Thanks for supplying the Icinga2 conf files. Unfortunately, I've spotted your files just a few moments after typing the config by myself... 😉

In my config, there's a (very rudimentary) VM check. Maybe adding that part to your conf file would help other people?

object Host "..." {
  import "proxmox-host"

  vars.virtual_machines["icinga-alt"] = {
  }
  ...
}

apply Service "pve-vm " for (vm => config in host.vars.virtual_machines) {
  import "pve-service"

  vars.pve_mode = "vm"
  vars.pve_resource_name = vm

  assign where host.vars.pve_host
}

Kind regards,
Bernd

Check for VM status should check if the VM is running on the specified node name, if one is supplied.

Possible check results:

OK:
VM is running on the specified node

WARNING:
VM is running on another node

CRITICAL:
VM is not running.

If you add a warning threshold of 60 days (-w60) and a critical threshold of 30 days (-c30) you'll get the following error:
check_pve.py: error: Critical value must be greater than warning value

There are some issues regarding performance data and units, in particular MB is used with 2^20 as conversion factor, which is wrong (in terms of SI units), the correct unit for this conversion factor would be MiB. If MB is kept, the correct factor of 10^6 should be used.

Performance data currently is technically wrong for the same reason. However, consumers treat MB differently, e.g. Icinga before version 2.13.0 treats MB like MiB, using 2^20 as conversion factor, so it kinda works despite being not really correct. Icinga since version 2.13.0 learned about new units and should now treat them correctly, so MiB could be used, but there are probably other consumers that can't handle MiB. (Also Icingaweb2 seems to do it's own unit/conversion handling and currently messes things up as well.) So the best solution regarding performance data might be to not emit a scaled unit but just bytes with B.

Sorry i didn't saw last commit

Traceback (most recent call last):
File "/home/nagios/check_pve/check_pve.py", line 819, in
pve.check()
File "/home/nagios/check_pve/check_pve.py", line 678, in check
self.check_vm_status(idx, only_status=only_status)
File "/home/nagios/check_pve/check_pve.py", line 208, in check_vm_status
if vm['name'] == idx or vm['vmid'] == idx:
~~^^^^^^^^
KeyError: 'name'

Line 208
Change:
if vm['name'] == idx or vm['vmid'] == idx:
By:
if ('name' in vm and vm['name'] == idx) or ('vmid' in vm and vm['vmid'] == idx):

Thanks for this good code!!!

For the ceph health check it would be nice to see, which checks are failing. Just as an starting idea, locally I hacked in the following lines at the end of the check_ceph_health function (but my python knowledge is rather limited):

        messages = ", ".join(v['summary']['message'] for k, v in ceph_health.get('checks', {}).items())
        if len(messages) > 0:
            self.check_message += ": " + messages

(Technically it would probably be better to put these details in separate lines.)

Hi,
I just set up my first two proxmox nodes in a cluster and want to monitor health.

When I do the first tests I get the error above.

/check_pve.py -u monitoring -p ------- -e target -m version -V 5.0.0
UNKNOWN - Could not connect to PVE API: Certificate validation failed

passwordless ssh connect between the two nodes is possible, both have the same software level.

root@xen5:/# ssh xen4 uname -a
Linux xen4 4.15.18-18-pve #1 SMP PVE 4.15.18-44 (Wed, 03 Jul 2019 11:19:13 +0200) x86_64 GNU/
Any hint on hotwo proceed ?

Regards
Joachim

Should be possible to specify an VM by it's id and not only by it's name.

I would like to monitor disk usage for vm and lxc. I did not find a way to monitor disk usage of a vm/lxc with the current implementation. Please guide me in the right direction if I simply missed that functionality while reading through documentation/code.

My first thought was to implement this by adding additional performance data for the disk to check_vm_status(). I am unsure if this should be guarded by an additional parameter, as it would extend the monitoring for current users and might lead to unexpected check results.

Let me know what you think about this. I would gladly create a PR.

Hi, in the service.conf sample file there are some lines

pve_unit = "%"

But there's no reference to pve_unit in the command.conf file. Should this be related to the -M switch?

Kind regards,
Bernd

Hi Nicolai,

• small typo in README (missing "r")
  pveum user token add monitoing@pve monitoring

• is "Sys.Modify" really needed ... if yes, why?
  pveum roleadd Monitoring
  pveum rolemod Monitoring --privs Sys.Modify,VM.Monitor,Sys.Audit,Datastore.Audit,VM.Audit

Thanx!

Hi,
I just noticed that a VM is running high on memory but the check says it's ok.

check_pve.py --vmid X -e X -k -m vm -n X -p X -u X -w 50 -c 60
OK - VM 'X' on node 'X' is running|cpu=3.87%;50.0;60.0 memory=94.5%;50.0;60.0

Might it be possible to differentiate between CPU and memory warning levels?

I followed the documentation to create a role, a user nagios@pam, a password and a an API token.
When I try the following or similar:
./check_pve.py -u 'nagios@pam' -p "<pass>" -k -e 10.10.7.9:8006/api2/json/ -m version -V 8.0.0
Then I get the error:
UNKNOWN - Could not fetch data from API: Could not connection to PVE API: invalid username or password
The same when using the token.

The user nagios exists in the OS. I can ssh using nagios.
The user exists in the Proxmox GUI. Password was set per command line as described in the guide here as well as using the GUI. Same for the token. The role and privileges are visible in the GUI.
When I follow the PVE documentation by doing:

curl --silent --insecure --data "username=nagios@pam&password=<pass>"  https://10.10.7.9:8006/api2/json/access/ticket| jq --raw-output '.data.ticket' | sed 's/^/PVEAuthCookie=/' > cookie 
curl  --insecure --cookie "$(<cookie)" https://10.10.7.9:8006/api2/json/nodes/$TARGETNODE/status | jq '.'

I get the data and no error.
I suspect the error message of the script is misleading and there is another error underlying.

Steps to reproduce the behavior:

1. Follow the documentation here.
2. Try the example.

Expected behavior
Get an icinga compatible result.

Environment (please complete the following information):
Linux 6.2.16-14-pve
PVE 8.0.4
Python 3.11.2

I ran the following commands:

pveum roleadd Monitoring
pveum rolemod Monitoring --privs Sys.Modify,VM.Monitor,Sys.Audit,Datastore.Audit,VM.Audit
pveum useradd monitoring@pve --comment "The ICINGA 2 monitoring user"
pveum user token add monitoring@pve monitoring # there is a typo in the README.md, this is the correct version
pveum acl modify / --roles Monitoring --tokens 'monitoring@pve!monitoring'

But I can not access the API:

root@proxmox-sgp:~# ./check_pve.py -u monitoring@pve -t monitoring=5e3dd1bd-xxxx-xxxx-xxxx-xxxxxxxxxxxx -e localhost -m cluster -k
UNKNOWN - Could not fetch data from API: Access denied. Please check if API user has sufficient permissions / the role has been assigned.

Any idea what the problem could be?

I pulled the latest master and PVE is 7.0-11.

If the check command tries to fetch information for a storage, which doesn't exist, a http error message is shown. It should return a more clear message instead.

./check_pve.py -e pve-node -u monitor@pve -p DumpPassword -k --node pve01 -m storage --name invalidstoragename
UNKNOWN - Could not fetch data from API: HTTP error code was 400

Hi,
I just downloaded your current version of the script since I've spotted the backup check. Very nice!

When running on my system, I get an error:

root@icinga ~ # /usr/local/bin/check_pve-new-github.py -e xxx -m backup -n xxx -p xxx -u monitoring@pve -c 9186400
Traceback (most recent call last):
  File "/usr/local/bin/check_pve-new-github.py", line 1110, in <module>
    pve.check()
  File "/usr/local/bin/check_pve-new-github.py", line 875, in check
    self.check_vzdump_backup(self.options.name)
  File "/usr/local/bin/check_pve-new-github.py", line 680, in check_vzdump_backup
    now = datetime.now(datetime.UTC).timestamp()
AttributeError: type object 'datetime.datetime' has no attribute 'UTC'

Changing line 680 to:
now = datetime.utcnow().timestamp()

the script runs without error. For example:

WARNING - 21 backup tasks successful, 0 backup tasks failed within the last 9186400.0s
There are guests not covered by any backup schedule: 544 547 552 549 117 521 548 545 551 550

Maybe it's specific to my very old Ubuntu installation. But if anyone else faces this error, I'm happy to share my solution.

My system version:

root@icinga ~ # lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 20.04.4 LTS
Release:	20.04
Codename:	focal

Regards,
Bernd

I installed the module '' and the script.
I entered the service.conf into /etc/icinga2/conf.d/

After the import, the hosts are displayed with checks, but the VMs are not.
What do I have to configure so that the VMs get the checks?

Thanks

the check plugin should also monitor the ha group status under /cluster/ha/status

(see https://pve.proxmox.com/pve-docs/api-viewer/)

according to proxmox api viewer, the endpoint to check updates requires sys.modify permissions now. please update readme.md to make note of that

https://pve:8006/pve-docs/api-viewer/index.html#/nodes/{node}/apt/update

Hello --

I'd like to be able to configure which vm's should give back warning or critical statuses if not running - some vm's may be ran only sporadically for a reason. I'd like to track them using icinga and grafana, but I am not bothered if they're off. Any way to have a (per vm) variable to describe this?

Thanks

The check command should support more than one resource name parameter, to allow checks for more than one storage or vm per check execution.

I'm sure I'm doing something wrong, as I'm new to icinga2/nagios, but when I run '/usr/lib/nagios/plugins/check_pve.py -u monitoring@pve -p blablabla -k -e pve1.ncimfg.com -p 8006 -m '$anyCheck' I get 'UNKNOWN - Could not fetch data from API: Could not connection to PVE API: invalid username or password'

FYI, I have very little experience with python.
I had to change
from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
to
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

Before that change it would return nothing. So I may have something wrong, but I can curl and get a token using the username and password, then using the token, I can curl and get data from the API. So I'm sure the password is correct.

I have tried to print from inside def get_ticket(self): (not sure if you can do that in python), but I get nothing on the command line. I'm not sure if get_ticket is happening at all now.

Any help would be appreciated.

Do you have in agenda vzdump backup checks of VM/LXC?

Found some scripts in the other projects (as idea)
https://github.com/roland-gsell/check_proxmox_backups

Add support for disk health checks

A swap check should be easy to add, basically just copy&paste from the memory check. (Added a check_swap locally some months ago, works well so far.)

The overall scan for the backups is very neat since it has this "There are guests not covered by any backup schedule..." feature.
But in some circumstances i don't want to have all VMs backupped (for example if i use external software) and so i always get a "WARNING" in the check.

A Backup check for a single VM would be great.

When checking a container with the mode equal to "vm", please include also checking the used space in the root volume.

Having free space in the root volume is condition to be able to consider that the container is properly running.

Right now there's no event when the root volume becomes full.

As discussed in #10 there is no way to check the CPU threshold within the VM check. This should be possible.

Describe the bug
On the PVE there is a current "Proxmox VE Basic Subscription 1 CPU/year" license installed.
When reading out the subscription infos i only get "OK - ".

To Reproduce
used command:
check_pve.py -u <API_USER> -p <API_PASSWORD> -e <API_ENDPOINT> -m subscription -n node1 -w 50 -c 10

Expected behavior
Should get the license name and license period.

Environment (please complete the following information):

• Ubuntu 24.04
• Python 3.12.3
• PVE 8.2.2

Hi,

We tried to install your plugin. We use proxmox 7.0-11.
Here is our nrpe config

command[check_cpu_pve]=sudo /usr/lib/nagios/plugins/check_pve.py -u monitoring@pve -p <my_secret_pass> -e <api-endpoint> -m cpu -n <node>
command[check_memory_pve]=/usr/lib/nagios/plugins/check_pve.py -u monitoring@pve -p <my_secret_pass> -e <api-endpoint> -m memory -n <node>

When we execute commands in shell we have correct respond.
But when we execute command via nrpe we have this respond:

UNKNOWN - Could not fetch data from API: HTTP error code was 500

and this error in syslog

Sep 21 08:46:48 node-05-cloud pvedaemon[159490]: <root@pam> successful auth for user 'monitoring@pve'
Sep 21 08:46:48 node-05-cloud pveproxy[616954]: Use of uninitialized value $path in hash element at /usr/share/perl5/PVE/RPCEnvironment.pm line 123.
Sep 21 08:46:48 node-05-cloud pveproxy[616954]: Use of uninitialized value $path in string eq at /usr/share/perl5/PVE/AccessControl.pm line 1439.
Sep 21 08:46:48 node-05-cloud pveproxy[616954]: Use of uninitialized value $path in hash element at /usr/share/perl5/PVE/RPCEnvironment.pm line 59.
Sep 21 08:46:48 node-05-cloud pveproxy[616954]: Use of uninitialized value $path in hash element at /usr/share/perl5/PVE/RPCEnvironment.pm line 71.
Sep 21 08:46:48 node-05-cloud pveproxy[616954]: Use of uninitialized value $path in hash element at /usr/share/perl5/PVE/RPCEnvironment.pm line 88.

Could you help me to resolve this issue?