Project

General

Profile

Actions

action #87856

closed

[alert] openqaworker3.suse.de/NRPE is CRITICAL

Added by okurz about 3 years ago. Updated about 3 years ago.

Status:
Resolved
Priority:
High
Assignee:
Category:
-
Target version:
Start date:
2021-01-18
Due date:
% Done:

0%

Estimated time:

Description

Observation

from email
Notification: PROBLEM
Host: openqaworker3.suse.de
State: CRITICAL
Date/Time: Mon Jan 18 09:04:53 UTC 2021
Info: [connect to address 10.160.0.243 port 5666: Connection refused

Service: NRPE

Long Output: connect to host 10.160.0.243 port 5666: Connection refused]

See Online: https://thruk.suse.de/thruk/cgi-bin/extinfo.cgi?type=2&host=openqaworker3.suse.de&service=NRPE

Acceptance criteria

  • AC1: alert is fixed or alert is disabled

Suggestions

The host "thruk.suse.de" is an EnInfra maintained icinga/nagios proxy. In case you want to login and can not, request a login from EnInfra. And if that is the case please add it to the "new employee checklist". The actual task to be done here would be: Write ticket to EngInfra that we do not need this alert and they should disable it as we have grafana alerts instead

Actions #1

Updated by livdywan about 3 years ago

I don't know what thruk is or how to login. I tried to login and it seems the host has changed:

ssh cdywan@openqaworker3.suse.de
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
*****.
Please contact your system administrator.
Add correct host key in ~/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in ~/.ssh/known_hosts:49
You can use following command to remove the offending key:
ssh-keygen -R openqaworker3.suse.de -f ~/.ssh/known_hosts
ECDSA host key for openqaworker3.suse.de has changed and you have requested strict checking.
Host key verification failed.
Actions #2

Updated by okurz about 3 years ago

why would you want to login over ssh? It's EnInfra maintained icinga/nagios proxy. Request a login from EnInfra if you can't login. And if that is the case please add it to the "new employee checklist". The task to be done here would be: Write ticket to EngInfra that we do not need this alert and they should disable it as we have grafana alerts instead

Actions #3

Updated by livdywan about 3 years ago

okurz wrote:

why would you want to login over ssh? It's EnInfra maintained icinga/nagios proxy. Request a login from EnInfra if you can't login. And if that is the case please add it to the "new employee checklist". The task to be done here would be: Write ticket to EngInfra that we do not need this alert and they should disable it as we have grafana alerts instead

The description says "CRITICAL" and "Connection refused". So it seems not far fetched to try and login and see what's up with the machine.

Actions #4

Updated by okurz about 3 years ago

yes, but the message says "connect to address 10.160.0.243 port 5666: Connection refused". So did you try to login to 10.160.0.243 on port 5666?

Actions #5

Updated by okurz about 3 years ago

  • Description updated (diff)
  • Status changed from New to Workable
Actions #6

Updated by mkittler about 3 years ago

The corresponding Grafana alert is ok again.

The login on thruk.suse.de works for me. However, I can not access the particular link you've been sharing. I don't know what it is about. For which "area" within this page would I have to request access?

Actions #7

Updated by okurz about 3 years ago

I don't know. I still suggest: Either get in contact with infra to disable the alert or get in contact with infra to get access to whatever is the corresponding section.

Actions #8

Updated by mkittler about 3 years ago

  • Assignee set to mkittler
Actions #9

Updated by mkittler about 3 years ago

  • Status changed from Workable to Resolved

Answer from EnInfra:

Done

openqaworker3 and openqaworker5 is
no longer monitor by our tool

If you wish to do any future changes please
let us know.

Actions

Also available in: Atom PDF