Icinga Director and disk checks for fuse mountpoints

Posted by ads' corner on Saturday, 2021-11-27
Posted in [Linux][Online][Software]

When I rolled out my new Icinga2 installation, and added disk checks for all laptops, I ran into a small problem: there is a fuse mountpoint for logged in users which only the user can read. Apparently it has something to do with Flatpack.

1
2

cat /proc/mounts | grep doc
/dev/fuse /run/user/1000/doc fuse rw,nosuid,nodev,relatime,user_id=1000,group_id=1000 0 0

By default, the Icinga2 ITL has a number of file system types excluded for the check_disk check, even some special fuse types, but plain fuse` is not among them. Kind of makes sense, a fuse mountpoint can be anything, and you don’t want to exclude all of them by default.

This results in the following error message when the check is rolled out on our laptops:

1
2

Plugin Output
DISK CRITICAL - /run/user/1000/doc is not accessible: Permission denied

Fortunately the fix is rather easy:

Data Field

First this needs a custom data field.

Icinga Director -> Define Data Fields

Create a field with the name disk_exclude_type, and data type Array.

Service Template

Then create a new service template.

Icinga Director -> Services -> Service Templates

I named mine Disk, and the check command is disk. After saving the template, add an extra field under Fields: disk_exclude_type. Save again, go back to Service and fill in the types you want to exclude. By default that is:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18

vars.disk_exclude_type = [
        "none",
        "tmpfs",
        "sysfs",
        "proc",
        "configfs",
        "devtmpfs",
        "devfs",
        "mtmfs",
        "tracefs",
        "cgroup",
        "fuse.gvfsd-fuse",
        "fuse.gvfs-fuse-daemon",
        "fdescfs",
        "overlay",
        "nsfs",
        "squashfs"
    ]

In my case I added fuse and fuse.portal, and the list is now:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20

vars.disk_exclude_type = [
        "none",
        "tmpfs",
        "sysfs",
        "proc",
        "configfs",
        "devtmpfs",
        "devfs",
        "mtmfs",
        "tracefs",
        "cgroup",
        "fuse.gvfsd-fuse",
        "fuse.gvfs-fuse-daemon",
        "fdescfs",
        "overlay",
        "nsfs",
        "squashfs",
        "fuse",
        "fuse.portal"
    ]

Store everything again, and start using the Service Template in your checks. The errors should go away once the check runs for the first time.

Categories: [Linux] [Online] [Software]
Tags: [Fuse] [Icinga2] [Icinga2-Director] [Monitoring]

Andreas 'ads' Scherbaum

Friends