[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#694790: marked as done (unblock: munin/2.0.6-3)

Your message dated Fri, 4 Jan 2013 18:13:50 +0100
with message-id <20130104171350.GB5676@radis.cristau.org>
and subject line Re: Bug#694790: upload (pre-approval): munin/2.0.6-2
has caused the Debian Bug report #694790,
regarding unblock: munin/2.0.6-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
694790: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694790
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Hi,

before uploading munin 2.0.6-2 to unstable I would like to ask for
pre-approval of these changes: 2 serious+grave bug fixes, 9 important bug 
fixes,
3 normal (of which 2 could arguebly be important) and one wishlist, 
adding documentation.

munin (2.0.6-2) UNRELEASED; urgency=low

  * munin-node.postinst: delete /var/lib/munin(-node)/plugin-state recursivly
    on purge. The plugin-state is outdated after a few minutes anyway.
    (Closes: #687715)
  * Fix "/etc/apache2/conf.d/munin removed on upgrade":
    - debian/munin.postinst: create symlink for new installs and also for
      upgrades from versions where it was still removed (up to 1.4.6-3) but
      not re-created (from 1.4.6-1 onwards). Thanks to Gregor Herrman for the
      patch and intrigeri for reviewing. (Closes: #677943)
  * Add documentation for munin-async, thanks to Daniel Black.
    (Closes: #681803)
  * Patch node/munin-node.conf.in to allow incoming IPv6 from localhost,
    mostly to document that IPv6 addresses are allowed as well. Thanks to
    Daniel Black. (Closes: #676798)
    This is debian/patches/238-munin-node-ipv6allow.patch
  * HTMLConfig.pm: cherry-pick 789c59e from 2.0.7 to avoid (using the default
    configuration) /var/log/munin/munin-html.log being flooded with 106 lines
    of noisy warnings (out of 112 lines in total) every 5min. (Closes: 
#689291)
    This is debian/patches/239-fix-too-many-warnings-in-munin-graph.log.patch
  * munin-doc: Break and replace munin-common << 2. (Closes: #694355)
  * selinux_avcstat plugin: Do not use the "read without variable" bashism,
    thanks to intrigeri for the patch. (Closes: #690711)
    This is 240-Do-not-use-the-read-without-variable-bashism.patch
  * Have master support multi-homed nodes that only listen on IPv4.
    (Closes: #678662) This is upstream commit a18229c5, thanks to Michael
    Renner for the testing and the patch!
    This is debian/patches/241-master-connect-to-AAAA-and-A-address.patch
  * Fix wrong assumption about Net::SSLeay::CTX_set_options return value.
    Thanks to intrigeri for this patch. (Closes: #675377)
    This is 242-Fix-wrong-assumption-about-Net-SSLeay-CTX_set_option.patch
  * http_loadtime plugin: fix stderr redirection (which broke the plugin
    completely) (Closes: #691448)
    This is 243-http_loadtime-fixed-stderr-redirection-with-time.patch
  * apt_all plugin: the apt_all plugin has its state updated in cron. There
    the ENV var MUNIN_PLUGSTATE doesn't exist, so we need to set a default.
    (Closes: #687495). This has been in included in 2.0.7 and is
    debian/patches/244-fix-apt_all-plugin-statedir-for-cron.patch
  * munin-async.init: Run munin-async after munin-node has been started.
    (Closes: #691390) - Thanks to Daniel Black for this and the next two
    fixes:
  * munin-async.postinst: fix /var/lib/munin-async ownership (once on upgrades
    from previous versions) and for new installs. (Closes: #691309)
  * munin-async.logrotate: correct location of munin-async logfiles.
    (Closes: #691758)
  * Use dh --with quilt so that the patches are actually applied.
    (Closes: #691327)
  * Drop 101-suppress-occasional-unknown-states-to-avoid-alerts.patch which
    is included since munin 1.4.4.


$ debdiff munin_2.0.6-1.dsc munin_2.0.6-2.dsc|diffstat
 debian/munin-async.README.Debian                                              
|  130 +++++++++
 debian/patches/101-suppress-occasional-unknown-states-to-avoid-alerts.patch   
|  141 ----------
 debian/patches/238-munin-node-ipv6allow.patch                                 
|   12 
 debian/patches/239-fix-too-many-warnings-in-munin-graph.log.patch             
|   47 +++
 debian/patches/240-Do-not-use-the-read-without-variable-bashism.patch         
|   23 +
 debian/patches/241-master-connect-to-AAAA-and-A-address.patch                 
|   30 ++
 debian/patches/242-Fix-wrong-assumption-about-Net-SSLeay-CTX_set_option.patch 
|   32 ++
 debian/patches/243-http_loadtime-fixed-stderr-redirection-with-time.patch     
|   25 +
 debian/patches/244-fix-apt_all-plugin-statedir-for-cron.patch                 
|   29 ++
 munin-2.0.6/debian/changelog                                                  
|   52 +++
 munin-2.0.6/debian/control                                                    
|    2 
 munin-2.0.6/debian/munin-async.init                                           
|    4 
 munin-2.0.6/debian/munin-async.logrotate                                      
|    4 
 munin-2.0.6/debian/munin-async.postinst                                       
|    8 
 munin-2.0.6/debian/munin-node.postrm                                          
|    6 
 munin-2.0.6/debian/munin.postinst                                             
|    3 
 munin-2.0.6/debian/patches/series                                             
|    7 
 munin-2.0.6/debian/rules                                                      
|    2 
 18 files changed, 406 insertions(+), 151 deletions(-)

The full debdiff is attached.


Thanks for your work on the -release and your patience with munin!

cheers,
	Holger

diff -u munin-2.0.6/debian/rules munin-2.0.6/debian/rules
--- munin-2.0.6/debian/rules
+++ munin-2.0.6/debian/rules
@@ -5,7 +5,7 @@
 MAKEOPTS = CONFIG=debian/Makefile.config INSTALL_PLUGINS="auto manual snmpauto contrib"
 
 %:
-	dh $@
+	dh $@ --with quilt
 
 override_dh_auto_build:
 	chmod 755 debian/ostype_helper
diff -u munin-2.0.6/debian/munin-async.logrotate munin-2.0.6/debian/munin-async.logrotate
--- munin-2.0.6/debian/munin-async.logrotate
+++ munin-2.0.6/debian/munin-async.logrotate
@@ -1,9 +1,9 @@
-/var/lib/munin/spool/*.0 {
+/var/lib/munin-async/*.0 {
 	daily
 	missingok
 	rotate 7
 	compress
 	copytruncate
 	notifempty
-	create 640 munin adm
+	create 640 munin-async munin-async
 }
diff -u munin-2.0.6/debian/munin-node.postrm munin-2.0.6/debian/munin-node.postrm
--- munin-2.0.6/debian/munin-node.postrm
+++ munin-2.0.6/debian/munin-node.postrm
@@ -23,13 +23,11 @@
 	#
 	# just like #198522 (see above..) is fixed since 2006 ;)
 
-	rm -f /var/lib/munin/plugin-state/*.state
-	rm -f /var/lib/munin-node/plugin-state/*.state
+	rm -rf /var/lib/munin/plugin-state
+	rm -rf /var/lib/munin-node/plugin-state
 	rm -f /var/log/munin/munin-node.log*
 	rm -f /var/log/munin/munin-node-configure.log*
 
-	delete_dir_if_empty /var/lib/munin/plugin-state
-	delete_dir_if_empty /var/lib/munin-node/plugin-state
 	delete_dir_if_empty /var/lib/munin
 	delete_dir_if_empty /var/log/munin
 	delete_dir_if_empty /etc/munin/plugin-conf.d
diff -u munin-2.0.6/debian/changelog munin-2.0.6/debian/changelog
--- munin-2.0.6/debian/changelog
+++ munin-2.0.6/debian/changelog
@@ -1,3 +1,55 @@
+munin (2.0.6-2) UNRELEASED; urgency=low
+
+  * munin-node.postinst: delete /var/lib/munin(-node)/plugin-state recursivly
+    on purge. The plugin-state is outdated after a few minutes anyway.
+    (Closes: #687715)
+  * Fix "/etc/apache2/conf.d/munin removed on upgrade":
+    - debian/munin.postinst: create symlink for new installs and also for
+      upgrades from versions where it was still removed (up to 1.4.6-3) but
+      not re-created (from 1.4.6-1 onwards). Thanks to Gregor Herrman for the
+      patch and intrigeri for reviewing. (Closes: #677943)
+  * Add documentation for munin-async, thanks to Daniel Black. 
+    (Closes: #681803)
+  * Patch node/munin-node.conf.in to allow incoming IPv6 from localhost,
+    mostly to document that IPv6 addresses are allowed as well. Thanks to
+    Daniel Black. (Closes: #676798)
+    This is debian/patches/238-munin-node-ipv6allow.patch
+  * HTMLConfig.pm: cherry-pick 789c59e from 2.0.7 to avoid (using the default
+    configuration) /var/log/munin/munin-html.log being flooded with 106 lines
+    of noisy warnings (out of 112 lines in total) every 5min. (Closes: #689291)
+    This is debian/patches/239-fix-too-many-warnings-in-munin-graph.log.patch
+  * munin-doc: Break and replace munin-common << 2. (Closes: #694355)
+  * selinux_avcstat plugin: Do not use the "read without variable" bashism,
+    thanks to intrigeri for the patch. (Closes: #690711)
+    This is 240-Do-not-use-the-read-without-variable-bashism.patch
+  * Have master support multi-homed nodes that only listen on IPv4.
+    (Closes: #678662) This is upstream commit a18229c5, thanks to Michael
+    Renner for the testing and the patch!
+    This is debian/patches/241-master-connect-to-AAAA-and-A-address.patch
+  * Fix wrong assumption about Net::SSLeay::CTX_set_options return value.
+    Thanks to intrigeri for this patch. (Closes: #675377)
+    This is 242-Fix-wrong-assumption-about-Net-SSLeay-CTX_set_option.patch
+  * http_loadtime plugin: fix stderr redirection (which broke the plugin
+    completely) (Closes: #691448)
+    This is 243-http_loadtime-fixed-stderr-redirection-with-time.patch
+  * apt_all plugin: the apt_all plugin has its state updated in cron. There
+    the ENV var MUNIN_PLUGSTATE doesn't exist, so we need to set a default.
+    (Closes: #687495). This has been in included in 2.0.7 and is
+    debian/patches/244-fix-apt_all-plugin-statedir-for-cron.patch
+  * munin-async.init: Run munin-async after munin-node has been started.
+    (Closes: #691390) - Thanks to Daniel Black for this and the next two
+    fixes:
+  * munin-async.postinst: fix /var/lib/munin-async ownership (once on upgrades
+    from previous versions) and for new installs. (Closes: #691309)
+  * munin-async.logrotate: correct location of munin-async logfiles. 
+    (Closes: #691758)
+  * Use dh --with quilt so that the patches are actually applied. 
+    (Closes: #691327)
+  * Drop 101-suppress-occasional-unknown-states-to-avoid-alerts.patch which
+    is included since munin 1.4.4.
+
+ -- Holger Levsen <holger@debian.org>  Sat, 15 Sep 2012 14:02:44 +0200
+
 munin (2.0.6-1) unstable; urgency=high
 
   * New upstream release 2.0.6, switching back to cron graphing (as it better
diff -u munin-2.0.6/debian/munin-async.postinst munin-2.0.6/debian/munin-async.postinst
--- munin-2.0.6/debian/munin-async.postinst
+++ munin-2.0.6/debian/munin-async.postinst
@@ -15,9 +15,17 @@
 	fi
 }
 
+initperms() {
+	chown munin-async:munin-async /var/lib/munin-async
+}
+
 case "$1" in
 	configure)
 		add_munin_async_user
+		# this can go away after wheezy
+		if dpkg --compare-versions "$2" le "2.0.6-1~" || [ "$2" = 0 ] ; then
+			initperms
+		fi
 		;;
 	abort-upgrade|abort-deconfigure|abort-remove)
 		:
diff -u munin-2.0.6/debian/munin.postinst munin-2.0.6/debian/munin.postinst
--- munin-2.0.6/debian/munin.postinst
+++ munin-2.0.6/debian/munin.postinst
@@ -63,8 +63,9 @@
         webserver=apache2
         webserver_init_script="/etc/init.d/$webserver"
         if [ -d /etc/$webserver/conf.d ] && [ ! -e /etc/$webserver/conf.d/munin ]; then
-		if [ -z "$prevver" ] ; then
+		if [ -z "$prevver" ] || ( dpkg --compare-versions $prevver ge 1.4.6-1~ && dpkg --compare-versions $prevver lt 1.4.7~ ) ; then
 			# only create link on new installs
+			# or when upgrading from a version where it was removed unconditionally
 	                ln -s ../../munin/apache.conf /etc/$webserver/conf.d/munin
 		fi
 		if [ -f $webserver_init_script ];then
diff -u munin-2.0.6/debian/munin-async.init munin-2.0.6/debian/munin-async.init
--- munin-2.0.6/debian/munin-async.init
+++ munin-2.0.6/debian/munin-async.init
@@ -1,8 +1,8 @@
 #! /bin/sh
 ### BEGIN INIT INFO
 # Provides:          munin-async
-# Required-Start:    $network $named $local_fs $remote_fs
-# Required-Stop:     $network $named $local_fs $remote_fs
+# Required-Start:    $network $named $local_fs $remote_fs munin-node
+# Required-Stop:     $network $named $local_fs $remote_fs munin-node
 # Default-Start:     2 3 4 5
 # Default-Stop:      0 1 6
 # Short-Description: Munin asynchronous server
diff -u munin-2.0.6/debian/control munin-2.0.6/debian/control
--- munin-2.0.6/debian/control
+++ munin-2.0.6/debian/control
@@ -152,6 +152,8 @@
 Section: doc
 Architecture: all
 Depends: ${perl:Depends}, ${misc:Depends}
+Breaks:   munin-common (<< 2)
+Replaces: munin-common (<< 2)
 Description: network-wide graphing framework (documentation)
  Munin is a highly flexible and powerful solution used to create graphs of
  virtually everything imaginable throughout your network, while still
reverted:
--- munin-2.0.6/debian/patches/101-suppress-occasional-unknown-states-to-avoid-alerts.patch
+++ munin-2.0.6.orig/debian/patches/101-suppress-occasional-unknown-states-to-avoid-alerts.patch
@@ -1,141 +0,0 @@
-Description: Suppress "occasional" unknown states to avoid alerts.
- This patch adds a feature which counts the number of unknowns, 
- and only changes state (and sends an alert) once that count is reached.
- .
- Changed the default global count to 3 unknowns before the state is changed.
- . 
- We will be able to remove this patch once upstream accepts it, which they
- plan to do in a future release.
-Origin: http://munin.projects.linpro.no/ticket/828
-Forwarded: no
-Author: Steve Wilson <stevew@purdue.edu>
-Last-Update: 2010-01-13
-Index: munin-1.4.3/common/lib/Munin/Common/Config.pm
-===================================================================
---- munin-1.4.3.orig/common/lib/Munin/Common/Config.pm	(revision 3304)
-+++ munin-1.4.3/common/lib/Munin/Common/Config.pm	(working copy)
-@@ -36,7 +36,7 @@
- 	"graph_printf", "ok", "unknown", "palette", "realservname",
- 	"cdef_name", "graphable", "process", "realname",
- 	"onlynullcdef", "group_order", "pipe", "pipe_command",
--	"unknown_limit", "notify_countdown", "dropdownlimit",
-+	"unknown_limit", "num_unknowns", "dropdownlimit",
- 	"max_graph_jobs", "munin_cgi_graph_jobs" );
- 
- my %bools = map { $_ => 1} qw(yes no true false on off 1 0);
-Index: munin-1.4.3/master/lib/Munin/Master/LimitsOld.pm
-===================================================================
---- munin-1.4.3.orig/master/lib/Munin/Master/LimitsOld.pm	(revision 3304)
-+++ munin-1.4.3/master/lib/Munin/Master/LimitsOld.pm	(working copy)
-@@ -330,23 +330,74 @@
-         if ($value eq "unknown") {
-             $crit->[0] ||= "";
-             $crit->[1] ||= "";
--            $hash->{'worst'} = "UNKNOWN" if $hash->{"worst"} eq "OK";
--            $hash->{'worstid'} = 3 if $hash->{"worstid"} == 0;
--            munin_set_var_loc(\%notes, [@$fpath, "state"], "unknown");
--            munin_set_var_loc(
--                \%notes,
--                [@$fpath, "unknown"], (
--                    defined $field->{"extinfo"}
-+
-+            my $state = "unknown";
-+            my $extinfo = defined $field->{"extinfo"}
-                     ? "unknown: " . $field->{"extinfo"}
--                    : "Value is unknown."
--                ));
-+                    : "Value is unknown.";
-+            my $num_unknowns;
- 
-             if (   !defined $onfield
-                 or !defined $onfield->{"state"}
-                 or $onfield->{"state"} ne "unknown") {
-                 $hash->{'state_changed'} = 1;
-             }
-+            else {
-+                $hash->{'state_changed'} = 0;
-+            }
-+
-+            # First we'll need to check whether the user wants to ignore
-+            # a few UNKNOWN values before actually changing the state to
-+            # UNKNOWN.
-+            if ($unknown_limit > 1) {
-+                if (defined $onfield and defined $onfield->{"state"}) {
-+                    if ($onfield->{"state"} ne "unknown") {
-+                        if (defined $onfield->{"num_unknowns"}) {
-+                            if ($onfield->{"num_unknowns"} < $unknown_limit) {
-+                                # Don't change the state to UNKNOWN yet.
-+                                $hash->{'state_changed'} = 0;
-+                                $state = $onfield->{"state"};
-+                                $extinfo = $onfield->{$state};
-+
-+                                # Increment the number of UNKNOWN values seen.
-+                                $num_unknowns = $onfield->{"num_unknowns"} + 1;
-+                            }
-+                        }
-+                        else {
-+                            # Don't change the state to UNKNOWN yet.
-+                            $hash->{'state_changed'} = 0;
-+                            $state = $onfield->{"state"};
-+                            $extinfo = $onfield->{$state};
-+                            
-+                            # Start counting the number of consecutive UNKNOWN
-+                            # values seen.
-+                            $num_unknowns = 1;
-+                        }
-+                    }
-+                }
-+            }
-+
-+            if ($state eq "unknown") {
-+                $hash->{'worst'} = "UNKNOWN" if $hash->{"worst"} eq "OK";
-+                $hash->{'worstid'} = 3 if $hash->{"worstid"} == 0;
-+            }
-+            elsif ($state eq "critical") {
-+                $hash->{'worst'} = "CRITICAL";
-+                $hash->{'worstid'} = 2;
-+            }
-+            elsif ($state eq "warning") {
-+                $hash->{'worst'} = "WARNING" if $hash->{"worst"} ne "CRITICAL";
-+                $hash->{'worstid'} = 1 if $hash->{"worstid"} != 2;
-+            }
-+
-+            munin_set_var_loc(\%notes, [@$fpath, "state"], $state);
-+            munin_set_var_loc(\%notes, [@$fpath, $state], $extinfo);
-+            if (defined $num_unknowns) {
-+                munin_set_var_loc(\%notes, [@$fpath, "num_unknowns"],
-+                        $num_unknowns);
-+            }
-         }
-+
-         elsif ((defined($crit->[0]) and $value < $crit->[0])
-             or (defined($crit->[1]) and $value > $crit->[1])) {
-             $crit->[0] ||= "";
-@@ -422,7 +473,7 @@
-     my @warning  = (undef, undef);
-     my $crit          = munin_get($hash, "critical",      undef);
-     my $warn          = munin_get($hash, "warning",       undef);
--    my $unknown_limit = munin_get($hash, "unknown_limit", 1);
-+    my $unknown_limit = munin_get($hash, "unknown_limit", 3);
- 
-     my $name = munin_get_node_name($hash);
- 
-@@ -454,10 +505,15 @@
-         DEBUG "[DEBUG] processing warning: $name -> $warning[0] : $warning[1]";
-     }
- 
--    # The merge of the unknown_limit implementation was somewhat botched.  Not tested. - janl
-     if ($unknown_limit =~ /^\s*(\d+)\s*$/) {
--	$unknown_limit = $1 if defined $1;
--	DEBUG "[DEBUG] processing unknown_limit: $name -> $unknown_limit";
-+        $unknown_limit = $1 if defined $1;
-+        if (defined $unknown_limit) {
-+            if ($unknown_limit < 1) {
-+                # Zero and negative numbers are not valid.  
-+                $unknown_limit = 1;
-+            }
-+        }
-+        DEBUG "[DEBUG] processing unknown_limit: $name -> $unknown_limit";
-     }
- 
-     return (\@warning, \@critical, $unknown_limit);
diff -u munin-2.0.6/debian/patches/series munin-2.0.6/debian/patches/series
--- munin-2.0.6/debian/patches/series
+++ munin-2.0.6/debian/patches/series
@@ -2,0 +3,7 @@
+238-munin-node-ipv6allow.patch
+239-fix-too-many-warnings-in-munin-graph.log.patch
+240-Do-not-use-the-read-without-variable-bashism.patch
+241-master-connect-to-AAAA-and-A-address.patch
+242-Fix-wrong-assumption-about-Net-SSLeay-CTX_set_option.patch
+243-http_loadtime-fixed-stderr-redirection-with-time.patch
+244-fix-apt_all-plugin-statedir-for-cron.patch
only in patch2:
unchanged:
--- munin-2.0.6.orig/debian/munin-async.README.Debian
+++ munin-2.0.6/debian/munin-async.README.Debian
@@ -0,0 +1,130 @@
+***** Installing munin-async *****
+
+When using munin, one often runs into one of two problems:
+    * There are so many nodes to update, the update takes more than the
+      update interval
+    * Some servers may be connected over flaky lines, so an update may be lost
+      due to timeout
+
+With version 2.0, the designers of munin have started addressing those
+problems. Today we look at one part of that solution, munin-async. Note that I
+am using the packages from Debian testing. Your experience on other OSs
+may vary. Here are the steps I needed to take in order for the client to
+collect munin-async data from the various servers:
+
+**** Install munin-async on the monitored machines AND the graphing server ****
+
+The munin-async Debian package contains both the client AND the server scripts
+for async work. This is not consistent, since previously all the data fetching
+scripts were in the munin package, and all the data serving scripts were in the
+munin-node package. It also means that you have to install munin-async
+(creating the munin-async user, with its own entry in passwd file and its
+shell set to /bin/bash) on the server, not just on the clients. I don’t like
+leaving that open.
+
+(on remote machine and on server)
+apt-get install munin-async
+
+**** Start munin-asyncd on servers where data is to be collected ****
+
+(on remote machine) service munin-async start
+
+**** Prepare the master for using ssh to connect to servers ****
+
+Change the shell of the munin user to bash so you can do these changes as the
+munin user:
+vipw
+su - munin
+cd /var/lib/munin
+mkdir .ssh
+cd .ssh
+ssh-keygen -q -N "" -f /var/lib/munin/.ssh/id_rsa
+cat /var/lib/munin/.ssh/id_rsa.pub
+
+Place the ssh public key in /var/lib/munin/.ssh) (on the remote machine)
+
+mkdir /var/lib/munin-async/.ssh
+
+(on the server)
+scp /var/lib/munin/.ssh/id_rsa.pub root@example.net:/var/lib/munin-async/.ssh/authorized_keys
+chown -R munin:munin /var/lib/munin/.ssh
+
+ssh munin-async@example.net
+exit
+
+Note that you need to check the connection for EVERY host from which you intend
+to collect data in the async manner. munin is NOT handling this dialogue:
+The authenticity of host 'example.net (2600:more:fool:you:f9b)' can't be
+established.
+RSA key fingerprint is 61:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa.
+Are you sure you want to continue connecting (yes/no)? yes
+Warning: Permanently added 'example.net,2600:moore:fool:you:f9b' (RSA) to the
+list of known hosts.
+
+So you need to log in “by hand” first, from the user munin, in order to record
+the key. Or you need to copy the key from antoher known_hosts file, which may
+be tricky. Now change the shell of munin back to /bin/false, for security.
+
+chsh -s /bin/false munin
+
+**** Change the system definition in /etc/munin/munin.conf ****
+
+(or, as I prefer to do it, in /etc/munin/munin-conf.d/hostlist.conf ).
+[async.my-machine.net]
+ address ssh://munin-async@example.net /usr/share/munin/munin-async --spooldir
+/var/lib/munin/spool --spoolfetch
+ use_node_name yes
+
+I am using async in the definition name merely so that I can compare the data
+from the two collection methods.
+
+**** Security enhancement ****
+To prevent your monitored server being compromised if someone manages to break
+into your munin collection server, you should edit the /var/lib/munin-
+async/.ssh/authorized_keys file and add
+
+no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty,no-user-rc,command="/usr/sbin/munin-async  --spooldir /var/lib/munin/spool --spoolfetch"
+
+to the beginning of the relevant line. Additionally consider from="(remote machine IPs)".
+
+**** Adding plugins ****
+
+When you add a plugin, it won’t be visible unless you first restart munin-node
+and THEN munin-async.
+
+**** Troubleshooting tips ****
+
+If you haven’t logged in to the host “by hand” or added its keys to
+known_hosts some other way, the fetch will fail. The only log in the munin-
+update file will say something like:
+
+Socket read from async.example.net failed. A Terminating process. at /usr/
+share/perl5/Munin/Master/UpdateWorker.pm line ...
+Another possible cause of mysterious failure to fetch data from the remote host
+(that does not give a clear error message) is munin-asyncd not running on the
+target server, or having no prefetched data yet.
+
+**** Additional ideas ****
+
+Balint Deak suggested in a post on the munin-users mailing list: What I would
+add to this is that if you have many hosts, or hosts are added on a daily
+basis, it may be annoying to always remember to log in to each new box and say
+“yes” at the prompt.
+
+If you create a config file for ssh in the $HOME/.ssh/config for the user that
+runs the master (defaults to ‘munin’) and tell ssh not to check the host key
+when authenticating, then no prompt will be displayed even for new or unknown
+hosts.
+
+Add something like:
+Host *
+  UserKnownHostsFile=/dev/null
+  StrictHostKeyChecking=no
+
+I don’t think this makes the setup less secure, but it would make the
+automation of adding new hosts to the system easier.
+
+Regards,
+Balint
+
+From http://www.matija.si/system-administration/2012/07/15/installing-munin-async/ with edits from Daniel Black
only in patch2:
unchanged:
--- munin-2.0.6.orig/debian/patches/239-fix-too-many-warnings-in-munin-graph.log.patch
+++ munin-2.0.6/debian/patches/239-fix-too-many-warnings-in-munin-graph.log.patch
@@ -0,0 +1,47 @@
+From 789c59e3a27f5d38cabd02c8f57fec605e6146a8 Mon Sep 17 00:00:00 2001
+From: Steve Schnepp <steve.schnepp@pwkf.org>
+Date: Thu, 6 Sep 2012 13:46:17 +0200
+Subject: [PATCH] master: fix too many warnings in munin-graph.log
+
+When graph_strategy was missing, a warning was emitted since the value is
+undef.
+
+Closes: #1251
+---
+ master/lib/Munin/Master/HTMLConfig.pm |    6 +++---
+ 1 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/master/lib/Munin/Master/HTMLConfig.pm b/master/lib/Munin/Master/HTMLConfig.pm
+index dfa8b70..bbccffa 100644
+--- a/master/lib/Munin/Master/HTMLConfig.pm
++++ b/master/lib/Munin/Master/HTMLConfig.pm
+@@ -473,7 +473,7 @@ sub generate_service_templates {
+ 	    }
+     }
+ 
+-    if ($config->{'graph_strategy'} eq "cgi") {
++    if (munin_get($config, "graph_strategy", "cron") eq "cgi") {
+ 	map { $srv{$_} = $config->{'cgiurl_graph'} . "/" . $imgs{$_} } keys %imgs;
+     } else {
+ 	map { $srv{$_} = $root_path . "/" . $imgs{$_} } keys %imgs;
+@@ -500,7 +500,7 @@ sub generate_service_templates {
+ 	for my $scale (@times) {
+         # Don't try to find the size if cgi is enabled, 
+         # otherwise old data might pollute  
+-        next if ($config->{'graph_strategy'} eq "cgi");
++        next if (munin_get($config, "graph_strategy", "cron") eq "cgi");
+         if (my ($w, $h)
+             = get_png_size(munin_get_picture_filename($service, $scale))) {
+             $srv{"img" . $scale . "width"}  = $w;
+@@ -512,7 +512,7 @@ sub generate_service_templates {
+         $srv{imgweeksum} = "$srv{node}-week-sum.png";
+         $srv{imgyearsum} = "$srv{node}-year-sum.png";
+         for my $scale (["week", "year"]) {
+-            next if ($config->{'graph_strategy'} eq "cgi");
++            next if (munin_get($config, "graph_strategy", "cron") eq "cgi");
+             if (my ($w, $h)
+                 = get_png_size(munin_get_picture_filename($service, $scale, 1)))
+             {
+-- 
+1.7.2.5
+
only in patch2:
unchanged:
--- munin-2.0.6.orig/debian/patches/243-http_loadtime-fixed-stderr-redirection-with-time.patch
+++ munin-2.0.6/debian/patches/243-http_loadtime-fixed-stderr-redirection-with-time.patch
@@ -0,0 +1,25 @@
+From 9a1cbce209d268d3fc0c8e56ee953b310a204ded Mon Sep 17 00:00:00 2001
+From: Andrea Piccinelli <frasten@gmail.com>
+Date: Thu, 4 Oct 2012 09:40:13 +0300
+Subject: [PATCH] http_loadtime: fixed stderr redirection with 'time'
+
+---
+ plugins/node.d/http_loadtime.in |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/plugins/node.d/http_loadtime.in b/plugins/node.d/http_loadtime.in
+index bf17619..bb0675d 100644
+--- a/plugins/node.d/http_loadtime.in
++++ b/plugins/node.d/http_loadtime.in
+@@ -67,7 +67,7 @@ TMPDIR=`mktemp -d` || exit 1
+ trap "rm -rf $TMPDIR" EXIT
+ 
+ cd $TMPDIR || exit 1
+-loadtime=$(time -p wget -p --no-cache --delete-after $target -q 2>&1 | awk '/^real / { print $2 }')
++loadtime=$((time -p wget -p --no-cache --delete-after $target -q) 2>&1 | awk '/^real / { print $2 }')
+ cd ..
+ 
+ echo "loadtime.value $loadtime"
+-- 
+1.7.2.5
+
only in patch2:
unchanged:
--- munin-2.0.6.orig/debian/patches/238-munin-node-ipv6allow.patch
+++ munin-2.0.6/debian/patches/238-munin-node-ipv6allow.patch
@@ -0,0 +1,12 @@
+diff --git a/node/munin-node.conf.in b/node/munin-node.conf.in
+index b2e2ed4..fd40f64 100644
+--- a/node/munin-node.conf.in
++++ b/node/munin-node.conf.in
+@@ -33,6 +33,7 @@ ignore_file \.pod$
+ # may repeat the allow line as many times as you'd like
+ 
+ allow ^127\.0\.0\.1$
++allow ^::1$
+ 
+ # If you have installed the Net::CIDR perl module, you can use one or more
+ # cidr_allow and cidr_deny address/mask patterns.  A connecting client must
only in patch2:
unchanged:
--- munin-2.0.6.orig/debian/patches/241-master-connect-to-AAAA-and-A-address.patch
+++ munin-2.0.6/debian/patches/241-master-connect-to-AAAA-and-A-address.patch
@@ -0,0 +1,30 @@
+commit a18229c522e1df5468a7dcb3a2f4c96aca56a761
+Author: Steve Schnepp <steve.schnepp@pwkf.org>
+Date:   Tue Nov 27 07:28:43 2012 +0100
+
+    master: connect to AAAA and A address
+    
+    According to Michael Renner in D#678662 :
+    
+    The lack of the "MulitHomed" parameter causes IO::Socket::INET6 to give
+    preferential treatment to AAAA-addresses and fail if they don't yield a socket.
+    When enabling MultiHomed IO::Socket::INET6 will try all returned addresses.
+    
+    See http://search.cpan.org/~shlomif/IO-Socket-INET6-2.69/lib/IO/Socket/INET6.pm#CONSTRUCTOR for detailed information.
+    
+    Thx to Kelsey Cummings for reporting it on the ml.
+    
+    Closes: D#678662
+
+diff --git a/master/lib/Munin/Master/Node.pm b/master/lib/Munin/Master/Node.pm
+index 6549fbf..af9d69e 100644
+--- a/master/lib/Munin/Master/Node.pm
++++ b/master/lib/Munin/Master/Node.pm
+@@ -86,6 +86,7 @@ sub _do_connect {
+ 		PeerPort  => $self->{port} || 4949,
+ 		LocalAddr => $config->{local_address},
+ 		Proto     => 'tcp', 
++		MultiHomed => 1,
+ 		Timeout   => $config->{timeout}
+ 	);
+ 	if (! $self->{reader} ) {
only in patch2:
unchanged:
--- munin-2.0.6.orig/debian/patches/240-Do-not-use-the-read-without-variable-bashism.patch
+++ munin-2.0.6/debian/patches/240-Do-not-use-the-read-without-variable-bashism.patch
@@ -0,0 +1,23 @@
+From 717a7dadad040657e118e5102b2ba6aebf5b94fc Mon Sep 17 00:00:00 2001
+From: intrigeri <intrigeri@debian.org>
+Date: Sun, 25 Nov 2012 15:52:54 +0100
+Subject: [PATCH] Do not use the "read without variable" bashism. (Closes:
+ #690711)
+
+---
+ plugins/node.d.linux/selinux_avcstat.in |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/plugins/node.d.linux/selinux_avcstat.in b/plugins/node.d.linux/selinux_avcstat.in
+index dc436ef..92abf13 100644
+--- a/plugins/node.d.linux/selinux_avcstat.in
++++ b/plugins/node.d.linux/selinux_avcstat.in
+@@ -85,7 +85,7 @@ if [ "$1" = "config" ]; then
+ fi
+ 
+ if [ -r $AVCSTATS ]; then
+-    { read
++    { read HEADER
+       while read lookups hits misses allocations reclaims frees; do
+         LOOKUPS=$(($LOOKUPS + $lookups))
+         HITS=$(($HITS + $hits))
only in patch2:
unchanged:
--- munin-2.0.6.orig/debian/patches/242-Fix-wrong-assumption-about-Net-SSLeay-CTX_set_option.patch
+++ munin-2.0.6/debian/patches/242-Fix-wrong-assumption-about-Net-SSLeay-CTX_set_option.patch
@@ -0,0 +1,32 @@
+From 380550392ba37eaa32203342c082d4013dfcba21 Mon Sep 17 00:00:00 2001
+From: intrigeri <intrigeri@debian.org>
+Date: Wed, 21 Nov 2012 12:02:53 +0100
+Subject: [PATCH] Fix wrong assumption about Net::SSLeay::CTX_set_options return value (Closes: #675377)
+
+The examples I can see in the Net::SSLeay perldoc indicate that this function
+returns true on success:
+
+    Net::SSLeay::CTX_set_options($ctx, &Net::SSLeay::OP_ALL)
+         or die_if_ssl_error("ssl ctx set options");
+
+... while the Munin code assumed the opposite.
+---
+ common/lib/Munin/Common/TLS.pm |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/common/lib/Munin/Common/TLS.pm b/common/lib/Munin/Common/TLS.pm
+index 604422d..5211bf8 100644
+--- a/common/lib/Munin/Common/TLS.pm
++++ b/common/lib/Munin/Common/TLS.pm
+@@ -132,7 +132,7 @@ sub _creat_tls_context {
+     }
+ 
+     # Tune a few things...
+-    if (Net::SSLeay::CTX_set_options($ctx, &Net::SSLeay::OP_ALL)) {
++    if (! Net::SSLeay::CTX_set_options($ctx, &Net::SSLeay::OP_ALL)) {
+ 	$self->{logger}("[ERROR] Could not set SSL_CTX options");
+ 	return 0;
+     }
+-- 
+1.7.2.5
+
only in patch2:
unchanged:
--- munin-2.0.6.orig/debian/patches/244-fix-apt_all-plugin-statedir-for-cron.patch
+++ munin-2.0.6/debian/patches/244-fix-apt_all-plugin-statedir-for-cron.patch
@@ -0,0 +1,29 @@
+From d53b34d1bdfafece48e50f2d690b2e1130b6f1dd Mon Sep 17 00:00:00 2001
+From: Steve Schnepp <steve.schnepp@pwkf.org>
+Date: Thu, 13 Sep 2012 12:18:29 +0200
+Subject: [PATCH] plugins: fix apt_all plugin statedir for cron
+
+The apt_all plugin has its state updated in cron. There the ENV var
+MUNIN_PLUGSTATE doesn't exist, so we need to set a default.
+
+Closes: D#687495
+---
+ plugins/node.d.linux/apt_all.in |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/plugins/node.d.linux/apt_all.in b/plugins/node.d.linux/apt_all.in
+index 0c491f8..101c5d0 100644
+--- a/plugins/node.d.linux/apt_all.in
++++ b/plugins/node.d.linux/apt_all.in
+@@ -52,7 +52,7 @@ use strict;
+ $ENV{'LANG'}="C";
+ $ENV{'LC_ALL'}="C";
+ 
+-my $statefile = "$ENV{MUNIN_PLUGSTATE}/plugin-apt.state";
++my $statefile = ($ENV{MUNIN_PLUGSTATE} || '@@PLUGSTATE@@/root/') . "/plugin-apt.state";
+ my @releases = ("stable", "testing","unstable");
+ 
+ 
+-- 
+1.7.2.5
+

--- End Message ---
--- Begin Message --- 
On Fri, Jan  4, 2013 at 16:12:00 +0100, Holger Levsen wrote:

> retitle 694790 unblock: munin/2.0.6-3

Unblocked.

Cheers,
Julien

Attachment: signature.asc
Description: Digital signature


--- End Message ---
Reply to: