Génération dynamique de graphiques sous Munin

Après avoir installé Munin sur un nouveau serveur je me suis rendu compte que je ne pouvais pas zoomer sur mes graphiques : erreur 404 et 500. C’est en fait la génération dynamique de graphiques qui ne fonctionnait pas. Voyons comment la paramétrer.

Génération dynamique de graphiques sous Munin

Ici je pars du principe que Munin est déjà installé et configuré sur votre serveur.

Nous allons avoir besoin d’installer quelques paquets pour faire fonctionner la génération dynamique de graphiques sous Munin

sudo apt-get install spawn-fcgi rrdcached -y

Modifiez la configuration de rrdcached

sudo nano /etc/default/rrdcached

Ajoutez

OPTS="-s www-data -l unix:/run/rrdcached.sock -b /var/lib/munin/ -B -j /var/lib/munin/journal/ -F"

Redémarrez rrdcached

sudo service rrdcached restart

Éditez maintenant la configuration de Munin

sudo nano /etc/munin/munin.conf

Ajoutez les paramètres suivants

cgitmpdir /var/lib/munin/cgi-tmp
graph_strategy cgi
cgiurl_graph /munin-cgi/munin-cgi-graph
html_strategy cgi
rrdcached_socket /var/run/rrdcached.sock

Nous allons maintenant devoir configurer deux scripts de démarrage automatique pour spawn fcgi

sudo nano /etc/init.d/spawn-fcgi-munin-html

Collez la configuration suivante

#! /bin/sh

### BEGIN INIT INFO
# Provides: spawn-fcgi-munin-html
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Description: starts FastCGI for Munin-Html
### END INIT INFO
# --------------------------------------------------------------
# Munin-CGI-Html Spawn-FCGI Startscript by Julien Schmidt
# eMail: munin-trac at julienschmidt.com
# www: http://www.julienschmidt.com
# --------------------------------------------------------------
# Install: 
# 1. Copy this file to /etc/init.d
# 2. Edit the variables below
# 3. run "update-rc.d spawn-fcgi-munin-html defaults"
# --------------------------------------------------------------
# Special thanks for their help to:
# Frantisek Princ
# Jérôme Warnier
# --------------------------------------------------------------
# Last Update: 14. February 2013
#
# Please change the following variables:

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
NAME=spawn-fcgi-munin-html
PID_FILE=/var/run/munin/$NAME.pid
SOCK_FILE=/var/run/munin/$NAME.sock
SOCK_USER=www-data
FCGI_USER=www-data
FCGI_GROUP=www-data
FCGI_WORKERS=2
DAEMON=/usr/bin/spawn-fcgi
DAEMON_OPTS="-s $SOCK_FILE -F $FCGI_WORKERS -U $SOCK_USER -u $FCGI_USER -g $FCGI_GROUP -P $PID_FILE -- /usr/lib/munin/cgi/munin-cgi-html"

# --------------------------------------------------------------
# No edits necessary beyond this line
# --------------------------------------------------------------

if [ ! -x $DAEMON ]; then
 echo "File not found or is not executable: $DAEMON!"
 exit 0
fi

status() {
 if [ ! -r $PID_FILE ]; then
 return 1
 fi

 for FCGI_PID in `cat $PID_FILE`; do
 if [ -z "${FCGI_PID}" ]; then
 return 1
 fi

 FCGI_RUNNING=`ps -p ${FCGI_PID} | grep ${FCGI_PID}`
 if [ -z "${FCGI_RUNNING}" ]; then
 return 1
 fi
 done;

 return 0
}

start() {
 if status; then
 echo "FCGI is already running!"
 exit 1
 else
 $DAEMON $DAEMON_OPTS
 fi
}

stop () {
 if ! status; then
 echo "No PID-file at $PID_FILE found or PID not valid. Maybe not running"
 exit 1
 fi

 # Kill processes
 for PID_RUNNING in `cat $PID_FILE`; do
 kill -9 $PID_RUNNING
 done

 # Remove PID-file
 rm -f $PID_FILE

 # Remove Sock-File
 rm -f $SOCK_FILE
}

case "$1" in
 start)
 echo "Starting $NAME: "
 start
 echo "... DONE"
 ;;

 stop)
 echo "Stopping $NAME: "
 stop
 echo "... DONE"
 ;;

 force-reload|restart)
 echo "Stopping $NAME: "
 stop
 echo "Starting $NAME: "
 start
 echo "... DONE"
 ;;

 status)
 if status; then
 echo "FCGI is RUNNING"
 else
 echo "FCGI is NOT RUNNING"
 fi
 ;;

 *)
 echo "Usage: $0 {start|stop|force-reload|restart|status}"
 exit 1
 ;;
esac

exit 0

Créons notre second script

sudo nano /etc/init.d/spawn-fcgi-munin-graph

Collez la configuration suivante

#! /bin/sh

### BEGIN INIT INFO
# Provides: spawn-fcgi-munin-graph
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Description: starts FastCGI for Munin-Graph
### END INIT INFO
# --------------------------------------------------------------
# Munin-CGI-Graph Spawn-FCGI Startscript by Julien Schmidt
# eMail: munin-trac at julienschmidt.com
# www: http://www.julienschmidt.com
# --------------------------------------------------------------
# Install: 
# 1. Copy this file to /etc/init.d
# 2. Edit the variables below
# 3. run "update-rc.d spawn-fcgi-munin-graph defaults"
# --------------------------------------------------------------
# Special thanks for their help to:
# Frantisek Princ
# Jérôme Warnier
# --------------------------------------------------------------
# Last Update: 14. February 2013
#
# Please change the following variables:

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
NAME=spawn-fcgi-munin-graph
PID_FILE=/var/run/munin/$NAME.pid
SOCK_FILE=/var/run/munin/$NAME.sock
SOCK_USER=www-data
FCGI_USER=www-data
FCGI_GROUP=www-data
#FCGI_GROUP=munin
FCGI_WORKERS=4
DAEMON=/usr/bin/spawn-fcgi
DAEMON_OPTS="-s $SOCK_FILE -F $FCGI_WORKERS -U $SOCK_USER -u $FCGI_USER -g $FCGI_GROUP -P $PID_FILE -- /usr/lib/munin/cgi/munin-cgi-graph"

# --------------------------------------------------------------
# No edits necessary beyond this line
# --------------------------------------------------------------

if [ ! -x $DAEMON ]; then
 echo "File not found or is not executable: $DAEMON!"
 exit 0
fi

status() {
 if [ ! -r $PID_FILE ]; then
 return 1
 fi

 for FCGI_PID in `cat $PID_FILE`; do
 if [ -z "${FCGI_PID}" ]; then
 return 1
 fi

 FCGI_RUNNING=`ps -p ${FCGI_PID} | grep ${FCGI_PID}`
 if [ -z "${FCGI_RUNNING}" ]; then
 return 1
 fi
 done;

 return 0
}

start() {
 if status; then
 echo "FCGI is already running!"
 exit 1
 else
 $DAEMON $DAEMON_OPTS
 fi
}

stop () {
 if ! status; then
 echo "No PID-file at $PID_FILE found or PID not valid. Maybe not running"
 exit 1
 fi

 # Kill processes
 for PID_RUNNING in `cat $PID_FILE`; do
 kill -9 $PID_RUNNING
 done

 # Remove PID-file
 rm -f $PID_FILE

 # Remove Sock-File
 rm -f $SOCK_FILE
}

case "$1" in
 start)
 echo "Starting $NAME: "
 start
 echo "... DONE"
 ;;

 stop)
 echo "Stopping $NAME: "
 stop
 echo "... DONE"
 ;;

 force-reload|restart)
 echo "Stopping $NAME: "
 stop
 echo "Starting $NAME: "
 start
 echo "... DONE"
 ;;

 status)
 if status; then
 echo "FCGI is RUNNING"
 else
 echo "FCGI is NOT RUNNING"
 fi
 ;;

 *)
 echo "Usage: $0 {start|stop|force-reload|restart|status}"
 exit 1
 ;;
esac

exit 0

Rendez ces scripts exécutables

sudo chmod a+x /etc/init.d/spawn-fcgi-munin-html && sudo chmod a+x /etc/init.d/spawn-fcgi-munin-graph

Configurons les pour qu’ils s’exécutent à chaque démarrage

sudo update-rc.d spawn-fcgi-munin-html defaults && sudo update-rc.d spawn-fcgi-munin-graph defaults

Maintenant lançons les

sudo /etc/init.d/spawn-fcgi-munin-html start
sudo /etc/init.d/spawn-fcgi-munin-graph start

Configurez / modifiez votre vhost Munin de la manière suivante

server {
 listen 80;
 server_name munin.votre-domain.tld;
 return 301 https://munin.votre-domain.tld$request_uri;}

server {

#------------------------------------------------------------------------
# GENERAL
#
 listen 443 ssl;
 server_name munin.votre-domain.tld; 
 root /var/cache/munin/www;
 index index.php index.html index.htm;
 
#------------------------------------------------------------------------
# SSL
#
 ssl_certificate /chemin/vers/votre/certificat;
 ssl_certificate_key /chemin/vers/la/clé/de/votre/certificat;

 ssl_protocols TLSv1.2;
 ssl_dhparam /etc/nginx/ssl/dh4096.pem;
 ssl_ecdh_curve secp384r1;
 ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
 ssl_prefer_server_ciphers on;
 
 # ssl optimizations
 ssl_session_timeout 1d;
 ssl_session_cache shared:SSL:50m;
 ssl_buffer_size 8k;
 ssl_session_tickets off;
 ssl_stapling on;
 ssl_stapling_verify on;
 resolver 8.8.8.8 8.8.4.4 valid=300s;
 resolver_timeout 5s;

 
#------------------------------------------------------------------------
# MUNIN
# 
 location / {
 # First attempt to serve request as file, then
 # as directory, then fall back to index.html
 try_files $uri $uri/ munin-cgi/$uri /index.html;
 add_header Cache-Control no-cache;
 }

 # Munin cgi-graph
 location ^~ /munin-cgi/munin-cgi-graph/ {
 access_log off;
 fastcgi_split_path_info ^(/munin-cgi/munin-cgi-graph)(.*);
 fastcgi_param PATH_INFO $fastcgi_path_info;
 fastcgi_pass unix:/run/munin/spawn-fcgi-munin-graph.sock;
 include fastcgi_params;
 add_header Cache-Control no-cache;
 }

 location /munin-cgi/static/ {
 alias /etc/munin/static/;
 add_header Cache-Control no-cache;
 }

 # Munin cgi-html
 location /munin-cgi/ {
 fastcgi_split_path_info ^(/munin-cgi)(.*);
 fastcgi_param PATH_INFO $fastcgi_path_info;
 fastcgi_pass unix:/run/munin/spawn-fcgi-munin-html.sock;
 include fastcgi_params;
 add_header Cache-Control no-cache;
 }

 # deny access to .htaccess files, if Apache's document root
 # concurs with nginx's one
 #
 location ~ /\.ht {
 deny all;}

}

Rechargez la configuration de NGinx

sudo service nginx reload

Connectez vous à votre instance web et vous constaterez que la génération dynamique de graphiques sous Munin fonctionne désormais

Source

• Erick Ocrospoma, Munin + NGinx on Debian