Tags

  • nginx
  • freebsd
  • jail

Deciding on being insane. #Software:

  • nginx-devel
  • graphite-web
  • uwsgi
  • collectd5

I installed everything in a jail (except collectd) It worked very nicely but took forever (not because of jail, it just takes forever). I worked from the slightly out of date instructions at http://www.flagword.net/2014/01/installing-and-configuring-graphite-with-collectd-on-freebsd/

Install packages

pkg install py27-graphite-web uwsgi nginx-devel collectd5

Setup Carbon

cd /usr/local/etc/carbon
cp storage-schemas.conf.example storage-schemas.conf
cp carbon.conf.example carbon.conf

echo "GRAPHITE_ROOT        = /usr/local/graphite \
GRAPHITE_CONF_DIR    = /usr/local/etc/carbon \
GRAPHITE_STORAGE_DIR = /usr/local/graphite/storage/ \
STORAGE_DIR          = /usr/local/graphite/storage/ \
LOCAL_DATA_DIR       = /usr/local/graphite/storage/whisper/ \
CONF_DIR             = /usr/local/etc/carbon \
LOG_DIR              = /usr/local/graphite/storage/log/ \
PID_DIR              = /var/run" >> carbon.conf

echo 'carbon_enable="YES"' >> /etc/rc.conf

Setup Graphite (change the secret key)

cd /usr/local/lib/python2.7/site-packages/graphite

echo "SECRET_KEY = 'MY_Very_Secret_KEY'\
GRAPHITE_ROOT = '/usr/local/graphite'\
CONF_DIR = '/usr/local/etc/graphite'\
STORAGE_DIR = '/usr/local/storage'\
CONTENT_DIR = '/usr/local/graphite/webapp/content'\
DASHBOARD_CONF = '/usr/local/etc/graphite/dashboard.conf'\
GRAPHTEMPLATES_CONF = '/usr/local/etc/graphite/graphTemplates.conf'\
LOG_DIR = '/usr/local/graphite/storage/log/webapp'\
INDEX_FILE = '/usr/local/graphite/storage/index' \
\
DATABASES = {\
    'default': {\
        'NAME': '/usr/local/graphite/storage/graphite.db',\
        'ENGINE': 'django.db.backends.sqlite3',\
        'USER': '',\
        'PASSWORD': '',\
        'HOST': '',\
        'PORT': ''\
    }\
}" > local_settings.py

mkdir -p /usr/local/graphite/storage/log/webapp/
mkdir -p /usr/local/graphite/webapp/content/
mkdir -p /usr/local/graphite/storage/whisper/
cp -r /usr/local/share/graphite-web/content/ /usr/local/graphite/webapp/content/

chown -R www:www /usr/local/graphite/

python2 manage.py syncdb

cd /usr/local/etc/graphite/
cp graphite.wsgi.example graphite.wsgi
cp dashboard.conf.example dashboard.conf
cp graphTemplates.conf.example graphTemplates.conf

cat > /usr/local/etc/graphite/graphite.wsgi << EOF
import os, sys
sys.path.append('/usr/local/graphite/webapp')
os.environ['DJANGO_SETTINGS_MODULE'] = 'graphite.settings'
import django
import django.core.handlers.wsgi
django.setup()
application = django.core.handlers.wsgi.WSGIHandler()
from graphite.logger import log
log.info("graphite.wsgi - pid %d - reloading search index" % os.getpid())
import graphite.metrics.search
EOF

echo 'uwsgi_enable="YES"' >> /etc/rc.conf
echo 'uwsgi_flags="-L -M -p 3 --socket /tmp/uwsgi.sock --gid 80 --uid 80 --python-path /usr/local/lib/python2.7/site-packages/ --chdir /usr/local/etc/graphite/ -w graphite --wsgi-file /usr/local/etc/graphite/graphite.wsgi"' >> /etc/rc.conf

Setup Nginx (This is where i get lazy with the instructions)

  • You need to setup ssl-keys (see config) Im using https://letsencrypt.org
  • Generate the htpasswd password

Add this to nginx.conf

upstream django {
    server unix:/tmp/uwsgi.sock;
}

server {
    listen 80;
    server_name graphite.talyn.se;
    return 301 https://$host$request_uri;
}

server {
    listen 443;
    server_name graphite.talyn.se;
    root /usr/local/graphite/webapp;

    access_log /var/log/nginx/graphite.access.log;
    error_log /var/log/nginx/graphite.error.log;

    ssl on;
    ssl_certificate /usr/local/etc/nginx/ssl/graphite.crt;
    ssl_certificate_key /usr/local/etc/nginx/ssl/graphite.key;
    ssl_session_timeout 5m;
    ssl_protocols SSLv2 SSLv3 TLSv1;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers on;

    location /content/ {
        alias /usr/local/graphite/webapp/content/;
    }

    location / {
        auth_basic “Graphite”;
        auth_basic_user_file /usr/local/etc/nginx/htpasswd;
        uwsgi_pass django;
        include uwsgi_params;
    }

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }
}

Setup Nginx log dir and htpasswd

mkdir -p /var/log/nginx/
chown www:www /var/log/nginx/
printf "${username}:`openssl passwd -apr1`\n" >> /usr/local/etc/nginx/htpasswd
echo 'nginx_enable="YES"' >> /etc/rc.conf

Setup collectd /usr/local/etc/collectd.conf

LoadPlugin syslog
LoadPlugin cpu
LoadPlugin df
LoadPlugin disk
LoadPlugin interface
LoadPlugin load
LoadPlugin memory
LoadPlugin write_graphite
LoadPlugin zfs_arc
LoadPlugin syslog

<Plugin syslog>
        LogLevel debug
</Plugin>
<Plugin df>
    FSType "zfs"
</Plugin>
<Plugin disk>
        Disk "/^vtbd[0-9]+$/"
        Disk "/^[hs]d[a-f][0-9]?$/"
        Disk "/^d[a-f][0-9]+$/"
        IgnoreSelected false
</Plugin>
<Plugin interface>
        Interface "/^vtnet[0-9]+$/"
        Interface "/^vlan[0-9]+$/"
        Interface "/^lagg[0-9]+$/"
        Interface "/^bxe[0-9]+$/"
        Interface "/^de[0-9]+$/"
        Interface "/^em[0-9]+$/"
        Interface "/^igb[0-9]+$/"
        Interface "/^ixgbe[0-9]+$/"
        Interface "/^le[0-9]+$/"
        Interface "/^ti[0-9]+$/"
        Interface "/^txp[0-9]+$/"
        Interface "/^vx[0-9]+$/"
        Interface "/^miibus[0-9]+$/"
        Interface "/^ae[0-9]+$/"
        Interface "/^age[0-9]+$/"
        Interface "/^alc[0-9]+$/"
        Interface "/^ale[0-9]+$/"
        Interface "/^bce[0-9]+$/"
        Interface "/^bfe[0-9]+$/"
        Interface "/^bge[0-9]+$/"
        Interface "/^dc[0-9]+$/"
        Interface "/^et[0-9]+$/"
        Interface "/^fxp[0-9]+$/"
        Interface "/^jme[0-9]+$/"
        Interface "/^lge[0-9]+$/"
        Interface "/^msk[0-9]+$/"
        Interface "/^nfe[0-9]+$/"
        Interface "/^nge[0-9]+$/"
        Interface "/^nve[0-9]+$/"
        Interface "/^pcn[0-9]+$/"
        Interface "/^re[0-9]+$/"
        Interface "/^rl[0-9]+$/"
        Interface "/^sf[0-9]+$/"
        Interface "/^sge[0-9]+$/"
        Interface "/^sis[0-9]+$/"
        Interface "/^sk[0-9]+$/"
        Interface "/^ste[0-9]+$/"
        Interface "/^stge[0-9]+$/"
        Interface "/^tl[0-9]+$/"
        Interface "/^tx[0-9]+$/"
        Interface "/^vge[0-9]+$/"
        Interface "/^vr[0-9]+$/"
        Interface "/^wb[0-9]+$/"
        Interface "/^xl[0-9]+$/"
        Interface "/^cs[0-9]+$/"
        Interface "/^ed[0-9]+$/"
        Interface "/^ex[0-9]+$/"
        Interface "/^ep[0-9]+$/"
        Interface "/^fe[0-9]+$/"
        Interface "/^sn[0-9]+$/"
        Interface "/^xe[0-9]+$/"
        IgnoreSelected false
</Plugin>
<Plugin write_graphite>
  <Node "localhost">
    Host "localhost"
    Port "2003"
    Protocol "tcp"
    LogSendErrors true
    Prefix "collectd."
  </Node>
</Plugin>

Enable Collectd

echo 'collectd_enable="YES"' >> /etc/rc.conf

Start all the things

service carbon start
service nginx start
service uwsgi start
service collectd start