Thursday, September 1, 2011

Installing and Configuring Monit Step by Step


install and configure monit

apt-get install monit

Monit Configuration file is  /etc/monit/monitrc

Now make the list of services you want to monitor 


for example sshd,apache,Mysql 


Now for monit web interface the default port number is 2812

Now let us configure the monit 


vi /etc/monit/monitrc
-------------------------------------------------------------------------------------------------------------------- 
 
set daemon  60    // time interval of the daemon
set logfile syslog facility log_daemon
set mailserver localhost
set mail-format { from: monit@server1.example.com }
set alert root@localhost // mail id to send email alerts
set httpd port 2812 and  // If you want to chang port number change here better leave it default
     SSL ENABLE          // for SSL
     PEMFILE  /var/certs/monit.pem   // SSL certificate location
     allow admin:test                // user name and password Basic Auth

// monitoring sshd

check process sshd with pidfile /var/run/sshd.pid
   start program  "/etc/init.d/ssh start"
   stop program  "/etc/init.d/ssh stop"
   if failed port 22 protocol ssh then restart
   if 5 restarts within 5 cycles then timeout
// monitoring mysql

check process mysql with pidfile /var/run/mysqld/mysqld.pid
   group database
   start program = "/etc/init.d/mysql start"
   stop program = "/etc/init.d/mysql stop"
   if failed host 127.0.0.1 port 3306 then restart
   if 5 restarts within 5 cycles then timeout
// monitoring apache

check process apache with pidfile /var/run/apache2.pid
   group www
   start program = "/etc/init.d/apache2 start"
   stop program  = "/etc/init.d/apache2 stop"

   if failed host www.example.com port 80 protocol http
      and request "/monit/token" then restart
here monit tries to connect www.example.com on port 80 and tries to access a file
/monit/token
 
the actual location of /monit/token is 
 
/var/www/www.example.com/web/monit/token
 
as our website document root is   
 
/var/www/www.example.com/web 
 
if monit cannot access this file it means apache is not runnig so it will
restart apache.
 
Creation of token is given below  
   if cpu is greater than 60% for 2 cycles then alert
   if cpu > 80% for 5 cycles then restart
   if totalmem > 500 MB for 5 cycles then restart
   if children > 250 then restart
   if loadavg(5min) greater than 10 for 8 cycles then stop
   if 3 restarts within 5 cycles then timeout

you can add your custom process for 
monitoring here

---------------------------------------------------------------------------------------------------------------- 


Creation of token
 ---------------------

mkdir /var/www/www.example.com/web/monit

echo "hello" > /var/www/www.example.com/web/monit/token 


Creation of SSL-encrypted monit web interface

-----------------------------------------------------------------
(  /var/certs/monit.pem  )


openssl req -new -x509 -days 365 -nodes -config ./monit.cnf -out /var/certs/monit.pem -keyout /var/certs/monit.pem
openssl gendh 512 >> /var/certs/monit.pem
openssl x509 -subject -dates -fingerprint -noout -in /var/certs/monit.pem
chmod 700 /var/certs/monit.pem 



then we need to configure OpenSSL configuration file to create our certificate 
vi /var/certs/monit.cnf

example file is  
-------------------------------------------------------------------------------------------
# create RSA certs - Server

RANDFILE = ./openssl.rnd

[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type

[ req_dn ]
countryName = Country Name (2 letter code)
countryName_default = MO

stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = Monitoria

localityName                    = Locality Name (eg, city)
localityName_default            = Monittown

organizationName                = Organization Name (eg, company)
organizationName_default        = Monit Inc.

organizationalUnitName          = Organizational Unit Name (eg, section)
organizationalUnitName_default  = Dept. of Monitoring Technologies

commonName                      = Common Name (FQDN of your server)
commonName_default              = server.monit.mo

emailAddress                    = Email Address
emailAddress_default            = root@monit.mo

[ cert_type ]
nsCertType = server
------------------------------------------------------------------------------ 
enable monit daemon now
/etc/default/monit 
 
in this file set startup =1 and interval for running the monit daemon
example file is below 
--------------------------------------------------------------
# Defaults for monit initscript
# sourced by /etc/init.d/monit
# installed at /etc/default/monit by maintainer scripts
# Fredrik Steen 

# You must set this variable to for monit to start
startup=1

# To change the intervals which monit should run uncomment
# and change this variable.
CHECK_INTERVALS=60
--------------------------------------------------------------- 
now let us start monit
/etc/init.d/monit start  
 
 
Now point your browser to https://www.example.com:2812/
 (make sure port 2812 is not blocked by your firewall), log in with admin and test 
as specified in /etc/monit/monitrc