«
»

Remote Munin Nodes

My laptop and desktop are not always connected to the same network as my server and when this is the case its most likely I do not have control of the network or want the information passed over the internet in plain text. So this is my answer to remote munin nodes, using the remote forwarding feature of SSH.

  1. Install Munin Node: 
    $ sudo aptitude install munin-node
  2. Create the upstart event file: 
    $ sudo -e /etc/event.d/munin-tunnel

    Write in the following text:

    start on runlevel 2
start on runlevel 3

stop on runlevel 0
stop on runlevel 1
stop on runlevel 4
stop on runlevel 5
stop on runlevel 6

exec sudo -u munin ssh -N munin-reporter@munin-server.example.com
respawn
  3. Generate a SSH key for munin:

    You do not want to set a password on the SSH key

    $ sudo sudo -H -u munin /bin/bash
$ mkdir /var/lib/munin/.ssh/
$ cd /var/lib/munin/.ssh
$ ssh-keygen -b 1024 -C munin@`hostname -f` -t rsa
$ exit
  4. Edit the SSH configuration for the munin user: 
    $ sudo -e /var/lib/munin/.ssh/config
$ sudo chown munin:munin /var/lib/munin/.ssh/config

    Insert:

    Host munin-server.example.com
RemoteForward some-port-number localhost:4949
  5. Now you need to do some leg work on your server first create a user so that the SSH tunnel can be created, I used munin-reporter. Then you need to copy the munin users public key on your client into the ~munin-reporter/.ssh/authorized_keys file on your munin server. I will leave this as a user task, set up how you like on your server. I would recommend prepending the munin public key with the following in the authorized_keys file to restrict what the user can do. 
    no-pty,no-X11-forwarding,no-agent-forwarding
  6. Again, on your server, we need to tell munin where to get the data about the remote host from, using the snippet below: 
    sudo nano /etc/munin/munin.conf
    [node.example.com]
address 127.0.0.1
port some-port-number
use_node_name yes
  7. Next we need to test the connection and verify the host signature so, that it doesn’t need to be done again. 
    $ sudo sudo -u munin ssh munin-reporter@munin-server.example.com -v

    Check for any errors etc. if you spot a problem retrace your steps.

  8. All that is left is to start the upstart event and wait for some pretty graphs ;) 
    sudo start munin-tunnel

This entry was posted on Thursday, May 24th, 2007 at 6:11 pm and is filed under Network, Security, Ubuntu. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

4 Responses to “Remote Munin Nodes”

  1. CASA says:
    August 30, 2007 at 8:18 am

    Hey,

    thank you very much for that documentation.
    But I am having some problems. After starting the munin-tunnel
    in the init.d I am getting this output:

    Warning: remote port forwarding failed for listen port 0

    Any ideas?

    Greets

    CASA

  2. CASA says:
    August 30, 2007 at 8:19 am

    PS:

    The OS is Debian Etch

  3. Chris says:
    September 3, 2007 at 10:17 pm

    What does your .ssh/config file read?

  4. Tunnelling munin with ssh » www.chengfu.net says:
    November 8, 2007 at 8:52 pm

    [...] data transfered anyway and the built-in ssl connection did not work right away. Now I found a small guide to building an ssh-tunnel for munin. The solution is obvious, why didn’t I do that? Anyway, need to do some changes to my munin [...]

Leave a Reply