more work on munin

* install the munin-node package * don't install munin-plugins-extra (if the user wants it they can add it) * expose the munin www directory via the management daemon so that it can handle authorization, rather than manintaining a separate password file
2015-05-25 17:01:53 +00:00 · 2015-05-25 17:01:53 +00:00 · a9ed9ae936
parent a9892efe38
commit a9ed9ae936
4 changed files with 29 additions and 75 deletions
--- a/conf/nginx-primaryonly.conf
+++ b/conf/nginx-primaryonly.conf
@ -2,6 +2,7 @@
 	# Proxy /admin to our Python based control panel daemon. It is
 	# listening on IPv4 only so use an IP address and not 'localhost'.
 	rewrite ^/admin$ /admin/;
+	rewrite ^/admin/munin$ /admin/munin redirect;
 	location /admin/ {
 		proxy_pass http://127.0.0.1:10222/;
 		proxy_set_header X-Forwarded-For $remote_addr;
--- a/management/daemon.py
+++ b/management/daemon.py
@ -4,7 +4,7 @@ import os, os.path, re, json

 from functools import wraps

-from flask import Flask, request, render_template, abort, Response
+from flask import Flask, request, render_template, abort, Response, send_from_directory

 import auth, utils
 from mailconfig import get_mail_users, get_mail_users_ex, get_admins, add_mail_user, set_mail_password, remove_mail_user
@ -384,6 +384,17 @@ def backup_status():
 	from backup import backup_status
 	return json_response(backup_status(env))

+# MUNIN
+
+@app.route('/munin/')
+@app.route('/munin/<path:filename>')
+@authorized_personnel_only
+def munin(filename=""):
+	# Checks administrative access (@authorized_personnel_only) and then just proxies
+	# the request to static files.
+	if filename == "": filename = "index.html"
+	return send_from_directory("/var/cache/munin/www", filename)
+
 # APP

 if __name__ == '__main__':
--- a/setup/munin.sh
+++ b/setup/munin.sh
@ -6,63 +6,27 @@ source setup/functions.sh # load our functions
 source /etc/mailinabox.conf # load global vars

 # install Munin
-apt_install munin munin-plugins-extra
+apt_install munin munin-node

 # edit config
 cat > /etc/munin/munin.conf <<EOF;
-  dbdir /var/lib/munin
-  htmldir /var/cache/munin/www
-  logdir /var/log/munin
-  rundir /var/run/munin
-  tmpldir /etc/munin/templates
+dbdir /var/lib/munin
+htmldir /var/cache/munin/www
+logdir /var/log/munin
+rundir /var/run/munin
+tmpldir /etc/munin/templates

-  includedir /etc/munin/munin-conf.d
+includedir /etc/munin/munin-conf.d

-  # a simple host tree
-  [$PRIMARY_HOSTNAME]
-  address 127.0.0.1
-  use_node_name yes
+# a simple host tree
+[$PRIMARY_HOSTNAME]
+address 127.0.0.1

-  # send alerts to the following address
-  contacts admin
-  contact.admin.command mail -s "Munin notification ${var:host}" administrator@$PRIMARY_HOSTNAME
-  contact.admin.always_send warning critical
+# send alerts to the following address
+contacts admin
+contact.admin.command mail -s "Munin notification ${var:host}" administrator@$PRIMARY_HOSTNAME
+contact.admin.always_send warning critical
 EOF

-
-# set subdomain
-DOMAIN=${PRIMARY_HOSTNAME#[[:alpha:]]*.}
-hide_output curl -d "" --user $(</var/lib/mailinabox/api.key): http://127.0.0.1:10222/dns/set/munin.$DOMAIN
-
-# write nginx config
-cat > /etc/nginx/conf.d/munin.conf <<EOF;
-  # Redirect all HTTP to HTTPS.
-  server {
-    listen 80;
-    listen [::]:80;
-
-    server_name munin.$DOMAIN;
-    root /tmp/invalid-path-nothing-here;
-    rewrite ^/(.*)$ https://munin.$DOMAIN/$1 permanent;
-  }
-
-  server {
-    listen 443 ssl;
-
-    server_name munin.$DOMAIN;
-
-    ssl_certificate $STORAGE_ROOT/ssl/ssl_certificate.pem;
-    ssl_certificate_key $STORAGE_ROOT/ssl/ssl_private_key.pem;
-    include /etc/nginx/nginx-ssl.conf;
-
-    auth_basic "Authenticate";
-    auth_basic_user_file /etc/nginx/htpasswd;
-
-    root /var/cache/munin/www;
-
-    location = /robots.txt {
-      log_not_found off;
-      access_log off;
-    }
-  }
-EOF
+# generate initial statistics so the directory isn't empty
+sudo -u munin munin-cron
--- a/tools/munin_update.sh
+++ b/tools/munin_update.sh
@ -1,22 +0,0 @@
-#!/bin/bash
-# Grant admins access to munin
-
-source setup/functions.sh # load our functions
-source /etc/mailinabox.conf # load global vars
-
-db=$STORAGE_ROOT'/mail/users.sqlite'
-
-users=`sqlite3 $db "SELECT email FROM users WHERE privileges = 'admin'"`;
-passwords=`sqlite3 $db "SELECT password FROM users WHERE privileges = 'admin'"`;
-
-# Define the arrays
-users_array=(${users// / })
-passwords_array=(${passwords// / })
-
-# clear htpasswd
->/etc/nginx/htpasswd
-
-# write user:password
-for i in "${!users_array[@]}"; do
-  echo "${users_array[i]}:${passwords_array[i]:14}" >> /etc/nginx/htpasswd
-done