Sunday, April 7, 2013

First steps with Monit

After sucessfully installed monit, the next step is coming close to it. You should getting familiar with some things related to monit.

1. How to start and stop monit

To start monit, you just have to type:
# monit

And to stop it:
# monit quit

2. monit configuration file

As the same with many services on Linux, monit operation is controlled by a configuration file. This file named: monitrc and have a sample file right in the extracted folder you configured. monit will try to search and use this file in priority order:
  1. ~/.monitrc
  2.  /etc/monitrc (Debian based)
  3. $sysconfdir/monitrc ( $sysconfdir is examined while configured as ./configure --sysconfdir)
  4. ./monitrc
This file is devided into 2 main parts: global part and service part.
  • Global part is place where you control everything about monit. monit will see and execute this part first to set appropriate configurations. The global set entry starts with keyword set and the item to configure. 
  • Service part is where you put your services under controlled by monit. Service entry starts with keyword check followed by  the service type to monitor.
3. Logging

An important part is monitoring monit, this should be the very first step to work with every service you attempt to control. With monit, you just have to make a set statement in monitrc file. Using this set statement:
set logfile [path/to/logfile]

4. monit httpd

monit allows us to control it via web interface with a tiny web service running at (default) port 2812. You can then determine any unused port you want. To enable this function, using a global set statement in monitrc file:
set httpd port 2812

After enabling web service for monit, you can access monit via the URL:
http://localhost:2812

You can permit monit using ssl with this tiny web service if you compiled monit with ssl supported, the steps as follow:
Generate a self-signed ceritificate: (You must have openssl installed or something providing the similar functioning. )
  • +Export environment variable for OpenSSL
    • #export OPENSSL_CONF=/etc/ssl/openssl.cnf (default path in Debian)
  • +Generate  private key and certificate
    • #openssl req -new -x509 -days 365 -nodes -out /opt/monit/monit.pem -keyout /opt/monit/monit.pem
    •  using $man openssl for more details about options
  • +Generate Diffie-Hellman parameters
    • #openssl gendh 512 >> /opt/monit/monit.pem 
  • +Change mod for .pem file to 0700
    • #chmod 0700 /opt/monit/monit.pem

After configuring self-signed certificate for monit web service, go to monitrc file and indicate monit to use SSL connection:
set httpd port 2812
    ssl enable
    pemfile /opt/monit/monit.pem

To this time, my monitrc file contains:
set httpd port 2812 and
        use address 192.168.56.101 # accept connection from remote host
        ssl enable
        pemfile         /opt/monit/monit.pem
        allow admin:monit      # require user 'admin' with password 'monit'
## Enbale logging
set logfile /var/log/monit.log
OK, bring up the browser, access to monit web service, using username/password: admin/monit

Posted by at
Labels: , ,

1 comment:

Subscribe to: Post Comments (Atom)