icinga2
icinga2 copied to clipboard
Icinga
Fedora -X option does not exclude /run/user/0/doc with tmpfs excluded with check_command
Describe the bug
In trying to exclude /run/user/0/doc, the GUI shows DISK CRITICAL - /run/user/0/doc is not accessible: Permission denied even when tmpfs is being excluded.
To Reproduce
Provide a link to a live example, or an unambiguous set of steps to reproduce this bug. Include configuration, logs, etc. to reproduce, if relevant.
Here is my config in hosts.conf:
vars.disks["disk /"] = {
disk_partitions = "/"
vars.disk_ignore_eregi_path = [ "/run" ]
vars.disk_exclude_type = ["overlay","tmpfs","nsfs","sysfs","shm","debugfs","tracefs","nfs"]
vars.disk_ignore_ereg_path = ["/run/0/doc"]
vars.disk_partitions_excluded = ["/run","/run/0/doc", "/run/user/0/doc"]
}
vars.disk_exclude_type = [
"tmpfs",
"sysfs",
"proc",
"configfs",
"devtmpfs",
"devfs",
"mtmfs",
"tracefs",
"cgroup",
"fuse.gvfsd-fuse",
"fuse.gvfs-fuse-daemon",
"fdescfs",
"overlay",
"nsfs",
"squashfs"
]
check_command = "hostalive"
Expected behavior
/run/user/0/doc should not be displayed.
Screenshots
Your Environment
Include as many relevant details about the environment you experienced the problem in
- Version used (
icinga2 --version):
icinga2 --version
icinga2 - The Icinga 2 network monitoring daemon (version: 2.13.1-1)
Copyright (c) 2012-2021 Icinga GmbH (https://icinga.com/)
License GPLv2+: GNU GPL version 2 or later <https://gnu.org/licenses/gpl2.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
System information:
Platform: Fedora
Platform version: 34 (Server Edition)
Kernel: Linux
Kernel version: 5.13.19-200.fc34.x86_64
Architecture: x86_64
Build information:
Compiler: GNU 11.2.1
Build host: unknown
OpenSSL version: OpenSSL 1.1.1l FIPS 24 Aug 2021
Application information:
General paths:
Config directory: /etc/icinga2
Data directory: /var/lib/icinga2
Log directory: /var/log/icinga2
Cache directory: /var/cache/icinga2
Spool directory: /var/spool/icinga2
Run directory: /run/icinga2
Old paths (deprecated):
Installation root: /usr
Sysconf directory: /etc
Run directory (base): /run
Local state directory: /var
Internal paths:
Package data directory: /usr/share/icinga2
State path: /var/lib/icinga2/icinga2.state
Modified attributes path: /var/lib/icinga2/modified-attributes.conf
Objects path: /var/cache/icinga2/icinga2.debug
Vars path: /var/cache/icinga2/icinga2.vars
PID path: /run/icinga2/icinga2.pid
- Operating System and version: Fedora 34
- Enabled features (
icinga2 feature list): Enabled features: api checker command ido-mysql mainlog notification syslog - Icinga Web 2 version and modules (System - About): 2.9.3
- Config validation (
icinga2 daemon -C):
icinga2 daemon -C
[2021-10-12 12:16:44 -0400] information/cli: Icinga application loader (version: 2.13.1-1)
[2021-10-12 12:16:44 -0400] information/cli: Loading configuration file(s).
[2021-10-12 12:16:44 -0400] information/ConfigItem: Committing config item(s).
[2021-10-12 12:16:44 -0400] information/ApiListener: My API identity: mandelbrot.dsm.fordham.edu
[2021-10-12 12:16:44 -0400] information/ConfigItem: Instantiated 1 IcingaApplication.
[2021-10-12 12:16:44 -0400] information/ConfigItem: Instantiated 2 HostGroups.
[2021-10-12 12:16:44 -0400] information/ConfigItem: Instantiated 5 Hosts.
[2021-10-12 12:16:44 -0400] information/ConfigItem: Instantiated 2 NotificationCommands.
[2021-10-12 12:16:44 -0400] information/ConfigItem: Instantiated 1 Downtime.
[2021-10-12 12:16:44 -0400] information/ConfigItem: Instantiated 1 SyslogLogger.
[2021-10-12 12:16:44 -0400] information/ConfigItem: Instantiated 5 Comments.
[2021-10-12 12:16:44 -0400] information/ConfigItem: Instantiated 1 FileLogger.
[2021-10-12 12:16:44 -0400] information/ConfigItem: Instantiated 1 CheckerComponent.
[2021-10-12 12:16:44 -0400] information/ConfigItem: Instantiated 1 ApiListener.
[2021-10-12 12:16:44 -0400] information/ConfigItem: Instantiated 1 IdoMysqlConnection.
[2021-10-12 12:16:44 -0400] information/ConfigItem: Instantiated 3 Zones.
[2021-10-12 12:16:44 -0400] information/ConfigItem: Instantiated 1 ExternalCommandListener.
[2021-10-12 12:16:44 -0400] information/ConfigItem: Instantiated 1 Endpoint.
[2021-10-12 12:16:44 -0400] information/ConfigItem: Instantiated 22 Notifications.
[2021-10-12 12:16:44 -0400] information/ConfigItem: Instantiated 1 ApiUser.
[2021-10-12 12:16:44 -0400] information/ConfigItem: Instantiated 244 CheckCommands.
[2021-10-12 12:16:44 -0400] information/ConfigItem: Instantiated 1 NotificationComponent.
[2021-10-12 12:16:44 -0400] information/ConfigItem: Instantiated 1 UserGroup.
[2021-10-12 12:16:44 -0400] information/ConfigItem: Instantiated 1 User.
[2021-10-12 12:16:44 -0400] information/ConfigItem: Instantiated 3 TimePeriods.
[2021-10-12 12:16:44 -0400] information/ConfigItem: Instantiated 3 ServiceGroups.
[2021-10-12 12:16:44 -0400] information/ConfigItem: Instantiated 1 ScheduledDowntime.
[2021-10-12 12:16:44 -0400] information/ConfigItem: Instantiated 27 Services.
[2021-10-12 12:16:44 -0400] information/ScriptGlobal: Dumping variables to file '/var/cache/icinga2/icinga2.vars'
[2021-10-12 12:16:44 -0400] information/cli: Finished validating the configuration file(s).
Additional context
I would think this is an issue with the Nagios plugin. Lower case, -x does work.
"Nagios plugin"?
Well I'm basing it on Lee's comment on discourse.
Are you using Nagios plugins or monitoring plugins?
Apologies I'm still learning the nomenclature. Here are the modules we are using. So whatever comes with Fedora, and this is a new install.
icinga2 feature list
Disabled features: compatlog debuglog elasticsearch gelf graphite icingadb influxdb influxdb2 livestatus opentsdb perfdata statusdata
Enabled features: api checker command ido-mysql mainlog notification syslog
Fedora like EPEL is still using Nagios-Plugins. (The difference is the vendor and if you want to know more details about just google and you will find the history)
You can see the vendor by looking at the URL of the package:
rpm -qi nagios-plugins | grep ^URL
URL : https://www.nagios-plugins.org/
rpm -qi nagios-plugins | grep ^URL
Confirmed:
rpm -qi nagios-plugins | grep ^URL
URL : https://www.nagios-plugins.org/
TODO
- [ ] ITL: extra arg just for Nagios plugins
Thanks Alex, do you know of a way I can manually use a config file now to achieve this?
You could update the shipped Icinga 2 command, but it should be overwritten on package update.
You could update the shipped Icinga 2 command
Can you provide a hint as to how? Also if the issue is with check_disk command how does upgrading the icinga2 command help?
Edit this one:
https://github.com/Icinga/icinga2/blob/a7a2f4bed0453c9a24173670438040fece9f2c13/itl/command-plugins.conf#L1337-L1490
Edit this one:
Thanks are you suggesting I hard code the system path in value = "$disk_partitions_excluded$"
Is there a way to include multiple -x options? I'm seeing several tmpfs directories that are not automatically being excluded. Other examples include one from X2Go, /tmp/.x2go-ouruser/spool/C-ouruser-50-1637675492_stDMATE_dp32 and /run/media/ouruser/SanDisk1
vars.disk_partitions_excluded = ["a", "b"]
Is that done in the command line? How do I do this in the GUI?
I ran into the same problem, and added fuse to vars.disk_exclude_type.
Not sure if this can and should be applied generally, but it solves the problem for me.
Oh, and I copied the original disk command, and created my own copy in Director, with the extended array.
It was also necessary to create an extra data field disk_exclude_type with type Array.
I saw in another thread about the df -aT command:
gvfsd-fuse fuse.gvfsd-fuse 0 0 0 - /run/user/xxxx/gvfs
portal fuse.portal 0 0 0 - /run/user/xxxx/doc
[email protected]:/cygdrive/C/Users/myuser/X2GO~1/S-5B9B~1/spool fuse.sshfs 0 0 0 - /tmp/.x2go-myuser/spool/C-myuser-51-1638210896_stDXFCE_dp32
So I added fuse.sshfs and fuse.portal to vars.disk_exclude_type (Services → Service Templates, which is the -X option) and all the errors went away. Hope this helps someone down the line but perhaps this should be documented somewhere?
TODO
- [ ] ITL: extra arg just for Nagios plugins
Forget this, both vendors support both -x and -X.
vars.disks["disk /"] = { disk_partitions = "/" vars.disk_ignore_eregi_path = [ "/run" ] vars.disk_exclude_type = ["overlay","tmpfs","nsfs","sysfs","shm","debugfs","tracefs","nfs"] vars.disk_ignore_ereg_path = ["/run/0/doc"] vars.disk_partitions_excluded = ["/run","/run/0/doc", "/run/user/0/doc"]
}
Hi, is this a copy-paste error? Otherwise this is not doing what you might be expecting. Unless it is a copy-paste error, then there is no way for the check command to know about the ignored file systems. You can see the resulting host vars structure via the Icinga 2 API:
...
"type": "Host",
"vars": {
"disks": {
"disk /": {
"disk_partitions": "/",
"vars": {
"disk_exclude_type": [
"overlay",
"tmpfs",
"nsfs",
"sysfs",
"shm",
"debugfs",
"tracefs",
"nfs"
],
"disk_ignore_ereg_path": [
"/run/0/doc"
],
"disk_ignore_eregi_path": [
"/run"
],
"disk_partitions_excluded": [
"/run",
"/run/0/doc",
"/run/user/0/doc"
]
}
}
},
...
You have to change your configs to:
vars.disks["disk /"] = {
disk_partitions = "/"
disk_ignore_eregi_path = [ "/run" ]
disk_exclude_type = ["overlay","tmpfs","nsfs","sysfs","shm","debugfs","tracefs","nfs"]
disk_ignore_ereg_path = ["/run/0/doc"]
disk_partitions_excluded = ["/run","/run/0/doc", "/run/user/0/doc"]
}
