How to enable the Monit GUI to monitor the Hipchat Data Center nodes
This article and its contents are not supported by Atlassian.
It is meant to assist in setting up a basic monitoring GUI by leveraging an existing open-source component of the HipChat VM. Monit is not owned nor supported by Atlassian.
The changes in this article have to be done on each Hipchat Data Center node and re-done after each upgrade.
Purpose
Monit is embedded within Hipchat Data Center and serves as a supervision tool to all the services needed by Hipchat to function properly.
Monit comes with its own web server to serve HTML pages displaying service status information and allowing admins to manipulate services from a GUI.
Solution
Gain root access:
sudo dont-blame-hipchat
Update the Monit config Chef template
/hipchat-scm/chef-repo/cookbooks/monit/templates/default/monitrc.erb
used by replacing:set httpd unixsocket <%= node[:monit][:httpd][:socket] %>
with
set httpd port 2812 and use address <%= node['ipaddress'] %> allow 0.0.0.0/0.0.0.0
Update the admin and read-only UI credentials in the Monit attributes Chef file
/hipchat-scm/chef-repo/cookbooks/monit/attributes/default.rb
:# web interface default[:monit][:httpd] = { allow: 'admin:monitor', allow_ro: 'read:monitread', enabled: true, socket: '/var/run/monit.sock' }
Follow steps in How to change files maintained by Chef in HipChat Server to permanently open a firewall hole on port 2812 to access the Monit GUI from the outside. Note this will allow direct access to the node so be sure to only allow trusted IPs/IP ranges.
A sample command to run is:iptables -A INPUT -p tcp --dport 2812 -m state --state NEW -s 172.16.116.0/24 -j ACCEPT
Run Chef solo:
/opt/atlassian/hipchat/sbin/cs
Review the actual monit config
/etc/monit/monitrc
which should include the following:set httpd port 2812 and use address <your_node's_ip> allow 0.0.0.0/0.0.0.0 allow admin:monitor allow read:monitread read-only
Restart Monit:
service monit restart
Access the Monit UI via http://<your_nodes_fqdn_or_ip>:2812, your username and password combination should be one of the combinations you set in the config: