Friday, February 11, 2011

Installing munin on CentOS

What you'll need

Munin's output is in html, so you will want to have a web server running to make reports available through a web browser. You can use any web server, such as apache or nginx, but for convenience the examples in this article series will assume you are running apache. It's best if you go through a tutorial series for installing apache or nginx so you understand what's being installed, but there are also barebones instructions for a default apache install in our repository if you're an experienced user and just want the web server for the purposes of accessing munin's reports.

If you want munin to send you email alerts you'll need to have a mail server running on your munin master slice that is configured to send outgoing mail messages. Slicehost has several articles that go into detail on setting up a mail server, and as with the web server, it's best if you go through a tutorial series so you get a good explanation of how to set up the mail server. If you want a quick, minimal mail server install, however, there are barebones install articles available there as well.

Munin can monitor just a single slice or it can be used to monitor several slices from one "master" slice. If you are planning on monitoring additional slices later, be sure to perform this installation on the slice you want to use as munin's master. If you are monitoring only one slice you don't have to make that decision, of course — just follow the directions in this series and don't worry about the subsequent article on installing additional nodes.

All commands assume you're running as a non-root user with sudo access.

Installing packages

On CentOS and Red Hat Enterprise Linux munin is not in the default repository. The easiest way to get munin is to add a repository to your installation that includes it. One such repository is the EPEL repository maintained by the Fedora Core team that contains munin and some other useful enterprise software. Once that repository is added you can install munin from there and include it in future system-wide updates.

To add the EPEL repository to your yum list, run:

sudo rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm

With the repository in place, you should be able to install munin with:

sudo yum install munin munin-node

After checking for dependencies yum will ask if you would like to import the GPG key from the EPEL repository. Say yes so yum can verify the authenticity of RPMs retrieved from that site in the future.
The munin master and node should now be installed to your slice, and your system configured to run munin. The changes made to your slice include a "munin" user to own munin's files, directories for munin's data archive and web pages, a cron.d entry to have munin generate graphs every five minutes, and an init script for munin-node.

With that, most of the basic work is done for you. Now you need to customize a couple settings and make one adjustment to improve security.

The munin.conf file

Open the file /etc/munin/munin.conf so you can change a couple important settings. This file will be covered in more depth in a later article on customizing munin.

Email notification (optional)

It's possible for munin to use the local mail command to send some basic email alerts if you have a mail server installed on the master server. The munin.conf file provides an example that sends an email whenever a plugin changes status (from OK to WARNING, for example, or when a warning situation is resolved):

# Drop somejuser@fnord.comm and anotheruser@blibb.comm an email everytime 
# something changes (OK -> WARNING, CRITICAL -> OK, etc)
#contact.someuser.command mail -s "Munin notification" somejuser@fnord.comm
#contact.anotheruser.command mail -s "Munin notification" anotheruser@blibb.comm

You can use that example as a template to add your own email notifications. For instance, you could add the following lines to the munin.conf file:

contact.john.command mail -s "Munin notification" john@example.com
ontact.marcia.command mail -s "Munin notification" marcia@demoslice.com

The host tree

The "host tree" section of munin.conf describes the organization of any monitored nodes on munin's overview page. This guide only covers setting up one node on the same server as the munin master, so you can leave the default address of 127.0.0.1 alone. You might want to change the host tree name to something more descriptive, however. Find the following in the munin.conf file:

# a simple host tree
[localhost]
    address 127.0.0.1
    use_node_name yes

You can change the "localhost" entry to reflect your slice name, especially if you will be adding other nodes to your munin reports later. Don't use any spaces in the name, that confuses some of munin's graphing scripts. So you might change the host tree to look like:

[slicename]
    address 127.0.0.1
    use_node_name yes

That should do it for munin.conf.

The munin-node.conf file

The security of the default configuration can be improved by making the node (the part that actually compiles statistics) completely local so it can't accept any outside connections. There's already a directive in this file telling the munin node to reject connections from outside addresses, but it's more secure to ensure the node can't be reached by external connections to begin with. Open the /etc/munin/munin-node.conf file and look for an entry with "host *", similar to:

# Which address to bind to;
host *

To restrict the node to listen to localhost only, you should change the host entry to:

# Which address to bind to;
host 127.0.0.1

The munin-node service

The munin node wasn't started by the installer, so now that we're done binding it to localhost let's start that up:

sudo /etc/init.d/munin-node start

To make sure the munin-node service starts when your slice reboots, you'll also want to make the service active:

sudo /sbin/chkconfig munin-node on

Summary

In this article you set up munin as a master and a node on your slice and configured it to display some default reports via a web server.

The next article in this series will cover determining the URL you will use to access the munin reports and checking that the reports are being updated properly.

This article continues the installation and setup of munin on a single slice. It explains how to determine or change the URL used to access munin's reports and then check to make sure those reports are viewable and being updated.

Almost ready!

If you've been following along with the first article in this series, Installing munin, you should now have a munin master configured on your slice and have a node running and gathering data every five minutes. 

All that's left now is to see if you can access the reports munin generates. To do that you'll need to make sure munin is storing its generated html files in a location you can access through your web server.

The htmldir setting

If you go back to the configuration file at /etc/munin/munin.conf, toward the beginning you will find an entry that looks like:

# The next three variables specifies where the location of the RRD
# databases, the HTML output, logs and the lock/pid files.  They all
# must be writable by the user running munin-cron.  They are all
# defaulted to the values you see here.
#
# dbdir /var/lib/munin
# htmldir /var/www/html/munin
# logdir /var/log/munin
# rundir  /var/run/munin

The line you want to look at is the "htmldir" value. This is the directory where munin stores its web pages, and the default value is a subdirectory of the web server's default document root (more on that later). If you would prefer that munin store its pages in another location (as a subdirectory of an existing site, for instance) you can uncomment that line (remove the leading "#" character) and change its value to a new directory. Just make sure that you set the new directory to be writeable by the munin user or munin won't be able to generate graphs and reports there.

If you aren't sure if the munin HTML directory can be written to by the munin user, the easiest fix is to set the ownership of the directory (which is done for you in a default install). To set the ownership of the directory to the munin user, run the following command:
chown -R munin /var/www/html/munin

If you aren't using the default munin directory, make sure to substitute the new directory for "/var/www/html/munin" in the example above.

Determining the munin URL

The URL used to access munin's reports is a combination of the address you use to access your web server and where the munin HTML directory is relative to the web server's document root. Let's take a look at how you can check these details in a default apache install so you can find and change these settings when you need to.

A closer look at the default site
When apache is installed it puts it default configuration file here:

/etc/httpd/conf/httpd.conf

The default configuration sets up a basic site that can be used to serve some static files, like those munin generates. If you want to serve more than one site from apache you can refer back to our articles on apache for information that would allow you to do that with a single apache installation using a "virtual host". For now we're interested in how the default site is set up, so we'll look in that default configuration file for more details. Open it and go looking for some key lines.

The first section we'll look at sets the address and port apache will use to listen for connections:

# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, in addition to the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to 
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
Listen 80

By default the "Listen 80" directive tells apache to listen to all available interfaces (the IP addresses on your slice), on port 80 (the default port for unencrypted web traffic). In other words, with the default configuration you can get to the site with any address that points to your slice, be it a domain name or an IP address.

The next section we want to look at is:

# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/var/www/html"

This DocumentRoot directive tells apache where the web files are stored. That default setting means that if you visit your slice in a web browser apache will look in /var/www/html to find any pages to show you. If you have "www.example.com" pointing to your slice you can see the default index file in the web server's document root by going to this URL:
http://www.example.com

If munin's web directory is not located in the site's document root, either because you've changed apache's configuration or because you don't want the munin files to be in the document root, you have a couple options. One option is to change the munin.conf file to use a directory in a different document root (using the instructions above under the heading, "The htmldir in munin.conf"). There is another option that doesn't involve changing where munin stores its reports, however, and that is...

The Alias directive

The Alias directive in apache lets you set up an alias from a reference to a subdirectory of the document root to a location somewhere else in your slice's filesystem. For example, if your document root were "/var/www/html" but you wanted your munin HTML files to be in "/home/munin/public_html", you would set up an alias from "/munin" to "/home/munin/public_html".

The Alias directive depends on the module "mod_alias" being enabled. This mod is included and enabled in the default apache installation.

To add an alias like the example above you would want to add the alias to your site configuration in /etc/httpd/conf/httpd.conf, and would need to include a Directory entry for the directory the alias points to. The new section can be inserted at the end of the file. Your configuration might look like:

Alias /munin /home/munin/public_html
<Directory /home/munin/public_html>
    Options FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

Once the Alias and Directory configuration is added to your site, you'll need to restart apache for the change to take effect.

Wasn't there something about a URL?

Now that you know where munin (or an Alias to it) is in relation to your web server's document root, finding the address of the munin reports is a matter of putting together the URL of your site and the location of munin's web pages within that site.

When you go to your base URL, like, "http://www.example.com", you're telling the web server you want to see the content in your site's document root, let's say "/var/www/html". When you go to your site with that address there's actually an implied slash at the end of the URL. Let's add that slash to make it easier to see the relationship between the URL and the document root:
http://www.example.com/

You can think of that last slash in your base URL as meaning "look in my document root". Since we're assuming /var/www for this example, that means "/" means "/var/www/html/". Now look at where the munin web directory is located in our example, "/var/www/html/munin". If you substitute a slash for the /var/www/html/ part, you get simply "/munin". Now we can put the base URL together with the relative munin location that you just worked out, and get:
http://www.example.com/munin

And there you have the address you visit in a browser to look at munin's reports. Most importantly, you have an idea of how we came up with it. You can change settings on your web server or in munin later and know how those changes could affect the address you use to see munin's web pages.

No comments:

Post a Comment