How to install and configure Munin on CentOS


Munin surveys all your servers and remembers what it saw. It presents all the information in graphs through a web interface. Its emphasis is on plug and play capabilities. While it may not be the most scalable solution, it's flexible, yet easy to understand when monitoring a dozen or so servers.

Using Munin you can easily monitor the performance of your computers, networks, SANs, applications, weather measurements and whatever comes to mind. It makes it easy to determine "what's different today" when a performance problem crops up. It makes it easy to see how you're doing capacity-wise on any resources.

Munin uses the excellent ​RRDTool (written by Tobi Oetiker) and the framework is written in Perl, while plugins may be written in any language.

This how-to guide explains how to install and configure Munin and Munin Node on CentOS 5,6,7 or Fedora.

Note: This guide assumes you are familiar with SSH and basic command line navigation. These instructions apply primarily to customers who have Virtual Private Servers or Dedicated servers. If you do not have root-level access you will not be able to make these changes.



1. Installation

1.1 Install EPEL Repository

All files required for installation of Munin are contained in the EPEL repository. The EPEL repository provides easy to install packages for commonly used software.

# yum install epel-release

If this command does not work, perhaps because the CentOS Extras repository is disabled, the section below provides manual installation instructions based on your distribution version.


CentOS and Red Hat Enterprise Linux 5.x

# wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-5.noarch.rpm sudo rpm -Uvh epel-release-5*.rpm

CentOS and Red Hat Enterprise Linux 6.x

# wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm sudo rpm -Uvh epel-release-6*.rpm

CentOS and Red Hat Enterprise Linux 7.x

# wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm sudo rpm -Uvh epel-release-7*.rpm

If you get a File Not Found error message when trying to download the package, the version number might have changed. You can access the latest version of the RPM installer from the Fedora EPEL wiki page. The wiki page also includes additional instructions for Red Hat Network subscribers who are installing the EPEL repository.

Note: There is no need for Fedora users to install the EPEL repository. Munin is already included in Fedora and can be installed using yum (see step 1.2).


1.2 Installation Munin and Munin Node

  • Munin is the daemon service aggregating all data, which is then pulled to the daemon. It then uses RRDtool to log and generate updated graphs and it renders all webpages. It runs only on your host server.
  • Munin Node collects data on your servers. It needs to be installed and configured on each server you wish to monitor.

Before we begin, first ensure that your server is up-to-date:

# yum update

You are now ready to issue the command to install both Munin and Munin Node on your server. This command also installs all dependencies, such as RRDTool that are required by Munin.

# yum install munin munin-node

Munin node will have to be installed on each server you wish to monitor. Follow the above steps, but only install the munin-node service on each server you wish to monitor:

# yum install munin-node

Now create the system startup links for Munin and startup the Munin daemon for the first time:

CentOS 5,6 and Fedora
# service munin-node start
# chkconfig --level 35 munin-node on
CentOS 7
# systemctl enable munin-node.service
# systemctl start munin-node.service

Note: Munin requires a working web server on the host server, such as Apache or Nginx to render and display its statistics pages.


1.3 Remove Munin and Munin Node

# yum remove munin-node


2. Configuring Munin and Munin Node

Note: Munin requires firewall port 4949 to be opened. The Security of your Munin installation is outside the scope of this tutorial. For a guide detailing the ins and outs of the popular CSF firewall please follow this guide


2.1 Configuring Munin

The configuration file for Munin can be found at /etc/munin/munin.conf


# dbdir   /var/lib/munin
# htmldir /var/www/html/munin
# logdir  /var/log/munin
# rundir  /var/run/munin

You can simply uncomment the values above. The defaults are fine in most cases. You can also adjust the htmldir accordingly depending on where you would like the files to be generated.

In case you'd like Munin to be tied in to a DirectAdmin account, you'd enter the following:

dbdir   /var/lib/munin
htmldir /home/username/domains/domain.com/)
logdir  /var/log/munin
rundir  /var/run/munin

The host tree should be adjusted as well. You can set a custom name for your server. All remote servers you wish to monitor need to be listed here:

# a simple host tree
[localhost.or.enter.your.custom.server.name.here]
address 127.0.0.1
use_node_name yes

[remote.server.or.enter.your.custom.server.name.here]
address xxx.xxx.xxx.xxx
use_node_name yes

Once the munin.conf file has been updated, you’ll need to adjust the permissions of the html directory.

In the example below I set my html directory to /var/www/html/munin . To allow munin to write to it we’ll have to change ownership to the correct user:

# chown munin:munin /var/www/html/munin

2.2 Password protecting Munin (optional)

Edit /etc/httpd/conf.d/munin.conf and uncomment if required the htpasswd section as below:

# AuthUserFile /etc/munin/munin-htpasswd
# AuthName "Munin"
# AuthType Basic
# require valid-user

to:

AuthUserFile /etc/munin/munin-htpasswd
AuthName "Munin"
AuthType Basic
require valid-user

If required be sure to rename the AuthName to a username you prefer.

Then password protect Munin with a username and password using Apache basic auth module as shown below. The username "Munin" can be replaced with anything you desire:

# htpasswd /etc/munin/munin-htpasswd Munin

2.3 Limit access to Munin by IP address (optional)

Open the following file /etc/httpd/conf.d/munin.conf and add the following lines to the directory directive

Order Deny,Allow
Deny from all
Allow from 127.0.0.1 192.168.1.0/24

Where xxx.xxx.xxx.xxx/24 represents the external IP address you wish to view the statistics with. If you wish to allow all clients access to Munin graphs, change the line Allow from 127.0.0.1 xxx.xxx.xxx.xxx/24 to Allow from All.


Now is a good time to restart Munin in order to make the changes take effect:

CentOS 5,6 and Fedora
# service munin-node start
CentOS 7
# sysctl restart munin-node.service


2.4 Configuring Munin Node

The configuration file for Munin Node can be found at /etc/munin/munin-node.conf

For security reason, I'd like Munin to run under a less risky user.

Change:

user root
group root

to:

user munin
group munin

Alter the listening address to bind to localhost only:

# Which address to bind to;
host *
host 127.0.0.1

Add the IP Address of the Munin Daemon: Do not forget to leave localhost (127.0.0.1) active when configuring external munin nodes in munin-node.conf So, you'll need a total of 2IP's minimum.

allow ^127\.0\.0\.1$
allow ^12\.12\.12\.12$   ^IP\.ADD\.RE\.SS$ of munin master


3. E-Mail Notifications / Alerting

3.1 Configure Contacts

Munin has basic support for sending mails when specified warning and critical thresholds are exceeded. If you aren’t already running a notification system, such as Nagios, Munin’s notification are quick to setup and work reliably. A few changes to munin.conf are all that’s needed.

First, you need to configure contacts, which enables the notification system.

contacts me # may be unnecessary and cause warnings
contact.me.command mail -s "Munin notification ${var:host}" user@host.tld
contact.me.always_send warning critical
contact.alert.command mail -s "Munin notification ${var:host}" user@host.tld
contact.alert.always_send critical

Above, I define a contact entry named me. Pick any name you would like. Next, the specific command action is defined. It’s a simple string to be executed by a shell which will receive the body of the alert message as STDIN. For sending email an appropriate command such as mail is used. Finally, mails will always be sent on any warning or critical state.


if required you can add a specific user that you send the alert to in the host tree of /etc/munin/munin.conf:

[domain;serverA]
address aaa.aaa.aaa.aaa
use_node_name yes
contacts me alert

3.2 Set Tresholds

Tresholds can be set by editing the host tree in /etc/munin/munin.conf.

[domain;serverA]
address aaa.aaa.aaa.aaa
load.warning 3
load.critical 5
diskstats_latency.sda.avgrdwait.warning 0:3
diskstats_latency.sda.avgrdwait.critical 0:5
diskstats_latency.sda.avgwrwait.warning 0:3
diskstats_latency.sda.avgwrwait.critical 0:5
diskstats_latency.vg_host_lv_swap.avgrdwait.warning 0:10
diskstats_latency.vg_host_lv_swap.avgwrwait.warning -5:5
use_node_name yes
contacts me alert

The easiest way to figure out the correct graph name is by hovering over the graph.



4. Plugins

4.1 MySQL

If you’re running a server with CentOS 5/6 with Munin installed to graph the system stats, you’ll mostly likely notice that the generated graphs do not include MySQL.

This is expected behaviour since cPanel, DirectAdmin or Virtualmin ask you to define a root password for your MySQL server (so it isn’t left unsecured out in the open). Unfortunately, by default, Munin tries to read MySQL data using the root account and without password and thus fails.


4.1.1 MySQL User Setup

DirectAdmin

Enter the following to reveal the MySQL login credentials on your DirectAdmin based server

# cat /usr/local/directadmin/conf/mysql.conf

Virtualmin

Login to Virtualmin and navigate to Webmin > Servers > MySQL Database Server. Create a new user munin and define a password, set it to only log in from localhost and add the Superuser permission.

Now navigate to Database Permissions and add the previously created munin user on database MySQL, again only for localhost and only grant the Select table data permission.


4.1.2 MySQL Dependencies

For MySQL monitoring to work we need a few dependencies.

For Mysql 5.1x:

yum install perl-Cache perl-Cache-Cache
yum install perl-IPC-ShareLite perl-DBD-MySQL

For Mysql 5.5x and higher:

sudo perl -MCPAN -e 'install +YAML'
shell> perl -MCPAN -e shell
cpan> install DBI
cpan> install DBD::mysql

or by using CPAN:

cpan> fforce install DBD::mysqlc

if perl-Cache-Cache is missing, first install and enable the EPEL repository (see 1.1) and then continue by installing the module.

yum install perl-Cache-Cache

4.1.3 MySQL User Credentials

DirectAdmin

Open the /usr/share/munin/plugins/mysql_ file and edit:

You should see something like this with the credentials left blank:

my %config = (
    'dsn'        => $ENV{'mysqlconnection'} || 'DBI:mysql:mysql',
    'user'       => $ENV{'mysqluser'}       || 'da_admin',
    'password'   => $ENV{'mysqlpassword'}   || 'removed',
);

Virtualmin

Open the /etc/munin/plugin-conf.d/munin-node file and add (or edit if already exists):

[mysql*]
env.mysqladmin /usr/bin/mysqladmin
env.mysqluser munin
env.mysqlpassword your-previously-defined-password
env.mysqlopts -umunin -pyour-previously-defined-password

If you’re using innodb tables, you will need to create the /etc/munin/plugin-conf.d/mysql_innodb file to ignore InnoDB related errors (which Munin will most likely generate).

[mysql_innodb]
env.warning 0
env.critical 0

4.1.4 MySQL Select services to monitor

Enter the following to reveal what MySQL plugins are available:

# /usr/share/munin/plugins/mysql_ suggest
mysql_bin_relay_log
mysql_commands
mysql_connections
mysql_files_tables
mysql_innodb_bpool
mysql_innodb_bpool_act
mysql_innodb_insert_buf
mysql_innodb_io
mysql_innodb_io_pend
mysql_innodb_log
mysql_innodb_rows
mysql_innodb_semaphores
mysql_innodb_tnx
mysql_myisam_indexes
mysql_network_traffic
mysql_qcache
mysql_qcache_mem
mysql_replication
mysql_select_types
mysql_slow
mysql_sorts
mysql_table_locks
mysql_tmp_tables

To enable all of them simply run the following:

cd /etc/munin/plugins
ln -sf /usr/share/munin/plugins/mysql_ mysql_
for i in `./mysql_ suggest`; \
do ln -sf /usr/share/munin/plugins/mysql_ $i; done

If you only need a few of them you can apply them this way:

cd /etc/munin/plugins
ln -sf cmysql_ mysql_bin_relay_log
ln -sf /usr/share/munin/plugins/mysql_ mysql_commands
ln -sf /usr/share/munin/plugins/mysql_ mysql_connections
ln -sf /usr/share/munin/plugins/mysql_ mysql_files_tables
ln -sf /usr/share/munin/plugins/mysql_ mysql_innodb_bpool

4.1.5 MySQL Test plugin

To test if the plugin works, run in the console:

munin-node-configure --suggest | grep mysql

The output should be something like below:

mysql_                     | yes  | yes (+bin_relay_log +commands       and a lot of other blabber

Reload Munin Node

Be sure to reload munin-node:

/etc/init.d/munin-node restart

or for CentOS7

systemctl restart munin-node

4.2 Soft RAID/SMART Monitoring

Monitor your drive and RAID health and performance. Begin by ensuring that you have smartmontools installed:

yum install smartmontools

Symlink the plugins:

cd /etc/munin/plugins
ln -s /usr/share/munin/plugins/smart_ smart_sda
ln -s /usr/share/munin/plugins/smart_ smart_sdb

Edit the following file:

nano /etc/munin/plugin-conf.d/munin-node

Add the following:

[smart_*]
user root
group disk

[smart_sda]
env.smartargs -H -l error -d ata

[smart_sdb]
env.smartargs -H -l error -d ata

4.3 Ping

It's always good to have a clue about your connectivity to the rest of the world. You can setup the ping plugin using a simple correctly formatted symlink:

# ln -s /usr/share/munin/plugins/ping_  /etc/munin/plugins/ping_google.com
# ln -s /usr/share/munin/plugins/ping_  /etc/munin/plugins/ping_ovh.fr
# ln -s /usr/share/munin/plugins/ping_  /etc/munin/plugins/ping_example.com

4.4 FTP

To monitor FTP activity for an account lftp

yum install lftp

Once lftp is installed, it's time to create our monitoring script: /usr/share/munin/plugins/backup_space

#!/bin/bash
MAXLABEL=20

if [ "$1" == "autoconf" ]; then
        echo yes
  exit 0
fi

if [ "$1" == "config" ]; then
  echo 'graph_title Backup-Space'
  echo 'graph_args --base 1000 -l 0'
  echo 'graph_vlabel Space in GB'
  echo 'graph_category Backup'
  echo 'graph_order max space'
  echo 'space.label Current'
  echo 'space.draw LINE'
  echo 'max.label Max'
  echo 'max.draw AREA'
  exit 0
fi

echo -en "space.value " && echo du . | lftp -u ${user},${pass} ${ip} | awk -v LIMIT="${max}" '$1~/[0-9]+/ {QUOTA=LIMIT*1024*1024; print ($1)/1024/1024 }' | tail -1
echo -en "max.value " && echo ${max}

save this file and create the following symlink:

ln -s /usr/share/munin/plugins/backup_space.sh /etc/munin/plugins/backup_space

Edit the /etc/munin/plugin-conf.d/munin-node file

[backup_space]
env.user username
env.pass passwort
env.ip ftpserver
env.max 100

If you test the script and get the error Certificate verification: Not trusted:

# /etc/munin/plugins# munin-run backup_space

Edit /etc/lftp.conf

And set:

ssl:verify-certificate no



5. Debugging Munin

5.1 Compatibility check

To see which plug-ins are installed on a munin node, log into it and run the munin-node-configure command:

 

# munin-node-configure
Plugin                     | Used | Extra information                      
------                     | ---- | -----------------                      
acpi                       | no   |                                        
apache_accesses            | no   |                                        
apache_processes           | no   |                                        
apache_volume              | no   |                                                                              
courier_mta_mailqueue      | no   |                                        
courier_mta_mailstats      | no   |                                        
courier_mta_mailvolume     | no   |                                        
cps_                       | no   |                                        
cpu                        | yes  |                                        
cupsys_pages               | no   |                                        
df                         | yes  |                                        
df_abs                     | no   |                                        
df_inode                   | yes  |                                        
entropy                    | yes  |                                        
exim_mailqueue             | yes  |                                        
exim_mailstats             | yes  |                                        
forks                      | yes  |                                        
fw_conntrack               | no   |                                        
...

The output is longer than that, but that's generally what you'll see — the plug-ins with “yes” next to them are enabled, the ones with “no” next to them are installed but disabled.

 

Deciding what to enable

To help you decide whether you want to enable any other munin plug-ins, run munin-node-configure with the ”–suggest“ option: munin-node-configure --suggest

# munin-node-configure --suggest
Plugin                     | Used | Suggestions                            
------                     | ---- | -----------                            
acpi                       | no   | no [cannot read /proc/acpi/thermal_zone/*/temperature]
amavis                     | no   | no                                     
apache_accesses            | no   | no [ExtendedStatus option for apache mod_status is missing on port 80]
apache_processes           | no   | no [ExtendedStatus option for apache mod_status is missing on port 80]
apache_volume              | no   | no [ExtendedStatus option for apache mod_status is missing on port 80]
apc_envunit_               | no   | no [no units to monitor]               
bonding_err_               | no   | no [No /proc/net/bonding]              
courier_mta_mailqueue      | no   | no [spooldir not found]                
courier_mta_mailstats      | no   | no [could not find executable]         
courier_mta_mailvolume     | no   | no [could not find executable]         
cps_                       | no   | no                                     
cpu                        | yes  | yes                                    
cpuspeed                   | no   | no [missing /sys/devices/system/cpu/cpu0/cpufreq/stats/time_in_state]
cupsys_pages               | no   | no [could not find logdir]             
df                         | yes  | yes                                    
df_inode                   | yes  | yes                                    
diskstats                  | yes  | yes                                    
entropy                    | yes  | yes                                    
exim_mailqueue             | no   | no [no exiqgrep]                       
exim_mailstats             | no   | no ['/usr/sbin/exim -bP log_file_path' returned an error]
fail2ban                   | no   | no [/usr/bin/fail2ban-client not found]
...

If your output includes any error messages at the end or complaints about “junk output”, don't worry. That just means a plug-in was queried that didn't give a proper response, it doesn't affect munin's operation.

Note that the output with ”–suggest“ is usually shorter than the complete list of installed plug-ins. When you ask munin-node-configure for its suggestions, it lists plug-ins that are written to respond to that query and also omits many plug-ins that are already installed.

Each plug-in name is followed by a “yes” or “no” indicating whether or not it's currently enabled. The last column might contain a suggestion regarding a plug-in's status. A “yes” suggestion indicates that a plug-in is currently supported by your system and can be enabled without making changes (like the postfix plug-ins in the example above). Other entries in the “Suggestions” column can offer details about issues that need to be corrected before enabling a given plug-in.

 

5.2 Test Plugins

On a host where munin-node is installed, you can check to see whether the plugin runs by using the munin-run command. You can test a plugin with and without the optional config and debug variables.

Regular run:

# munin-run df
_dev_hda1.value 83

 

Config run:

# munin-run df config
graph_title Filesystem usage (in %)
graph_args --upper-limit 100 -l 0
graph_vlabel %
graph_category disk
graph_info This graph shows disk usage on the machine.
_dev_hda1.label /
_dev_hda1.info / (ext3) -> /dev/hda1
_dev_hda1.warning 92
_dev_hda1.critical 98

 

5.3 Telnet to run munin-node plugin

Does the plugin run through munin-node, with and without config? Hint: Telnet to port 4949.

Regular run:

# telnet foo.example.com 4949
Trying foo.example.com...
Connected to foo.example.com.
Escape character is '^]'.
# munin node at foo.example.com
fetch df
_dev_hda1.value 83
[...]
.

 

With config:

# telnet foo.example.com 4949
Trying foo.example.com...
Connected to foo.example.com.
Escape character is '^]'.
# munin node at foo.example.com
config df
graph_title Filesystem usage (in %)
graph_args --upper-limit 100 -l 0
graph_vlabel %
graph_category disk
graph_info This graph shows disk usage on the machine.
_dev_hda1.label /boot
_dev_hda1.info /boot (ext3) -> /dev/hda1
_dev_hda1.warning 92
_dev_hda1.critical 98
[...]
.

If the plugin does run with munin-run but not through telnet, you probably have a PATH problem. Tip: Set env.PATH for the plugin in the plugin's environment file.

 

5.4 Verify Munin Services

you can verify that the Munin service is running with ps and netstat:

#ps aux | grep munin
apache    17835  0.2  0.8 141140  8480 ?     Ss   07:51   0:00 /usr/sbin/munin-node
root      18186  0.0  0.0 103220   844 pts/0 S+   07:52   0:00 grep munin
# netstat -anp | grep munin-node
tcp        0      0 0.0.0.0:4949       0.0.0.0:*      LISTEN      17835/munin-node

In the example above, you can see that the daemon process is running and that it is listening on tcp port 4949.

  • munin, monitoring, installation, guide, howto, centos, configuration, rrdtool
  • 5 Users Found This Useful
Was this answer helpful?

Related Articles

Installation of SpamAssassin on DirectAdmin

In this guide I will be explaining how to install and configure SpamAssasin on a Direct Admin...

Installation Clam Anti Virus (ClamAV) on DirectAdmin / CentOS

Clam AntiVirus is a popular open source (GPL) anti-virus toolkit for UNIX, designed for e-mail...

Installation of Directadmin on CentOS

In this guide I will be explaining how to install Direct Admin on a clean installation of CentOS...

Installation of Directadmin on CentOS

In this guide I will be explaining how to install Direct Admin on a clean installation of CentOS...

Installation CSF Firewall on CentOS 5 and 6

The ConfigServer Security & Firewall is a popular open source Stateful Packet Inspection...