[[:admin|< retour à la page de l'administration technique]] Munin sert à monitorer les serveurs, en produisant des graphiques issus de diverses statistiques. Accessible à l'adresse suivante : https://munin.federez.net ===== Installation ===== Rien de spécial : * sur le master : ''aptitude install munin'' * sur les nodes : ''aptitude install munin-node'' ===== Configuration ===== Ne sont reportées ici que les lignes des fichiers de configuration qui diffèrent par rapport à la valeur par défaut. ==== Munin master (hexagon) ==== === /etc/munin.conf === ... dbdir /var/lib/munin htmldir /var/cache/munin/www logdir /var/log/munin rundir /var/run/munin ... tmpldir /etc/munin/templates ... # a simple host tree [hexagon.federez.net] address 127.0.0.1 # use_node_name yes [quigon.federez.net] address 160.228.155.65 # use_node_name yes [baldrick.federez.net] address 138.231.142.239 # use_node_name yes === /etc/munin-node.conf === Laissé dans son état par défaut. ==== Munin node (les autres serveurs) ==== /!\ Le port 4949 en TCP du node doit être accessible depuis hexagon. /!\ Ouverture dans le firewall le cas échéant. === /etc/munin-node.conf === ... # Set this if the client doesn't report the correct hostname when # telnetting to localhost, port 4949 # host_name quigon.federez.net # A list of addresses that are allowed to connect. This must be a # regular expression, since Net::Server does not understand CIDR-style # network notation unless the perl module Net::CIDR is installed. You # may repeat the allow line as many times as you'd like allow ^127\.0\.0\.1$ allow ^::1$ allow ^5\.39\.82\.35$ allow ^2001:41d0:8:9423::1$ ... ==== VirtualHost Apache ==== ServerAdmin admin@federez.net ServerName munin.federez.net Redirect permanent / https://munin.federez.net/ # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn ErrorLog ${APACHE_LOG_DIR}/munin-error.log CustomLog ${APACHE_LOG_DIR}/munin-access.log combined ServerAdmin admin@federez.net ServerName munin.federez.net DocumentRoot /var/cache/munin/www Options None AllowOverride None Order allow,deny #Allow from localhost 127.0.0.0/8 ::1 Allow from all # This file can be used as a .htaccess file, or a part of your apache # config file. # # For the .htaccess file option to work the munin www directory # (/var/cache/munin/www) must have "AllowOverride all" or something # close to that set. # Include /etc/apache2/ldap.conf #AuthUserFile /etc/munin/munin-htpasswd #AuthName "Munin" #AuthType Basic #require valid-user # This next part requires mod_expires to be enabled. # # Set the default expiration time for files to 5 minutes 10 seconds from # their creation (modification) time. There are probably new files by # that time. # ExpiresActive On ExpiresDefault M310 # Enables fastcgi for munin-cgi-html if present # # # SetHandler fastcgi-script # # # # SetHandler None # # Enables fastcgi for munin-cgi-graph if present ScriptAlias /munin-cgi/munin-cgi-graph /usr/lib/munin/cgi/munin-cgi-graph Order allow,deny #Allow from localhost 127.0.0.0/8 ::1 Allow from all # AuthUserFile /etc/munin/munin-htpasswd # AuthName "Munin" # AuthType Basic # require valid-user SetHandler fastcgi-script ScriptAlias /munin-cgi/munin-cgi-html /usr/lib/munin/cgi/munin-cgi-html Order allow,deny #Allow from localhost 127.0.0.0/8 ::1 Allow from all # AuthUserFile /etc/munin/munin-htpasswd # AuthName "Munin" # AuthType Basic # require valid-user SetHandler fastcgi-script # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn ErrorLog ${APACHE_LOG_DIR}/munin-error.log CustomLog ${APACHE_LOG_DIR}/munin-access.log combined # SSL SSLEngine on SSLCertificateFile /etc/ssl/federez/federez.crt SSLCertificateKeyFile /etc/ssl/private/federez.key SSLCertificateChainFile /etc/ssl/federez/sub.class2.server.ca.pem SSLCACertificateFile /etc/ssl/certs/StartCom_Certification_Authority.pem SSLOptions +StdEnvVars SSLOptions +StdEnvVars BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown