Monit

From Gentoo Wiki
Jump to:navigation Jump to:search

monit is a utility for managing and monitoring processes, programs, files, directories and filesystems on a UNIX system.

Configuration

Installing monit

The app-admin/monit application has the following USE flags:

USE flags for app-admin/monit Monitoring and managing daemons or similar programs running on a Unix system

ipv6 Add support for IP version 6
pam Add support for PAM (Pluggable Authentication Modules) - DANGEROUS to arbitrarily flip
ssl Add support for SSL/TLS connections (Secure Socket Layer / Transport Layer Security)

Once the USE flags are properly determined, install app-admin/monit through emerge:

root #emerge --ask app-admin/monit

Monit configuration files

The Monit application uses /etc/monitrc as its configuration file.

To make adding and removing monitoring definitions easy, monit supports including files inside a specified directory (usually /etc/monit.d. To enable this, edit /etc/monitrc like so:

FILE /etc/monitrcAllowing flexible configuration entries
## It is possible to include additional configuration parts from other files or
## directories.
include /etc/monit.d/*

When a Monit related configuration file is altered, tell monit to reread its configuration settings:

root #monit reload

Automatically starting monit at boot

It is recommended to start monit through the /etc/inittab so that init itself launches the monit application, and will automatically relaunch it when monit would suddenly die. Starting monit through an init script would not provide this functionality.

FILE /etc/inittabAuto restart monit in case of failure
# Run monit in standard runlevels
mo:2345:respawn:/usr/bin/monit -Ic /etc/monitrc

After updating /etc/inittab, monit can be immediately started through telinit q.

User management

Users added to the monit or users group will be able to manipulate monit through its web interface.

To add users to one of these groups, use gpasswd (note, replace ${LOGNAME} by the user's actual login name):

root #gpasswd -a ${LOGNAME} monit
root #gpasswd -a ${LOGNAME} users

Inside the /etc/monitrc file, the allow statement should refer to these groups, like so:

FILE /etc/monitrcGranting groups access to the web interface
set httpd port 2812
  allow @monit
  allow @users

It is also possible to hard-code usernames and passwords in the monitrc file, but this is not recommended. Check the monitrc file for default passwords and remove those, or alter them to use a strong, unique password. The syntax used then is allow <username>:<password>.

Monit web interface

The default location of the web interface is at localhost:2812, with admin as admin username and monit as default password. Make sure to change this!

Monitoring applications through monit

The Monit application uses PID file checks to see if an application is still running or not. That implies that a PID file must be available for an application, otherwise monit cannot guard it. If a daemon does not create a PID file, use a wrapper to create one.

Note
The use of PID files (and validating PIDs from tools like ps) for monitoring is often said to be broken[1]. Monit does try to overcome this weakness by checking the PID file frequently enough to be reliable.

Through using the /etc/monit.d/ location, it is easy to add in additional monitoring rules.

For instance, to automatically restart MySQL when it would die:

FILE /etc/monit.d/mysqlAuto restart mysql
check process mysql with pidfile /var/run/mysqld/mysqld.pid
    start program = "/bin/bash -c 'rc-service mysql start'"
    stop program  = "/bin/bash -c 'rc-service mysql stop'"

Another example is to manage the memory usage of a process and create an alert when it grows beyond a certain threshold:

FILE /etc/monit.d/squidCheck squid and alert on memory consumption bigger than 512 MByte
check process squid with pidfile /run/squid.pid
   start program = "/bin/bash -c 'rc-service squid start'"
   stop  program = "/bin/bash -c 'rc-service squid stop'"
   if totalmem > 512 MB then alert

Debugging monit

Running monit in the foreground

To run monit in the foreground and provide feedback on everything it is detecting, use the -Ivv option:

root #monit -Ivv
...
'squid' total mem amount of 525748kB matches resource limit [total mem amount>524288kB]

External resources

For more information about Monit, the following resources can help out.

References

  1. Greg Wooledge. Process management, Retrieved on January 1st, 2015