munin というツールを unbound のページで知ったのでちょっとさわってみました。
munin は mrtg , cacti みたく 統計情報などを収集、グラフ化してくれるツール。
では、インストール。
# yum install -y munin.noarch munin-node.noarch unbound-munin.i586
munin 本体。gui で閲覧できる
# rpm -ql munin.noarch
/etc/cron.d/munin
/etc/logrotate.d/munin
/etc/munin
/etc/munin/munin.conf
/etc/munin/templates
/etc/munin/templates/definitions.html
/etc/munin/templates/logo.png
/etc/munin/templates/munin-comparison-day.tmpl
/etc/munin/templates/munin-comparison-month.tmpl
/etc/munin/templates/munin-comparison-week.tmpl
/etc/munin/templates/munin-comparison-year.tmpl
/etc/munin/templates/munin-domainview.tmpl
/etc/munin/templates/munin-nodeview.tmpl
/etc/munin/templates/munin-overview.tmpl
/etc/munin/templates/munin-serviceview.tmpl
/etc/munin/templates/style.css
/usr/bin/munin-cron
/usr/bin/munindoc
/usr/lib/perl5/vendor_perl/5.10.0/Munin
/usr/lib/perl5/vendor_perl/5.10.0/Munin.pm
/usr/share/doc/munin-1.2.6
/usr/share/doc/munin-1.2.6/COPYING
/usr/share/doc/munin-1.2.6/ChangeLog
/usr/share/doc/munin-1.2.6/README-apache-cgi
/usr/share/doc/munin-1.2.6/README.api
/usr/share/doc/munin-1.2.6/README.plugins
/usr/share/doc/munin-1.2.6/munin-doc.html
/usr/share/doc/munin-1.2.6/munin-faq.html
/usr/share/man/man5/munin.conf.5.gz
/usr/share/man/man8/munin-cron.8.gz
/usr/share/man/man8/munin-graph.8.gz
/usr/share/man/man8/munin-html.8.gz
/usr/share/man/man8/munin-limits.8.gz
/usr/share/man/man8/munin-update.8.gz
/usr/share/munin
/usr/share/munin/VeraMono.ttf
/usr/share/munin/munin-graph
/usr/share/munin/munin-html
/usr/share/munin/munin-limits
/usr/share/munin/munin-update
/var/lib/munin
/var/log/munin
/var/run/munin
/var/www/html/munin
/var/www/html/munin/cgi
/var/www/html/munin/cgi/munin-cgi-graph
/var/www/html/munin/style.css
munin のプラグイン。たくさんあるなー。
# rpm -ql munin-node.noarch
/etc/logrotate.d/munin-node
/etc/munin
/etc/munin/munin-node.conf
/etc/munin/plugin-conf.d
/etc/munin/plugin-conf.d/hddtemp_smartctl
/etc/munin/plugin-conf.d/munin-node
/etc/munin/plugin-conf.d/nf_conntrack
/etc/munin/plugin-conf.d/postfix
/etc/munin/plugin-conf.d/sendmail
/etc/munin/plugins
/etc/rc.d/init.d/munin-node
/usr/lib/perl5/vendor_perl/5.10.0/Munin/Plugin.pm
/usr/sbin/munin-node
/usr/sbin/munin-node-configure
/usr/sbin/munin-node-configure-snmp
/usr/sbin/munin-run
/usr/share/doc/munin-1.2.6
/usr/share/doc/munin-1.2.6/COPYING
/usr/share/doc/munin-1.2.6/ChangeLog
/usr/share/doc/munin-1.2.6/README-apache-cgi
/usr/share/doc/munin-1.2.6/README.api
/usr/share/doc/munin-1.2.6/README.plugins
/usr/share/doc/munin-1.2.6/munin-doc.html
/usr/share/doc/munin-1.2.6/munin-faq.html
/usr/share/man/man5/munin-node.conf.5.gz
/usr/share/man/man8/munin-node-configure-snmp.8.gz
/usr/share/man/man8/munin-node-configure.8.gz
/usr/share/man/man8/munin-node.8.gz
/usr/share/man/man8/munin-run.8.gz
/usr/share/munin
/usr/share/munin/plugins
/usr/share/munin/plugins/acpi
/usr/share/munin/plugins/amavis
/usr/share/munin/plugins/apache_accesses
/usr/share/munin/plugins/apache_processes
/usr/share/munin/plugins/apache_volume
/usr/share/munin/plugins/apc_envunit_
/usr/share/munin/plugins/apc_nis
/usr/share/munin/plugins/apt
/usr/share/munin/plugins/apt_all
/usr/share/munin/plugins/bind9
/usr/share/munin/plugins/bind9_rndc
/usr/share/munin/plugins/courier_
/usr/share/munin/plugins/courier_mta_mailqueue
/usr/share/munin/plugins/courier_mta_mailstats
/usr/share/munin/plugins/courier_mta_mailvolume
/usr/share/munin/plugins/cps_
/usr/share/munin/plugins/cpu
/usr/share/munin/plugins/cupsys_pages
/usr/share/munin/plugins/df
/usr/share/munin/plugins/df_abs
/usr/share/munin/plugins/df_inode
/usr/share/munin/plugins/dhcpd3
/usr/share/munin/plugins/entropy
/usr/share/munin/plugins/exim_mailqueue
/usr/share/munin/plugins/exim_mailqueue_alt
/usr/share/munin/plugins/exim_mailstats
/usr/share/munin/plugins/files_
/usr/share/munin/plugins/foldingathome
/usr/share/munin/plugins/foldingathome_rank
/usr/share/munin/plugins/foldingathome_wu
/usr/share/munin/plugins/forks
/usr/share/munin/plugins/fw_conntrack
/usr/share/munin/plugins/fw_forwarded_local
/usr/share/munin/plugins/fw_packets
/usr/share/munin/plugins/hddtemp
/usr/share/munin/plugins/hddtemp2
/usr/share/munin/plugins/hddtemp_smartctl
/usr/share/munin/plugins/hddtempd
/usr/share/munin/plugins/i2c
/usr/share/munin/plugins/i2c_fan
/usr/share/munin/plugins/if_
/usr/share/munin/plugins/if_err_
/usr/share/munin/plugins/interrupts
/usr/share/munin/plugins/iostat
/usr/share/munin/plugins/iostat_ios
/usr/share/munin/plugins/ip_
/usr/share/munin/plugins/ipac-ng
/usr/share/munin/plugins/ircu
/usr/share/munin/plugins/irqstats
/usr/share/munin/plugins/load
/usr/share/munin/plugins/loggrep
/usr/share/munin/plugins/mailman
/usr/share/munin/plugins/mailscanner
/usr/share/munin/plugins/mbmon_
/usr/share/munin/plugins/memory
/usr/share/munin/plugins/mhttping
/usr/share/munin/plugins/multips
/usr/share/munin/plugins/munin_graph
/usr/share/munin/plugins/munin_update
/usr/share/munin/plugins/mysql_bytes
/usr/share/munin/plugins/mysql_isam_space_
/usr/share/munin/plugins/mysql_queries
/usr/share/munin/plugins/mysql_slowqueries
/usr/share/munin/plugins/mysql_threads
/usr/share/munin/plugins/named
/usr/share/munin/plugins/netopia
/usr/share/munin/plugins/netstat
/usr/share/munin/plugins/nfs_client
/usr/share/munin/plugins/nfsd
/usr/share/munin/plugins/ntp_
/usr/share/munin/plugins/ntp_offset
/usr/share/munin/plugins/ntp_states
/usr/share/munin/plugins/nut_misc
/usr/share/munin/plugins/nut_volts
/usr/share/munin/plugins/open_files
/usr/share/munin/plugins/open_inodes
/usr/share/munin/plugins/perdition
/usr/share/munin/plugins/ping_
/usr/share/munin/plugins/plugin.sh
/usr/share/munin/plugins/plugins.history
/usr/share/munin/plugins/pm3users_
/usr/share/munin/plugins/pop_stats
/usr/share/munin/plugins/port_
/usr/share/munin/plugins/postfix_mailqueue
/usr/share/munin/plugins/postfix_mailstats
/usr/share/munin/plugins/postfix_mailvolume
/usr/share/munin/plugins/processes
/usr/share/munin/plugins/ps_
/usr/share/munin/plugins/psu_
/usr/share/munin/plugins/samba
/usr/share/munin/plugins/sendmail_mailqueue
/usr/share/munin/plugins/sendmail_mailstats
/usr/share/munin/plugins/sendmail_mailtraffic
/usr/share/munin/plugins/sensors_
/usr/share/munin/plugins/smart_
/usr/share/munin/plugins/snmp__df
/usr/share/munin/plugins/snmp__fc_if_
/usr/share/munin/plugins/snmp__fc_if_err_
/usr/share/munin/plugins/snmp__if_
/usr/share/munin/plugins/snmp__if_err_
/usr/share/munin/plugins/snmp__load
/usr/share/munin/plugins/snmp__processes
/usr/share/munin/plugins/snmp__sensors_fsc_bx_fan
/usr/share/munin/plugins/snmp__sensors_fsc_bx_temp
/usr/share/munin/plugins/snmp__sensors_fsc_fan
/usr/share/munin/plugins/snmp__sensors_fsc_temp
/usr/share/munin/plugins/snmp__sensors_mbm_fan
/usr/share/munin/plugins/snmp__sensors_mbm_temp
/usr/share/munin/plugins/snmp__sensors_mbm_volt
/usr/share/munin/plugins/snmp__users
/usr/share/munin/plugins/spamstats
/usr/share/munin/plugins/squid_cache
/usr/share/munin/plugins/squid_icp
/usr/share/munin/plugins/squid_requests
/usr/share/munin/plugins/squid_traffic
/usr/share/munin/plugins/surfboard
/usr/share/munin/plugins/swap
/usr/share/munin/plugins/uptime
/usr/share/munin/plugins/users
/usr/share/munin/plugins/vlan_
/usr/share/munin/plugins/vlan_inetuse_
/usr/share/munin/plugins/vlan_linkuse_
/usr/share/munin/plugins/vmstat
/var/lib/munin
/var/lib/munin/plugin-state
/var/log/munin
unbound 用 munin プラグイン。
パッケージがない場合は、unbound のソースに含まれているので、
それを使用しましょう。
# rpm -ql unbound-munin.i586/etc/munin/plugin-conf.d/unbound
/usr/share/munin/plugins/unbound
/usr/share/munin/plugins/unbound_munin_by_class
/usr/share/munin/plugins/unbound_munin_by_flags
/usr/share/munin/plugins/unbound_munin_by_opcode
/usr/share/munin/plugins/unbound_munin_by_rcode
/usr/share/munin/plugins/unbound_munin_by_type
/usr/share/munin/plugins/unbound_munin_histogram
/usr/share/munin/plugins/unbound_munin_hits
/usr/share/munin/plugins/unbound_munin_memory
/usr/share/munin/plugins/unbound_munin_queue
plugin は下記のディレクトリにある。
# pwd
/etc/munin/plugins
シンボリックリンクになっている。
# ls -lh | head -5
合計 0
lrwxrwxrwx. 1 root root 28 2009-06-19 00:45 cpu -> /usr/share/munin/plugins/cpu
lrwxrwxrwx. 1 root root 27 2009-06-19 00:45 df -> /usr/share/munin/plugins/df
lrwxrwxrwx. 1 root root 33 2009-06-19 00:45 df_inode -> /usr/share/munin/plugins/df_inode
lrwxrwxrwx. 1 root root 32 2009-06-19 00:45 entropy -> /usr/share/munin/plugins/entropy
unbound 用 plugins のシンボリックリンクを/etc/munin/plugins 下に作成。
# pwd
/etc/munin/plugins
# ln -s /usr/share/munin/plugins/unbound unbound
# ls -l unbound
lrwxrwxrwx. 1 root root 32 2009-06-19 00:55 unbound -> /usr/share/munin/plugins/unbound
unbound.conf を修正
unbound.conf
# print statistics to the log (for every thread) every N seconds.
# Set to "" or 0 to disable. Default is disabled.
# Needed for munin plugin
statistics-interval: 0
# enable cumulative statistics, without clearing them after printing.
# Needed for munin plugin
statistics-cumulative: no
# enable extended statistics (query types, answer codes, status)
# printed from unbound-control. default off, because of speed.
# Needed for munin plugin
extended-statistics: yes
では munin を起動。
怒られたけど起動したからいいやー。
# /etc/init.d/munin-node start
Starting Munin Node: Can't exec "hostname": 許可がありません at /usr/sbin/munin-node line 240,
Use of uninitialized value $hostname in scalar chomp at /usr/sbin/munin-node line 241,
Use of uninitialized value $hostname in substitution (s///) at /usr/sbin/munin-node line 242,
[ OK ]
# /etc/init.d/munin-node status
munin-node (pid 3488) を実行中...
デフォルトでは、4949 番ポートをオープンする。
tcp 4949 をオープンしているプロセスID
# fuser -n tcp 4949
4949/tcp: 3488
PID 3488 は munin
# ps aux | grep 3488
root 3488 0.0 0.1 12160 5900 ? Ss 00:58 0:00 /usr/sbin/munin-node
# egrep -i 4949 /etc/munin/munin-node.conf
# telnetting to localhost, port 4949
port 4949
やっぱ、起動時のさっきのエラーを直そう。
# egrep "^host_name" /etc/munin/munin-node.conf
host_name arizona.localdomain
リロード。
# /etc/init.d/munin-node reload
Stopping Munin Node agents: [ OK ]
Starting Munin Node:
では、ブラウザで 4949 ポートへアクセス。
あら、timeout になった。
iptabes の許可リストをみると 4949 が許可されていない。
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
iptables コマンド忘れちゃったので、GUI で許可。
iptables -L をチェック。
OK
# iptables -L | grep munin
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:munin
うーん timeout になるなー。
Connection timed out.
timeout at /usr/sbin/munin-node line 520,
SELinux がはじいているみたい。
/var/log/messages。SELinux わからん。。
SELinux is preventing unbound-control (munin_t) "search" named_conf_t. For complete SELinux messages. run sealert -l 2211f67c-6dbd-4b2e-9272-c8d444797822
SELinux is preventing find (munin_t) "read" mqueue_spool_t. For complete SELinux messages. run sealert -l 6f0e0d34-a4af-4bfe-9141-c6cd8ba6e42f
SELinux is preventing find (munin_t) "read" mqueue_spool_t. For complete SELinux messages. run sealert -l 926631d5-c01f-49d1-93ae-186deccf8a95
GUIから SELinux 許可にしたけどまだ絵エラーでるなー。
SELinux denied access requested by unbound-control. It is not expected that this access is required by unbound-control and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.
disabled にしたのになー。
# egrep disable /etc/selinux/config
# disabled - SELinux is fully disabled.
SELINUX=disabled
SELinux の遮断ログはなくなったけど,munin のログに timeout がまだでるなー。
/var/log/munin/munin-node.log
Connection timed out.
timeout at /usr/sbin/munin-node line 520,
うーんよくわからん。。
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.