Using munin to monitor Unbound

Started by Kwolfe19, October 23, 2022, 12:26:31 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 23, 2022, 12:26:31 AM
I am trying to enable monitoring of Unbound on my Opnsense box. This page shows how: https://www.nlnetlabs.nl/documentation/unbound/howto-statistics/

But, I've got a few questions. It seems like the munin plugin code is included with the Unbound install.

First question: Where is Unbound on my box? I'd like to run the ln command but I'm not sure where to link from. Or do I just need to copy that file from the distribution on to my machine? If so, where should I put it so it survives upgrades?

Second question, the munin configuration that I do on Opnsense, will it survive upgrades or is there a way I should do that configuration so that it will survive upgrades? Essentially there are a bunch of symbolic links that get created in /usr/local/etc/munin/plugins and I'd like to make sure those stick around.

Thanks!
October 23, 2022, 03:01:42 AM #1
So this looks to be a bit more difficult than I was initially anticipating. Seems like I need to enable unbound-control which requires some templating to get all the settings correct. I've gotten part of the way there, but no stats are showing in munin yet.
October 23, 2022, 08:53:44 PM #2
Ok, I've got it figured out now and I thought I'd post my steps so if anyone else wants to do the same thing, they can save some time.

A couple links that were useful for me:
Unbound setup steps for munin: https://www.nlnetlabs.nl/documentation/unbound/howto-statistics/
Opnsense docs on custom config of Unbound: https://docs.opnsense.org/manual/unbound.html#advanced-configurations

First you need to configure Unbound to enable unbound-control. This requires custom configuration of Unbound using templates. I created two new template targets and had them placed in the correct place.
Code Select

Login to your opnsense router using SSH
cd /usr/local/opnsense/service/templates/OPNsense/Unbound
mkdir munin


Create a file called remote_control.conf and put this in it:
Code Select

remote-control:
    control-enable: yes


Create a file called stats.conf and put this in it:
Code Select

server:
    statistics-interval: 0
    extended-statistics: yes
    statistics-cumulative: no


We need to get the Unbound munin plugin code from: https://github.com/NLnetLabs/unbound/blob/master/contrib/unbound_munin_ and put that file into this same directory. I used vi and created a file named unbound_munin_ and then pasted the contents from the URL into this file.

Create a file called +TARGETS and put this in it (note that vi doesn't like files that start with +):
Code Select

remote_control.conf:/usr/local/etc/unbound.opnsense.d/remote_control.conf
stats.conf:/usr/local/etc/unbound.opnsense.d/stats.conf
unbound_munin_:/usr/local/share/munin/plugins/unbound_munin_


After you do this, you need to generate the output from this configuration so run:
Code Select

configctl template reload OPNsense/Unbound/munin


Then verify your Unbound config by running:
Code Select

configctl unbound check


Then restart unbound through the UI.

Now we're ready to configure the munin plugins for Unbound. The Unbound docs (at the top link) describe all the different data that you can get graphed. To enable the basic one run this command:

Code Select

ln -s /usr/local/share/munin/plugins/unbound_munin_ /usr/local/etc/munin/plugins/unbound_munin_hits


I'm guessing there is a way to do this following using the template feature and some python, but this is what I did to complete the configuration (if anyone has a better suggestion, I'd like to use it). Add the following to the bottom of /usr/local/etc/munin/plugin-conf.d/plugins.conf:

Code Select

[unbound*]
user root
env.unbound_conf /var/unbound/unbound.conf
env.unbound_control /usr/local/sbin/unbound-control
env.spoof_warn 1000
env.spoof_crit 100000


Finally, restart munin-node:
Code Select

service munin-node restart


Logs for munin-node can be found in /var/log/munin
October 23, 2022, 11:33:18 PM #3
I found one issue, which is that the template code doesn't preserve permissions (unbound_munin_ needs execute permission). Not sure exactly how to solve this problem yet, probably need some scripting to make it work.
Print
Go Up Pages1
User actions