Munin 2.0.x on OpenBSD 5.7

       932 words, 5 minutes

It’s been a while since I used Munin monitoring system . I felt like I was going to have a look at the (not so) new 2.0.x branch ; running on my brand new OpenBSD 5.7. As usual, everything is quite well documented in the man pages and readmes. So here are simply my notes with particular directions regarding my installation.

Installation of Munin

Thanks to the port system, the installation is straightforward.

# pkg_add munin-server

# pkg_info | grep munin 
munin-node-2.0.25 flexible network host monitoring, client
munin-server-2.0.25 flexible network host monitoring, server

Configure Munin Server

I want to store Munin’s files in a non-standard place. The DB will be stored on /home (my second disk). The HTML/IMG/… will be stored in a directory where the chrooted Web server will be able to access them. The munin.conf will be modified to use those directories.

# mkdir -p /home/munin/db /home/www/munin
# chown -R _munin:_munin /home/munin /home/www/munin

I don’t like the CGI-rendering mode. I’d rather use the CRON way.

Furthermore, Munin recommends to base process forks on CPU number accessible from the server. My virtual machine has 2 vCPU ; the underlying hypervisor has 1 CPU 4 cores. Those numbers will lead to the fork value I configured.

--- /usr/local/share/examples/munin/munin.conf  Sat Mar  7 16:32:36 2015
+++ /etc/munin/munin.conf       Thu Jul 30 10:32:12 2015
@@ -8,4 +8,4 @@
-#dbdir /var/db/munin
-#htmldir /var/www/htdocs/munin
-#logdir /var/log/munin
-#rundir  /var/run/munin
+dbdir  /home/munin/db
+htmldir /home/www/munin
+logdir /var/log/munin
+rundir  /var/run/munin
@@ -40 +40 @@
-#graph_strategy cron
+graph_strategy cron
@@ -69 +69 @@
-#html_strategy cron
+html_strategy cron
@@ -80 +80 @@
-#max_processes 16
+max_processes 4
@@ -86 +86 @@
-#rrdcached_socket /var/run/rrdcached.sock
+#rrdcached_socket /var/run/rrd/rrdcached.sock
@@ -98 +98 @@

As for now, there’s no Munin client configured. So we don’t configure CRON yet ; unless we want a bunch of error messages…

Configure Munin Client

That server hosts most of the IT services, so it will be referenced with my domain name (and not the server name). It has to match the name configured in munin.conf.

I also lowered log level a bit ; I don’t need Munin to talk too much on a day-to-day basis.

--- /usr/local/share/examples/munin/munin-node.conf     Sat Mar  7 16:32:40 2015
+++ /etc/munin/munin-node.conf  Wed Jul 29 12:16:34 2015
@@ -5 +5 @@
-log_level 4
+log_level 2
@@ -37 +37 @@
-#host_name localhost
@@ -59,2 +59,2 @@
-host *
-# host
+#host *

Enable and start Munin Node

Now it is configured, we can enable and start munin-node.

# rcctl enable munin_asyncd
# rcctl enable munin_node

# rcctl start munin_node

# rcctl start munin_asyncd

# cat /var/log/munin/munin-node.log
Process Backgrounded
2015/07/29-12:18:21 Munin::Node::Server (type Net::Server::Fork) starting! pid(4512)
Binding to TCP port 4949 on host with IPv4
Setting gid to "0 0"

Activate Munin Node plugins

In this state, munin-node works but doesn’t report anything. We have to enable a bunch a plugins so that Munin actually collect things.

We can ask Munin what’s available as-is for this OpenBSD box.

# /usr/local/sbin/munin-node-configure --shell
ln -s '/usr/local/libexec/munin/plugins/amavis' '/etc/munin/plugins/amavis'
ln -s '/usr/local/libexec/munin/plugins/cpu' '/etc/munin/plugins/cpu'
ln -s '/usr/local/libexec/munin/plugins/df' '/etc/munin/plugins/df'
ln -s '/usr/local/libexec/munin/plugins/df_inode' '/etc/munin/plugins/df_inode'
ln -s '/usr/local/libexec/munin/plugins/if_' '/etc/munin/plugins/if_enc0'
ln -s '/usr/local/libexec/munin/plugins/if_' '/etc/munin/plugins/if_vmx0'
ln -s '/usr/local/libexec/munin/plugins/if_errcoll_' '/etc/munin/plugins/if_errcoll_enc0'
ln -s '/usr/local/libexec/munin/plugins/if_errcoll_' '/etc/munin/plugins/if_errcoll_vmx0'
ln -s '/usr/local/libexec/munin/plugins/if_pps_' '/etc/munin/plugins/if_pps_enc0'
ln -s '/usr/local/libexec/munin/plugins/if_pps_' '/etc/munin/plugins/if_pps_vmx0'
ln -s '/usr/local/libexec/munin/plugins/load' '/etc/munin/plugins/load'
ln -s '/usr/local/libexec/munin/plugins/memory' '/etc/munin/plugins/memory'
ln -s '/usr/local/libexec/munin/plugins/munin_stats' '/etc/munin/plugins/munin_stats'
ln -s '/usr/local/libexec/munin/plugins/netstat' '/etc/munin/plugins/netstat'
ln -s '/usr/local/libexec/munin/plugins/open_files' '/etc/munin/plugins/open_files'
ln -s '/usr/local/libexec/munin/plugins/processes' '/etc/munin/plugins/processes'
ln -s '/usr/local/libexec/munin/plugins/systat' '/etc/munin/plugins/systat'
ln -s '/usr/local/libexec/munin/plugins/uptime' '/etc/munin/plugins/uptime'
ln -s '/usr/local/libexec/munin/plugins/users' '/etc/munin/plugins/users'
ln -s '/usr/local/libexec/munin/plugins/vmstat' '/etc/munin/plugins/vmstat'

# The following plugins caused errors:
# fail2ban:
#       Non-zero exit during autoconf (42)
# http_loadtime:
#       Non-zero exit during autoconf (42)
# ipmi_:
#       Non-zero exit during autoconf (42)
# ntp_:
#       Non-zero exit during autoconf (13)
# ntp_states:
#       Non-zero exit during autoconf (13)
# sensors_:
#       Nothing printed to stdout
#       No valid suggestions
# squeezebox_:
#       Non-zero exit during autoconf (42)
# tomcat_:
#       Non-zero exit during autoconf (42)
# varnish_:
#       Non-zero exit during autoconf (13)

I guess some plugins aren’t available as they are written Linux-in-mind and don’t use OpenBSD-compatible commands and/or parameters. As for now, this doesn’t matter. I’ll dig on other useful plugins later on. The available plugins can be installed using the indicated command lines or using “| sh” to be done automatically.

After a plugins is enabled, munin-node has to be restarted/reloaded.

# rcctl restart munin_node

Enable the CRON update

As I said, I’d rather use the CRON update method rather than the CGI one. So the crontab has to be enabled. One can probably use _munin’s crontab. But I prefer to relevant use root’s crontab and switch to user for running things. I feel like it’s easier to manage and backup things.

# crontab -e
# munin
*/5     *       *       *       *       su -s /bin/ksh _munin /usr/local/bin/munin-cron

Configure Web access to Munin

I’m using Apache 2, from ports, and have chrooted it. I’m using an Alias to access Munin from both HTTP and HTTPS.

# cat /etc/apache2/httpd2.conf
<VirtualHost _default_:80>
        # --- Munin begins
        Alias /munin/ "/munin/"
        # --- Munin ends

<directory " munin"="">
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from all

# rcctl reload apache2

Once it’s working, you probably want to restrict access a bit. Either change “Allow from” or setup authentication for the Munin directory.

Final stuff

I’ll need to check and enable various extra plugins. Like MySQL, Apache, …

It may require a bit of hacking to monitor stuff like ldapd(8) or smtpd(8). I’ll test and write about it later.

Here’s what it looks like, with default plugins, after nearly a day of processing.