💾 Archived View for perso.pw › blog › articles › drist-munin.gmi captured on 2022-06-03 at 23:15:27. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2021-12-17)

➡️ Next capture (2023-01-29)

-=-=-=-=-=-=-

Deploying munin-node with drist

NIL=> Comment on Mastodon

The following guide is a real world example of drist usage. We will

create a script to deploy munin-node on OpenBSD systems.

We need to create a script that will install munin-node package but

also configure it using the default proposal. This is done easily

using the **script** file.

#!/bin/sh

# checking munin not installed

pkg_info | grep munin-node

if [ $? -ne 0 ]; then

pkg_add munin-node

munin-node-configure --suggest --shell | sh

rcctl enable munin_node

fi

rcctl restart munin_node

The script contains some simple logic to prevent trying installing

munin-node each time we will run it, and also prevent re-configuring it

automatically every time. This is done by checking if pkg_info output

contains munin-node.

We also need to provide a **munin-node.conf** file to allow our munin

server to reach the nodes. For this how-to, I'll dump the

configuration in the commands using cat, but of course, you can use

your favorite editor to create the file, or copy an original

mkdir -p files/etc/munin/

cat <<EOF > files/etc/munin/munin-node.conf

log_level 4

log_file /var/log/munin/munin-node.log

pid_file /var/run/munin/munin-node.pid

background 1

setsid 1

user root

group wheel

ignore_file [\#~]$

ignore_file DEADJOE$

ignore_file \.bak$

ignore_file %$

ignore_file \.dpkg-(tmp|new|old|dist)$

ignore_file \.rpm(save|new)$

ignore_file \.pod$

allow ^127\.0\.0\.1$

allow ^192\.168\.1\.100$

allow ^::1$

host *

port 4949

EOF

Now, we only need to use drist on the remote host:

drist root@myserver

Last version of drist as now also supports privilege escalation using

doas instead of connecting to root by ssh:

drist -s -e doas user@myserver