logo_1

Munin the monitoring tool surveys all your computers and remembers what it saw. It presents all the information in graphs through a web interface. Its emphasis is on plug and play capabilities. After completing a installation a high number of monitoring plugins will be playing with no more effort.

Using Munin you can easily monitor the performance of your computers, networks, SANs, applications, weather measurements and whatever comes to mind. It makes it easy to determine “what’s different today” when a performance problem crops up. It makes it easy to see how you’re doing capacity-wise on any resources.

Munin uses the excellent RRDTool (written by Tobi Oetiker) and the framework is written in Perl, while plugins may be written in any language. Munin has a master/node architecture in which the master connects to all the nodes at regular intervals and asks them for data. It then stores the data in RRD files, and (if needed) updates the graphs. One of the main goals has been ease of creating new plugins (graphs).

Install munin and munin-node on the same server
# yum –enablerepo=epel -y install munin munin-node

1

# vi /etc/munin/munin.conf
[www.sathish.com]
address 127.0.0.1
use_node_name yes

2a

# vi /etc/munin/munin-node.conf
host_name http://www.sathish.com

3a

#cd  /var/www/html/munin
#htpasswd    -mc  htpasswd     sathish

# /etc/rc.d/init.d/httpd restart
Stopping httpd:[ OK ]
Starting httpd:[ OK ]

# /etc/rc.d/init.d/munin-node start
Starting Munin Node:[ OK ]
# chkconfig munin-node on

# /etc/rc.d/init.d/httpd restart
Stopping httpd:[ OK ]
Starting httpd:[ OK ]

5

Install munin-node on the monitoring target host.
# yum –enablerepo=epel -y install munin-node

# vi /etc/munin/munin-node.conf
host_name http://www.sathish.com

IP address you allow to connect ( Munin server’s one )
allow ^192\.168\.31\.1$

# /etc/rc.d/init.d/munin-node start
Starting Munin Node:[ OK ]
# chkconfig munin-node on

Configure Munin server
# vi /etc/munin/munin.conf
[www.arthar.com]
address 192.168.31.1
use_node_name yes

TLS setup
If your Munin installations resides in a hostile network environment, or if you just don’t want anyone passing by with a network sniffer to know the CPU load of your Munin nodes, a quick solution is to enable Munin’s built-in Transport Layer Security (TLS) support. Other tricks involve using SSH tunnels and key logins, methods “outside of” Munin.

or this setup, I used the tools provided with OpenSSL to create a CA (Certificate Authority) and one certificate per server signed by the same CA. Creating your own CA should be more that sufficient, unless you really want to spend money on certificates from a real CA. Remember that the “common name” of the server certificate must be the host’s fully qualified domain name as it is known in DNS.

The TLS directives are the same on both master and node. This setup requires that both key/cert pairs are signed by the same CA, and the CA certificate must be distributed to each Munin node. Also note that the passphrase protection must be removed from the keys so that the munin-update and munin-node processes won’t require manual intervention every time they start.

On the Munin master
This extract is from munin.conf on the master, “sathish”:

tls paranoid
tls_verify_certificate yes
tls_private_key /etc/opt/munin/sathish.key.pem
tls_certificate /etc/opt/munin/sathish.crt.pem
tls_ca_certificate /etc/opt/munin/cacert.pem
tls_verify_depth 5

On the Munin node
This extract is from munin-node.conf on the node, “arthar”:

tls paranoid
tls_verify_certificate yes
tls_private_key /etc/opt/munin/arthar.key.pem
tls_certificate /etc/opt/munin/arthar.crt.pem
tls_ca_certificate /etc/opt/munin/cacert.pem
tls_verify_depth 5

g

Many monitoring target items are enabled by default but there are more many items. Those are under “/usr/share/munin/plugins” and it’s possible to enable them to create links from them to “/etc/munin/plugins”. And also there are many plugins in Munin repository.

For exmaple, enable Apache access plugin.

add apache_accesses plugin

# ln -s /usr/share/munin/plugins/apache_accesses /etc/munin/plugins/apache_accesses

10

# vi /etc/httpd/conf/httpd.conf

ExtendedStatus On
SetHandler server-status
Order deny,allow
Deny from all
Allow from 127.0.0.1

12

# /etc/rc.d/init.d/httpd restart
Stopping httpd:[ OK ]
Starting httpd:[ OK ]

# /etc/rc.d/init.d/munin-node restart
Stopping Munin Node agents:[ OK ]
Starting Munin Node:[ OK ]

6 7 8 9 13