1MUNIN.CONF(5) Munin Documentation MUNIN.CONF(5)
2
6 munin.conf - Munin configuration file
7
9 Munin is a group of programs to gather data from hosts, graph them,
10 create html-pages, and optionally warn contacts about any off-limit
11 values.
12 The hosts are divided into three groups: One master (could be more, but
14 Munin is not cluster aware so they'll likely be independent). The
15 master contacts a number of machines running munin-node, these are
16 called nodes. Each node has data from one or more hosts that is
17 monitored by Munin.
18 munin.conf is the configuration file for the Munin master server. The
20 programs using it are munin-update, munin-graph, munin-limits and
21 munin-html. There is also quite extensive documentation of this file
22 at <http://munin-monitoring.org/wiki/munin.conf>
23 The format of the file is simple. A minimal configuration looks
25 something like:
26 [machine1.your.dom]
28 address localhost
29 The default location of munin.conf is /etc/munin/munin.conf. If your
31 placement deviates from this norm, use the "--config <file>"-option
32 when running the munin-* programs.
33 Munin-update will expand all node-entries in this file, and save them
35 to /var/lib/munin/datafile, which is used by all programs in the
36 package together with this file.
37 Any directives in this file will override directives of the same name
39 in datafile. E.g., if you want to change the title of the "load"-graph
40 in the above minimum configuration, you would modify the two bottom
41 lines to:
42 [machine1.your.dom]
44 address localhost
45 load.graph_title Edited title of the load-graph
46 This will override the "graph_title" attribute of the "load" field/data
48 series while keeping all the others at their default.
49
51 These directives should appear in munin.conf before any host or group
52 definitions.
53 dbdir path (Default: /var/lib/munin)
55 Directory for generated database files. Required.
56 logdir path (Default: /var/log/munin)
58 Directory for log files. Required.
59 htmldir path (Default: /var/www/html/munin)
61 Directory for HTML pages and graphs. Required.
62 rundir path (Default: /var/run/munin)
64 Directory for files tracking munin's current running state.
65 Required.
66 tmpldir path (Default: /etc/munin/templates)
68 Directory for templates used to generate HTML pages. Required.
69 fork value
71 This directive determines whether munin-update fork when gathering
72 information from nodes. Possible values are "yes" and "no".
73 Default is "yes". If you set it to "no" munin-update will collect
74 data from the nodes in sequence rather than in parallel and this
75 will take considerably more time. Affects: munin-update.
76 palette default|old
78 Choose palette between the very nice ""default"", and the good old
79 ""old"".
80 graph_data_size value
82 This directive sets the resolution of the RRD files that are
83 created. Possible values are "normal" and "huge". Default is
84 "normal". "Huge" is really huge, it saves the complete data with 5
85 minute resolution for 400 days. This will probably increase the
86 I/O load on your Munin master, and currently has very little
87 benefit. Affects: munin-update.
88 graph_strategy value
90 Deprecated. (Graphs are now always drawn via CGI.)
91 local_address value
93 The local address to connect any node from in case the master has
94 several IP interfaces. This can be overridden by a group or global
95 directive. Without this directive Munins traffic will originate
96 from the master server according to the IP routing table.
97 max_processes <value>
99 This directive specifies the maximum number of processes to be used
100 for gathering information from nodes. If left blank, munin will
101 use as many processes as necessary. Affects: munin-update.
102 max_graph_jobs <value>
104 This directive specifies the maximum number of concurrent rrdgraph
105 proesses started by munin-graph. The default is 6. A setting of 0
106 disables concurrent processing. Affects: munin-graph
107 max_cgi_graph_jobs <value>
109 This directive specifies the maximum number of concurrent munin-
110 cgi-graph jobs. The web server can start a high number of munin-
111 cgi-graph jobs which we can't stop, but munin-cgi-graph will
112 throttle down how many rrdgraph calls will be running at the same
113 time to this number. Affects: munin-cgi-graph and munin-fastcgi-
114 graph.
115 ssh_command value
117 The name of the secure shell command to use. Can be fully
118 qualified, or looked up in $PATH. Default: "ssh"
119 ssh_options value
121 The "ssh" command line options. Defaults: "-o
122 ChallengeResponseAuthentication=no -o StrictHostKeyChecking=no".
123 If you need per-host ssh configuration, add these to
125 ~/munin/.ssh/config
126 tls <value>
128 Can have four values. "paranoid", "enabled", "auto", and
129 "disabled". "Paranoid" and "enabled" require a TLS connection,
130 while "disabled" will not attempt one at all.
131 The current default is "disabled" because "auto" is broken. "Auto"
133 causes bad interaction between munin-update and munin-node if the
134 node is unprepared to go to TLS.
135 If you see data dropouts (gaps in graphs) please try to disable
137 TLS. Affects: munin-update.
138 tls_verify_certificate <value>
140 This directive can be "yes" or "no". It determines if the remote
141 certificate needs to be signed by a CA that is known locally.
142 Default is "no". Affects: munin-update.
143 tls_private_key <value>
145 This directive sets the location of the private key to be used for
146 TLS. Default is /etc/munin/munin.pem. The private key and
147 certificate can be stored in the same file. Affects: munin-update.
148 tls_certificate <value>
150 This directive sets the location of the TLS certificate to be used
151 for TLS. Default is /etc/munin/munin.pem. The private key and
152 certificate can be stored in the same file. Affects: munin-update.
153 tls_ca_certificate <value>
155 This directive sets the CA certificate to be used to verify the
156 node's certificate, if tls_verify_certificate is set to "yes".
157 Default is /etc/munin/cacert.pem. Affects: munin-update.
158 tls_verify_depth <value>
160 This directive sets how many signings up a chain of signatures TLS
161 is willing to go to reach a known, trusted CA when verifying a
162 certificate. Default is 5. Affects: munin-update.
163 tls_match <value>
165 This directive, if defined, searches a dump of the certificate
166 provided by the remote host for the given regex. The dump of the
167 certificate is two lines of the form:
168 Subject Name: /C=c/ST=st/L=l/O=o/OU=ou/CN=cn/emailAddress=email
170 Issuer Name: /C=c/ST=st/O=o/OU=ou/CN=cn/emailAddress=email
171 So, for example, one could match the subject distinguished name by
173 the directive:
174 tls_match Subject Name: /C=c/ST=st/L=l/O=o/OU=ou/CN=cn/emailAddress=email
176 Note that the fields are dumped in the order they appear in the
178 certificate. It's best to view the dump of the certificate by
179 running munin-update in debug mode and reviewing the logs.
180 Unfortunately, due to the limited functionality of the SSL module
182 in use, it is not possible to provide finer-grained filtering. By
183 default this value is not defined. Affects: munin-update.
184 FIXME: This section MAY be complete, it may be missing a directive or
186 two.
187
189 Host definitions can have several types. In all forms, the definition
190 is used to generate the host name and group for the host, and the
191 following lines define its directives. All following directives apply
192 to that node until another node definition or EOF. Note that when
193 defining a nodename it is vital that you use a standard DNS name, as
194 in, one that uses only a-z, '-', and '.'. While other characters can
195 be used in a DNS name, it is against the RFC, and Munin uses the other
196 characters as delimiters. If they appear in nodenames, unexpected
197 behavior may occur.
198 The simplest node definition defines the section for a new node by
200 simply wrapping the DNS name of the node in brackets, e.g.
201 "[machine1.your.dom]". This will add the node "machine1.your.dom" to
202 the group "your.dom".
203 The next form of definition is used to define the node and group
205 independently. It follows the form "[your.dom;machine1.sub.your.dom]".
206 This adds the node "machine1.sub.your.dom" to the group "your.dom".
207 This can be useful if you have machines you want to put together as a
208 group that are under different domains (as in the given example). This
209 can also solve a problem if your machine is "machine1.com", where
210 having a group of "com" makes little sense.
211 Multiple groups can be specified by adding more "groupname;"s, e.g.
213 "[servers;local;mail;mail.foo.net]", if you need a more hierarchical
214 structure.
215
217 These are directives that can follow a node definition and will apply
218 only to that node.
219 address <value>
221 The IP address of the node. Required.
222 local_address <value>
224 The local address to connect to the node from. This overrides a
225 group or global directive.
226 FIXME: This section is incomplete.
228
230 These directives should appear after a node definition and are of the
231 form "plugin.directive <value>". Using these directives you can
232 override various directives for a plugin, such as its contacts, and can
233 also be used to create graphs containing data from other plugins.
234 FIXME: This section is (obviously) incomplete.
236
238 These directives should appear after a node definition and are of the
239 form "plugin.field <value>". Using these directives you can override
240 values originally set by plugins on the nodes, such as warning and
241 critical levels or graph names.
242 graph_height <value>
244 The graph height for a specific service. Default is 175. Affects:
245 munin-graph.
246 graph_width <value>
248 The graph width for a specific service. Default is 400. Affects:
249 munin-graph.
250 warning <value>
252 The value at which munin-limits will mark the service as being in a
253 warning state. Value can be a single number to specify a limit
254 that must be passed or they can be a comma separated pair of
255 numbers defining a valid range of values. Affects: munin-limits.
256 critical <value>
258 The value at which munin-limits will mark the service as being in a
259 critical state. Value can be a single number to specify a limit
260 that must be passed or they can be a comma separated pair of
261 numbers defining a valid range of values Affects: munin-limits.
262 FIXME: This section is incomplete.
264
266 On all the examples below, all the 'top-level' parameters (dbdir,
267 logdir, htmldir, tmpldir) are not present. They are only skipped for
268 brevity - they are needed.
269
271 An example with three servers on two domains:
272 [machine1.one.dom]
274 address machine1.one.dom
275 [machine2.one.dom]
277 address 10.33.32.123
278 [machine3.two.dom]
280 address localhost
281 This will appear as two groups (one.dom and two.dom), having
283 respectively two and one node.
284
286 Summarize the 'load'-graphs of the two servers in one.dom, in a 'total
287 load'-graph.
288 [one.dom;Totals]
290 update no
291 load.graph_title Total load
292 load.sum_load.label load
293 load.sum_load.special_stack machine1=machine1.one.dom:load.load machine2=machine2.one.dom:load.load
294
296 Jimmy Olsen, Audun Ytterdal, Brian de Wolf, Nicolai Langfeldt
297
299 Copyright (C) 2002-2008 Audun Ytterdal, Jimmy Olsen, Nicolai Langfeldt,
300 Linpro AS and others.
301 This is free software; see the source for copying conditions. There is
303 NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
304 PURPOSE.
305 This program is released under the GNU General Public License
307
309 For more information, see the man pages of the individual munin-*
310 programs or the Munin homepage <http://munin-monitoring.org/>.
3112.0.54 2020-01-29 MUNIN.CONF(5)