 |
Title: Deploying munin-node with drist |
|
Author: Solène |
|
Date: 17 April 2019 |
|
Tags: drist automation openbsd |
|
Description: |
|
|
|
The following guide is a real world example of drist usage. We will |
|
create a script to deploy munin-node on OpenBSD systems. |
|
|
|
We need to create a script that will install munin-node package but |
|
also configure it using the default proposal. This is done easily |
|
using the **script** file. |
|
|
|
#!/bin/sh |
|
|
|
pkg_info | grep munin-node |
|
if [ $? -ne 0 ]; then |
|
pkg_add munin-node |
|
munin-node-configure --suggest --shell | sh |
|
rcctl enable munin_node |
|
fi |
|
|
|
|
|
The script contains some simple logic to prevent trying installing |
|
munin-node each time we will run it, and also prevent re-configuring it |
|
automatically every time. This is done by checking if pkg_info output |
|
contains munin-node. |
|
|
|
We also need to provide a **munin-node.conf** file to allow our munin |
|
server to reach the nodes. For this how-to, I'll dump the |
|
configuration in the commands using cat, but of course, you can use |
|
your favorite editor to create the file, or copy an original |
|
**munin-node.conf** file and edit it to suit your needs. |
|
|
|
mkdir -p files/etc/munin/ |
|
|
|
log_level 4 |
|
log_file /var/log/munin/munin-node.log |
|
pid_file /var/run/munin/munin-node.pid |
|
background 1 |
|
setsid 1 |
|
user root |
|
group wheel |
|
ignore_file [\#~]$ |
|
ignore_file DEADJOE$ |
|
ignore_file \.bak$ |
|
ignore_file %$ |
|
ignore_file \.dpkg-(tmp|new|old|dist)$ |
|
ignore_file \.rpm(save|new)$ |
|
ignore_file \.pod$ |
|
allow ^127\.0\.0\.1$ |
|
allow ^192\.168\.1\.100$ |
|
allow ^::1$ |
|
host * |
|
port 4949 |
|
EOF |
|
|
|
Now, we only need to use drist on the remote host: |
|
|
|
drist root@myserver |
|
|
|
Last version of drist as now also supports privilege escalation using |
|
doas instead of connecting to root by ssh: |
|
|
|
drist -s -e doas user@myserver |
