1MUNIN.CONF(5) Munin Documentation MUNIN.CONF(5)
2
3
4
6 munin.conf - Munin configuration file
7
9 Munin is a group of programs to gather data from hosts, graph them,
10 create html-pages, and optionally warn contacts about any off-limit
11 values.
12
13 The hosts are divided into three groups: One master (could be more, but
14 Munin is not cluster aware so they'll likely be independent). The
15 master contacts a number of machines running munin-node, these are
16 called nodes. Each node has data from one or more hosts that is
17 monitored by Munin.
18
19 munin.conf is the configuration file for the Munin master server. The
20 programs using it are munin-update, munin-graph, munin-limits and
21 munin-html. There is also quite extensive documentation of this file
22 at <http://munin-monitoring.org/wiki/munin.conf>
23
24 The format of the file is simple. A minimal configuration looks
25 something like:
26
27 [machine1.your.dom]
28 address localhost
29
30 The default location of munin.conf is /etc/munin/munin.conf. If your
31 placement deviates from this norm, use the "--config <file>"-option
32 when running the munin-* programs.
33
34 Munin-update will expand all node-entries in this file, and save them
35 to /var/lib/munin/datafile, which is used by all programs in the
36 package together with this file.
37
38 Any directives in this file will override directives of the same name
39 in datafile. E.g., if you want to change the title of the "load"-graph
40 in the above minimum configuration, you would modify the two bottom
41 lines to:
42
43 [machine1.your.dom]
44 address localhost
45 load.graph_title Edited title of the load-graph
46
47 This will override the "graph_title" attribute of the "load" field/data
48 series while keeping all the others at their default.
49
51 These directives should appear in munin.conf before any host or group
52 definitions.
53
54 dbdir path (Default: /var/lib/munin)
55 Directory for generated database files. Required.
56
57 logdir path (Default: /var/log/munin)
58 Directory for log files. Required.
59
60 htmldir path (Default: /var/www/html/munin)
61 Directory for HTML pages and graphs. Required.
62
63 rundir path (Default: /var/run/munin)
64 Directory for files tracking munin's current running state.
65 Required.
66
67 tmpldir path (Default: /etc/munin/templates)
68 Directory for templates used to generate HTML pages. Required.
69
70 fork value
71 This directive determines whether munin-update fork when gathering
72 information from nodes. Possible values are "yes" and "no".
73 Default is "yes". If you set it to "no" munin-update will collect
74 data from the nodes in sequence rather than in parallel and this
75 will take considerably more time. Affects: munin-update.
76
77 palette default|old
78 Choose palette between the very nice ""default"", and the good old
79 ""old"".
80
81 graph_data_size value
82 This directive sets the resolution of the RRD files that are
83 created. Possible values are "normal" and "huge". Default is
84 "normal". "Huge" is really huge, it saves the complete data with 5
85 minute resolution for 400 days. This will probably increase the
86 I/O load on your Munin master, and currently has very little
87 benefit. Affects: munin-update.
88
89 graph_strategy value
90 Deprecated. (Graphs are now always drawn via CGI.)
91
92 local_address value
93 The local address to connect any node from in case the master has
94 several IP interfaces. This can be overridden by a group or global
95 directive. Without this directive Munins traffic will originate
96 from the master server according to the IP routing table.
97
98 max_processes <value>
99 This directive specifies the maximum number of processes to be used
100 for gathering information from nodes. If left blank, munin will
101 use as many processes as necessary. Affects: munin-update.
102
103 max_graph_jobs <value>
104 This directive specifies the maximum number of concurrent rrdgraph
105 proesses started by munin-graph. The default is 6. A setting of 0
106 disables concurrent processing. Affects: munin-graph
107
108 max_cgi_graph_jobs <value>
109 This directive specifies the maximum number of concurrent munin-
110 cgi-graph jobs. The web server can start a high number of munin-
111 cgi-graph jobs which we can't stop, but munin-cgi-graph will
112 throttle down how many rrdgraph calls will be running at the same
113 time to this number. Affects: munin-cgi-graph and munin-fastcgi-
114 graph.
115
116 timeout_fetch_all_nodes seconds
117 This directive will set the maximum amount of time in seconds the
118 munin-update task may run. So we'll make sure the update ended
119 within the 5 minutes timespan needed to have complete graphs
120 without gaps.
121
122 You should probably not increase this value, unless all nodes are
123 using ssh with munin-async. Otherwise you may expecience gaps in
124 graphs, if "munin-update" takes longer, than the default period (5
125 minutes).
126
127 Munin-async can retrieve historical data, and if there is a big
128 backlog, we could need more time depending on the size of the data
129 generated by the plugin and the size of the backlog. This would
130 also mean that we wouldn't care to skip an update. So munin-async
131 will get more time to retrieve the backlog data. Afterwards new
132 data will incrementally be fetched. Default is 240. Affects:
133 munin-update
134
135 timeout_fetch_one_node seconds
136 This directive will set the maximum amount of time in seconds the
137 munin-update task may run for a single node. This value can't be
138 bigger than "timeout_fetch_all_nodes". Default is 180. Affects:
139 munin-update
140
141 ssh_command value
142 The name of the secure shell command to use. Can be fully
143 qualified, or looked up in $PATH. Default: "ssh"
144
145 ssh_options value
146 The "ssh" command line options. Defaults: "-o
147 ChallengeResponseAuthentication=no -o StrictHostKeyChecking=no".
148
149 If you need per-host ssh configuration, add these to
150 ~/munin/.ssh/config
151
152 tls <value>
153 Can have four values. "paranoid", "enabled", "auto", and
154 "disabled". "Paranoid" and "enabled" require a TLS connection,
155 while "disabled" will not attempt one at all.
156
157 The current default is "disabled" because "auto" is broken. "Auto"
158 causes bad interaction between munin-update and munin-node if the
159 node is unprepared to go to TLS.
160
161 If you see data dropouts (gaps in graphs) please try to disable
162 TLS. Affects: munin-update.
163
164 tls_verify_certificate <value>
165 This directive can be "yes" or "no". It determines if the remote
166 certificate needs to be signed by a CA that is known locally.
167 Default is "no". Affects: munin-update.
168
169 tls_private_key <value>
170 This directive sets the location of the private key to be used for
171 TLS. Default is /etc/munin/munin.pem. The private key and
172 certificate can be stored in the same file. Affects: munin-update.
173
174 tls_certificate <value>
175 This directive sets the location of the TLS certificate to be used
176 for TLS. Default is /etc/munin/munin.pem. The private key and
177 certificate can be stored in the same file. Affects: munin-update.
178
179 tls_ca_certificate <value>
180 This directive sets the CA certificate to be used to verify the
181 node's certificate, if tls_verify_certificate is set to "yes".
182 Default is /etc/munin/cacert.pem. Affects: munin-update.
183
184 tls_verify_depth <value>
185 This directive sets how many signings up a chain of signatures TLS
186 is willing to go to reach a known, trusted CA when verifying a
187 certificate. Default is 5. Affects: munin-update.
188
189 tls_match <value>
190 This directive, if defined, searches a dump of the certificate
191 provided by the remote host for the given regex. The dump of the
192 certificate is two lines of the form:
193
194 Subject Name: /C=c/ST=st/L=l/O=o/OU=ou/CN=cn/emailAddress=email
195 Issuer Name: /C=c/ST=st/O=o/OU=ou/CN=cn/emailAddress=email
196
197 So, for example, one could match the subject distinguished name by
198 the directive:
199
200 tls_match Subject Name: /C=c/ST=st/L=l/O=o/OU=ou/CN=cn/emailAddress=email
201
202 Note that the fields are dumped in the order they appear in the
203 certificate. It's best to view the dump of the certificate by
204 running munin-update in debug mode and reviewing the logs.
205
206 Unfortunately, due to the limited functionality of the SSL module
207 in use, it is not possible to provide finer-grained filtering. By
208 default this value is not defined. Affects: munin-update.
209
210 FIXME: This section MAY be complete, it may be missing a directive or
211 two.
212
214 Host definitions can have several types. In all forms, the definition
215 is used to generate the host name and group for the host, and the
216 following lines define its directives. All following directives apply
217 to that node until another node definition or EOF. Note that when
218 defining a nodename it is vital that you use a standard DNS name, as
219 in, one that uses only a-z, '-', and '.'. While other characters can
220 be used in a DNS name, it is against the RFC, and Munin uses the other
221 characters as delimiters. If they appear in nodenames, unexpected
222 behavior may occur.
223
224 The simplest node definition defines the section for a new node by
225 simply wrapping the DNS name of the node in brackets, e.g.
226 "[machine1.your.dom]". This will add the node "machine1.your.dom" to
227 the group "your.dom".
228
229 The next form of definition is used to define the node and group
230 independently. It follows the form "[your.dom;machine1.sub.your.dom]".
231 This adds the node "machine1.sub.your.dom" to the group "your.dom".
232 This can be useful if you have machines you want to put together as a
233 group that are under different domains (as in the given example). This
234 can also solve a problem if your machine is "machine1.com", where
235 having a group of "com" makes little sense.
236
237 Multiple groups can be specified by adding more "groupname;"s, e.g.
238 "[servers;local;mail;mail.foo.net]", if you need a more hierarchical
239 structure.
240
242 These are directives that can follow a node definition and will apply
243 only to that node.
244
245 address <value>
246 The IP address of the node. Required.
247
248 local_address <value>
249 The local address to connect to the node from. This overrides a
250 group or global directive.
251
252 FIXME: This section is incomplete.
253
255 These directives should appear after a node definition and are of the
256 form "plugin.directive <value>". Using these directives you can
257 override various directives for a plugin, such as its contacts, and can
258 also be used to create graphs containing data from other plugins.
259
260 FIXME: This section is (obviously) incomplete.
261
263 These directives should appear after a node definition and are of the
264 form "plugin.field <value>". Using these directives you can override
265 values originally set by plugins on the nodes, such as warning and
266 critical levels or graph names.
267
268 graph_height <value>
269 The graph height for a specific service. Default is 175. Affects:
270 munin-graph.
271
272 graph_width <value>
273 The graph width for a specific service. Default is 400. Affects:
274 munin-graph.
275
276 warning <value>
277 The value at which munin-limits will mark the service as being in a
278 warning state. Value can be a single number to specify a limit
279 that must be passed or they can be a comma separated pair of
280 numbers defining a valid range of values. Affects: munin-limits.
281
282 critical <value>
283 The value at which munin-limits will mark the service as being in a
284 critical state. Value can be a single number to specify a limit
285 that must be passed or they can be a comma separated pair of
286 numbers defining a valid range of values Affects: munin-limits.
287
288 FIXME: This section is incomplete.
289
291 On all the examples below, all the 'top-level' parameters (dbdir,
292 logdir, htmldir, tmpldir) are not present. They are only skipped for
293 brevity - they are needed.
294
296 An example with three servers on two domains:
297
298 [machine1.one.dom]
299 address machine1.one.dom
300
301 [machine2.one.dom]
302 address 10.33.32.123
303
304 [machine3.two.dom]
305 address localhost
306
307 This will appear as two groups (one.dom and two.dom), having
308 respectively two and one node.
309
311 Summarize the 'load'-graphs of the two servers in one.dom, in a 'total
312 load'-graph.
313
314 [one.dom;Totals]
315 update no
316 load.graph_title Total load
317 load.sum_load.label load
318 load.sum_load.special_stack machine1=machine1.one.dom:load.load machine2=machine2.one.dom:load.load
319
321 Jimmy Olsen, Audun Ytterdal, Brian de Wolf, Nicolai Langfeldt
322
324 Copyright (C) 2002-2008 Audun Ytterdal, Jimmy Olsen, Nicolai Langfeldt,
325 Linpro AS and others.
326
327 This is free software; see the source for copying conditions. There is
328 NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
329 PURPOSE.
330
331 This program is released under the GNU General Public License
332
334 For more information, see the man pages of the individual munin-*
335 programs or the Munin homepage <http://munin-monitoring.org/>.
336
337
338
3392.0.67 2022-01-20 MUNIN.CONF(5)