more work on munin
* install the munin-node package * don't install munin-plugins-extra (if the user wants it they can add it) * expose the munin www directory via the management daemon so that it can handle authorization, rather than manintaining a separate password file
This commit is contained in:
parent
a9892efe38
commit
a9ed9ae936
|
@ -2,6 +2,7 @@
|
|||
# Proxy /admin to our Python based control panel daemon. It is
|
||||
# listening on IPv4 only so use an IP address and not 'localhost'.
|
||||
rewrite ^/admin$ /admin/;
|
||||
rewrite ^/admin/munin$ /admin/munin redirect;
|
||||
location /admin/ {
|
||||
proxy_pass http://127.0.0.1:10222/;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
|
|
|
@ -4,7 +4,7 @@ import os, os.path, re, json
|
|||
|
||||
from functools import wraps
|
||||
|
||||
from flask import Flask, request, render_template, abort, Response
|
||||
from flask import Flask, request, render_template, abort, Response, send_from_directory
|
||||
|
||||
import auth, utils
|
||||
from mailconfig import get_mail_users, get_mail_users_ex, get_admins, add_mail_user, set_mail_password, remove_mail_user
|
||||
|
@ -384,6 +384,17 @@ def backup_status():
|
|||
from backup import backup_status
|
||||
return json_response(backup_status(env))
|
||||
|
||||
# MUNIN
|
||||
|
||||
@app.route('/munin/')
|
||||
@app.route('/munin/<path:filename>')
|
||||
@authorized_personnel_only
|
||||
def munin(filename=""):
|
||||
# Checks administrative access (@authorized_personnel_only) and then just proxies
|
||||
# the request to static files.
|
||||
if filename == "": filename = "index.html"
|
||||
return send_from_directory("/var/cache/munin/www", filename)
|
||||
|
||||
# APP
|
||||
|
||||
if __name__ == '__main__':
|
||||
|
|
|
@ -6,63 +6,27 @@ source setup/functions.sh # load our functions
|
|||
source /etc/mailinabox.conf # load global vars
|
||||
|
||||
# install Munin
|
||||
apt_install munin munin-plugins-extra
|
||||
apt_install munin munin-node
|
||||
|
||||
# edit config
|
||||
cat > /etc/munin/munin.conf <<EOF;
|
||||
dbdir /var/lib/munin
|
||||
htmldir /var/cache/munin/www
|
||||
logdir /var/log/munin
|
||||
rundir /var/run/munin
|
||||
tmpldir /etc/munin/templates
|
||||
dbdir /var/lib/munin
|
||||
htmldir /var/cache/munin/www
|
||||
logdir /var/log/munin
|
||||
rundir /var/run/munin
|
||||
tmpldir /etc/munin/templates
|
||||
|
||||
includedir /etc/munin/munin-conf.d
|
||||
includedir /etc/munin/munin-conf.d
|
||||
|
||||
# a simple host tree
|
||||
[$PRIMARY_HOSTNAME]
|
||||
address 127.0.0.1
|
||||
use_node_name yes
|
||||
# a simple host tree
|
||||
[$PRIMARY_HOSTNAME]
|
||||
address 127.0.0.1
|
||||
|
||||
# send alerts to the following address
|
||||
contacts admin
|
||||
contact.admin.command mail -s "Munin notification ${var:host}" administrator@$PRIMARY_HOSTNAME
|
||||
contact.admin.always_send warning critical
|
||||
# send alerts to the following address
|
||||
contacts admin
|
||||
contact.admin.command mail -s "Munin notification ${var:host}" administrator@$PRIMARY_HOSTNAME
|
||||
contact.admin.always_send warning critical
|
||||
EOF
|
||||
|
||||
|
||||
# set subdomain
|
||||
DOMAIN=${PRIMARY_HOSTNAME#[[:alpha:]]*.}
|
||||
hide_output curl -d "" --user $(</var/lib/mailinabox/api.key): http://127.0.0.1:10222/dns/set/munin.$DOMAIN
|
||||
|
||||
# write nginx config
|
||||
cat > /etc/nginx/conf.d/munin.conf <<EOF;
|
||||
# Redirect all HTTP to HTTPS.
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name munin.$DOMAIN;
|
||||
root /tmp/invalid-path-nothing-here;
|
||||
rewrite ^/(.*)$ https://munin.$DOMAIN/$1 permanent;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
|
||||
server_name munin.$DOMAIN;
|
||||
|
||||
ssl_certificate $STORAGE_ROOT/ssl/ssl_certificate.pem;
|
||||
ssl_certificate_key $STORAGE_ROOT/ssl/ssl_private_key.pem;
|
||||
include /etc/nginx/nginx-ssl.conf;
|
||||
|
||||
auth_basic "Authenticate";
|
||||
auth_basic_user_file /etc/nginx/htpasswd;
|
||||
|
||||
root /var/cache/munin/www;
|
||||
|
||||
location = /robots.txt {
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
}
|
||||
EOF
|
||||
# generate initial statistics so the directory isn't empty
|
||||
sudo -u munin munin-cron
|
||||
|
|
|
@ -1,22 +0,0 @@
|
|||
#!/bin/bash
|
||||
# Grant admins access to munin
|
||||
|
||||
source setup/functions.sh # load our functions
|
||||
source /etc/mailinabox.conf # load global vars
|
||||
|
||||
db=$STORAGE_ROOT'/mail/users.sqlite'
|
||||
|
||||
users=`sqlite3 $db "SELECT email FROM users WHERE privileges = 'admin'"`;
|
||||
passwords=`sqlite3 $db "SELECT password FROM users WHERE privileges = 'admin'"`;
|
||||
|
||||
# Define the arrays
|
||||
users_array=(${users// / })
|
||||
passwords_array=(${passwords// / })
|
||||
|
||||
# clear htpasswd
|
||||
>/etc/nginx/htpasswd
|
||||
|
||||
# write user:password
|
||||
for i in "${!users_array[@]}"; do
|
||||
echo "${users_array[i]}:${passwords_array[i]:14}" >> /etc/nginx/htpasswd
|
||||
done
|
Loading…
Reference in New Issue