Bug#694790: upload (pre-approval): munin/2.0.6-2
retitle 694790 unblock: munin/2.0.6-3
thanks
Hi,
I've uploaded 2.0.6-3 with these changes now:
* debian/rules: set MUNIN_VERSION correctly during build. (Closes: #694527)
* debian/munin-async.logrotate:
- use adm group for created files.
- use *0 as glob, not *.0 (Closes: #691758)
The first is another important bugfix (resulting in a meaningful version
embedded in the graphs) and the second change is the result from Julians
review.
Attached is the diff between 2.0.6-1 and 2.0.6-3 as well as 2.0.6-2 to -3.
On Donnerstag, 3. Januar 2013, Holger Levsen wrote:
> > munin-async.postinst: what's the [ "$2" = 0 ] test supposed to achieve?
>
> uhm, nothing, which not already has been achieved by the previous 'dpkg --
> compare-versions "$2" le "2.0.6-1~"' - seems I copied the code from
> munin.postinst or munin-node.postinst... will remove it in all three
> places.
I left this as it is: as testing for || [ "$2" = 0 ] is totally harmless and I
didnt want to further increase the diff. 7dd9f1f which fixes and documents
this properly is in 2.0.9-3 and causes 4 files changed, 22 insertions(+), 10
deletions(-) which I considered to much noise for essentially a no-op.
And I also remembered why I wrote this like this (and made this clearer in the
comments in said fix): now its sufficient to test for dpkg --compare-versions
"$2" le "2.0.6-1~" but in future I will still want to test for [ "$2" = 0 ] to
make sure this code path only gets executed on new installs...
cheers,
Holger
diff -u munin-2.0.6/debian/rules munin-2.0.6/debian/rules
--- munin-2.0.6/debian/rules
+++ munin-2.0.6/debian/rules
@@ -8,6 +8,8 @@
dh $@
override_dh_auto_build:
+ # ./getversion reads RELEASE if it exists
+ dpkg-parsechangelog | sed -n 's/^Version: //p' > RELEASE
chmod 755 debian/ostype_helper
dh_auto_build -- $(MAKEOPTS)
@@ -83,6 +85,7 @@
override_dh_auto_clean:
dh_auto_clean -- $(MAKEOPTS) clean-node clean-master clean-plugins clean-common clean
find plugins/javalib -name '*.class' -print0 | xargs -0 -r rm -v
+ rm RELEASE -f
# Disable build tests for now
override_dh_auto_test:
diff -u munin-2.0.6/debian/munin-async.logrotate munin-2.0.6/debian/munin-async.logrotate
--- munin-2.0.6/debian/munin-async.logrotate
+++ munin-2.0.6/debian/munin-async.logrotate
@@ -1,9 +1,9 @@
-/var/lib/munin/spool/*.0 {
+/var/lib/munin-async/*0 {
daily
missingok
rotate 7
compress
copytruncate
notifempty
- create 640 munin adm
+ create 640 munin-async adm
}
diff -u munin-2.0.6/debian/munin-node.postrm munin-2.0.6/debian/munin-node.postrm
--- munin-2.0.6/debian/munin-node.postrm
+++ munin-2.0.6/debian/munin-node.postrm
@@ -23,13 +23,11 @@
#
# just like #198522 (see above..) is fixed since 2006 ;)
- rm -f /var/lib/munin/plugin-state/*.state
- rm -f /var/lib/munin-node/plugin-state/*.state
+ rm -rf /var/lib/munin/plugin-state
+ rm -rf /var/lib/munin-node/plugin-state
rm -f /var/log/munin/munin-node.log*
rm -f /var/log/munin/munin-node-configure.log*
- delete_dir_if_empty /var/lib/munin/plugin-state
- delete_dir_if_empty /var/lib/munin-node/plugin-state
delete_dir_if_empty /var/lib/munin
delete_dir_if_empty /var/log/munin
delete_dir_if_empty /etc/munin/plugin-conf.d
diff -u munin-2.0.6/debian/changelog munin-2.0.6/debian/changelog
--- munin-2.0.6/debian/changelog
+++ munin-2.0.6/debian/changelog
@@ -1,3 +1,68 @@
+munin (2.0.6-3) unstable; urgency=low
+
+ * debian/rules: set MUNIN_VERSION correctly during build. (Closes: #694527)
+ * debian/munin-async.logrotate:
+ - use adm group for created files.
+ - use *0 as glob, not *.0 (Closes: #691758)
+
+ -- Holger Levsen <holger@debian.org> Fri, 04 Jan 2013 15:14:09 +0100
+
+munin (2.0.6-2) unstable; urgency=low
+
+ * Fix "/etc/apache2/conf.d/munin removed on upgrade":
+ - debian/munin.postinst: create symlink for new installs and also for
+ upgrades from versions where it was still removed (up to 1.4.6-3) but
+ not re-created (from 1.4.6-1 onwards). Thanks to Gregor Herrman for the
+ patch and intrigeri for reviewing. (Closes: #677943)
+ * munin-doc: Break and replace munin-common << 2. (Closes: #694355)
+ * munin-node.postinst: delete /var/lib/munin(-node)/plugin-state recursively
+ on purge. The plugin-state is outdated after a few minutes anyway.
+ (Closes: #687715)
+ * apt_all plugin: the apt_all plugin has its state updated in cron. There
+ the ENV var MUNIN_PLUGSTATE doesn't exist, so we need to set a default.
+ (Closes: #687495). This has been in included in 2.0.7 as d53b34d.
+ * munin-async.init: Run munin-async after munin-node has been started.
+ (Closes: #691390) - Thanks to Daniel Black for this and the next two
+ fixes:
+ * munin-async.postinst: fix /var/lib/munin-async ownership (once on upgrades
+ from previous versions) and for new installs. (Closes: #691309)
+ * munin-async.logrotate: correct location of munin-async logfiles.
+ (Closes: #691758)
+ * Add documentation for munin-async, thanks to Daniel Black.
+ (Closes: #681803)
+ * Have master support multi-homed nodes that only listen on IPv4.
+ (Closes: #678662) This is upstream commit a18229c5 from 2.0.9, thanks to
+ Michael Renner for the testing and the patch!
+ * Patch node/munin-node.conf.in to allow incoming IPv6 from localhost,
+ mostly to document that IPv6 addresses are allowed as well. Thanks to
+ Daniel Black. (Closes: #676798) This is upstream commit 7501128 which was
+ included in 2.0.9.
+ * Common/TLS.pm: use the correct error checking functions from Net::SSLeay,
+ cherry-pick c112139 from 2.0.9. (Closes: #675377)
+ * HTMLConfig.pm: cherry-pick 789c59e from 2.0.7 to avoid (using the default
+ configuration) /var/log/munin/munin-html.log being flooded with 106 lines
+ of noisy warnings (out of 112 lines in total) every 5min. (Closes: #689291)
+ * selinux_avcstat plugin: Do not use the "read without variable" bashism,
+ thanks to intrigeri for the patch. (Closes: #690711)
+ This fix has been included upstream as 099cc00f.
+ * http_loadtime plugin: fix stderr redirection (which broke the plugin
+ completely) (Closes: #691448) - This is upstream commit 9a1cbce from
+ 2.0.8.
+ * Keep using "dh $@" (=without anything) and not change to "dh --with quilt"
+ (so #691327 is still open in sid and wheezy.).
+ * Drop 101-suppress-occasional-unknown-states-to-avoid-alerts.patch as it
+ is included since 1.4.4.
+ * Drop 100-DejaVu-Fonts-Path.patch since it only affects a codepath used
+ with rrdtool 1.2.
+ * Drop 237-hddtemp_smartctl-sata-detect.patch and cherry-pick the identical
+ commit 29e4ca9 from 2.0.7 instead: this was the bugfix for #497400,
+ included in both lenny and squeeze releases (so it fixes a regression, and
+ so today introducing #497400 would be an important bug.)
+ * Remove quilt from build-depends. We are not using it and have not been
+ using it since March 2012 / 2.0~rc2-1.
+
+ -- Holger Levsen <holger@debian.org> Sun, 23 Dec 2012 16:53:43 +0100
+
munin (2.0.6-1) unstable; urgency=high
* New upstream release 2.0.6, switching back to cron graphing (as it better
diff -u munin-2.0.6/debian/munin-async.postinst munin-2.0.6/debian/munin-async.postinst
--- munin-2.0.6/debian/munin-async.postinst
+++ munin-2.0.6/debian/munin-async.postinst
@@ -15,9 +15,17 @@
fi
}
+initperms() {
+ chown munin-async:munin-async /var/lib/munin-async
+}
+
case "$1" in
configure)
add_munin_async_user
+ # this can go away after wheezy
+ if dpkg --compare-versions "$2" le "2.0.6-1~" || [ "$2" = 0 ] ; then
+ initperms
+ fi
;;
abort-upgrade|abort-deconfigure|abort-remove)
:
diff -u munin-2.0.6/debian/munin.postinst munin-2.0.6/debian/munin.postinst
--- munin-2.0.6/debian/munin.postinst
+++ munin-2.0.6/debian/munin.postinst
@@ -63,8 +63,9 @@
webserver=apache2
webserver_init_script="/etc/init.d/$webserver"
if [ -d /etc/$webserver/conf.d ] && [ ! -e /etc/$webserver/conf.d/munin ]; then
- if [ -z "$prevver" ] ; then
+ if [ -z "$prevver" ] || ( dpkg --compare-versions $prevver ge 1.4.6-1~ && dpkg --compare-versions $prevver lt 1.4.7~ ) ; then
# only create link on new installs
+ # or when upgrading from a version where it was removed unconditionally
ln -s ../../munin/apache.conf /etc/$webserver/conf.d/munin
fi
if [ -f $webserver_init_script ];then
diff -u munin-2.0.6/debian/munin-async.init munin-2.0.6/debian/munin-async.init
--- munin-2.0.6/debian/munin-async.init
+++ munin-2.0.6/debian/munin-async.init
@@ -1,8 +1,8 @@
#! /bin/sh
### BEGIN INIT INFO
# Provides: munin-async
-# Required-Start: $network $named $local_fs $remote_fs
-# Required-Stop: $network $named $local_fs $remote_fs
+# Required-Start: $network $named $local_fs $remote_fs munin-node
+# Required-Stop: $network $named $local_fs $remote_fs munin-node
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Munin asynchronous server
diff -u munin-2.0.6/debian/control munin-2.0.6/debian/control
--- munin-2.0.6/debian/control
+++ munin-2.0.6/debian/control
@@ -7,7 +7,7 @@
Tom Feiner <feiner.tom@gmail.com>,
Steve Schnepp <steve.schnepp@pwkf.org>
Build-Depends-Indep: perl, htmldoc, html2text, default-jdk
-Build-Depends: debhelper (>=8), quilt
+Build-Depends: debhelper (>=8)
Standards-Version: 3.9.3
Homepage: http://munin-monitoring.org
Vcs-Git: git://anonscm.debian.org/collab-maint/munin.git
@@ -152,6 +152,8 @@
Section: doc
Architecture: all
Depends: ${perl:Depends}, ${misc:Depends}
+Breaks: munin-common (<< 2)
+Replaces: munin-common (<< 2)
Description: network-wide graphing framework (documentation)
Munin is a highly flexible and powerful solution used to create graphs of
virtually everything imaginable throughout your network, while still
reverted:
--- munin-2.0.6/debian/patches/101-suppress-occasional-unknown-states-to-avoid-alerts.patch
+++ munin-2.0.6.orig/debian/patches/101-suppress-occasional-unknown-states-to-avoid-alerts.patch
@@ -1,141 +0,0 @@
-Description: Suppress "occasional" unknown states to avoid alerts.
- This patch adds a feature which counts the number of unknowns,
- and only changes state (and sends an alert) once that count is reached.
- .
- Changed the default global count to 3 unknowns before the state is changed.
- .
- We will be able to remove this patch once upstream accepts it, which they
- plan to do in a future release.
-Origin: http://munin.projects.linpro.no/ticket/828
-Forwarded: no
-Author: Steve Wilson <stevew@purdue.edu>
-Last-Update: 2010-01-13
-Index: munin-1.4.3/common/lib/Munin/Common/Config.pm
-===================================================================
---- munin-1.4.3.orig/common/lib/Munin/Common/Config.pm (revision 3304)
-+++ munin-1.4.3/common/lib/Munin/Common/Config.pm (working copy)
-@@ -36,7 +36,7 @@
- "graph_printf", "ok", "unknown", "palette", "realservname",
- "cdef_name", "graphable", "process", "realname",
- "onlynullcdef", "group_order", "pipe", "pipe_command",
-- "unknown_limit", "notify_countdown", "dropdownlimit",
-+ "unknown_limit", "num_unknowns", "dropdownlimit",
- "max_graph_jobs", "munin_cgi_graph_jobs" );
-
- my %bools = map { $_ => 1} qw(yes no true false on off 1 0);
-Index: munin-1.4.3/master/lib/Munin/Master/LimitsOld.pm
-===================================================================
---- munin-1.4.3.orig/master/lib/Munin/Master/LimitsOld.pm (revision 3304)
-+++ munin-1.4.3/master/lib/Munin/Master/LimitsOld.pm (working copy)
-@@ -330,23 +330,74 @@
- if ($value eq "unknown") {
- $crit->[0] ||= "";
- $crit->[1] ||= "";
-- $hash->{'worst'} = "UNKNOWN" if $hash->{"worst"} eq "OK";
-- $hash->{'worstid'} = 3 if $hash->{"worstid"} == 0;
-- munin_set_var_loc(\%notes, [@$fpath, "state"], "unknown");
-- munin_set_var_loc(
-- \%notes,
-- [@$fpath, "unknown"], (
-- defined $field->{"extinfo"}
-+
-+ my $state = "unknown";
-+ my $extinfo = defined $field->{"extinfo"}
- ? "unknown: " . $field->{"extinfo"}
-- : "Value is unknown."
-- ));
-+ : "Value is unknown.";
-+ my $num_unknowns;
-
- if ( !defined $onfield
- or !defined $onfield->{"state"}
- or $onfield->{"state"} ne "unknown") {
- $hash->{'state_changed'} = 1;
- }
-+ else {
-+ $hash->{'state_changed'} = 0;
-+ }
-+
-+ # First we'll need to check whether the user wants to ignore
-+ # a few UNKNOWN values before actually changing the state to
-+ # UNKNOWN.
-+ if ($unknown_limit > 1) {
-+ if (defined $onfield and defined $onfield->{"state"}) {
-+ if ($onfield->{"state"} ne "unknown") {
-+ if (defined $onfield->{"num_unknowns"}) {
-+ if ($onfield->{"num_unknowns"} < $unknown_limit) {
-+ # Don't change the state to UNKNOWN yet.
-+ $hash->{'state_changed'} = 0;
-+ $state = $onfield->{"state"};
-+ $extinfo = $onfield->{$state};
-+
-+ # Increment the number of UNKNOWN values seen.
-+ $num_unknowns = $onfield->{"num_unknowns"} + 1;
-+ }
-+ }
-+ else {
-+ # Don't change the state to UNKNOWN yet.
-+ $hash->{'state_changed'} = 0;
-+ $state = $onfield->{"state"};
-+ $extinfo = $onfield->{$state};
-+
-+ # Start counting the number of consecutive UNKNOWN
-+ # values seen.
-+ $num_unknowns = 1;
-+ }
-+ }
-+ }
-+ }
-+
-+ if ($state eq "unknown") {
-+ $hash->{'worst'} = "UNKNOWN" if $hash->{"worst"} eq "OK";
-+ $hash->{'worstid'} = 3 if $hash->{"worstid"} == 0;
-+ }
-+ elsif ($state eq "critical") {
-+ $hash->{'worst'} = "CRITICAL";
-+ $hash->{'worstid'} = 2;
-+ }
-+ elsif ($state eq "warning") {
-+ $hash->{'worst'} = "WARNING" if $hash->{"worst"} ne "CRITICAL";
-+ $hash->{'worstid'} = 1 if $hash->{"worstid"} != 2;
-+ }
-+
-+ munin_set_var_loc(\%notes, [@$fpath, "state"], $state);
-+ munin_set_var_loc(\%notes, [@$fpath, $state], $extinfo);
-+ if (defined $num_unknowns) {
-+ munin_set_var_loc(\%notes, [@$fpath, "num_unknowns"],
-+ $num_unknowns);
-+ }
- }
-+
- elsif ((defined($crit->[0]) and $value < $crit->[0])
- or (defined($crit->[1]) and $value > $crit->[1])) {
- $crit->[0] ||= "";
-@@ -422,7 +473,7 @@
- my @warning = (undef, undef);
- my $crit = munin_get($hash, "critical", undef);
- my $warn = munin_get($hash, "warning", undef);
-- my $unknown_limit = munin_get($hash, "unknown_limit", 1);
-+ my $unknown_limit = munin_get($hash, "unknown_limit", 3);
-
- my $name = munin_get_node_name($hash);
-
-@@ -454,10 +505,15 @@
- DEBUG "[DEBUG] processing warning: $name -> $warning[0] : $warning[1]";
- }
-
-- # The merge of the unknown_limit implementation was somewhat botched. Not tested. - janl
- if ($unknown_limit =~ /^\s*(\d+)\s*$/) {
-- $unknown_limit = $1 if defined $1;
-- DEBUG "[DEBUG] processing unknown_limit: $name -> $unknown_limit";
-+ $unknown_limit = $1 if defined $1;
-+ if (defined $unknown_limit) {
-+ if ($unknown_limit < 1) {
-+ # Zero and negative numbers are not valid.
-+ $unknown_limit = 1;
-+ }
-+ }
-+ DEBUG "[DEBUG] processing unknown_limit: $name -> $unknown_limit";
- }
-
- return (\@warning, \@critical, $unknown_limit);
reverted:
--- munin-2.0.6/debian/patches/series
+++ munin-2.0.6.orig/debian/patches/series
@@ -1,2 +0,0 @@
-100-DejaVu-Fonts-Path.patch
-237-hddtemp_smartctl-sata-detect.patch
reverted:
--- munin-2.0.6/debian/patches/100-DejaVu-Fonts-Path.patch
+++ munin-2.0.6.orig/debian/patches/100-DejaVu-Fonts-Path.patch
@@ -1,31 +0,0 @@
-Description: Debian specific patch, to explicitly configure
- rrd 1.2 to use the debian provided DejaVuSans*.ttf fonts, as
- we removed the ones provided by munin in order to avoid
- duplication.
-
- This is a rewrite of a similar patch, which was removed at
- http://munin-monitoring.org/changeset/3215 &
- http://munin-monitoring.org/changeset/3238.
-
-Origin: other
-Bug-Debian: http://bugs.debian.org/578782
-Forwarded: no
-Author: Tom Feiner <feiner.tom@gmail.com>
-Last-Update: 2011-12-04
-Index: munin-1.999.4495/master/lib/Munin/Master/GraphOld.pm
-===================================================================
---- munin-1.999.4495.orig/master/lib/Munin/Master/GraphOld.pm 2011-10-20 16:17:06.000000000 +0000
-+++ munin-1.999.4495/master/lib/Munin/Master/GraphOld.pm 2011-12-04 16:07:00.000000000 +0000
-@@ -1634,9 +1634,9 @@
- # The RRD 1.2 documentation says you can identify font family
- # names but I never got that to work, but full font path worked
- @options = (
-- '--font', "LEGEND:7:$libdir/DejaVuSansMono.ttf",
-- '--font', "UNIT:7:$libdir/DejaVuSans.ttf",
-- '--font', "AXIS:7:$libdir/DejaVuSans.ttf",
-+ '--font', "LEGEND:7:/usr/share/fonts/truetype/ttf-dejavu/DejaVuSansMono.ttf",
-+ '--font', "UNIT:7:/usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf",
-+ '--font', "AXIS:7:/usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf",
- );
- } else {
- # At least 1.3
reverted:
--- munin-2.0.6/debian/patches/237-hddtemp_smartctl-sata-detect.patch
+++ munin-2.0.6.orig/debian/patches/237-hddtemp_smartctl-sata-detect.patch
@@ -1,46 +0,0 @@
-Description: Add auto detection of SATA disks to hddtemp_smartctl
- Upstream wants to test this bug on older systems before including it in trunk
- as they want munin 1.4 compatible with older systems like RHEL4.
- .
- As we know that lenny, and onwards has smartmontools 5.38 or higher,
- that is needed for this patch to work, we can include it in the debian package
- even if its not included upstream.
-Origin: other
-Bug-Debian: http://bugs.debian.org/497400
-Forwarded: no
-Author: Thorsten Gunkel <tgunkel-lists@tgunkel.de>
-Last-Update: 2009-11-26
-Index: munin-1.4.0/plugins/node.d/hddtemp_smartctl.in
-===================================================================
---- munin-1.4.0.orig/plugins/node.d/hddtemp_smartctl.in 2009-08-31 23:04:36.000000000 +0200
-+++ munin-1.4.0/plugins/node.d/hddtemp_smartctl.in 2009-08-31 23:08:02.000000000 +0200
-@@ -92,14 +92,25 @@
-
- # Try to get a default set of drives
- if ($^O eq 'linux') {
-- # On Linux, we know how to enumerate ide drives. SCSI is not as easy
-+ # On Linux, we know how to enumerate ide drives.
-+ my @drivesIDE;
- if (-d '/proc/ide') {
- opendir(IDE, '/proc/ide');
-- @drives = grep /hd[a-z]/, readdir IDE;
-+ @drivesIDE = grep /hd[a-z]/, readdir IDE;
- closedir(IDE);
- }
-- # "SCSI disks" could be both SCSI or SATA - we can't know which
-- # without probing them.
-+
-+ # Look for SCSI / SATA drives in /sys
-+ my @drivesSCSI;
-+ if (-d '/sys/block/') {
-+ opendir(SCSI, '/sys/block/');
-+ @drivesSCSI = grep /sd[a-z]/, readdir SCSI;
-+ closedir(SCSI);
-+ }
-+
-+ # Get list of all drives we found
-+ @drives=(@drivesIDE,@drivesSCSI);
-+
- } elsif ($^O eq 'freebsd') {
- opendir(DEV, '/dev');
- @drives = grep /^ad[0-9]+$/, readdir DEV;
only in patch2:
unchanged:
--- munin-2.0.6.orig/master/lib/Munin/Master/HTMLConfig.pm
+++ munin-2.0.6/master/lib/Munin/Master/HTMLConfig.pm
@@ -462,7 +462,7 @@
}
}
- if ($config->{'graph_strategy'} eq "cgi") {
+ if (munin_get($config, "graph_strategy", "cron") eq "cgi") {
map { $srv{$_} = $config->{'cgiurl_graph'} . "/" . $imgs{$_} } keys %imgs;
} else {
map { $srv{$_} = $root_path . "/" . $imgs{$_} } keys %imgs;
@@ -489,7 +489,7 @@
for my $scale (@times) {
# Don't try to find the size if cgi is enabled,
# otherwise old data might pollute
- next if ($config->{'graph_strategy'} eq "cgi");
+ next if (munin_get($config, "graph_strategy", "cron") eq "cgi");
if (my ($w, $h)
= get_png_size(munin_get_picture_filename($service, $scale))) {
$srv{"img" . $scale . "width"} = $w;
@@ -501,7 +501,7 @@
$srv{imgweeksum} = "$srv{node}-week-sum.png";
$srv{imgyearsum} = "$srv{node}-year-sum.png";
for my $scale (["week", "year"]) {
- next if ($config->{'graph_strategy'} eq "cgi");
+ next if (munin_get($config, "graph_strategy", "cron") eq "cgi");
if (my ($w, $h)
= get_png_size(munin_get_picture_filename($service, $scale, 1)))
{
only in patch2:
unchanged:
--- munin-2.0.6.orig/master/lib/Munin/Master/Node.pm
+++ munin-2.0.6/master/lib/Munin/Master/Node.pm
@@ -86,6 +86,7 @@
PeerPort => $self->{port} || 4949,
LocalAddr => $config->{local_address},
Proto => 'tcp',
+ MultiHomed => 1,
Timeout => $config->{timeout}
);
if (! $self->{reader} ) {
only in patch2:
unchanged:
--- munin-2.0.6.orig/debian/munin-async.README.Debian
+++ munin-2.0.6/debian/munin-async.README.Debian
@@ -0,0 +1,130 @@
+***** Installing munin-async *****
+
+When using munin, one often runs into one of two problems:
+ * There are so many nodes to update, the update takes more than the
+ update interval
+ * Some servers may be connected over flaky lines, so an update may be lost
+ due to timeout
+
+With version 2.0, the designers of munin have started addressing those
+problems. Today we look at one part of that solution, munin-async. Note that I
+am using the packages from Debian testing. Your experience on other OSs
+may vary. Here are the steps I needed to take in order for the client to
+collect munin-async data from the various servers:
+
+**** Install munin-async on the monitored machines AND the graphing server ****
+
+The munin-async Debian package contains both the client AND the server scripts
+for async work. This is not consistent, since previously all the data fetching
+scripts were in the munin package, and all the data serving scripts were in the
+munin-node package. It also means that you have to install munin-async
+(creating the munin-async user, with its own entry in passwd file and its
+shell set to /bin/bash) on the server, not just on the clients. I don’t like
+leaving that open.
+
+(on remote machine and on server)
+apt-get install munin-async
+
+**** Start munin-asyncd on servers where data is to be collected ****
+
+(on remote machine) service munin-async start
+
+**** Prepare the master for using ssh to connect to servers ****
+
+Change the shell of the munin user to bash so you can do these changes as the
+munin user:
+vipw
+su - munin
+cd /var/lib/munin
+mkdir .ssh
+cd .ssh
+ssh-keygen -q -N "" -f /var/lib/munin/.ssh/id_rsa
+cat /var/lib/munin/.ssh/id_rsa.pub
+
+Place the ssh public key in /var/lib/munin/.ssh) (on the remote machine)
+
+mkdir /var/lib/munin-async/.ssh
+
+(on the server)
+scp /var/lib/munin/.ssh/id_rsa.pub root@example.net:/var/lib/munin-async/.ssh/authorized_keys
+chown -R munin:munin /var/lib/munin/.ssh
+
+ssh munin-async@example.net
+exit
+
+Note that you need to check the connection for EVERY host from which you intend
+to collect data in the async manner. munin is NOT handling this dialogue:
+The authenticity of host 'example.net (2600:more:fool:you:f9b)' can't be
+established.
+RSA key fingerprint is 61:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa.
+Are you sure you want to continue connecting (yes/no)? yes
+Warning: Permanently added 'example.net,2600:moore:fool:you:f9b' (RSA) to the
+list of known hosts.
+
+So you need to log in “by hand” first, from the user munin, in order to record
+the key. Or you need to copy the key from antoher known_hosts file, which may
+be tricky. Now change the shell of munin back to /bin/false, for security.
+
+chsh -s /bin/false munin
+
+**** Change the system definition in /etc/munin/munin.conf ****
+
+(or, as I prefer to do it, in /etc/munin/munin-conf.d/hostlist.conf ).
+[async.my-machine.net]
+ address ssh://munin-async@example.net /usr/share/munin/munin-async --spooldir
+/var/lib/munin/spool --spoolfetch
+ use_node_name yes
+
+I am using async in the definition name merely so that I can compare the data
+from the two collection methods.
+
+**** Security enhancement ****
+To prevent your monitored server being compromised if someone manages to break
+into your munin collection server, you should edit the /var/lib/munin-
+async/.ssh/authorized_keys file and add
+
+no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty,no-user-rc,command="/usr/sbin/munin-async --spooldir /var/lib/munin/spool --spoolfetch"
+
+to the beginning of the relevant line. Additionally consider from="(remote machine IPs)".
+
+**** Adding plugins ****
+
+When you add a plugin, it won’t be visible unless you first restart munin-node
+and THEN munin-async.
+
+**** Troubleshooting tips ****
+
+If you haven’t logged in to the host “by hand” or added its keys to
+known_hosts some other way, the fetch will fail. The only log in the munin-
+update file will say something like:
+
+Socket read from async.example.net failed. A Terminating process. at /usr/
+share/perl5/Munin/Master/UpdateWorker.pm line ...
+Another possible cause of mysterious failure to fetch data from the remote host
+(that does not give a clear error message) is munin-asyncd not running on the
+target server, or having no prefetched data yet.
+
+**** Additional ideas ****
+
+Balint Deak suggested in a post on the munin-users mailing list: What I would
+add to this is that if you have many hosts, or hosts are added on a daily
+basis, it may be annoying to always remember to log in to each new box and say
+“yes” at the prompt.
+
+If you create a config file for ssh in the $HOME/.ssh/config for the user that
+runs the master (defaults to ‘munin’) and tell ssh not to check the host key
+when authenticating, then no prompt will be displayed even for new or unknown
+hosts.
+
+Add something like:
+Host *
+ UserKnownHostsFile=/dev/null
+ StrictHostKeyChecking=no
+
+I don’t think this makes the setup less secure, but it would make the
+automation of adding new hosts to the system easier.
+
+Regards,
+Balint
+
+From http://www.matija.si/system-administration/2012/07/15/installing-munin-async/ with edits from Daniel Black
only in patch2:
unchanged:
--- munin-2.0.6.orig/common/lib/Munin/Common/TLS.pm
+++ munin-2.0.6/common/lib/Munin/Common/TLS.pm
@@ -132,8 +132,9 @@
}
# Tune a few things...
- if (Net::SSLeay::CTX_set_options($ctx, &Net::SSLeay::OP_ALL)) {
- $self->{logger}("[ERROR] Could not set SSL_CTX options");
+ Net::SSLeay::CTX_set_options($ctx, Net::SSLeay::OP_ALL());
+ if (my $errno = Net::SSLeay::ERR_get_error()) {
+ $self->{logger}("[ERROR] Could not set SSL_CTX options: " + Net::SSLeay::ERR_error_string($errno));
return 0;
}
only in patch2:
unchanged:
--- munin-2.0.6.orig/plugins/node.d/http_loadtime.in
+++ munin-2.0.6/plugins/node.d/http_loadtime.in
@@ -67,7 +67,7 @@
trap "rm -rf $TMPDIR" EXIT
cd $TMPDIR || exit 1
-loadtime=$(time -p wget -p --no-cache --delete-after $target -q 2>&1 | awk '/^real / { print $2 }')
+loadtime=$((time -p wget -p --no-cache --delete-after $target -q) 2>&1 | awk '/^real / { print $2 }')
cd ..
echo "loadtime.value $loadtime"
only in patch2:
unchanged:
--- munin-2.0.6.orig/plugins/node.d/hddtemp_smartctl.in
+++ munin-2.0.6/plugins/node.d/hddtemp_smartctl.in
@@ -141,14 +141,25 @@
# Try to get a default set of drives
if ($^O eq 'linux') {
- # On Linux, we know how to enumerate ide drives. SCSI is not as easy
+ # On Linux, we know how to enumerate ide drives.
+ my @drivesIDE;
if (-d '/proc/ide') {
opendir(IDE, '/proc/ide');
- @drives = grep /hd[a-z]/, readdir IDE;
+ @drivesIDE = grep /hd[a-z]/, readdir IDE;
closedir(IDE);
}
- # "SCSI disks" could be both SCSI or SATA - we can't know which
- # without probing them.
+
+ # Look for SCSI / SATA drives in /sys
+ my @drivesSCSI;
+ if (-d '/sys/block/') {
+ opendir(SCSI, '/sys/block/');
+ @drivesSCSI = grep /sd[a-z]/, readdir SCSI;
+ closedir(SCSI);
+ }
+
+ # Get list of all drives we found
+ @drives=(@drivesIDE,@drivesSCSI);
+
} elsif ($^O eq 'freebsd') {
opendir(DEV, '/dev');
@drives = grep /^ad[0-9]+$/, readdir DEV;
only in patch2:
unchanged:
--- munin-2.0.6.orig/plugins/node.d.linux/selinux_avcstat.in
+++ munin-2.0.6/plugins/node.d.linux/selinux_avcstat.in
@@ -85,7 +85,7 @@
fi
if [ -r $AVCSTATS ]; then
- { read
+ { read HEADER
while read lookups hits misses allocations reclaims frees; do
LOOKUPS=$(($LOOKUPS + $lookups))
HITS=$(($HITS + $hits))
only in patch2:
unchanged:
--- munin-2.0.6.orig/plugins/node.d.linux/apt_all.in
+++ munin-2.0.6/plugins/node.d.linux/apt_all.in
@@ -52,7 +52,7 @@
$ENV{'LANG'}="C";
$ENV{'LC_ALL'}="C";
-my $statefile = "$ENV{MUNIN_PLUGSTATE}/plugin-apt.state";
+my $statefile = ($ENV{MUNIN_PLUGSTATE} || '@@PLUGSTATE@@/root/') . "/plugin-apt.state";
my @releases = ("stable", "testing","unstable");
only in patch2:
unchanged:
--- munin-2.0.6.orig/node/munin-node.conf.in
+++ munin-2.0.6/node/munin-node.conf.in
@@ -33,6 +33,7 @@
# may repeat the allow line as many times as you'd like
allow ^127\.0\.0\.1$
+allow ^::1$
# If you have installed the Net::CIDR perl module, you can use one or more
# cidr_allow and cidr_deny address/mask patterns. A connecting client must
diff -u munin-2.0.6/debian/rules munin-2.0.6/debian/rules
--- munin-2.0.6/debian/rules
+++ munin-2.0.6/debian/rules
@@ -8,6 +8,8 @@
dh $@
override_dh_auto_build:
+ # ./getversion reads RELEASE if it exists
+ dpkg-parsechangelog | sed -n 's/^Version: //p' > RELEASE
chmod 755 debian/ostype_helper
dh_auto_build -- $(MAKEOPTS)
@@ -83,6 +85,7 @@
override_dh_auto_clean:
dh_auto_clean -- $(MAKEOPTS) clean-node clean-master clean-plugins clean-common clean
find plugins/javalib -name '*.class' -print0 | xargs -0 -r rm -v
+ rm RELEASE -f
# Disable build tests for now
override_dh_auto_test:
diff -u munin-2.0.6/debian/munin-async.logrotate munin-2.0.6/debian/munin-async.logrotate
--- munin-2.0.6/debian/munin-async.logrotate
+++ munin-2.0.6/debian/munin-async.logrotate
@@ -1,9 +1,9 @@
-/var/lib/munin-async/*.0 {
+/var/lib/munin-async/*0 {
daily
missingok
rotate 7
compress
copytruncate
notifempty
- create 640 munin-async munin-async
+ create 640 munin-async adm
}
diff -u munin-2.0.6/debian/changelog munin-2.0.6/debian/changelog
--- munin-2.0.6/debian/changelog
+++ munin-2.0.6/debian/changelog
@@ -1,3 +1,12 @@
+munin (2.0.6-3) unstable; urgency=low
+
+ * debian/rules: set MUNIN_VERSION correctly during build. (Closes: #694527)
+ * debian/munin-async.logrotate:
+ - use adm group for created files.
+ - use *0 as glob, not *.0 (Closes: #691758)
+
+ -- Holger Levsen <holger@debian.org> Fri, 04 Jan 2013 15:14:09 +0100
+
munin (2.0.6-2) unstable; urgency=low
* Fix "/etc/apache2/conf.d/munin removed on upgrade":
Reply to: