On annoyance I have had for a while is that my Proxmox Virtual Environment hosts report the running kernel does not match the on-disk kernel image in my icinga monitoring, due to a spurious () at the end of one of the version strings. I finally got around to fixing this today, by patching the check_running_kernel plugin (from the monitoring-plugins-contrib package on Debian) to strip off those empty parenthesis from the version retrieved from the disk image.

Although specific to the Proxmox kernels, I chose to apply the patch to everything in order to avoid having to either have the patch outside of my monitoring role or have to make my monitoring role selectively apply tasks based on what groups the hosts were in.

Firstly, I added patch to the list of packages the role installs so I can use ansible.posix.patch to apply the fix:

- name: Packages are installed (icinga2 itself and nagios plugins)
  become: yes
  ansible.builtin.package:
    name:
      - icinga2  # Same package provides client & server
      - monitoring-plugins
      - monitoring-plugins-contrib
      - xz-utils  # Required for check_running_kernel plugin
      - mokutil  # Required for my check_secure_boot plugin
      - patch  # Required to apply check_running_kernel patch, below
    state: present

Next, I moved my existing custom plugins into a subdirectory (which I called nagios-plugins) in the role’s files directory. Previously, these were the only files so I have put them at the top level. I then added this new prefix to the `ansible.builtin.fileglob lookup that ensures out all of my local plugins are deployed:

- name: Additional (locally created) Icinga plugins are deployed
  become: true
  ansible.builtin.copy:
    owner: root
    group: root
    mode: 0555
    src: "{{ item }}"
    dest: /usr/lib/nagios/plugins/{{ plugin_name }}
  loop: "{{ q('ansible.builtin.fileglob', 'nagios-plugins/check_*') }}"
  vars:
    # Strip extension off plugin name when deployed (just to help
    # distinguish different languages this side).
    plugin_name: "{{ item | ansible.builtin.basename | ansible.builtin.splitext | first }}"

Then I dropped the patch I had created into the files directory (I called it check_running_kernel.proxmox.patch) - please excuse the long line length and comment length, I followed the style of the rest of that script which has very long line:

--- /usr/lib/nagios/plugins/check_running_kernel	2025-04-20 22:08:25.000000000 +0100
+++ /usr/lib/nagios/plugins/check_running_kernel	2026-03-08 11:09:16.315946430 +0000
@@ -204,7 +204,8 @@
 			exit $UNKNOWN
 		fi
 		if [ "${on_disk/vmlinu}" != "$on_disk" ]; then
-			on_disk_version="`get_image_linux "$on_disk" | $STRINGS | grep 'Linux version' | tail -n1`"
+			# Local patch - Proxmox kernel images seem to have an empty parentheses at the end that is now showing in /proc/version. Added sed to stip this.
+			on_disk_version="`get_image_linux "$on_disk" | $STRINGS | grep 'Linux version' | tail -n1 | sed -e 's/ ()//'`"
 			if [ -x /usr/bin/lsb_release ] ; then
 				vendor=$(lsb_release -i -s)
 				if [ -n "$vendor" ] && [ "xDebian" != "x$vendor" ] ; then

Finally, I added the task to ensure the patch has been applied with Ansible’s patch module:

- name: check_running_kernel is patched to work with Proxmox kernels
  become: true
  ansible.posix.patch:
    dest: /usr/lib/nagios/plugins/check_running_kernel
    src: check_running_kernel.proxmox.patch