wiki:MuninConfigurationNetworkInetd

Accessing Munin nodes through (x)inetd

Attention: Content of this page should be moved to the Munin-Guide --> Visit the Guide now.

This article describes using inetd or xinetd as a forwarder for reaching Munin nodes behind a non-routing *nix system. The in-between server ("bouncer") assigns and opens different TCP ports pointing to each of the Munin nodes you need to reach. This is really quite identical to regular port forwarding.

http://munin.projects.linpro.no/attachment/wiki/BouncingMunin/MuninPortForwarding.png?format=raw

Comparing this method to SSH tunneling, using (x)inetd does not require a login account on the bouncer, while the downside is that the access control may be weaker and you might need to open lots of TCP ports.

From /etc/services on the bouncer:

munin            4949/tcp
munin-server-a   5001/tcp
munin-server-b   5002/tcp
munin-server-c   5003/tcp

If you use inetd, entries like these must exist in /etc/inetd.conf on the bouncer:

munin-server-a   stream  tcp     nowait  root  /usr/bin/nc /usr/bin/nc -w 30 server-a munin
munin-server-b   stream  tcp     nowait  root  /usr/bin/nc /usr/bin/nc -w 30 server-b munin
munin-server-c   stream  tcp     nowait  root  /usr/bin/nc /usr/bin/nc -w 30 server-c munin

If you use xinetd, the /etc/xinetd.d/ directory on the bouncer needs one file each for the different servers (server-a, server-b and server-c). For easier recognition, it's a good idea to prefix the files with for example "munin-". A sample munin-server-a file looks like this (note that the file name equals the "service" directive, and that the destination server and port are given as server_args):

service munin-server-a
{
        disable = no
        socket_type     = stream
        wait            = no
        user            = root
        protocol        = tcp
        server          = /usr/bin/nc
        server_args     = -w 30 server-a munin
}

Then, munin.conf on the Munin server must be configured accordingly:

[Server-A]
  address bouncer
  port 5001
  use_node_name yes

[Server-B]
  address bouncer
  port 5002
  use_node_name yes

[Server-C]
  address bouncer
  port 5003
  use_node_name yes

Note that your Munin nodes must now allow connections (in munin-node.conf) from the IP address of the bouncer.

Last modified at 2016-10-15T16:09:55+02:00 Last modified on 2016-10-15T16:09:55+02:00