Linuxfabrik
diff --git a/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎check-plugins/docker-info/README.md‎
Lines changed: 19 additions & 9 deletions b/‎check-plugins/docker-info/README.md‎
Lines changed: 19 additions & 9 deletions
diff --git a/‎check-plugins/docker-info/docker-info‎
Lines changed: 42 additions & 7 deletions b/‎check-plugins/docker-info/docker-info‎
Lines changed: 42 additions & 7 deletions
diff --git a/‎check-plugins/docker-info/icingaweb2-module-director/docker-info.json‎
Lines changed: 22 additions & 1 deletion b/‎check-plugins/docker-info/icingaweb2-module-director/docker-info.json‎
Lines changed: 22 additions & 1 deletion
diff --git a/‎check-plugins/docker-info/unit-test/run‎
Lines changed: 75 additions & 8 deletions b/‎check-plugins/docker-info/unit-test/run‎
Lines changed: 75 additions & 8 deletions
diff --git a/‎…ns/docker-info/unit-test/stderr/STDERR01‎ ‎…unit-test/stderr/two-warnings-two-errors‎check-plugins/docker-info/unit-test/stderr/STDERR01 renamed to check-plugins/docker-info/unit-test/stderr/two-warnings-two-errors b/‎…ns/docker-info/unit-test/stderr/STDERR01‎ ‎…unit-test/stderr/two-warnings-two-errors‎check-plugins/docker-info/unit-test/stderr/STDERR01 renamed to check-plugins/docker-info/unit-test/stderr/two-warnings-two-errors
diff --git a/‎…info/unit-test/stdout/server-with-errors‎ ‎…test/stdout/seven-containers-mixed-state‎check-plugins/docker-info/unit-test/stdout/server-with-errors renamed to check-plugins/docker-info/unit-test/stdout/seven-containers-mixed-state b/‎…info/unit-test/stdout/server-with-errors‎ ‎…test/stdout/seven-containers-mixed-state‎check-plugins/docker-info/unit-test/stdout/server-with-errors renamed to check-plugins/docker-info/unit-test/stdout/seven-containers-mixed-state
diff --git a/‎check-plugins/podman-info/README.md‎
Lines changed: 19 additions & 8 deletions b/‎check-plugins/podman-info/README.md‎
Lines changed: 19 additions & 8 deletions
diff --git a/‎check-plugins/podman-info/icingaweb2-module-director/podman-info.json‎
Lines changed: 22 additions & 1 deletion b/‎check-plugins/podman-info/icingaweb2-module-director/podman-info.json‎
Lines changed: 22 additions & 1 deletion
@@ -35,6 +35,7 @@ Monitoring Plugins:
 * by-winrm: executes commands on remote Windows hosts by WinRM, supporting JEA (including the JEA endpoint via `--winrm-configuration-name`)
 * infomaniak-swiss-backup-devices: add `--ignore-customer`, `--ignore-name`, `--ignore-tag`, `--ignore-user` parameters to skip devices by regex
 * infomaniak-swiss-backup-products: add `--ignore-customer`, `--ignore-tag` parameters to skip products by regex
+* docker-info, podman-info: add `--ignore` parameter to filter stderr warnings and errors by regex, e.g. to suppress the `WARNING: No swap limit support` message from `docker info` on kernels without swap accounting, or the `WARNING: bridge-nf-call-iptables is disabled` message on Debian hosts that do not load the `br_netfilter` module. Accepts a Python regex, is case-sensitive by default (use `(?i)` for case-insensitive matching) and can be specified multiple times. The same treatment was applied to both plugins because they share the same stderr-parsing code path ([#834](https://github.com/Linuxfabrik/monitoring-plugins/issues/834))
 * haproxy-status: add `--ignore` parameter to filter out proxies, frontends, backends or servers by regex on the combined `<proxy>/<svname>` identifier, e.g. to skip an on-demand certbot backend that is only UP during cert renewal ([#835](https://github.com/Linuxfabrik/monitoring-plugins/issues/835))
 * ipmi-sel: add `--ignore` parameter to filter out SEL entries by regex, e.g. auto-generated "Log area reset/cleared" entries after `ipmitool sel clear` ([#982](https://github.com/Linuxfabrik/monitoring-plugins/issues/982))
 * json-values: add `--token` and `--header` parameters for HTTP bearer-token and custom header authentication when fetching JSON from protected endpoints, add `--warning-key` / `--warning` and `--critical-key` / `--critical` to alert on a numeric value at a specific JSON key (with Nagios range syntax), and support dot-notation for nested keys in all `--*-key` parameters (e.g. `--state-key=meta.state`) ([#1005](https://github.com/Linuxfabrik/monitoring-plugins/issues/1005))
 
@@ -26,20 +26,30 @@ Displays system-wide Docker information including container counts (running, pau
 ## Help
 
 ```text
-usage: docker-info [-h] [-V] [--always-ok] [--test TEST]
+usage: docker-info [-h] [-V] [--always-ok] [--ignore IGNORE] [--test TEST]
 
 Displays system-wide Docker information including container counts (running,
 paused, stopped), image count, storage and logging driver, Docker version,
-available CPUs, and total memory. Also monitors the Docker daemon for warnings
-or errors. For Podman, use the podman-info check instead. Requires root or
-sudo.
+available CPUs, and total memory. Also monitors the Docker daemon stderr for
+warnings and errors. Individual stderr lines can be filtered out with --ignore
+(e.g. the "WARNING: No swap limit support" message on hosts where the kernel
+does not expose swap accounting). For Podman, use the podman-info check
+instead. Requires root or sudo.
 
 options:
-  -h, --help     show this help message and exit
-  -V, --version  show program's version number and exit
-  --always-ok    Always returns OK.
-  --test TEST    For unit tests. Needs "path-to-stdout-file,path-to-stderr-
-                 file,expected-retc".
+  -h, --help       show this help message and exit
+  -V, --version    show program's version number and exit
+  --always-ok      Always returns OK.
+  --ignore IGNORE  Ignore stderr lines matching this Python regular
+                   expression. Case-sensitive by default; use `(?i)` for case-
+                   insensitive matching. Can be specified multiple times.
+                   Example: `--ignore="No swap limit support"` to suppress the
+                   Docker warning on kernels without swap accounting. Example:
+                   `--ignore="(?i)bridge-nf-call"` (case-insensitive) to
+                   suppress both `bridge-nf-call-iptables` and `bridge-nf-
+                   call-ip6tables` warnings on Debian hosts. Default: None
+  --test TEST      For unit tests. Needs "path-to-stdout-file,path-to-stderr-
+                   file,expected-retc".
 ```
 
 
 
@@ -11,6 +11,7 @@
 """See the check's README for more details."""
 
 import argparse
+import re
 import sys
 
 import lib.args
@@ -21,12 +22,14 @@ import lib.shell
 from lib.globals import STATE_CRIT, STATE_OK, STATE_UNKNOWN, STATE_WARN
 
 __author__ = 'Linuxfabrik GmbH, Zurich/Switzerland'
-__version__ = '2026040802'
-
-DESCRIPTION = """Displays system-wide Docker information including container counts (running, paused,
-stopped), image count, storage and logging driver, Docker version, available CPUs,
-and total memory. Also monitors the Docker daemon for warnings or errors. For Podman,
-use the podman-info check instead.
+__version__ = '2026041404'
+
+DESCRIPTION = """Displays system-wide Docker information including container counts (running,
+paused, stopped), image count, storage and logging driver, Docker version, available
+CPUs, and total memory. Also monitors the Docker daemon stderr for warnings and errors.
+Individual stderr lines can be filtered out with --ignore (e.g. the "WARNING: No swap
+limit support" message on hosts where the kernel does not expose swap accounting). For
+Podman, use the podman-info check instead.
 Requires root or sudo."""
 
 
@@ -49,6 +52,22 @@ def parse_args():
         default=False,
     )
 
+    parser.add_argument(
+        '--ignore',
+        help='Ignore stderr lines matching this Python regular expression. '
+        'Case-sensitive by default; use `(?i)` for case-insensitive matching. '
+        'Can be specified multiple times. '
+        'Example: `--ignore="No swap limit support"` to suppress the Docker '
+        'warning on kernels without swap accounting. '
+        'Example: `--ignore="(?i)bridge-nf-call"` (case-insensitive) to '
+        'suppress both `bridge-nf-call-iptables` and `bridge-nf-call-ip6tables` '
+        'warnings on Debian hosts. '
+        'Default: %(default)s',
+        dest='IGNORE',
+        action='append',
+        default=None,
+    )
+
     parser.add_argument(
         '--test',
         help=lib.args.help('--test'),
@@ -69,6 +88,17 @@ def main():
     except SystemExit:
         sys.exit(STATE_UNKNOWN)
 
+    if args.IGNORE is None:
+        args.IGNORE = []
+
+    # compile ignore patterns (case-sensitive by default, matching the
+    # lib.args convention for --match / --ignore-regex; the user can
+    # opt into case-insensitive matching with the inline `(?i)` flag).
+    try:
+        ignore_patterns = [re.compile(p) for p in args.IGNORE]
+    except re.error as e:
+        lib.base.cu(f'Invalid regular expression: {e}')
+
     # fetch data
     if args.TEST is None:
         stdout, stderr, retc = lib.base.coe(
@@ -120,8 +150,13 @@ def main():
         if ' server version: ' in lcrow:
             ver = lcrow.replace('server version: ', '').strip()
 
-    # check stderr for warnings and errors
+    # check stderr for warnings and errors, skipping lines matched by
+    # --ignore (#834: let admins suppress boilerplate docker warnings
+    # like "WARNING: No swap limit support" that cannot be silenced in
+    # the daemon config).
     for row in stderr.strip().split('\n'):
+        if any(pattern.search(row) for pattern in ignore_patterns):
+            continue
         lcrow = row.lower()
         if 'warning: ' in lcrow:
             warn += f'{row}, '
 
@@ -4,6 +4,10 @@
             "arguments": {
                 "--always-ok": {
                     "set_if": "$docker_info_always_ok$"
+                },
+                "--ignore": {
+                    "value": "$docker_info_ignore$",
+                    "repeat_key": true
                 }
             },
             "command": "/usr/bin/sudo /usr/lib64/nagios/plugins/docker-info",
@@ -13,6 +17,11 @@
                     "datafield_id": 1,
                     "is_required": "n",
                     "var_filter": null
+                },
+                {
+                    "datafield_id": 2,
+                    "is_required": "n",
+                    "var_filter": null
                 }
             ],
             "imports": [],
@@ -67,7 +76,8 @@
             "use_var_overrides": null,
             "vars": {
                 "criticality": "C",
-                "docker_info_always_ok": false
+                "docker_info_always_ok": false,
+                "docker_info_ignore": []
             },
             "volatile": null,
             "zone": null,
@@ -83,6 +93,17 @@
             "format": null,
             "settings": {},
             "uuid": "cc716b85-a077-4f0c-803e-c4eaa2826bd4"
+        },
+        "2": {
+            "varname": "docker_info_ignore",
+            "caption": "Docker Info: Ignore",
+            "description": "Ignore stderr lines matching this Python regular expression. Case-sensitive by default; use `(?i)` for case-insensitive matching. Can be specified multiple times.",
+            "datatype": "Icinga\\Module\\Director\\DataType\\DataTypeArray",
+            "format": null,
+            "settings": {
+                "visibility": "visible"
+            },
+            "uuid": "fcf4f50c-864d-43d5-b8a2-93bbc400c4ed"
         }
     }
 }
@@ -15,21 +15,88 @@ sys.path.insert(0, '..')
 import unittest
 
 import lib.lftest
-from lib.globals import STATE_CRIT
+from lib.globals import STATE_CRIT, STATE_OK, STATE_UNKNOWN, STATE_WARN
 
+# docker-info and podman-info share the same stderr-parsing code path
+# and the same --ignore handling (#834, #1068). The two test suites are
+# kept structurally identical: same test ids, same scenarios, same
+# assertions. Only the stdout fixture and the `check` attribute differ.
+# The stderr/two-warnings-two-errors fixture exists under both plugin
+# trees with the same name and the same 2W+2E shape, so the state
+# transitions and the --ignore variants map 1:1 between the two suites.
+# The exact warning/error strings are daemon-specific (bridge-nf-call
+# for docker, cgroup v1 for podman) because they reflect real stderr
+# output admins would see in production.
 TESTS = [
     {
-        'id': 'crit-server-with-errors',
-        'test': 'stdout/server-with-errors,stderr/STDERR01,0',
+        'id': 'ok-no-stderr',
+        'test': 'stdout/seven-containers-mixed-state,,0',
+        'assert-retc': STATE_OK,
+        'assert-in': [
+            '7 Containers (2 running, 0 paused, 5 stopped)',
+            '5 Images',
+            'Storage Driver: overlay2',
+        ],
+    },
+    {
+        'id': 'crit-stderr-warnings-and-errors',
+        'test': 'stdout/seven-containers-mixed-state,stderr/two-warnings-two-errors,0',
         'assert-retc': STATE_CRIT,
         'assert-in': [
-            'ERROR: an error happened, ERROR: invalid empty security option, '
-            'WARNING: bridge-nf-call-iptables is disabled, '
-            'WARNING: bridge-nf-call-ip6tables is disabled',
-            '7 Containers (2 running, 0 paused, 5 stopped), '
-            '5 Images, Storage Driver: overlay2',
+            'ERROR: an error happened',
+            'ERROR: invalid empty security option',
+            'WARNING: bridge-nf-call-iptables',
+            'WARNING: bridge-nf-call-ip6tables',
+            '7 Containers (2 running, 0 paused, 5 stopped)',
         ],
     },
+    {
+        'id': 'crit-ignore-warnings-only',
+        'test': 'stdout/seven-containers-mixed-state,stderr/two-warnings-two-errors,0',
+        # Filter out both WARNINGs; the two ERRORs remain and still
+        # drive the overall state to CRIT.
+        'params': "--ignore='^WARNING:'",
+        'assert-retc': STATE_CRIT,
+        'assert-in': ['ERROR: an error happened'],
+        'assert-not-in': ['WARNING:'],
+    },
+    {
+        'id': 'ok-ignore-all-stderr',
+        'test': 'stdout/seven-containers-mixed-state,stderr/two-warnings-two-errors,0',
+        'params': "--ignore='^WARNING:' --ignore='^ERROR:'",
+        'assert-retc': STATE_OK,
+        'assert-in': ['7 Containers'],
+        'assert-not-in': ['WARNING:', 'ERROR:'],
+    },
+    {
+        'id': 'crit-ignore-case-sensitive-default',
+        'test': 'stdout/seven-containers-mixed-state,stderr/two-warnings-two-errors,0',
+        # Uppercase pattern must NOT match a mixed-case stderr line:
+        # the regex default is case-sensitive, so the ignore is a
+        # no-op and the check stays CRIT.
+        'params': "--ignore='BRIDGE-NF-CALL'",
+        'assert-retc': STATE_CRIT,
+        'assert-in': ['WARNING: bridge-nf-call-iptables'],
+    },
+    {
+        'id': 'warn-ignore-errors-case-insensitive-opt-in',
+        'test': 'stdout/seven-containers-mixed-state,stderr/two-warnings-two-errors,0',
+        # Opt into case-insensitive matching with `(?i)`: matches
+        # `ERROR:` even though the pattern is lowercased. After
+        # hiding the errors only the warnings remain, so the state
+        # drops from CRIT to WARN.
+        'params': "--ignore='(?i)^error:'",
+        'assert-retc': STATE_WARN,
+        'assert-in': ['WARNING: bridge-nf-call-iptables'],
+        'assert-not-in': ['ERROR:'],
+    },
+    {
+        'id': 'unknown-ignore-invalid-regex',
+        'test': 'stdout/seven-containers-mixed-state,stderr/two-warnings-two-errors,0',
+        'params': "--ignore='('",
+        'assert-retc': STATE_UNKNOWN,
+        'assert-in': ['Invalid regular expression'],
+    },
 ]
 
 
 
@@ -30,18 +30,29 @@ Displays system-wide Podman information including container counts, image count,
 ## Help
 
 ```text
-usage: podman-info [-h] [-V] [--always-ok] [--test TEST]
+usage: podman-info [-h] [-V] [--always-ok] [--ignore IGNORE] [--test TEST]
 
 Displays system-wide Podman information including container counts, image
-count, storage driver, runtime version, available CPUs, and total memory. For
-Docker, use the docker-info check instead. Requires root or sudo.
+count, storage driver, runtime version, available CPUs, and total memory. Also
+monitors the Podman daemon stderr for warnings and errors. Individual stderr
+lines can be filtered out with --ignore (e.g. benign cgroup warnings on
+rootless hosts). For Docker, use the docker-info check instead. Requires root
+or sudo.
 
 options:
-  -h, --help     show this help message and exit
-  -V, --version  show program's version number and exit
-  --always-ok    Always returns OK.
-  --test TEST    For unit tests. Needs "path-to-stdout-file,path-to-stderr-
-                 file,expected-retc".
+  -h, --help       show this help message and exit
+  -V, --version    show program's version number and exit
+  --always-ok      Always returns OK.
+  --ignore IGNORE  Ignore stderr lines matching this Python regular
+                   expression. Case-sensitive by default; use `(?i)` for case-
+                   insensitive matching. Can be specified multiple times.
+                   Example: `--ignore="cgroup v1"` to suppress a benign
+                   cgroup-version warning on hosts that have not yet migrated
+                   to cgroup v2. Example: `--ignore="(?i)rootless"` (case-
+                   insensitive) to suppress any rootless-related informational
+                   warning. Default: None
+  --test TEST      For unit tests. Needs "path-to-stdout-file,path-to-stderr-
+                   file,expected-retc".
 ```
 
 
 
@@ -4,6 +4,10 @@
             "arguments": {
                 "--always-ok": {
                     "set_if": "$podman_info_always_ok$"
+                },
+                "--ignore": {
+                    "value": "$podman_info_ignore$",
+                    "repeat_key": true
                 }
             },
             "command": "/usr/bin/sudo /usr/lib64/nagios/plugins/podman-info",
@@ -13,6 +17,11 @@
                     "datafield_id": 1,
                     "is_required": "n",
                     "var_filter": null
+                },
+                {
+                    "datafield_id": 2,
+                    "is_required": "n",
+                    "var_filter": null
                 }
             ],
             "imports": [],
@@ -67,7 +76,8 @@
             "use_var_overrides": null,
             "vars": {
                 "criticality": "C",
-                "podman_info_always_ok": false
+                "podman_info_always_ok": false,
+                "podman_info_ignore": []
             },
             "volatile": null,
             "zone": null,
@@ -83,6 +93,17 @@
             "format": null,
             "settings": {},
             "uuid": "bab2f8e7-6496-4b71-8f2c-06eb6840b6b0"
+        },
+        "2": {
+            "varname": "podman_info_ignore",
+            "caption": "Podman Info: Ignore",
+            "description": "Ignore stderr lines matching this Python regular expression. Case-sensitive by default; use `(?i)` for case-insensitive matching. Can be specified multiple times.",
+            "datatype": "Icinga\\Module\\Director\\DataType\\DataTypeArray",
+            "format": null,
+            "settings": {
+                "visibility": "visible"
+            },
+            "uuid": "96a363d6-0b4a-4fd0-b521-48310425c78e"
         }
     }
 }