Skip to content

Instantly share code, notes, and snippets.

@ZEROF

ZEROF/Installing and configuration of Munin for Unbound with web interface.md

Last active June 22, 2024 23:23
Show Gist options
  • Save ZEROF/0788330c5babab067140a0effbb56676 to your computer and use it in GitHub Desktop.
Save ZEROF/0788330c5babab067140a0effbb56676 to your computer and use it in GitHub Desktop.
Download ZIP
Monitoring Unbound with Munin
Raw
Installing and configuration of Munin for Unbound with web interface.md

Monitoring unbound installation with Munin

sudo apt install munin munin-node munin-plugins-extra

Activate unbound plugins:

ln -s /usr/share/munin/plugins/unbound_munin_ /etc/munin/plugins/unbound_munin_by_class
ln -s /usr/share/munin/plugins/unbound_munin_ /etc/munin/plugins/unbound_munin_by_flags
ln -s /usr/share/munin/plugins/unbound_munin_ /etc/munin/plugins/unbound_munin_by_opcode
ln -s /usr/share/munin/plugins/unbound_munin_ /etc/munin/plugins/unbound_munin_by_rcode
ln -s /usr/share/munin/plugins/unbound_munin_ /etc/munin/plugins/unbound_munin_by_type
ln -s /usr/share/munin/plugins/unbound_munin_ /etc/munin/plugins/unbound_munin_histogram
ln -s /usr/share/munin/plugins/unbound_munin_ /etc/munin/plugins/unbound_munin_hits
ln -s /usr/share/munin/plugins/unbound_munin_ /etc/munin/plugins/unbound_munin_memory
ln -s /usr/share/munin/plugins/unbound_munin_ /etc/munin/plugins/unbound_munin_queue

Add this to munin node configuration - nano /etc/munin/plugin-conf.d/munin-node :

[unbound*]
user root
env.statefile /var/lib/munin-node/plugin-state/unbound-state
env.unbound_conf /etc/unbound/unbound.conf
env.unbound_control /usr/sbin/unbound-control
env.spoof_warn 1000
env.spoof_crit 100000

Unbound configuration

Generate certs:

unbound-control-setup

Add remote control

nano /etc/unbound/unbound.conf (add in the end)

# monitoring
statistics-interval: 300
extended-statistics: yes
# set to yes if graphing tool needs it
statistics-cumulative: yes
#Enable remote control
remote-control:
   control-enable: yes
   control-interface: 127.0.0.1
   control-port: 9999
   control-use-cert: no
   server-key-file: "/etc/unbound/unbound_server.key"
   server-cert-file: "/etc/unbound/unbound_server.pem"
   control-key-file: "/etc/unbound/unbound_control.key"
   control-cert-file: "/etc/unbound/unbound_control.pem"

Stop/Start everything

systemctl stop munin
systemctl stop munin-node
systemctl stop unbound


systemctl start munin
systemctl start munin-node
systemctl start unbound

Check if everything is working:

unbound-control stats

If you want to check time to time your stats online (without sexy TLS and when you need)

Upgrade pip and install http module (as normal user, not root) /usr/bin/python3 -m pip install --upgrade pip

pip install http

python -m http.server -d /var/cache/munin/www/ or python3 -m http.server -d /var/cache/munin/www/

Or if you are docker lover:

mkdir munin-webserver && cd munin-webserver

nano docker-compose.yml and copy this

version: '3'
services:
  web:
    image: python:3.12
    volumes:
      - /var/cache/munin/www:/web
    ports:
      - "8000:80"
    working_dir: /web
    command: bash -c "python3 -m http.server -d /web 80 2>&1"

Start docker container:

docker-compose up -d

To stop container:

docker-compose down

And go to yourpublicip:8000

@ZEROF
Copy link
Author

ZEROF commented Jun 6, 2023

Demo:

munin_demo

@ZEROF
Copy link
Author

ZEROF commented Jun 8, 2023
edited
Loading

Disable Munin plugin

Some plugins are active by default, personally I don't need them. To disable them I didn't found simple way, but renaming plugin files and restarting munin-node did the trick.

mv /etc/munin/plugins/exim_mailstats /etc/munin/plugins/exim_mailstats.bak

systemctl restart munin-node

It will take few min before removed plugin stats are removed from munin dashboard.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment