1MUNIN-NODE.CONF(5) Munin Documentation MUNIN-NODE.CONF(5)
2
3
4
6 munin-node.conf - Munin-node configuration file
7
9 Munin-node is the node that Munin fetches data from, graphs, htmlifies
10 and optionaly warns nagios about data it gathers. It's designed to let
11 it be very easy to graph new datasources.
12
13 "munin-node.conf" is the configuration file for munin-node.
14
15 The format of the file is dictated by the use of Net::Server. A look at
16 "perldoc Net::Server" will give a list of options that the file
17 supports by using the module.
18
19 The following options are of special interest:
20
21 allow RE
22 IP based access list is implemented through this. The statement
23 may be repeated many times. It's important to note that it's
24 actually a regular expression after the keyword so to allow
25 localhost it must be written like this:
26
27 allow ^127\.0\.0\.1$
28
29 host IP
30 The IP number of the interface munin-node should listen on. By
31 default munin-node listens to all interfaces. To make munin-node
32 listen only on the localhost interface - making it unavailable
33 from the network do this:
34
35 host 127.0.0.1
36
37 Additional options:
38 host_name <host>
39 If set, overrides the hostname munin-node uses in its
40 'hello'-negotiation with munin. A "telnet localhost 4949" will
41 show the hostname munin-node is currently using. If munin-node and
42 the main munin installation do not agree on the hostname, munin
43 will skip all the plugins of the machine in question.
44
45 paranoia <yes|no|true|false|on|off|1|0>
46 If set, checks permissions of plugin files, and only tries to run
47 files owned by root. Default on.
48
49 ignore_file <regex>
50 Files matching <regex> in the node.d/ and node-conf.d/ directories
51 will be overlooked.
52
53 tls <value>
54 Can have four values. "paranoid", "enabled", "auto", and
55 "disabled". "Paranoid" and "enabled" require a TLS connection,
56 while "disabled" will not attempt one at all.
57
58 The current default is "disabled" because "auto" is broken.
59 "Auto" causes bad interaction between munin-update and munin-node
60 if the node is unprepared to go to TLS.
61
62 If you see data dropouts (gaps in graphs) please try to disable
63 TLS.
64
65 tls_verify_certificate <value>
66 This directive can be "yes" or "no". It determines if the remote
67 certificate needs to be signed by a CA that is known locally.
68 Default is "no".
69
70 tls_private_key <value>
71 This directive sets the location of the private key to be used for
72 TLS. Default is @@CONFDIR@@/munin-node.pem. The private key and
73 certificate can be stored in the same file.
74
75 tls_certificate <value>
76 This directive sets the location of the TLS certificate to be used
77 for TLS. Default is @@CONFDIR@@/munin-node.pem. The private key
78 and certificate can be stored in the same file.
79
80 tls_ca_certificate <value>
81 This directive sets the CA certificate to be used to verify the
82 node's certificate, if tls_verify_certificate is set to "yes".
83 Default is @@CONFDIR@@/cacert.pem.
84
85 tls_verify_depth <value>
86 This directive sets how many signings up a chain of signatures TLS
87 is willing to go to reach a known, trusted CA when verifying a
88 certificate. Default is 5.
89
90 tls_match <value>
91 This directive, if defined, searches a dump of the certificate
92 provided by the remote host for the given regex. The dump of the
93 certificate is two lines of the form:
94
95 Subject Name: /C=c/ST=st/L=l/O=o/OU=ou/CN=cn/emailAddress=email
96 Issuer Name: /C=c/ST=st/O=o/OU=ou/CN=cn/emailAddress=email
97
98 So, for example, one could match the subject distinguished name by
99 the directive:
100
101 tls_match Subject Name: /C=c/ST=st/L=l/O=o/OU=ou/CN=cn/emailAddress=email
102
103 Note that the fields are dumped in the order they appear in the
104 certificate. It's best to view the dump of the certificate by
105 running munin-update in debug mode and reviewing the logs.
106
107 Unfortunately, due to the limited functionality of the SSL module
108 in use, it is not possible to provide finer-grained filtering. By
109 default this value is not defined.
110
112 A pretty normal configuration file:
113
114 log_level 4
115 log_file /var/log/munin/munin-node.log
116 port 4949
117 pid_file /var/run/munin-node.pid
118 background 1
119 setsid 1
120
121 host *
122 user root
123 group root
124 setsid yes
125
126 ignore_file \.bak$
127 ignore_file \.rpm(save|new)$
128 ignore_file ^README$
129
130 allow ^127\.0\.0\.1$
131
132 ignore_file \.dpkg-(old|new)$
133 ignore_file \.rpm(save|new)$
134
135 See the documentation or Munin homepage
136 <http://munin.projects.linpro.no/> for more info.
137
139 Jimmy Olsen.
140
142 Copyright (C) 2002-2006 Audun Ytterdal, Jimmy Olsen, Dagfin Ilmari
143 Mansaaker, Nicolai Langfeldt
144
145 This is free software; see the source for copying conditions. There is
146 NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
147 PURPOSE.
148
149 This program is released under the GNU General Public License
150
151
152
1531.4.5 2010-04-14 MUNIN-NODE.CONF(5)