GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
MUNIN-NODE.CONF(5) Munin Documentation MUNIN-NODE.CONF(5)

munin-node.conf - Munin-node configuration file

munin-node.conf is the configuration file for "munin-node", the agent that Munin fetches data from.

The format is dictated by the use of "Net::Server". A look at "perldoc Net::Server" will give a list of options that the file supports by using the module. This page mainly covers the Munin-specific extensions.

The following options are of special interest:

allow RE
IP based access list is implemented through this. The statement may be repeated many times. It's important to note that it's actually a regular expression after the keyword so to allow localhost it must be written like this:

      allow ^127\.0\.0\.1$
    
cidr_allow NETWORK/MASK
An alternative to "allow RE". This allows the access list to be specified in CIDR format. For instance, "cidr_allow 192.0.2.0/24" would allow connections from any IP from 192.0.2.1 to 192.0.2.254.

And "cidr_allow 127.0.0.1/32" is the equivalent to the example above. Note that the netmask must be provided, even though it's just "/32".

This option requires that the "Net::CIDR" Perl module be installed.

host IP
The IP number of the interface munin-node should listen on. By default munin-node listens to all interfaces. To make munin-node listen only on the localhost interface - making it unavailable from the network do this:

      host 127.0.0.1
    

host_name <host>
If set, overrides the hostname munin-node uses in its 'hello'-negotiation with munin. A "telnet localhost 4949" will show the hostname munin-node is currently using. If munin-node and the main munin installation do not agree on the hostname, munin will skip all the plugins of the machine in question.
paranoia <yes|no|true|false|on|off|1|0>
If set, checks permissions of plugin files, and only tries to run files owned by root. Default on.
ignore_file <regex>
Files matching <regex> in the node.d/ and node-conf.d/ directories will be overlooked.
tls <value>
Can have four values. "paranoid", "enabled", "auto", and "disabled". "Paranoid" and "enabled" require a TLS connection, while "disabled" will not attempt one at all.

The current default is "disabled" because "auto" is broken. "Auto" causes bad interaction between munin-update and munin-node if the node is unprepared to go to TLS.

If you see data dropouts (gaps in graphs) please try to disable TLS.

tls_verify_certificate <value>
This directive can be "yes" or "no". It determines if the remote certificate needs to be signed by a CA that is known locally. Default is "no".
tls_private_key <value>
This directive sets the location of the private key to be used for TLS. Default is /usr/local/etc/munin/munin-node.pem. The private key and certificate can be stored in the same file.
tls_certificate <value>
This directive sets the location of the TLS certificate to be used for TLS. Default is /usr/local/etc/munin/munin-node.pem. The private key and certificate can be stored in the same file.
tls_ca_certificate <value>
This directive sets the CA certificate to be used to verify the node's certificate, if tls_verify_certificate is set to "yes". Default is /usr/local/etc/munin/cacert.pem.
tls_verify_depth <value>
This directive sets how many signings up a chain of signatures TLS is willing to go to reach a known, trusted CA when verifying a certificate. Default is 5.
tls_match <value>
This directive, if defined, searches a dump of the certificate provided by the remote host for the given regex. The dump of the certificate is two lines of the form:

        Subject Name: /C=c/ST=st/L=l/O=o/OU=ou/CN=cn/emailAddress=email
        Issuer  Name: /C=c/ST=st/O=o/OU=ou/CN=cn/emailAddress=email
    

So, for example, one could match the subject distinguished name by the directive:

        tls_match Subject Name: /C=c/ST=st/L=l/O=o/OU=ou/CN=cn/emailAddress=email
    

Note that the fields are dumped in the order they appear in the certificate. It's best to view the dump of the certificate by running munin-update in debug mode and reviewing the logs.

Unfortunately, due to the limited functionality of the SSL module in use, it is not possible to provide finer-grained filtering. By default this value is not defined.

A pretty normal configuration file:

        log_level 4
        log_file /var/log/munin/munin-node.log
        port 4949
        pid_file /var/run/munin-node.pid
        background 1
        setsid 1

        host *
        user root
        group root
        setsid yes

        ignore_file \.bak$
        ignore_file \.rpm(save|new)$
        ignore_file ^README$

        allow ^127\.0\.0\.1$

        ignore_file \.dpkg-(old|new)$
        ignore_file \.rpm(save|new)$

See the documentation or Munin homepage <http://munin-monitoring.org/> for more info.

Jimmy Olsen.

Copyright (C) 2002-2006 Audun Ytterdal, Jimmy Olsen, Dagfin Ilmari MansXker, Nicolai Langfeldt

This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

This program is released under the GNU General Public License

2021-11-22 2.0.69

Search for    or go to Top of page |  Section 5 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.