Installing Monit


Browse by products and services

  • Applies to: DV
    • Difficulty: Medium
    • Time Needed: About an hour
    • Tools Required: SSH, root access
  • Applies to: DV 4.0
    • Difficulty: Medium
    • Time Needed: About an hour
    • Tools Required: SSH, root access

Making it Better

This article is provided as a courtesy. Installing, configuring, and troubleshooting third-party applications is outside the scope of support provided by (mt) Media Temple. Please take a moment to review the Statement of Support.

Overview

Monit is popular third-party monitoring software for Unix systems that allows you to automate the need, in many cases, to restart unresponsive processes. MySQL crashed and is now unresponsive? Monit can email you about it, restart it, or both. Even the entire server can be restarted based on whatever criteria you prefer to monitor for. The end-result of this advanced guide will be to install a basic Monit configuration that monitors all core server processes. Please keep in mind that installing or maintaining Monit falls outside of the (mt) Media Temple Scope of Support; this guide is provided as a courtesy to assist you in the advanced customization of your server.

NOTE:

Installing Monit will not fix the core problems that cause system services to go unresponsive. Monit is designed to make babysitting any resulting up-time issues during your troubleshooting much less painful, but it will not automatically fix an ongoing issue.

Instructions

    1. As a prerequisite to installing Monit, you'll want to make sure you have "development tools" installed. This can be done with the following command:
      yum -y groupinstall "development tools"
    2. Next, you will want to download and unpack Monit. For organizational purposes, it is good practice to use /usr/local/src. That way, you always know where to find the temperamental data/source code you use for new installations.

      First, step into the /usr/local/src directory:

      cd /usr/local/src

      Then, download and unpack Monit:

      wget http://mmonit.com/monit/dist/monit-5.6.tar.gz
      tar zxf monit-5.6.tar.gz 
      rm -f monit-5.6.tar.gz
      cd monit-5.6
    3. From here, Monit needs to be built from source. We'll use a fairly vanilla configuration, The following command will change the prefix so it is set to /usr rather than /usr/local (which is what Monit will default to). This is primarily to keep an extra degree of separation between Plesk, which lives in /usr/local/psa, and other software on the system. This will also configure Monit without the PAM option.
      ./configure --prefix=/usr --without-pam
      make
      make install
      mkdir /etc/monit.d/
    4. The first thing that Monit needs is a configuration file. The command below will pull the username, password, and email address alerts are to be sent to, using information already stored in Plesk:

cat << _EOF_ > /etc/monitrc
# number of seconds between monit checks
set daemon 60

# log file
set logfile /var/log/monit.log

# email address for alerts
set alert $(mysql -sN -u'admin' -p`cat /etc/psa/.psa.shadow` psa -e'select email from clients where id=1;')

# set mailserver
set mailserver localhost

# port for http access
set httpd port 2812

# username:password
allow admin:$(/usr/local/psa/bin/admin --show-password)

# service files
include /etc/monit.d/*.mon
_EOF_
  

NOTE:

If you would prefer that either the username or password to be independent of your Plesk login credentials, you'll need to edit the command below accordingly with your own information. For example, replace /usr/local/psa/bin/admin --show-password with the password of your choice.

    1. To help things keep manageable, we can now create a few scripts to ensure that this information stays up-to-date. This way, if you change either your Plesk password or your email address, Monit will also be updated. If you manually edited the command above to include different information, skip the corresponding step(s) below.
        • Skip the following commands if you do not want Monit's email address to match Plesk's administrator email:
          
          cat << _EOF_ > /usr/local/psa/admin/sbin/monit_email_change.sh
          #!/bin/bash
          newEmail=\$(echo $1 | perl -pe 's/\@/\\@/')
          perl -p -i -e 's/(set\ alert)[^\n]+/\1 '\$newEmail'/' /etc/monitrc
          /etc/init.d/monit restart
          _EOF_
              
      chmod 755 /usr/local/psa/admin/sbin/monit_email_change.sh 
      mysql -u'admin' -p$(cat /etc/psa/.psa.shadow) psa -e"insert into event_handlers values(default,(select id from actions where descr='Update Administrator Information'),0,'root','/usr/local/psa/admin/sbin/monit_email_change ');"
      • Skip the following commands if you do not want Monit's password to match Plesk's admin password:
        cat << _EOF_ > /usr/local/psa/admin/sbin/monit_password_change.sh
        #!/bin/bash
        passCheck="$(md5sum /etc/psa/.psa.shadow | awk '{print $1}')"
        if [[ ! "\$passCheck" = \$(md5sum /etc/psa/.psa.shadow | awk '{print \$1}') ]]; then
        perl -p -i -e 's/(allow admin:)[^\n]+/\1\"'\$(cat /etc/psa/.psa.shadow)'\"/' /etc/monitrc
        perl -p -i -e 's/^(passCheck\=\")[^\n]+/passCheck\=\"'\$(md5sum /etc/psa/.psa.shadow | awk '{print \$1}')'\"/' /usr/local/psa/admin/sbin/monit_password_change.sh
        /etc/init.d/monit restart
        fi
        _EOF_
        chmod 755 /usr/local/psa/admin/sbin/monit_password_change.sh 
        echo "* * * * * /usr/local/psa/admin/sbin/monit_password_change.sh" >> /var/spool/cron/root

      NOTE:

      Unfortunately, Plesk does not currently provide an event handler for the admin password changing, so updating other software with these credentials will require a custom cron job.

    2. Create the config extensions directory:
      mkdir /etc/monit.d/
    3. With a configuration file now ready to go, we now need to add variables to be monitored using Monit. Please see the section on "Sample Configurations" below for some examples you can use to get the most out of this versatile software.
    4. Next, you'll want to set up Monit to start automatically when your server reboots:
cp contrib/rc.monit /etc/init.d/monit
chmod 755 /etc/init.d/monit 
chkconfig --level 235 monit on 
  1. All done! Time to start Monit:
    /etc/init.d/monit start

    If everything is working correctly, you'll see a message similar to the following:

     Starting monit: Starting monit daemon with http interface at [*:2812]
    
    [  OK  ]
    

Sample Configurations

Below are several optimized configurations you can use to populate Monit with alerts once installed. Some users may find the thresholds for email alerts and/or restarts to be overly conservative, and can edit each respective command accordingly. Users may pick and choose accordingly if they do not want all of the following checks added to Monit; they are all entirely independent of each other:

    • General system ping and load checks:
      cat << _EOF_ > /etc/monit.d/system.mon
      check system localhost
      if loadavg(1min) > 8 then alert
      if loadavg(5min) > 15 then restart
      if memory usage > 90% then alert
      if cpu usage(system) > 50% then alert
      if cpu usage(wait) > 40% then alert
      
      check host $(awk '{print $NF}' /proc/vz/veinfo) with address $(awk '{print $NF}' /proc/vz/veinfo)
      if failed icmp type echo count 5 with timeout 15 seconds then alert
      if failed port 80 protocol http then alert
      _EOF_
      
    • Disk usage checks (to prevent and warn if the server is approaching critical 100% disk usage):
      cat << _EOF_ > /etc/monit.d/disk_usage.mon
      check filesystem vzfs with path /
      if space usage > 90% for 5 cycles then alert
      if inode usage > 90% for 5 cycles then alert
      _EOF_
    • Web server checks (to ensure websites are online):
      cat << _EOF_ > /etc/monit.d/apache.mon
      check process httpd with pidfile "/var/run/httpd.pid"
      start program = "/etc/init.d/httpd start"
      stop program = "/etc/init.d/httpd stop"
      if failed host $(awk '{print $NF}' /proc/vz/veinfo) port 80 protocol http then restart
      if cpu > 90% for 2 cycles then alert
      if cpu > 90% for 5 cycles then restart
      if 5 restarts within 5 cycles then timeout
      _EOF_
      
    • Database checks (to ensure databases are responding):
      cat << _EOF_ > /etc/monit.d/mysql.mon
      check process mysqld with pidfile "/var/run/mysqld/mysqld.pid"
      start program = "/etc/init.d/mysqld start"
      stop program = "/etc/init.d/mysqld stop"
      if cpu > 90% for 2 cycles then alert
      if cpu > 90% for 5 cycles then restart
      if failed port 3306 protocol mysql then restart
      if 5 restarts within 5 cycles then timeout
      _EOF_
      
    • SMTP and qmail server check (for overall outgoing mail health and sending functionality):
      cat << _EOF_ > /etc/monit.d/qmail.mon
      #!/bin/bash
      check process qmail with pidfile "/var/run/xinetd.pid"
      start program = "/bin/bash -c '/etc/init.d/qmail start && /etc/init.d/xinetd start'"
      stop program = "/bin/bash -c '/etc/init.d/qmail stop && /etc/init.d/xinetd stop'"
      if failed port 25 protocol smtp then restart
      if 5 restarts within 5 cycles then timeout
      _EOF_
    • Mail server check for incoming mail responsiveness (IMAP, IMAP-SSL, POP3,and POP3-SSL):
      cat << _EOF_ > /etc/monit.d/imap.mon
      check process imapd with pidfile "/var/run/imapd.pid"
      start program = "/etc/init.d/courier-imap start"
      stop program = "/etc/init.d/courier-imap stop"
      if failed port 143 type tcp protocol imap then restart
      if 5 restarts within 5 cycles then timeout
      _EOF_
      cat << _EOF_ > /etc/monit.d/imapssl.mon
      check process imapd-ssl with pidfile "/var/run/imapd-ssl.pid"
      start program = "/etc/init.d/courier-imap start"
      stop program = "/etc/init.d/courier-imap stop"
      if failed port 993 type tcpssl sslauto protocol imap then restart
      if 5 restarts within 5 cycles then timeout
      _EOF_
      cat << _EOF_ > /etc/monit.d/pop3.mon
      check process pop3d with pidfile "/var/run/pop3d.pid"
      start program = "/etc/init.d/courier-imap start"
      stop program = "/etc/init.d/courier-imap stop"
      if failed port 110 type tcp protocol pop then restart
      if 5 restarts within 5 cycles then timeout
      _EOF_
      cat << _EOF_ > /etc/monit.d/pop3ssl.mon
      check process pop3d-ssl with pidfile "/var/run/pop3d-ssl.pid"
      start program = "/etc/init.d/courier-imap start"
      stop program = "/etc/init.d/courier-imap stop"
      if failed port 995 type tcpssl sslauto protocol pop then restart
      if 5 restarts within 5 cycles then timeout
      _EOF_
    • SpamAssassin checks (to ensure SpamAssassin restarts after periods of high CPU use):
      cat << _EOF_ > /etc/monit.d/spamassassin.mon
      check process spamd with pidfile /var/run/spamd/spamd_full.pid
      start program "/etc/init.d/psa-spamassassin start"
      stop program "/etc/init.d/psa-spamassassin stop"
      if cpu > 90% for 5 cycles then restart
      if 5 restarts within 5 cycles then timeout
      _EOF_
      
    • Cron check (to ensure cron jobs are running):
      cat << _EOF_ > /etc/monit.d/crond.mon
      check process crond with pidfile "/var/run/crond.pid"
      start = "/etc/init.d/crond start"
      stop = "/etc/init.d/crond stop"
      if 5 restarts within 5 cycles then timeout
      _EOF_
    • Private nameserver checks (only necessary if you are running private nameservers from your DV server):
cat << _EOF_ > /etc/monit.d/named.mon
check process named with pidfile /var/named/chroot/var/run/named/named.pid
start program = "/etc/init.d/named start"
stop program = "/etc/init.d/named stop"
if failed port 53 type tcp protocol dns then restart
if 5 restarts within 5 cycles then timeout
_EOF_