Title : Deploying munin-node with drist
Author: Solène
Date  : 17 April 2019
Tags  : drist automation openbsd

The following guide is a real world example of drist usage. We will
create a script to deploy munin-node on OpenBSD systems.

We need to create a script that will install munin-node package but
also configure it using the default proposal. This is done easily
using the **script** file.

    #!/bin/sh
    
    # checking munin not installed
    pkg_info | grep munin-node
    if [ $? -ne 0 ]; then
        pkg_add munin-node
        munin-node-configure --suggest --shell | sh
        rcctl enable munin_node
    fi
    
    rcctl restart munin_node

The script contains some simple logic to prevent trying installing
munin-node each time we will run it, and also prevent re-configuring it
automatically every time. This is done by checking if pkg_info output
contains munin-node.

We also need to provide a **munin-node.conf** file to allow our munin
server to reach the nodes. For this how-to, I'll dump the
configuration in the commands using cat, but of course, you can use
your favorite editor to create the file, or copy an original
**munin-node.conf** file and edit it to suit your needs.

    mkdir -p files/etc/munin/
    
    cat <<EOF > files/etc/munin/munin-node.conf
    log_level 4
    log_file /var/log/munin/munin-node.log
    pid_file /var/run/munin/munin-node.pid
    background 1
    setsid 1
    user root
    group wheel
    ignore_file [\#~]$
    ignore_file DEADJOE$
    ignore_file \.bak$
    ignore_file %$
    ignore_file \.dpkg-(tmp|new|old|dist)$
    ignore_file \.rpm(save|new)$
    ignore_file \.pod$
    allow ^127\.0\.0\.1$
    allow ^192\.168\.1\.100$
    allow ^::1$
    host *
    port 4949
    EOF

Now, we only need to use drist on the remote host:

    drist root@myserver

Last version of drist as now also supports privilege escalation using
doas instead of connecting to root by ssh:

    drist -s -e doas user@myserver