This update will fix the plugin on Leap 15.3.
Without it, the plugin will not be able to run, as the old apparmor
profile denies to use /usr/bin/iostat.

=> Please eather consider to take it before official release - or we
need to start the maintenance update request directly (which is
much more effort).

Thanks!
Lars

old: openSUSE:Leap:15.3/monitoring-plugins-sar-perf
new: server:monitoring/monitoring-plugins-sar-perf rev e763e98262087c567bc6e025cfa1e38e
Index: check_iostat
===================================================================
--- check_iostat (revision 1)
+++ check_iostat (revision e763e98262087c567bc6e025cfa1e38e)
@@ -71,14 +71,36 @@
my ($warn_tps,$warn_read,$warn_written) = split(',',$warning);

# Checking parameters:
+if (-d "$disk") {
+ # directory specified ...
+ my $mp = `stat --format '\%m' $disk`;
+ chomp($mp);
+ my $fstype = `stat --file-system --format '\%T' $mp`;
+ chomp($fstype);
+ if ($fstype eq "tmpfs") {
+ print "OK - $disk (mountpoint $mp is tmpfs)\n";
+ exit 0;
+ }
+ open(MOUNTS,"/proc/mounts");
+ while() {
+ chomp($_);
+ my @line = split('\s+',$_);
+ $disk = $line[0] if $mp eq $line[1];
+ }
+ close(MOUNTS);
+}
+
+$disk =~ s/^\/dev\/mapper\///;
+$disk =~ s/^\/dev\///;
+
if (! -b "/dev/$disk") {
if (-b "/dev/mapper/$disk") {
my @f = stat("/dev/mapper/$disk");
- $f[6] %= 256;
- $disk = "dm-$f[6]";
+ $f[6] %= 256;
+ $disk = "dm-$f[6]";
} else {
- warn "ERROR: Device incorrectly specified\n";
- HELP_MESSAGE();
+ warn "ERROR: Device incorrectly specified\n";
+ HELP_MESSAGE();
}
}

@@ -122,7 +144,7 @@
$iowait = $stats[4];
next;
}
- if (/^Device:/) {
+ if (/^Device/) {
my @hdrs = split('\s+', $_);
my ($search_rps) = grep { $hdrs[$_] eq "r/s" } 0..$#hdrs;
$field_rps = $search_rps if $search_rps;
@@ -149,38 +171,47 @@

my $msg = "OK";
my $status = 0;
+my %reasons;

# Comparing the result and setting the correct level:
if ($tps >= $warn_tps || $kbread >= $warn_read || $kbwritten >= $warn_written) {
$msg = "WARNING";
+ $reasons{'throughput'} = 1;
$status = 1;
}

if ($warn_iowait && $iowait >= $warn_iowait) {
$msg = "WARNING";
+ $reasons{'iowait'} = 1;
$status = 1;
}

if ($warn_util && $util >= $warn_util) {
$msg = "WARNING";
+ $reasons{'util'} = 1;
$status = 1;
}

if ($tps >= $crit_tps || $kbread >= $crit_read || $kbwritten >= $crit_written) {
$msg = "CRITICAL";
+ $reasons{'throughput'} = 2;
$status = 2;
}

if ($crit_iowait && $iowait >= $crit_iowait) {
$msg = "CRITICAL";
+ $reasons{'iowait'} = 2;
$status = 2;
}

if ($crit_util && $util >= $crit_util) {
$msg = "CRITICAL";
+ $reasons{'util'} = 2;
$status = 2;
}

+$msg .= " (".join(",",keys(%reasons)).")" if $status != 0;
+
my $p_tps = $tps;
if ($warn_tps) {
$p_tps .= ";$warn_tps";
Index: monitoring-plugins-sar-perf.changes
===================================================================
--- monitoring-plugins-sar-perf.changes (revision 1)
+++ monitoring-plugins-sar-perf.changes (revision e763e98262087c567bc6e025cfa1e38e)
@@ -1,4 +1,66 @@
-------------------------------------------------------------------
+Thu Apr 22 12:25:03 UTC 2021 - Lars Vogdt
+
+- include abstractions/bash in apparmor profile - otherwise
+ the 'which iostat' command fails
+- reload the apparmor profile in postun to make the changes effective
+
+-------------------------------------------------------------------
+Tue Jul 28 14:03:05 CEST 2020 - ro@suse.de
+
+- update apparmor profile again to allow reading
+ /sys/devices/**/stat
+
+-------------------------------------------------------------------
+Tue Jul 07 15:29:46 UTC 2020 - lars@linux-schulserver.de
+
+- update AppArmor profiles to include a comment why the check
+ needs to read nsswitch.conf and passwd
+
+-------------------------------------------------------------------
+Sun May 31 13:31:20 UTC 2020 - Christian Boltz
+
+- update AppArmor profile to allow reading /etc/nsswitch.conf and /etc/passwd
+
+-------------------------------------------------------------------
+Fri Mar 13 00:42:48 CET 2020 - ro@suse.de
+
+- update apparmor profile usr.lib.nagios.plugins.check_iostat
+ to allow reading / and /proc/$pid/mountinfo
+
+-------------------------------------------------------------------
+Fri Feb 28 15:41:17 CET 2020 - ro@suse.de
+
+- check_iostat: add reasons why state is warning or critical
+ to the output
+
+-------------------------------------------------------------------
+Wed Dec 11 18:10:48 CET 2019 - ro@suse.de
+
+- check_iostat: sanitize dev name to properly match iostat output
+
+-------------------------------------------------------------------
+Thu Dec 5 16:34:19 CET 2019 - ro@suse.de
+
+- check_iostat: exit with OK if running on tmpfs
+- check_iostat: fix apparmor profile to allow stat call
+
+-------------------------------------------------------------------
+Thu Dec 5 14:40:38 CET 2019 - ro@suse.de
+
+- check_iostat: allow to just specify a directory
+
+-------------------------------------------------------------------
+Sun Apr 14 16:06:32 UTC 2019 - Christian Boltz
+
+- update AppArmor profile for usrMerge (bash) (boo#1132350)
+
+-------------------------------------------------------------------
+Tue Apr 10 11:08:51 CEST 2018 - ro@suse.de
+
+- check_iostat: fix to work with iostat on sle15
+
+-------------------------------------------------------------------
Wed Nov 15 12:52:11 CET 2017 - ro@suse.de

- check_iostat: get field numbers from iostat dynamically
Index: monitoring-plugins-sar-perf.spec
===================================================================
--- monitoring-plugins-sar-perf.spec (revision 1)
+++ monitoring-plugins-sar-perf.spec (revision e763e98262087c567bc6e025cfa1e38e)
@@ -1,7 +1,7 @@
#
# spec file for package monitoring-plugins-sar-perf
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#


@@ -22,7 +22,7 @@
Group: System/Monitoring
Version: 0.1
Release: 0
-Url: https://github.com/nickanderson/check-sar-perf
+URL: https://github.com/nickanderson/check-sar-perf
Source0: nickanderson-check-sar-perf-4878d0c.tar.gz
Source1: check_iostat
Source2: usr.lib.nagios.plugins.check_iostat
@@ -66,6 +66,17 @@
install -m755 %{SOURCE1} %{buildroot}/%{nagios_plugindir}/check_iostat
install -Dm0644 %{SOURCE2} %{buildroot}/%{_sysconfdir}/apparmor.d/usr.lib.nagios.plugins.check_iostat

+%postun
+if [ "$YAST_IS_RUNNING" != "instsys" ]; then
+ if [ -x /sbin/apparmor_parser ]; then
+ if /usr/bin/systemctl is-active --quiet apparmor.service; then
+ /sbin/apparmor_parser -r -T -W %{_sysconfdir}/apparmor.d/usr.lib.nagios.plugins.check_iostat &> /dev/null || :
+ fi
+ else
+ echo "Could not reload the Apparmor profile: /sbin/apparmor_parser is missing or not executable."
+ fi
+fi
+
%clean
rm -rf %{buildroot}

Index: usr.lib.nagios.plugins.check_iostat
===================================================================
--- usr.lib.nagios.plugins.check_iostat (revision 1)
+++ usr.lib.nagios.plugins.check_iostat (revision e763e98262087c567bc6e025cfa1e38e)
@@ -1,15 +1,25 @@
#include
/usr/lib/nagios/plugins/check_iostat {
#include
+ #include
#include
#include
/usr/bin/iostat rix,
- /bin/bash rix,
+ /{usr/,}bin/bash rix,
+ /{usr/,}bin/stat rix,
/usr/bin/which rix,
/sys/devices/system/cpu/ r,
+ /sys/devices/**/stat r,
/proc/meminfo r,
+ @{PROC}/[0-9]*/mounts r,
+ @{PROC}/[0-9]*/mountinfo r,
/proc/diskstats r,
/proc/uptime r,
+ / r,
/etc/sysstat/sysstat.ioconf r,
+ # once the service tries to lookup which user is
+ # invoking the programm, it needs access to the
+ # following files
+ /etc/nsswitch.conf r,
+ /etc/passwd r,
}
-