action #87856
closed
[alert] openqaworker3.suse.de/NRPE is CRITICAL
Added by okurz almost 4 years ago.
Updated almost 4 years ago.
Description
Observation¶
from email
Notification: PROBLEM
Host: openqaworker3.suse.de
State: CRITICAL
Date/Time: Mon Jan 18 09:04:53 UTC 2021
Info: [connect to address 10.160.0.243 port 5666: Connection refused
Service: NRPE
Long Output: connect to host 10.160.0.243 port 5666: Connection refused]
See Online: https://thruk.suse.de/thruk/cgi-bin/extinfo.cgi?type=2&host=openqaworker3.suse.de&service=NRPE
Acceptance criteria¶
- AC1: alert is fixed or alert is disabled
Suggestions¶
The host "thruk.suse.de" is an EnInfra maintained icinga/nagios proxy. In case you want to login and can not, request a login from EnInfra. And if that is the case please add it to the "new employee checklist". The actual task to be done here would be: Write ticket to EngInfra that we do not need this alert and they should disable it as we have grafana alerts instead
I don't know what thruk is or how to login. I tried to login and it seems the host has changed:
ssh cdywan@openqaworker3.suse.de
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
*****.
Please contact your system administrator.
Add correct host key in ~/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in ~/.ssh/known_hosts:49
You can use following command to remove the offending key:
ssh-keygen -R openqaworker3.suse.de -f ~/.ssh/known_hosts
ECDSA host key for openqaworker3.suse.de has changed and you have requested strict checking.
Host key verification failed.
why would you want to login over ssh? It's EnInfra maintained icinga/nagios proxy. Request a login from EnInfra if you can't login. And if that is the case please add it to the "new employee checklist". The task to be done here would be: Write ticket to EngInfra that we do not need this alert and they should disable it as we have grafana alerts instead
okurz wrote:
why would you want to login over ssh? It's EnInfra maintained icinga/nagios proxy. Request a login from EnInfra if you can't login. And if that is the case please add it to the "new employee checklist". The task to be done here would be: Write ticket to EngInfra that we do not need this alert and they should disable it as we have grafana alerts instead
The description says "CRITICAL" and "Connection refused". So it seems not far fetched to try and login and see what's up with the machine.
yes, but the message says "connect to address 10.160.0.243 port 5666: Connection refused". So did you try to login to 10.160.0.243 on port 5666?
- Description updated (diff)
- Status changed from New to Workable
The corresponding Grafana alert is ok again.
The login on thruk.suse.de works for me. However, I can not access the particular link you've been sharing. I don't know what it is about. For which "area" within this page would I have to request access?
I don't know. I still suggest: Either get in contact with infra to disable the alert or get in contact with infra to get access to whatever is the corresponding section.
- Status changed from Workable to Resolved
Answer from EnInfra:
Done
openqaworker3 and openqaworker5 is
no longer monitor by our tool
If you wish to do any future changes please
let us know.
Also available in: Atom
PDF