Package: munin Version: 2.0.33-1 Severity: minor Dear Maintainer,
when the apt-all plugin is loaded (what is automatic on Debian because of the package install script), then two cron lines in /etc/cron.d/munin-node */5 * * * * root if [ -x /etc/munin/plugins/apt_all ]; then /etc/munin/plugins/apt_all update 7200 12 >/dev/null; elif [ -x /etc/munin/plugins/apt ]; then /etc/munin/plugins/apt update 7200 12 >/dev/null; fi */10 * * * * root lslocks -o PATH | grep -e "^/var/lib/dpkg/lock$" >/dev/null || if [ -x /etc/munin/plugins/apt_all ]; then /etc/munin/plugins/apt_all update 7200 12 >/dev/null; elif [ -x /etc/munin/plugins/apt ]; then /etc/munin/plugins/apt update 7200 12 >/dev/null; fi They generate garbage email in two cases: when root is already runnin an installation or system update or when computer is offline. They have a third side effect: if user tries to start installing a package just after those lines started to run, then, root will receive the error message "lock already locked by an other process", what is a missleading message. The very first time I got this message, I checked all my consoles: "in which console am I already running apt ?" then, after founding none "am I being hacked ?". And when I restarted the same command, it worked => "why does it work now ? I did nothing to release the lock". And this may be very missleading for an experienced debian admin who is just starting to learn about munin. The case I had this weekend: a production server was offline because of a faulty cable. The server is a gateway for a full room of machines. Every single machine generated one email per hour, for two days ... those machines are designed to send only one message per week; so getting one message per hour blew up the SMTP. Here is a typical error email: W: Failed to fetch http://ftp.fr.debian.org/debian/dists/stretch/InRelease Temporary failure resolving 'ftp.fr.debian.org' W: Failed to fetch http://security.debian.org/dists/stretch/updates/InRelease Temporary failure resolving 'security.debian.org' W: Failed to fetch http://ftp.fr.debian.org/debian/dists/stretch-updates/InRelease Temporary failure resolving 'ftp.fr.debian.org' W: Failed to fetch http://www.ubnt.com/downloads/unifi/debian/dists/unifi5/InRelease Temporary failure resolving 'www.ubnt.com' W: Some index files failed to download. They have been ignored, or old ones used instead. 1: installation of package should inform admin about the fact these two cron lines may lock apt a few seconds per hour. 2: you need to find a way to EASILY let admin customise if he want to run those lines, or use an alternate way to update apt (I have seen some propositions in other bugs) 3: create a conf file that will let admin choose - if those lines should be completely silent (add 2>/dev/null) - at which frequency they should be run 4: ideally I would like those commands to not lock apt; but I know it's not possible in Debian. Gentoo is designed to minimise the time laps when the locks are created, and allows parallel execution of installation procedures. Debian locks every thing all the time; and this bug is not asking to change this behaviour. But this bug need to workaround the fact a random cron task may randomly prevent admin from working, or may randomly prevent correct execution of admin scripts/interfaces. An old working debian may suddenly break just after installing munin. The apt-all plugin may be interesting and helpfull; but that cron bit is toxic for me. In particular, the plugin has a small design flaw: it only produces warnings when updates are available. It should also provide critical state when security updates are available !!! This would be very usefull !!! While I am suggesting the creation of a conf file for apt-all and it's cron file, a conf file for this plugin would also help fixing several other bugs pending; like the one or two bugs about Debian Version. There are good ideas in this plugin; but poorly implemented. What I am wondering is: should be remove this plugin from automatic installation ? (keep the plugin in the repo, but do not automatically enable it during package install). I thinck it should be removed from automatic installation before we make it cleaner, more user friendly, and remove it's side effects. Or at the very least, rapidly add a warning during installation, or a curses pop-up question. -- System Information: Debian Release: 9.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-6-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages munin depends on: ii cron [cron-daemon] 3.0pl1-128+deb9u1 ii fonts-dejavu-core 2.37-1 ii libdate-manip-perl 6.57-1 pn libdigest-md5-perl <none> ii libfile-copy-recursive-perl 0.38-1 ii libhtml-template-perl 2.95-2 ii libio-socket-inet6-perl 2.72-2 ii liblog-log4perl-perl 1.48-1+deb9u1 ii libperl5.24 [libtime-hires-perl] 5.24.1-3+deb9u2 ii librrds-perl 1.6.0-1+b2 pn libstorable-perl <none> ii liburi-perl 1.71-1 ii lsb-base 9.20161125 ii munin-common 2.0.33-1 ii perl 5.24.1-3+deb9u2 ii rrdtool 1.6.0-1+b2 Versions of packages munin recommends: ii libcgi-fast-perl 1:2.12-1 ii munin-doc 2.0.33-1 ii munin-node 2.0.33-1 Versions of packages munin suggests: ii apache2 [httpd] 2.4.25-3+deb9u3 ii libapache2-mod-fcgid 1:2.3.9-1+b1 ii libnet-ssleay-perl 1.80-1 ii lynx [www-browser] 2.8.9dev11-1 ii w3m [www-browser] 0.5.3-34+deb9u1 -- Configuration Files: /etc/cron.d/munin [Errno 2] No such file or directory: '/etc/cron.d/munin' /etc/logrotate.d/munin changed [not included] /etc/munin/apache.conf changed [not included] /etc/munin/apache24.conf changed [not included] /etc/munin/munin.conf [Errno 2] No such file or directory: '/etc/munin/munin.conf' -- no debconf information -- >o_/ DEMAINE Benoit-Pierre (Gmail) (aka DoubleHP) http://benoit.demaine.info <http://benoit.demaine.info/>/ If computing were an exact science, IT engineers would'nt have work \_o< "So all that's left, Is the proof that love's not only blind but deaf." (FAKE TALES OF SAN FRANCISCO, Arctic Monkeys)
