CentOS + Munin

Munin is a nifty little tool that can provide you all manner of insight into the workings of your systems. There are probably dozens of howto’s on setting up Munin out there, so obviously, the world needs another one.

Server:

First, install the EPEL repository. If this article is dated, be sure to click the install link to grab more up to date instructions from their FAQ. But, for now:

rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm

BTW, EPEL is a nice repository filled with all sorts of interesting software that RHEL/CentOS should have, but don’t. It’s basically all the up to date software of Fedora, without the annoyance of Fedora.

Next, you need to enable packages from EPEL for Munin:

echo 'includepkgs=munin munin-common munin-node perl-* rrdtool rrdtool-perl' >> /etc/yum.repos.d/epel.repo

Update: 4/3/2010: I’ve adjusted the includepkgs line to reflect what’s needed in recent updates – mainly, munin-common and moving the perl package includes to perl-* – there’s a lot more perl packages required. That’s not a bad thing – it’s generally better to grab perl packages in RPM form than through cpan, after all – much easier to keep up to date.

Now, install Munin:

yum -y install munin munin-node httpd

We’re installing munin-node as well as munin, so you can immediately see graphing awesomeness by monitoring your Munin server itself. Apache (or some webserver) is necessary to actually view your Munin data. Anyhoo, once installed, edit a few things. Mostly:

/etc/munin/munin.conf

Find the localhost entry and replace it with your monitoring server’s hostname. EG:

[lemuria.taldar.com]
    address 127.0.0.1
    use_node_name yes

Add in an alias to your apache config so you can, you know, see Munin:

echo 'Alias /munin /var/www/html/munin' >> /etc/httpd/conf/httpd.conf
/etc/init.d/httpd graceful

You may want to put that in a specific virtual host, if you have them – or even set up .htaccess protection. That’s outside the scope of this post, however.

Finally, start munin-node and ensure it starts on booth:

/etc/init.d/munin-node start
chkconfig munin-node on

Open your browser, navigate to your Munin installation (http://yourserver/munin if following the listed procedure), and… Chances are, you’ll have to wait a few minutes for Munin to actually collect data. But in a short time, you should have more pretty graphs than you ever dreamed possible.

Client:

Setting up a client is just as easy – you can skip the ‘munin’ part and just install ‘munin-node’. Once done, check:

/etc/munin/munin-node.conf

…for settings. For the most part, all you really need to adjust is:

allow ^127\.0\.0\.1$

Replace 127.0.0.1 with the IP of your munin server. Save, quit, start the node:

/etc/init.d/munin-node start
chkconfig munin-node on

Back on the server, open up:

/etc/munin/munin.conf

…And add an entry for your new client. Example:

[fatov.taldar.com]
    address 192.168.42.69
    use_node_name yes

No need to restart anything on the server, since Munin’s monitoring is cron-based.

If you’ve got iptables running, you probably need to add a rule to allow the client to accept traffic from the server. Open up:

/etc/sysconfig/iptables

..And add:

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --source IPOFYOURMUNINSERVER --dport 4949 -j ACCEPT

Then restart iptables:

/etc/init.d/iptables restart

Note the –source line; this should restrict tcp/4949 to your Munin server. Since nothing else should be talking to your client on 4949, you might as well go the distance in keeping things secure.

Enabling More Stuff

You’ll notice that different servers might have different graphs – you might see MySQL show up on a database server, while it doesn’t show up on a webserver. When you install munin-node, the installer does some checking and enables plugins that seem to make sense. What if you want more stuff? Simply check:

/usr/share/munin/plugins/

…And see what’s available. To enable something – we’ll use ‘netstat’ as example, you just make a symlink in the Munin config plugins directory. Example:

ln -s /usr/share/munin/plugins/netstat /etc/munin/plugins/netstat

Restart the node after this:

/etc/init.d/munin-node start

MySQL

You might have a MySQL plugin enabled by default, but – by default, it won’t pull anything of use. To remedy this, hop on your node, and open up:

/etc/munin/plugin-conf.d/munin-node

Add or modify the following:

[mysql*]
env.mysqlopts -u munin -pSEKRITPASSWORDSHHH

Replace ‘SEKRITPASSWORD…’ with some sort of password. Note the MySQL user (-u munin) you’ll be creating is fairly unprivileged. Speaking of which, let’s create that:

mysql
create user munin@'localhost' identified by 'SEKRITPASSWORDSHHH';
flush privileges;
quit;


…Again, replace the password. After all this – you guessed it, restart the node:

/etc/init.d/munin-node start

Shortly thereafter you should start getting MySQL data on the server.