Debian/Ubuntu Tips & Tricks
Debuntu.org: .deb packages, Unix/Linux Tutorials and Articles.
Navigation
sponsors
Books
User login
Coding.Debuntu.Org
RPM-Based.Org
Poll
Syndicate
Search
Sponsors
Tips
Google Products
How-To: Monitoring a Server with Munin -- page 2
2. Setting up apache
Okie, now we are going to set up an apache virtual host called monitoring.example.com in order to be able to access our statistics through http://monitoring.example.com url.
To do so, you need to have a working apache server. If you do not yet. Please install apache with:
$sudo apt-get install apache2
The settings given below should be enough to get you running. If you need more information on apache virtual host, you might want to check How-to virtual hosting with apache2.
2.1. the virtual host
Okie, first of all, go to the virtual host configuration directory:
$cd /etc/apache2/sites-available
create and edit file monitoring and make it look like:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName monitoring.example.com
DocumentRoot /var/www/munin
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel notice
CustomLog /var/log/apache2/access.log combined
ErrorLog /var/log/apache2/error.log
ServerSignature On
</VirtualHost>
Make sure DocumentRoot has the same value as htmldir from /etc/munin/munin.conf
Now, enable that virtual host:
$sudo a2ensite monitoring
check that the syntax is correct:
$sudo apache2ctl -t
Syntax OK
If the syntax is correct, reload apache:
$sudo /etc/init.d/apache2 force-reload
Open your favorite web browser and start accessing your stats from http://monitoring.example.com
Munin generate stats every 5 minutes. You might have to wait 5 minutes in order to start having your first result
Well this is great, we can now access our server statistics. But actually everybody can :s. If you don't want that, you can control the access by using apache built-in authentication methods.
2.2. Enabling Authentication
There is actually 2 different ways of getting authenticated with apache.
- Basic Authentication: password is passed from client to server in plain text across the network
- Digest Authentication: password is transmitted as a MD5 digest which is more secure
In order to avoid to have our password transmitted as clear text, we are going to use the Digest Authentication.
This kind of authentication actually relies on an apache module which is not enable by default: auth_digest. To enable it, simply run:
$sudo a2enmod auth_digest
Now that apache can handle Digest Authentication, we need to set up a user/password/realm using:
htdigest -c /var/www/munin/.htpasswd munin foo
default apache configuration forbid access to files like ".ht*", therefore this file won't be readable though HTTP
Where munin is the realm and foo the username. htdigest will prompt you for "foo" user password. Supply it and go back to /etc/apache2/sites-available/monitoring.
We are going to add a few lines to this file in order to make authentication required.
The modifications we are going to make are between the <Directory />....</Directory> tags. This bit should look like this to enable authentication:
<Directory />
Options FollowSymLinks
AllowOverride None
#authentification
AuthType Digest
AuthName "munin"
AuthDigestFile /var/www/munin/.htpasswd
#people using apache 2.2 will use instead:
#AuthUserFile /var/www/munin/.htpasswd
require valid-user
</Directory>
Make sure that the AuthName value is the one from the htdigest realm
And that's it! We just need to make the change effectives by reloading apache configuration. As usual, we check that the syntax is right and if it is, we reload apache configuration.
$sudo apache2ctl -t
Syntax OK
$sudo /etc/init.d/apache2 force-reload
Now, go to http://monitoring.example.com with your browser. A box should prompt you for a username and password. Supply the one you define above and you should be given access to munin statistics.
3. Conclusion
Munin is simple to install and yet gives nice graph from your server health which will allow you to easily spot out if you are going to run out of memory, disk space and resource.
If you have only one machine to monitor, it is not worth the trouble setting up tools like cacti which require snmp in order to get the same result.
- Printer-friendly version
- Login or register to post comments
Submitted by chantra on Sat, 2006-12-02 14:46.
How-To: Monitoring a Server with Munin
Great article, but an assumption is made that will most likely be false for many people.
While I completely agree that granting munin http access via a section is preferrable to using .htaccess, Apache has an implicit policy of making the 1st listed VirtualHost the default server. So just adding the munin VirtualHost section can result in the munin page becoming the default server *unless* all other servers including the main server have already been specified in a VirtualHost section and the munin section is added on at the end. This is simple to remedy, but you might want to add a heads up note so people don't get tripped up.
A vexing problem that I have encountered is that this solution seems to break monit monitoring of Apache. With the inclusion of the munin VirtualHost section I get the following errors:
monit[7559]: HTTP error: Server returned status 404
monit[7559]: 'apache' failed protocol test [HTTP] at INET[192.168.1.4:80] via TCP
This means that apache is no longer serving up the /monit/token (see monit configuration). I am completely baffled by this because the monit monitoring of apache doesn't have this problem without the munin VirtualHost section. I'm contemplating some workarounds, but would prefer a clean solution.
How-To: Monitoring a Server with Munin
Please disregard my comments on /monit/token. The sources of information on monit configuration I found on the Internet were simply wrong, the http request approach is not neccessary. It's sufficient just to establish a connection.
Although this realization makes the monit apache problem go away, I'm still curious why the problem surfaced with the inclusion of a munin VirtualHost section.
I end up with the following
I end up with the following message everytime now
#apache2ctl -t
[Sat Apr 21 20:21:17 2007] [error] VirtualHost *:80 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
Syntax OK
:80
It looks like you have some:
<VirtualHost myhost.com:*>
statement somewhere. Change them to myhost.com:80 and your issue should be solved.
Debuntu
Automatically Add New Nodes?
Anyone know how to automatically add nodes as they appear on the network. I would love to have the ability to monitor every system that shows up on a particular subnet (all have munin-node preinstalled) without me having to edit a damn file first.Basically some sort of DHCP integrated script that flags the munin server to run munin-node-configure on whatever address was just leased then restart.
If anyone has any ideas, I'd be happy to write the code. I just do not know where to begin.
Wow!
Very great howto; thanks a ton! (This is me satisfied that I subscribed to your blog.)
I had a little trouble along the way with the sites-available/monitoring file; 'apache2ctl -t' complained about the syntax:
"[Sun Dec 03 12:41:32 2006] [error] VirtualHost *:80 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results"
It then said "Syntax OK", so I don't know if that was a problem or not. :P
A probable reason
Nice you found that tutorial handy :)
One reason which might cause the error is the fact that you have might be using some other port with apache (like 443 for ssl).
Try adding
at the beginning of /etc/apache2/sites-available/default
Hope this helps.
Debuntu