action #87856
closed[alert] openqaworker3.suse.de/NRPE is CRITICAL
0%
Description
Observation¶
from email
Notification: PROBLEM
Host: openqaworker3.suse.de
State: CRITICAL
Date/Time: Mon Jan 18 09:04:53 UTC 2021
Info: [connect to address 10.160.0.243 port 5666: Connection refused
Service: NRPE
Long Output: connect to host 10.160.0.243 port 5666: Connection refused]
See Online: https://thruk.suse.de/thruk/cgi-bin/extinfo.cgi?type=2&host=openqaworker3.suse.de&service=NRPE
Acceptance criteria¶
- AC1: alert is fixed or alert is disabled
Suggestions¶
The host "thruk.suse.de" is an EnInfra maintained icinga/nagios proxy. In case you want to login and can not, request a login from EnInfra. And if that is the case please add it to the "new employee checklist". The actual task to be done here would be: Write ticket to EngInfra that we do not need this alert and they should disable it as we have grafana alerts instead
Updated by livdywan almost 4 years ago
I don't know what thruk is or how to login. I tried to login and it seems the host has changed:
ssh cdywan@openqaworker3.suse.de
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
*****.
Please contact your system administrator.
Add correct host key in ~/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in ~/.ssh/known_hosts:49
You can use following command to remove the offending key:
ssh-keygen -R openqaworker3.suse.de -f ~/.ssh/known_hosts
ECDSA host key for openqaworker3.suse.de has changed and you have requested strict checking.
Host key verification failed.
Updated by okurz almost 4 years ago
why would you want to login over ssh? It's EnInfra maintained icinga/nagios proxy. Request a login from EnInfra if you can't login. And if that is the case please add it to the "new employee checklist". The task to be done here would be: Write ticket to EngInfra that we do not need this alert and they should disable it as we have grafana alerts instead
Updated by livdywan almost 4 years ago
okurz wrote:
why would you want to login over ssh? It's EnInfra maintained icinga/nagios proxy. Request a login from EnInfra if you can't login. And if that is the case please add it to the "new employee checklist". The task to be done here would be: Write ticket to EngInfra that we do not need this alert and they should disable it as we have grafana alerts instead
The description says "CRITICAL" and "Connection refused". So it seems not far fetched to try and login and see what's up with the machine.
Updated by okurz almost 4 years ago
yes, but the message says "connect to address 10.160.0.243 port 5666: Connection refused". So did you try to login to 10.160.0.243 on port 5666?
Updated by okurz almost 4 years ago
- Description updated (diff)
- Status changed from New to Workable
Updated by mkittler almost 4 years ago
The corresponding Grafana alert is ok again.
The login on thruk.suse.de works for me. However, I can not access the particular link you've been sharing. I don't know what it is about. For which "area" within this page would I have to request access?
Updated by okurz almost 4 years ago
I don't know. I still suggest: Either get in contact with infra to disable the alert or get in contact with infra to get access to whatever is the corresponding section.
Updated by mkittler almost 4 years ago
- Status changed from Workable to Resolved
Answer from EnInfra:
Done
openqaworker3 and openqaworker5 is
no longer monitor by our toolIf you wish to do any future changes please
let us know.