This document discusses specific configuration options for MMS Monitoring, including hardware monitoring with Munin-Node, using MMS Monitoring with SSL.
Hardware Monitoring with Munin-Node¶
MMS Monitoring provides support for collecting and charting hardware statistics collected with Munin. You must install the munin-node package on each the host system that you wish to monitor.
munin-node, and hardware monitoring is only available for MongoDB instances running on Linux hosts.
On Debian and Ubuntu systems, issue the following command to install munin-node:
sudo apt-get install munin-node
To install munin-node on Red Hat, CentOS, and Fedora systems, issue the following command:
yum install munin-node
For Red Hat and CentOS 6.8 systems, you will need to install the EPEL repository before installing munin-node. To install the EPEL repository, issue the following command:
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
When installation is complete, ensure that munin-node:
is running. Use the command, “ps -ef | grep "munin"” to confirm. If the process is not running, issue the command “/etc/init.d/munin-node start”.
will start following the next system reboot. This is the default behavior on most Debian-based systems. Red Hat and related distributions should use the “chkconfig” command, to configure this behavior (i.e. “chkconfig munin-node on”)
is accessible from the system running the agent. munin-node uses port 4949, which needs to be open on the monitored system, so the agent can access this data source. Use the following procedure to test access:
telnet [HOSTNAME] 4949 fetch iostat fetch iostat_ios fetch cpu
Replace [HOSTNAME] with the hostname of the monitored system. Run these commands from the system where the Monitoring agent is running. If these “fetch” commands return data, then munin-node is running and accessible by the Monitoring agent.
On some platforms, munin-node does not have all required plugins enabled.
For CentOS, the munin-node package does not have the iostat and iostat_ios plugins enabled. Use the following operation to enable these plugins:
sudo ln -s /usr/share/munin/plugins/iostat /etc/munin/plugins/iostat sudo ln -s /usr/share/munin/plugins/iostat_ios /etc/munin/plugins/iostat_ios sudo /etc/init.d/munin-node restart
If munin-node is running but inaccessible, make sure that you have access granted for the system running the Monitoring agent and that no firewalls block the port between munin-node and the Monitoring agent. You may find the munin-node configuration at /etc/munin-node/munin-node.conf, /etc/munin/munin-node.conf, or /etc/munin-node.conf, depending on your distribution.
If you have numbered disk devices (e.g. /dev/sda1 and /dev/sda2) then you will need to configure support for numbered disk in the munin iostat plugin. Find the configuration file at /etc/munin/plugin-conf.d/munin-node or a similar path, and add the following value:
[iostat] env.SHOW_NUMBERED 1
If you have Munin enabled and do not have iostat ios data in your Munin charts, your munin-node may not have write access to required state files in its munin/plugin-state/ directory. See the munin-node plugin log (i.e. /var/log/munin/munin-node.log or similar depending on your distribution) for more information.
The full path of this state directory depends on the system, but is typically /var/lib/munin/plugin-state/. Run the following command sequence to correct this issue:
touch /var/lib/munin/plugin-state/iostat-ios.state chown -R [username]:[group] /var/lib/munin/plugin-state/ chmod -R 660 /var/lib/munin/plugin-state/
Replace [username] and [group] with the username and group that the munin-node process runs with.
Add the host running the monitoring agent to the allow directive in the /etc/munin-node/munin-node.conf file. The allow directive lists hosts allowed to query the munin-node process. Otherwise, traffic from the MMS host will be allowed via firewall but will not be collected by munin.
If you encounter any other problems, check the log files for munin-node to ensure that there are no errors with Munin. munin-node writes logs files in the /var/log/ directory on the monitored system.
Using SSL with MMS Monitoring¶
MMS Monitoring can monitor MongoDB instances running with SSL. To use SSL with mongod and mongos, you must enable it at compile time, or use one of the subscriber builds. MongoDB added SSL support in version 2.0.
The monitoring agent must be configured with the trusted CA certificates used to sign the certificates used by any MongoDB instances running with SSL. Edit the settings.py file in your agent installation to set sslTrustedServerCertificates to the path of a file containing one or more certificates in PEM format.
By default, the agent will only connect to MongoDB instances using a trusted certificate. For testing purposes the sslRequireValidServerCertificates setting can be set to False to bypass this check. This configuration is NOT recommended for production use as it makes the connection insecure.
To monitor a host with SSL enabled, you can either:
Edit the settings.py file in your agent installation, so that the useSslForAllConnections value is True, as follows:
useSslForAllConnections = True
Then restart the Monitoring agent. After restarting the agent you may observe a five minute delay before MMS Monitoring receives data from the agent.
Enable support on a per-host basis in the MMS console by clicking on the edit (i.e. “Pencil”) button on the right hand-side of the “Hosts” page. In the dialogue that pops up, click the check-box on the SSL tab.
If you enable SSL support globally you will not be able to override this setting on a per-host basis.