install and configure monit
apt-get install monit
Monit Configuration file is /etc/monit/monitrc
for example sshd,apache,Mysql
Now for monit web interface the default port number is 2812
Now let us configure the monit
vi /etc/monit/monitrc
--------------------------------------------------------------------------------------------------------------------
set daemon 60 // time interval of the daemon set logfile syslog facility log_daemon set mailserver localhost set mail-format { from: monit@server1.example.com } set alert root@localhost // mail id to send email alerts set httpd port 2812 and // If you want to chang port number change here better leave it default SSL ENABLE // for SSL PEMFILE /var/certs/monit.pem // SSL certificate location allow admin:test // user name and password Basic Auth // monitoring sshd check process sshd with pidfile /var/run/sshd.pid start program "/etc/init.d/ssh start" stop program "/etc/init.d/ssh stop" if failed port 22 protocol ssh then restart if 5 restarts within 5 cycles then timeout
// monitoring mysql check process mysql with pidfile /var/run/mysqld/mysqld.pid group database start program = "/etc/init.d/mysql start" stop program = "/etc/init.d/mysql stop" if failed host 127.0.0.1 port 3306 then restart if 5 restarts within 5 cycles then timeout
// monitoring apache check process apache with pidfile /var/run/apache2.pid group www start program = "/etc/init.d/apache2 start" stop program = "/etc/init.d/apache2 stop"
if failed host www.example.com port 80 protocol http and request "/monit/token" then restart
here monit tries to connect www.example.com on port 80 and tries to access a file
/monit/token
the actual location of /monit/token is
/var/www/www.example.com/web/monit/token
as our website document root is
/var/www/www.example.com/web
if monit cannot access this file it means apache is not runnig so it will
restart apache.
Creation of token is given below
if cpu is greater than 60% for 2 cycles then alert
if cpu > 80% for 5 cycles then restart
if totalmem > 500 MB for 5 cycles then restart
if children > 250 then restart
if loadavg(5min) greater than 10 for 8 cycles then stop
if 3 restarts within 5 cycles then timeout
you can add your custom process for
monitoring here
----------------------------------------------------------------------------------------------------------------
Creation of token
---------------------
mkdir /var/www/www.example.com/web/monit
echo "hello" > /var/www/www.example.com/web/monit/token
Creation of SSL-encrypted monit web interface
-----------------------------------------------------------------
( /var/certs/monit.pem )
openssl req -new -x509 -days 365 -nodes -config ./monit.cnf -out /var/certs/monit.pem -keyout /var/certs/monit.pem
openssl gendh 512 >> /var/certs/monit.pem
openssl x509 -subject -dates -fingerprint -noout -in /var/certs/monit.pem
chmod 700 /var/certs/monit.pem
then we need to configure OpenSSL configuration file to create our certificate
vi /var/certs/monit.cnf
example file is
-------------------------------------------------------------------------------------------
# create RSA certs - Server RANDFILE = ./openssl.rnd [ req ] default_bits = 1024 encrypt_key = yes distinguished_name = req_dn x509_extensions = cert_type [ req_dn ] countryName = Country Name (2 letter code) countryName_default = MO stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = Monitoria localityName = Locality Name (eg, city) localityName_default = Monittown organizationName = Organization Name (eg, company) organizationName_default = Monit Inc. organizationalUnitName = Organizational Unit Name (eg, section) organizationalUnitName_default = Dept. of Monitoring Technologies commonName = Common Name (FQDN of your server) commonName_default = server.monit.mo emailAddress = Email Address emailAddress_default = root@monit.mo [ cert_type ] nsCertType = server
------------------------------------------------------------------------------
enable monit daemon now
/etc/default/monit
in this file set startup =1 and interval for running the monit daemon
example file is below
--------------------------------------------------------------
# Defaults for monit initscript # sourced by /etc/init.d/monit # installed at /etc/default/monit by maintainer scripts # Fredrik Steen# You must set this variable to for monit to start startup=1 # To change the intervals which monit should run uncomment # and change this variable. CHECK_INTERVALS=60
---------------------------------------------------------------
now let us start monit
/etc/init.d/monit start
Now point your browser to https://www.example.com:2812/ (make sure port 2812 is not blocked by your firewall), log in with admin and test
as specified in /etc/monit/monitrc
No comments:
Post a Comment