Accessing Munin nodes through (x)inetd

Attention: Content of this page should be moved to the Munin-Guide --> Visit the Guide now.

This article describes using inetd or xinetd as a forwarder for reaching Munin nodes behind a non-routing *nix system. The in-between server ("bouncer") assigns and opens different TCP ports pointing to each of the Munin nodes you need to reach. This is really quite identical to regular port forwarding.

Comparing this method to SSH tunneling, using (x)inetd does not require a login account on the bouncer, while the downside is that the access control may be weaker and you might need to open lots of TCP ports.

From /etc/services on the bouncer:

munin            4949/tcp
munin-server-a   5001/tcp
munin-server-b   5002/tcp
munin-server-c   5003/tcp

If you use inetd, entries like these must exist in /etc/inetd.conf on the bouncer:

munin-server-a   stream  tcp     nowait  root  /usr/bin/nc /usr/bin/nc -w 30 server-a munin
munin-server-b   stream  tcp     nowait  root  /usr/bin/nc /usr/bin/nc -w 30 server-b munin
munin-server-c   stream  tcp     nowait  root  /usr/bin/nc /usr/bin/nc -w 30 server-c munin

If you use xinetd, the /etc/xinetd.d/ directory on the bouncer needs one file each for the different servers (server-a, server-b and server-c). For easier recognition, it's a good idea to prefix the files with for example "munin-". A sample munin-server-a file looks like this (note that the file name equals the "service" directive, and that the destination server and port are given as server_args):

service munin-server-a
        disable = no
        socket_type     = stream
        wait            = no
        user            = root
        protocol        = tcp
        server          = /usr/bin/nc
        server_args     = -w 30 server-a munin

Then, munin.conf on the Munin server must be configured accordingly:

  address bouncer
  port 5001
  use_node_name yes

  address bouncer
  port 5002
  use_node_name yes

  address bouncer
  port 5003
  use_node_name yes

Note that your Munin nodes must now allow connections (in munin-node.conf) from the IP address of the bouncer.

Last modified at 2016-10-15T16:09:55+02:00 Last modified on 2016-10-15T16:09:55+02:00