retitle 694790 unblock: munin/2.0.6-2 thanks Hi,
I've finally uploaded 2.0.6-2 to sid, the full debdiff to 2.0.6-1 is attached. common/lib/Munin/Common/TLS.pm | 5 debian/munin-async.README.Debian | 130 +++++++++ debian/patches/100-DejaVu-Fonts-Path.patch | 31 -- debian/patches/101-suppress-occasional-unknown-states-to-avoid-alerts.patch | 141 ---------- debian/patches/237-hddtemp_smartctl-sata-detect.patch | 46 --- debian/patches/series | 2 master/lib/Munin/Master/HTMLConfig.pm | 6 master/lib/Munin/Master/Node.pm | 1 munin-2.0.6/debian/changelog | 56 +++ munin-2.0.6/debian/control | 4 munin-2.0.6/debian/munin-async.init | 4 munin-2.0.6/debian/munin-async.logrotate | 4 munin-2.0.6/debian/munin-async.postinst | 8 munin-2.0.6/debian/munin-node.postrm | 6 munin-2.0.6/debian/munin.postinst | 3 node/munin-node.conf.in | 1 plugins/node.d.linux/apt_all.in | 2 plugins/node.d.linux/selinux_avcstat.in | 2 plugins/node.d/hddtemp_smartctl.in | 19 + plugins/node.d/http_loadtime.in | 2 20 files changed, 231 insertions(+), 242 deletions(-) On Freitag, 30. November 2012, Holger Levsen wrote: > before uploading munin 2.0.6-2 to unstable I would like to ask for > pre-approval of these changes: 2 serious+grave bug fixes, 9 important bug > fixes, > 3 normal (of which 2 could arguebly be important) and one wishlist, > adding documentation. These fixes are all still included, except for the one normal one which cannot be argued to be important: introducing quilt. (I'll upgrade the other normal ones to important now.) One more comment about this changelog entry: * selinux_avcstat plugin: Do not use the "read without variable" bashism, thanks to intrigeri for the patch. (Closes: #690711) This fix has been included upstream as 099cc00f. 099cc00f has been included in the stable-2.0 branch, meaning it will be included in the next stable release, 2.0.10. The rest of debian/changelog should be self explainatory. cheers, Holger
diff -u munin-2.0.6/debian/munin-async.logrotate munin-2.0.6/debian/munin-async.logrotate --- munin-2.0.6/debian/munin-async.logrotate +++ munin-2.0.6/debian/munin-async.logrotate @@ -1,9 +1,9 @@ -/var/lib/munin/spool/*.0 { +/var/lib/munin-async/*.0 { daily missingok rotate 7 compress copytruncate notifempty - create 640 munin adm + create 640 munin-async munin-async } diff -u munin-2.0.6/debian/munin-node.postrm munin-2.0.6/debian/munin-node.postrm --- munin-2.0.6/debian/munin-node.postrm +++ munin-2.0.6/debian/munin-node.postrm @@ -23,13 +23,11 @@ # # just like #198522 (see above..) is fixed since 2006 ;) - rm -f /var/lib/munin/plugin-state/*.state - rm -f /var/lib/munin-node/plugin-state/*.state + rm -rf /var/lib/munin/plugin-state + rm -rf /var/lib/munin-node/plugin-state rm -f /var/log/munin/munin-node.log* rm -f /var/log/munin/munin-node-configure.log* - delete_dir_if_empty /var/lib/munin/plugin-state - delete_dir_if_empty /var/lib/munin-node/plugin-state delete_dir_if_empty /var/lib/munin delete_dir_if_empty /var/log/munin delete_dir_if_empty /etc/munin/plugin-conf.d diff -u munin-2.0.6/debian/changelog munin-2.0.6/debian/changelog --- munin-2.0.6/debian/changelog +++ munin-2.0.6/debian/changelog @@ -1,3 +1,59 @@ +munin (2.0.6-2) unstable; urgency=low + + * Fix "/etc/apache2/conf.d/munin removed on upgrade": + - debian/munin.postinst: create symlink for new installs and also for + upgrades from versions where it was still removed (up to 1.4.6-3) but + not re-created (from 1.4.6-1 onwards). Thanks to Gregor Herrman for the + patch and intrigeri for reviewing. (Closes: #677943) + * munin-doc: Break and replace munin-common << 2. (Closes: #694355) + * munin-node.postinst: delete /var/lib/munin(-node)/plugin-state recursively + on purge. The plugin-state is outdated after a few minutes anyway. + (Closes: #687715) + * apt_all plugin: the apt_all plugin has its state updated in cron. There + the ENV var MUNIN_PLUGSTATE doesn't exist, so we need to set a default. + (Closes: #687495). This has been in included in 2.0.7 as d53b34d. + * munin-async.init: Run munin-async after munin-node has been started. + (Closes: #691390) - Thanks to Daniel Black for this and the next two + fixes: + * munin-async.postinst: fix /var/lib/munin-async ownership (once on upgrades + from previous versions) and for new installs. (Closes: #691309) + * munin-async.logrotate: correct location of munin-async logfiles. + (Closes: #691758) + * Add documentation for munin-async, thanks to Daniel Black. + (Closes: #681803) + * Have master support multi-homed nodes that only listen on IPv4. + (Closes: #678662) This is upstream commit a18229c5 from 2.0.9, thanks to + Michael Renner for the testing and the patch! + * Patch node/munin-node.conf.in to allow incoming IPv6 from localhost, + mostly to document that IPv6 addresses are allowed as well. Thanks to + Daniel Black. (Closes: #676798) This is upstream commit 7501128 which was + included in 2.0.9. + * Common/TLS.pm: use the correct error checking functions from Net::SSLeay, + cherry-pick c112139 from 2.0.9. (Closes: #675377) + * HTMLConfig.pm: cherry-pick 789c59e from 2.0.7 to avoid (using the default + configuration) /var/log/munin/munin-html.log being flooded with 106 lines + of noisy warnings (out of 112 lines in total) every 5min. (Closes: #689291) + * selinux_avcstat plugin: Do not use the "read without variable" bashism, + thanks to intrigeri for the patch. (Closes: #690711) + This fix has been included upstream as 099cc00f. + * http_loadtime plugin: fix stderr redirection (which broke the plugin + completely) (Closes: #691448) - This is upstream commit 9a1cbce from + 2.0.8. + * Keep using "dh $@" (=without anything) and not change to "dh --with quilt" + (so #691327 is still open in sid and wheezy.). + * Drop 101-suppress-occasional-unknown-states-to-avoid-alerts.patch as it + is included since 1.4.4. + * Drop 100-DejaVu-Fonts-Path.patch since it only affects a codepath used + with rrdtool 1.2. + * Drop 237-hddtemp_smartctl-sata-detect.patch and cherry-pick the identical + commit 29e4ca9 from 2.0.7 instead: this was the bugfix for #497400, + included in both lenny and squeeze releases (so it fixes a regression, and + so today introducing #497400 would be an important bug.) + * Remove quilt from build-depends. We are not using it and have not been + using it since March 2012 / 2.0~rc2-1. + + -- Holger Levsen <hol...@debian.org> Sun, 23 Dec 2012 16:53:43 +0100 + munin (2.0.6-1) unstable; urgency=high * New upstream release 2.0.6, switching back to cron graphing (as it better diff -u munin-2.0.6/debian/munin-async.postinst munin-2.0.6/debian/munin-async.postinst --- munin-2.0.6/debian/munin-async.postinst +++ munin-2.0.6/debian/munin-async.postinst @@ -15,9 +15,17 @@ fi } +initperms() { + chown munin-async:munin-async /var/lib/munin-async +} + case "$1" in configure) add_munin_async_user + # this can go away after wheezy + if dpkg --compare-versions "$2" le "2.0.6-1~" || [ "$2" = 0 ] ; then + initperms + fi ;; abort-upgrade|abort-deconfigure|abort-remove) : diff -u munin-2.0.6/debian/munin.postinst munin-2.0.6/debian/munin.postinst --- munin-2.0.6/debian/munin.postinst +++ munin-2.0.6/debian/munin.postinst @@ -63,8 +63,9 @@ webserver=apache2 webserver_init_script="/etc/init.d/$webserver" if [ -d /etc/$webserver/conf.d ] && [ ! -e /etc/$webserver/conf.d/munin ]; then - if [ -z "$prevver" ] ; then + if [ -z "$prevver" ] || ( dpkg --compare-versions $prevver ge 1.4.6-1~ && dpkg --compare-versions $prevver lt 1.4.7~ ) ; then # only create link on new installs + # or when upgrading from a version where it was removed unconditionally ln -s ../../munin/apache.conf /etc/$webserver/conf.d/munin fi if [ -f $webserver_init_script ];then diff -u munin-2.0.6/debian/munin-async.init munin-2.0.6/debian/munin-async.init --- munin-2.0.6/debian/munin-async.init +++ munin-2.0.6/debian/munin-async.init @@ -1,8 +1,8 @@ #! /bin/sh ### BEGIN INIT INFO # Provides: munin-async -# Required-Start: $network $named $local_fs $remote_fs -# Required-Stop: $network $named $local_fs $remote_fs +# Required-Start: $network $named $local_fs $remote_fs munin-node +# Required-Stop: $network $named $local_fs $remote_fs munin-node # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Munin asynchronous server diff -u munin-2.0.6/debian/control munin-2.0.6/debian/control --- munin-2.0.6/debian/control +++ munin-2.0.6/debian/control @@ -7,7 +7,7 @@ Tom Feiner <feiner....@gmail.com>, Steve Schnepp <steve.schn...@pwkf.org> Build-Depends-Indep: perl, htmldoc, html2text, default-jdk -Build-Depends: debhelper (>=8), quilt +Build-Depends: debhelper (>=8) Standards-Version: 3.9.3 Homepage: http://munin-monitoring.org Vcs-Git: git://anonscm.debian.org/collab-maint/munin.git @@ -152,6 +152,8 @@ Section: doc Architecture: all Depends: ${perl:Depends}, ${misc:Depends} +Breaks: munin-common (<< 2) +Replaces: munin-common (<< 2) Description: network-wide graphing framework (documentation) Munin is a highly flexible and powerful solution used to create graphs of virtually everything imaginable throughout your network, while still reverted: --- munin-2.0.6/debian/patches/101-suppress-occasional-unknown-states-to-avoid-alerts.patch +++ munin-2.0.6.orig/debian/patches/101-suppress-occasional-unknown-states-to-avoid-alerts.patch @@ -1,141 +0,0 @@ -Description: Suppress "occasional" unknown states to avoid alerts. - This patch adds a feature which counts the number of unknowns, - and only changes state (and sends an alert) once that count is reached. - . - Changed the default global count to 3 unknowns before the state is changed. - . - We will be able to remove this patch once upstream accepts it, which they - plan to do in a future release. -Origin: http://munin.projects.linpro.no/ticket/828 -Forwarded: no -Author: Steve Wilson <ste...@purdue.edu> -Last-Update: 2010-01-13 -Index: munin-1.4.3/common/lib/Munin/Common/Config.pm -=================================================================== ---- munin-1.4.3.orig/common/lib/Munin/Common/Config.pm (revision 3304) -+++ munin-1.4.3/common/lib/Munin/Common/Config.pm (working copy) -@@ -36,7 +36,7 @@ - "graph_printf", "ok", "unknown", "palette", "realservname", - "cdef_name", "graphable", "process", "realname", - "onlynullcdef", "group_order", "pipe", "pipe_command", -- "unknown_limit", "notify_countdown", "dropdownlimit", -+ "unknown_limit", "num_unknowns", "dropdownlimit", - "max_graph_jobs", "munin_cgi_graph_jobs" ); - - my %bools = map { $_ => 1} qw(yes no true false on off 1 0); -Index: munin-1.4.3/master/lib/Munin/Master/LimitsOld.pm -=================================================================== ---- munin-1.4.3.orig/master/lib/Munin/Master/LimitsOld.pm (revision 3304) -+++ munin-1.4.3/master/lib/Munin/Master/LimitsOld.pm (working copy) -@@ -330,23 +330,74 @@ - if ($value eq "unknown") { - $crit->[0] ||= ""; - $crit->[1] ||= ""; -- $hash->{'worst'} = "UNKNOWN" if $hash->{"worst"} eq "OK"; -- $hash->{'worstid'} = 3 if $hash->{"worstid"} == 0; -- munin_set_var_loc(\%notes, [@$fpath, "state"], "unknown"); -- munin_set_var_loc( -- \%notes, -- [@$fpath, "unknown"], ( -- defined $field->{"extinfo"} -+ -+ my $state = "unknown"; -+ my $extinfo = defined $field->{"extinfo"} - ? "unknown: " . $field->{"extinfo"} -- : "Value is unknown." -- )); -+ : "Value is unknown."; -+ my $num_unknowns; - - if ( !defined $onfield - or !defined $onfield->{"state"} - or $onfield->{"state"} ne "unknown") { - $hash->{'state_changed'} = 1; - } -+ else { -+ $hash->{'state_changed'} = 0; -+ } -+ -+ # First we'll need to check whether the user wants to ignore -+ # a few UNKNOWN values before actually changing the state to -+ # UNKNOWN. -+ if ($unknown_limit > 1) { -+ if (defined $onfield and defined $onfield->{"state"}) { -+ if ($onfield->{"state"} ne "unknown") { -+ if (defined $onfield->{"num_unknowns"}) { -+ if ($onfield->{"num_unknowns"} < $unknown_limit) { -+ # Don't change the state to UNKNOWN yet. -+ $hash->{'state_changed'} = 0; -+ $state = $onfield->{"state"}; -+ $extinfo = $onfield->{$state}; -+ -+ # Increment the number of UNKNOWN values seen. -+ $num_unknowns = $onfield->{"num_unknowns"} + 1; -+ } -+ } -+ else { -+ # Don't change the state to UNKNOWN yet. -+ $hash->{'state_changed'} = 0; -+ $state = $onfield->{"state"}; -+ $extinfo = $onfield->{$state}; -+ -+ # Start counting the number of consecutive UNKNOWN -+ # values seen. -+ $num_unknowns = 1; -+ } -+ } -+ } -+ } -+ -+ if ($state eq "unknown") { -+ $hash->{'worst'} = "UNKNOWN" if $hash->{"worst"} eq "OK"; -+ $hash->{'worstid'} = 3 if $hash->{"worstid"} == 0; -+ } -+ elsif ($state eq "critical") { -+ $hash->{'worst'} = "CRITICAL"; -+ $hash->{'worstid'} = 2; -+ } -+ elsif ($state eq "warning") { -+ $hash->{'worst'} = "WARNING" if $hash->{"worst"} ne "CRITICAL"; -+ $hash->{'worstid'} = 1 if $hash->{"worstid"} != 2; -+ } -+ -+ munin_set_var_loc(\%notes, [@$fpath, "state"], $state); -+ munin_set_var_loc(\%notes, [@$fpath, $state], $extinfo); -+ if (defined $num_unknowns) { -+ munin_set_var_loc(\%notes, [@$fpath, "num_unknowns"], -+ $num_unknowns); -+ } - } -+ - elsif ((defined($crit->[0]) and $value < $crit->[0]) - or (defined($crit->[1]) and $value > $crit->[1])) { - $crit->[0] ||= ""; -@@ -422,7 +473,7 @@ - my @warning = (undef, undef); - my $crit = munin_get($hash, "critical", undef); - my $warn = munin_get($hash, "warning", undef); -- my $unknown_limit = munin_get($hash, "unknown_limit", 1); -+ my $unknown_limit = munin_get($hash, "unknown_limit", 3); - - my $name = munin_get_node_name($hash); - -@@ -454,10 +505,15 @@ - DEBUG "[DEBUG] processing warning: $name -> $warning[0] : $warning[1]"; - } - -- # The merge of the unknown_limit implementation was somewhat botched. Not tested. - janl - if ($unknown_limit =~ /^\s*(\d+)\s*$/) { -- $unknown_limit = $1 if defined $1; -- DEBUG "[DEBUG] processing unknown_limit: $name -> $unknown_limit"; -+ $unknown_limit = $1 if defined $1; -+ if (defined $unknown_limit) { -+ if ($unknown_limit < 1) { -+ # Zero and negative numbers are not valid. -+ $unknown_limit = 1; -+ } -+ } -+ DEBUG "[DEBUG] processing unknown_limit: $name -> $unknown_limit"; - } - - return (\@warning, \@critical, $unknown_limit); reverted: --- munin-2.0.6/debian/patches/series +++ munin-2.0.6.orig/debian/patches/series @@ -1,2 +0,0 @@ -100-DejaVu-Fonts-Path.patch -237-hddtemp_smartctl-sata-detect.patch reverted: --- munin-2.0.6/debian/patches/100-DejaVu-Fonts-Path.patch +++ munin-2.0.6.orig/debian/patches/100-DejaVu-Fonts-Path.patch @@ -1,31 +0,0 @@ -Description: Debian specific patch, to explicitly configure - rrd 1.2 to use the debian provided DejaVuSans*.ttf fonts, as - we removed the ones provided by munin in order to avoid - duplication. - - This is a rewrite of a similar patch, which was removed at - http://munin-monitoring.org/changeset/3215 & - http://munin-monitoring.org/changeset/3238. - -Origin: other -Bug-Debian: http://bugs.debian.org/578782 -Forwarded: no -Author: Tom Feiner <feiner....@gmail.com> -Last-Update: 2011-12-04 -Index: munin-1.999.4495/master/lib/Munin/Master/GraphOld.pm -=================================================================== ---- munin-1.999.4495.orig/master/lib/Munin/Master/GraphOld.pm 2011-10-20 16:17:06.000000000 +0000 -+++ munin-1.999.4495/master/lib/Munin/Master/GraphOld.pm 2011-12-04 16:07:00.000000000 +0000 -@@ -1634,9 +1634,9 @@ - # The RRD 1.2 documentation says you can identify font family - # names but I never got that to work, but full font path worked - @options = ( -- '--font', "LEGEND:7:$libdir/DejaVuSansMono.ttf", -- '--font', "UNIT:7:$libdir/DejaVuSans.ttf", -- '--font', "AXIS:7:$libdir/DejaVuSans.ttf", -+ '--font', "LEGEND:7:/usr/share/fonts/truetype/ttf-dejavu/DejaVuSansMono.ttf", -+ '--font', "UNIT:7:/usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf", -+ '--font', "AXIS:7:/usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf", - ); - } else { - # At least 1.3 reverted: --- munin-2.0.6/debian/patches/237-hddtemp_smartctl-sata-detect.patch +++ munin-2.0.6.orig/debian/patches/237-hddtemp_smartctl-sata-detect.patch @@ -1,46 +0,0 @@ -Description: Add auto detection of SATA disks to hddtemp_smartctl - Upstream wants to test this bug on older systems before including it in trunk - as they want munin 1.4 compatible with older systems like RHEL4. - . - As we know that lenny, and onwards has smartmontools 5.38 or higher, - that is needed for this patch to work, we can include it in the debian package - even if its not included upstream. -Origin: other -Bug-Debian: http://bugs.debian.org/497400 -Forwarded: no -Author: Thorsten Gunkel <tgunkel-li...@tgunkel.de> -Last-Update: 2009-11-26 -Index: munin-1.4.0/plugins/node.d/hddtemp_smartctl.in -=================================================================== ---- munin-1.4.0.orig/plugins/node.d/hddtemp_smartctl.in 2009-08-31 23:04:36.000000000 +0200 -+++ munin-1.4.0/plugins/node.d/hddtemp_smartctl.in 2009-08-31 23:08:02.000000000 +0200 -@@ -92,14 +92,25 @@ - - # Try to get a default set of drives - if ($^O eq 'linux') { -- # On Linux, we know how to enumerate ide drives. SCSI is not as easy -+ # On Linux, we know how to enumerate ide drives. -+ my @drivesIDE; - if (-d '/proc/ide') { - opendir(IDE, '/proc/ide'); -- @drives = grep /hd[a-z]/, readdir IDE; -+ @drivesIDE = grep /hd[a-z]/, readdir IDE; - closedir(IDE); - } -- # "SCSI disks" could be both SCSI or SATA - we can't know which -- # without probing them. -+ -+ # Look for SCSI / SATA drives in /sys -+ my @drivesSCSI; -+ if (-d '/sys/block/') { -+ opendir(SCSI, '/sys/block/'); -+ @drivesSCSI = grep /sd[a-z]/, readdir SCSI; -+ closedir(SCSI); -+ } -+ -+ # Get list of all drives we found -+ @drives=(@drivesIDE,@drivesSCSI); -+ - } elsif ($^O eq 'freebsd') { - opendir(DEV, '/dev'); - @drives = grep /^ad[0-9]+$/, readdir DEV; only in patch2: unchanged: --- munin-2.0.6.orig/master/lib/Munin/Master/HTMLConfig.pm +++ munin-2.0.6/master/lib/Munin/Master/HTMLConfig.pm @@ -462,7 +462,7 @@ } } - if ($config->{'graph_strategy'} eq "cgi") { + if (munin_get($config, "graph_strategy", "cron") eq "cgi") { map { $srv{$_} = $config->{'cgiurl_graph'} . "/" . $imgs{$_} } keys %imgs; } else { map { $srv{$_} = $root_path . "/" . $imgs{$_} } keys %imgs; @@ -489,7 +489,7 @@ for my $scale (@times) { # Don't try to find the size if cgi is enabled, # otherwise old data might pollute - next if ($config->{'graph_strategy'} eq "cgi"); + next if (munin_get($config, "graph_strategy", "cron") eq "cgi"); if (my ($w, $h) = get_png_size(munin_get_picture_filename($service, $scale))) { $srv{"img" . $scale . "width"} = $w; @@ -501,7 +501,7 @@ $srv{imgweeksum} = "$srv{node}-week-sum.png"; $srv{imgyearsum} = "$srv{node}-year-sum.png"; for my $scale (["week", "year"]) { - next if ($config->{'graph_strategy'} eq "cgi"); + next if (munin_get($config, "graph_strategy", "cron") eq "cgi"); if (my ($w, $h) = get_png_size(munin_get_picture_filename($service, $scale, 1))) { only in patch2: unchanged: --- munin-2.0.6.orig/master/lib/Munin/Master/Node.pm +++ munin-2.0.6/master/lib/Munin/Master/Node.pm @@ -86,6 +86,7 @@ PeerPort => $self->{port} || 4949, LocalAddr => $config->{local_address}, Proto => 'tcp', + MultiHomed => 1, Timeout => $config->{timeout} ); if (! $self->{reader} ) { only in patch2: unchanged: --- munin-2.0.6.orig/debian/munin-async.README.Debian +++ munin-2.0.6/debian/munin-async.README.Debian @@ -0,0 +1,130 @@ +***** Installing munin-async ***** + +When using munin, one often runs into one of two problems: + * There are so many nodes to update, the update takes more than the + update interval + * Some servers may be connected over flaky lines, so an update may be lost + due to timeout + +With version 2.0, the designers of munin have started addressing those +problems. Today we look at one part of that solution, munin-async. Note that I +am using the packages from Debian testing. Your experience on other OSs +may vary. Here are the steps I needed to take in order for the client to +collect munin-async data from the various servers: + +**** Install munin-async on the monitored machines AND the graphing server **** + +The munin-async Debian package contains both the client AND the server scripts +for async work. This is not consistent, since previously all the data fetching +scripts were in the munin package, and all the data serving scripts were in the +munin-node package. It also means that you have to install munin-async +(creating the munin-async user, with its own entry in passwd file and its +shell set to /bin/bash) on the server, not just on the clients. I don’t like +leaving that open. + +(on remote machine and on server) +apt-get install munin-async + +**** Start munin-asyncd on servers where data is to be collected **** + +(on remote machine) service munin-async start + +**** Prepare the master for using ssh to connect to servers **** + +Change the shell of the munin user to bash so you can do these changes as the +munin user: +vipw +su - munin +cd /var/lib/munin +mkdir .ssh +cd .ssh +ssh-keygen -q -N "" -f /var/lib/munin/.ssh/id_rsa +cat /var/lib/munin/.ssh/id_rsa.pub + +Place the ssh public key in /var/lib/munin/.ssh) (on the remote machine) + +mkdir /var/lib/munin-async/.ssh + +(on the server) +scp /var/lib/munin/.ssh/id_rsa.pub r...@example.net:/var/lib/munin-async/.ssh/authorized_keys +chown -R munin:munin /var/lib/munin/.ssh + +ssh munin-as...@example.net +exit + +Note that you need to check the connection for EVERY host from which you intend +to collect data in the async manner. munin is NOT handling this dialogue: +The authenticity of host 'example.net (2600:more:fool:you:f9b)' can't be +established. +RSA key fingerprint is 61:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa. +Are you sure you want to continue connecting (yes/no)? yes +Warning: Permanently added 'example.net,2600:moore:fool:you:f9b' (RSA) to the +list of known hosts. + +So you need to log in “by hand” first, from the user munin, in order to record +the key. Or you need to copy the key from antoher known_hosts file, which may +be tricky. Now change the shell of munin back to /bin/false, for security. + +chsh -s /bin/false munin + +**** Change the system definition in /etc/munin/munin.conf **** + +(or, as I prefer to do it, in /etc/munin/munin-conf.d/hostlist.conf ). +[async.my-machine.net] + address ssh://munin-as...@example.net /usr/share/munin/munin-async --spooldir +/var/lib/munin/spool --spoolfetch + use_node_name yes + +I am using async in the definition name merely so that I can compare the data +from the two collection methods. + +**** Security enhancement **** +To prevent your monitored server being compromised if someone manages to break +into your munin collection server, you should edit the /var/lib/munin- +async/.ssh/authorized_keys file and add + +no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty,no-user-rc,command="/usr/sbin/munin-async --spooldir /var/lib/munin/spool --spoolfetch" + +to the beginning of the relevant line. Additionally consider from="(remote machine IPs)". + +**** Adding plugins **** + +When you add a plugin, it won’t be visible unless you first restart munin-node +and THEN munin-async. + +**** Troubleshooting tips **** + +If you haven’t logged in to the host “by hand” or added its keys to +known_hosts some other way, the fetch will fail. The only log in the munin- +update file will say something like: + +Socket read from async.example.net failed. A Terminating process. at /usr/ +share/perl5/Munin/Master/UpdateWorker.pm line ... +Another possible cause of mysterious failure to fetch data from the remote host +(that does not give a clear error message) is munin-asyncd not running on the +target server, or having no prefetched data yet. + +**** Additional ideas **** + +Balint Deak suggested in a post on the munin-users mailing list: What I would +add to this is that if you have many hosts, or hosts are added on a daily +basis, it may be annoying to always remember to log in to each new box and say +“yes” at the prompt. + +If you create a config file for ssh in the $HOME/.ssh/config for the user that +runs the master (defaults to ‘munin’) and tell ssh not to check the host key +when authenticating, then no prompt will be displayed even for new or unknown +hosts. + +Add something like: +Host * + UserKnownHostsFile=/dev/null + StrictHostKeyChecking=no + +I don’t think this makes the setup less secure, but it would make the +automation of adding new hosts to the system easier. + +Regards, +Balint + +From http://www.matija.si/system-administration/2012/07/15/installing-munin-async/ with edits from Daniel Black only in patch2: unchanged: --- munin-2.0.6.orig/common/lib/Munin/Common/TLS.pm +++ munin-2.0.6/common/lib/Munin/Common/TLS.pm @@ -132,8 +132,9 @@ } # Tune a few things... - if (Net::SSLeay::CTX_set_options($ctx, &Net::SSLeay::OP_ALL)) { - $self->{logger}("[ERROR] Could not set SSL_CTX options"); + Net::SSLeay::CTX_set_options($ctx, Net::SSLeay::OP_ALL()); + if (my $errno = Net::SSLeay::ERR_get_error()) { + $self->{logger}("[ERROR] Could not set SSL_CTX options: " + Net::SSLeay::ERR_error_string($errno)); return 0; } only in patch2: unchanged: --- munin-2.0.6.orig/plugins/node.d/http_loadtime.in +++ munin-2.0.6/plugins/node.d/http_loadtime.in @@ -67,7 +67,7 @@ trap "rm -rf $TMPDIR" EXIT cd $TMPDIR || exit 1 -loadtime=$(time -p wget -p --no-cache --delete-after $target -q 2>&1 | awk '/^real / { print $2 }') +loadtime=$((time -p wget -p --no-cache --delete-after $target -q) 2>&1 | awk '/^real / { print $2 }') cd .. echo "loadtime.value $loadtime" only in patch2: unchanged: --- munin-2.0.6.orig/plugins/node.d/hddtemp_smartctl.in +++ munin-2.0.6/plugins/node.d/hddtemp_smartctl.in @@ -141,14 +141,25 @@ # Try to get a default set of drives if ($^O eq 'linux') { - # On Linux, we know how to enumerate ide drives. SCSI is not as easy + # On Linux, we know how to enumerate ide drives. + my @drivesIDE; if (-d '/proc/ide') { opendir(IDE, '/proc/ide'); - @drives = grep /hd[a-z]/, readdir IDE; + @drivesIDE = grep /hd[a-z]/, readdir IDE; closedir(IDE); } - # "SCSI disks" could be both SCSI or SATA - we can't know which - # without probing them. + + # Look for SCSI / SATA drives in /sys + my @drivesSCSI; + if (-d '/sys/block/') { + opendir(SCSI, '/sys/block/'); + @drivesSCSI = grep /sd[a-z]/, readdir SCSI; + closedir(SCSI); + } + + # Get list of all drives we found + @drives=(@drivesIDE,@drivesSCSI); + } elsif ($^O eq 'freebsd') { opendir(DEV, '/dev'); @drives = grep /^ad[0-9]+$/, readdir DEV; only in patch2: unchanged: --- munin-2.0.6.orig/plugins/node.d.linux/selinux_avcstat.in +++ munin-2.0.6/plugins/node.d.linux/selinux_avcstat.in @@ -85,7 +85,7 @@ fi if [ -r $AVCSTATS ]; then - { read + { read HEADER while read lookups hits misses allocations reclaims frees; do LOOKUPS=$(($LOOKUPS + $lookups)) HITS=$(($HITS + $hits)) only in patch2: unchanged: --- munin-2.0.6.orig/plugins/node.d.linux/apt_all.in +++ munin-2.0.6/plugins/node.d.linux/apt_all.in @@ -52,7 +52,7 @@ $ENV{'LANG'}="C"; $ENV{'LC_ALL'}="C"; -my $statefile = "$ENV{MUNIN_PLUGSTATE}/plugin-apt.state"; +my $statefile = ($ENV{MUNIN_PLUGSTATE} || '@@PLUGSTATE@@/root/') . "/plugin-apt.state"; my @releases = ("stable", "testing","unstable"); only in patch2: unchanged: --- munin-2.0.6.orig/node/munin-node.conf.in +++ munin-2.0.6/node/munin-node.conf.in @@ -33,6 +33,7 @@ # may repeat the allow line as many times as you'd like allow ^127\.0\.0\.1$ +allow ^::1$ # If you have installed the Net::CIDR perl module, you can use one or more # cidr_allow and cidr_deny address/mask patterns. A connecting client must