This topic explain how to setup Munin on your Mail-in-a-Box.
Please feel free to contribute if you think you can improve this guide.
Beware: This document is not yet reviewed by a member of the community, it should not be done in a production environment if you don’t feel confident with a command line prompt. Please wait a little while
First of, log into your box through ssh, it should be something like:
ssh -i ~/.ssh/my_private_key me@10.20.30.40
Installing Munin
sudo apt-get install munin
Munin configuration
Edit the file /etc/munin/munin.conf (with a text editor like vi or nano).
sudo nano /etc/munin/munin.conf
And uncomment the lines beginning with dbdir, htmldir, logdir, rundir, and tmpldir
You should end up with something that look like this:
# The next three variables specifies where the location of the RRD
# databases, the HTML output, logs and the lock/pid files. They all
# must be writable by the user running munin-cron. They are all
# defaulted to the values you see here.
#
dbdir /var/lib/munin
htmldir /var/cache/munin/www
logdir /var/log/munin
rundir /var/run/munin
# Where to look for the HTML templates
#
tmpldir /etc/munin/templates
Save your file
Configuring Munin Dynamic Graph Rendering (optional)
By default, html pages and graphs are generated statically by a CRON task every 5 minutes.
When you click on a graph, Munin give you the opportunity to interact with it.
To use this feature, install those packages:
sudo apt-get install spawn-fcgi libcgi-fast-perl
Create a Munin-CGI-Graph Spawn-FCGI Startscript (courtesy of Julien Schimdt)
sudo nano /etc/init.d/spawn-fcgi-munin-graph
Copy/paste the following:
#! /bin/sh
### BEGIN INIT INFO
# Provides: spawn-fcgi-munin-graph
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Description: starts FastCGI for Munin-Graph
### END INIT INFO
# --------------------------------------------------------------
# Munin-CGI-Graph Spawn-FCGI Startscript by Julien Schmidt
# eMail: munin-trac at julienschmidt.com
# www: http://www.julienschmidt.com
# --------------------------------------------------------------
# Install:
# 1. Copy this file to /etc/init.d
# 2. Edit the variables below
# 3. run "update-rc.d spawn-fcgi-munin-graph defaults"
# --------------------------------------------------------------
# Special thanks for their help to:
# Frantisek Princ
# Jérôme Warnier
# --------------------------------------------------------------
# Last Update: 14. February 2013
#
# Please change the following variables:
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
NAME=spawn-fcgi-munin-graph
PID_FILE=/var/run/munin/$NAME.pid
SOCK_FILE=/var/run/munin/$NAME.sock
SOCK_USER=www-data
FCGI_USER=www-data
FCGI_GROUP=www-data
FCGI_WORKERS=2
DAEMON=/usr/bin/spawn-fcgi
DAEMON_OPTS="-s $SOCK_FILE -F $FCGI_WORKERS -U $SOCK_USER -u $FCGI_USER -g $FCGI_GROUP -P $PID_FILE -- /usr/lib/munin/cgi/munin-cgi-graph"
# --------------------------------------------------------------
# No edits necessary beyond this line
# --------------------------------------------------------------
if [ ! -x $DAEMON ]; then
echo "File not found or is not executable: $DAEMON!"
exit 0
fi
status() {
if [ ! -r $PID_FILE ]; then
return 1
fi
for FCGI_PID in `cat $PID_FILE`; do
if [ -z "${FCGI_PID}" ]; then
return 1
fi
FCGI_RUNNING=`ps -p ${FCGI_PID} | grep ${FCGI_PID}`
if [ -z "${FCGI_RUNNING}" ]; then
return 1
fi
done;
return 0
}
start() {
if status; then
echo "FCGI is already running!"
exit 1
else
$DAEMON $DAEMON_OPTS
fi
}
stop () {
if ! status; then
echo "No PID-file at $PID_FILE found or PID not valid. Maybe not running"
exit 1
fi
# Kill processes
for PID_RUNNING in `cat $PID_FILE`; do
kill -9 $PID_RUNNING
done
# Remove PID-file
rm -f $PID_FILE
# Remove Sock-File
rm -f $SOCK_FILE
}
case "$1" in
start)
echo "Starting $NAME: "
start
echo "... DONE"
;;
stop)
echo "Stopping $NAME: "
stop
echo "... DONE"
;;
force-reload|restart)
echo "Stopping $NAME: "
stop
echo "Starting $NAME: "
start
echo "... DONE"
;;
status)
if status; then
echo "FCGI is RUNNING"
else
echo "FCGI is NOT RUNNING"
fi
;;
*)
echo "Usage: $0 {start|stop|force-reload|restart|status}"
exit 1
;;
esac
exit 0
Save your file
Add execute permission to your startscript
sudo chmod +x /etc/init.d/spawn-fcgi-munin-graph
Start FastCGI for Munin Graph
sudo service spawn-fcgi-munin-graph start
Send warnings and/or critical alerts to an email (optional)
Install the mailutils package which is a set of tools to handle emails in the command line.
apt-get install mailutils
Edit /etc/munin/munin.conf, and at the very end, add the following:
# send alerts to the following address
contacts admin
contact.admin.command mail -s "Munin notification ${var:host}" you@domain.tld
contact.admin.always_send warning critical
Be sure to replace you@domain.tld with the email you wish to receive Munin notifications
Save your file.
Create a subdomain for Munin
By default, Mail-in-a-box maintain your DNS records.
We will create a subdomain from which you will be able to access Munin.
In order to create your subdomain, you have to send a POST request using cURL,
it should look like something like this:
curl -d "" -k --user {email}:{password} https://{hostname}/admin/dns/set/{munin.mydomain.tld}
You will have to replace to following parameters to make it work.
{email}
With the email address of any administrative user.
{password}
With that user’s password.
{hostname}
By your hostname
{munin.mydomain.tld}
By the subdomain from wich you want to access Munin
For example (fictional datas):
- My email is toto@fakedomain.fr
- My password is passw0rd
- My hostname is box.fakedomain.fr
- I want to access Munin from munin.fakedomain.fr
It give me:
curl -d "" -k --user toto@fakedomain.fr:passw0rd https://box.fakedomain.fr/admin/dns/set/munin.fakedomain.fr
Make Munin available through your web server (Nginx)
Create an host:
sudo nano /etc/nginx/conf.d/munin.conf
Copy/paste the following (BEWARE: replace {subdomain.domain.tld} by the subdomain created in the previous section):
# Redirect all HTTP to HTTPS.
server {
listen 80;
listen [::]:80;
server_name {subdomain.domain.tld};
root /tmp/invalid-path-nothing-here;
rewrite ^/(.*)$ https://{subdomain.domain.tld}/$1 permanent;
}
server {
listen 443 ssl;
server_name {subdomain.domain.tld};
ssl_certificate /home/user-data/ssl/ssl_certificate.pem;
ssl_certificate_key /home/user-data/ssl/ssl_private_key.pem;
include /etc/nginx/nginx-ssl.conf;
auth_basic "protected";
auth_basic_user_file /etc/nginx/htpasswd;
location = /robots.txt {
log_not_found off;
access_log off;
}
location /static/ {
alias /etc/munin/static/;
expires modified +1w;
}
location / {
alias /var/cache/munin/www/;
expires modified +310s;
}
location ^~ /munin-cgi/munin-cgi-graph/ {
access_log off;
fastcgi_split_path_info ^(/munin-cgi/munin-cgi-graph)(.*);
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass unix:/var/run/munin/spawn-fcgi-munin-graph.sock;
include fastcgi_params;
}
}
Save your file
Now we need to secure the access to your subdomain using http basic.
The command below will give you an encrypted password that we’ll use later.
Just replace {password} with the password of your choice and {salt} with a random string (it can be anything).
python -c 'import crypt; print crypt.crypt("{password}","{salt}")'
And then, create an htpasswd file to secure your subdomain (replace {encrypted_password} with the result of the previous command and {username} with your desired username)
echo '{username}:{encrypted_password}' | sudo tee --append /etc/nginx/htpasswd > /dev/null
Restart Nginx
sudo service nginx restart
Check if you can access your Munin instance through your web browser.
If so, congratulation /o/