.
Note: OtterTune considers an agent to be connected if it has reported data in the last 5 minutes, so expect a delay when you disable an agent.
OtterTune is currently determining the agent status. Remain on the page to see the status.
OtterTune was not able to determine your current agent status. Try reloading the page. If you would like help resolving the issue, reach out to [email protected] or contact us on Slack.
To upgrade your agent to the latest version, please follow the steps below.
Fargate via CloudFormation
First, please find out the latest version number from this page. Then go to the CloudFormation Stack you created for the agent. Click Update at the right top.
Step 1, choose Use current template, click Next.
Step 2, edit Image Url with the current agent version number.
Then click Next.
Step 3, click Next.
Finally, click Update stack to finish the update.
You need to delete the old agent Docker container. Then run the command on the Agent Setup page to create a new Docker container. Some values will be prefilled for you, while others need to be filled in. The agent version in the command will be updated to the latest one.
To collect all relevant monitoring data, you will need to make sure the user your agent uses to connect to your database has been granted the following permissions. Note if you use a user other than
ottertuneyou should alter the below commands accordingly.
GRANT PROCESS ON *.* TO 'ottertune';
GRANT REPLICATION CLIENT ON *.* TO 'ottertune';
GRANT SHOW VIEW ON *.* TO 'ottertune';
GRANT SELECT ON mysql.innodb_index_stats TO 'ottertune';
GRANT SELECT ON performance_schema.table_io_waits_summary_by_index_usage TO 'ottertune';
GRANT SELECT ON performance_schema.events_statements_summary_by_digest TO 'ottertune';
-- if mysql version >= 8.0
GRANT SELECT ON performance_schema.events_statements_histogram_global TO 'ottertune';
GRANT pg_monitor TO ottertune;
# Only required in the primary database if you specified multiple databases.