1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2024-12-22 07:17:05 +00:00

more work on munin

* install the munin-node package
* don't install munin-plugins-extra (if the user wants it they can add it)
* expose the munin www directory via the management daemon so that it can handle authorization, rather than manintaining a separate password file
This commit is contained in:
Joshua Tauberer 2015-05-25 17:01:53 +00:00
parent a9892efe38
commit a9ed9ae936
4 changed files with 29 additions and 75 deletions

View File

@ -2,6 +2,7 @@
# Proxy /admin to our Python based control panel daemon. It is
# listening on IPv4 only so use an IP address and not 'localhost'.
rewrite ^/admin$ /admin/;
rewrite ^/admin/munin$ /admin/munin redirect;
location /admin/ {
proxy_pass http://127.0.0.1:10222/;
proxy_set_header X-Forwarded-For $remote_addr;

View File

@ -4,7 +4,7 @@ import os, os.path, re, json
from functools import wraps
from flask import Flask, request, render_template, abort, Response
from flask import Flask, request, render_template, abort, Response, send_from_directory
import auth, utils
from mailconfig import get_mail_users, get_mail_users_ex, get_admins, add_mail_user, set_mail_password, remove_mail_user
@ -384,6 +384,17 @@ def backup_status():
from backup import backup_status
return json_response(backup_status(env))
# MUNIN
@app.route('/munin/')
@app.route('/munin/<path:filename>')
@authorized_personnel_only
def munin(filename=""):
# Checks administrative access (@authorized_personnel_only) and then just proxies
# the request to static files.
if filename == "": filename = "index.html"
return send_from_directory("/var/cache/munin/www", filename)
# APP
if __name__ == '__main__':

68
setup/munin.sh Normal file → Executable file
View File

@ -6,63 +6,27 @@ source setup/functions.sh # load our functions
source /etc/mailinabox.conf # load global vars
# install Munin
apt_install munin munin-plugins-extra
apt_install munin munin-node
# edit config
cat > /etc/munin/munin.conf <<EOF;
dbdir /var/lib/munin
htmldir /var/cache/munin/www
logdir /var/log/munin
rundir /var/run/munin
tmpldir /etc/munin/templates
dbdir /var/lib/munin
htmldir /var/cache/munin/www
logdir /var/log/munin
rundir /var/run/munin
tmpldir /etc/munin/templates
includedir /etc/munin/munin-conf.d
includedir /etc/munin/munin-conf.d
# a simple host tree
[$PRIMARY_HOSTNAME]
address 127.0.0.1
use_node_name yes
# a simple host tree
[$PRIMARY_HOSTNAME]
address 127.0.0.1
# send alerts to the following address
contacts admin
contact.admin.command mail -s "Munin notification ${var:host}" administrator@$PRIMARY_HOSTNAME
contact.admin.always_send warning critical
# send alerts to the following address
contacts admin
contact.admin.command mail -s "Munin notification ${var:host}" administrator@$PRIMARY_HOSTNAME
contact.admin.always_send warning critical
EOF
# set subdomain
DOMAIN=${PRIMARY_HOSTNAME#[[:alpha:]]*.}
hide_output curl -d "" --user $(</var/lib/mailinabox/api.key): http://127.0.0.1:10222/dns/set/munin.$DOMAIN
# write nginx config
cat > /etc/nginx/conf.d/munin.conf <<EOF;
# Redirect all HTTP to HTTPS.
server {
listen 80;
listen [::]:80;
server_name munin.$DOMAIN;
root /tmp/invalid-path-nothing-here;
rewrite ^/(.*)$ https://munin.$DOMAIN/$1 permanent;
}
server {
listen 443 ssl;
server_name munin.$DOMAIN;
ssl_certificate $STORAGE_ROOT/ssl/ssl_certificate.pem;
ssl_certificate_key $STORAGE_ROOT/ssl/ssl_private_key.pem;
include /etc/nginx/nginx-ssl.conf;
auth_basic "Authenticate";
auth_basic_user_file /etc/nginx/htpasswd;
root /var/cache/munin/www;
location = /robots.txt {
log_not_found off;
access_log off;
}
}
EOF
# generate initial statistics so the directory isn't empty
sudo -u munin munin-cron

View File

@ -1,22 +0,0 @@
#!/bin/bash
# Grant admins access to munin
source setup/functions.sh # load our functions
source /etc/mailinabox.conf # load global vars
db=$STORAGE_ROOT'/mail/users.sqlite'
users=`sqlite3 $db "SELECT email FROM users WHERE privileges = 'admin'"`;
passwords=`sqlite3 $db "SELECT password FROM users WHERE privileges = 'admin'"`;
# Define the arrays
users_array=(${users// / })
passwords_array=(${passwords// / })
# clear htpasswd
>/etc/nginx/htpasswd
# write user:password
for i in "${!users_array[@]}"; do
echo "${users_array[i]}:${passwords_array[i]:14}" >> /etc/nginx/htpasswd
done