On Nov 10, 2010, at 12:13 PM, Jonathan Wiggins wrote:
> I'm stuck troubleshooting an error message in the Service Status Details,
> where a monitored host is being reported as "No Route to Host".
>
> I can do remote plugin tests from the Nagios server to the monitored node
> without any problems, but referencing this page:
> http://www.troubleshootingwiki.org/Troubleshooting_Nagios_3.0 I see a
> paragraph about testing SSH key-exchange.
>
> Nagios Server = 10.0.100.130
> monitored node = 10.0.100.143
>
> when I do an "ssh -vvvv 10.0.100.130" from the monitored node, it goes
> straight through, no login prompt. When the reverse is attempted: "ssh -vvvv
> 10.0.100.143" from Nagios box, I consistently get prompted for login. I was
> recommended to use DSA instead of RSA, but that made no difference.
>
> I've appended the contents of both id_rsa.pub and id_dsa.pub to the
> "authorized_keys" (and "known_hosts") files the exact same way to and from
> each box respectively. Of course my tests on 2 test systems worked
> perfectly, but I'm missing something with this setup.
>
> Additionally, if I do an NRPE check from Nagios > monitored node, it
> completes successfully.
>
> /usr/local/nagios/libexec/check_tcp -H 10.0.100.143 -p 5666
> TCP OK - 0.000 second response time on port
> 5666|time=0.000361s;0.000000;0.000000;0.000000;10.000000
>
> checking logs on monitored node:
>
> grep nrpe /var/log/messages
>
>
> /var/log/messages:Nov 10 12:01:26 monitorednode xinetd[5672]: START: nrpe
> pid=8607 from=10.0.100.130
> /var/log/messages:Nov 10 12:01:26 monitorednode nrpe[8607]: Error: Could not
> complete SSL handshake. 5
> /var/log/messages:Nov 10 12:01:26 monitorednode xinetd[5672]: EXIT: nrpe
> status=0 pid=8607 duration=0(sec)
> /var/log/messages:Nov 10 12:03:29 monitorednode xinetd[5672]: START: nrpe
> pid=9220 from=10.0.100.130
> /var/log/messages:Nov 10 12:03:29 monitorednode nrpe[9220]: Error: Could not
> complete SSL handshake. 5
> /var/log/messages:Nov 10 12:03:29 monitorednode xinetd[5672]: EXIT: nrpe
> status=0 pid=9220 duration=0(sec)
>
> "Error could not complete SSL handshake" seems to confirm my suspicions
> about the SSH key-exchange
>
>
Ok, i've solved the SSH key-exchange part of my problem (criss-crossed
id_rsa.pub keys or something) - so I have that piece figured out. But the "No
Route to Host" message is still visible in Service Host Details for my
monitored node.
so.. am able to run the following against remote host:
/usr/local/nagios/libexec/check_tcp -H 10.0.100.143 -p 5666
TCP OK - 0.000 second response time on port
5666|time=0.000361s;0.000000;0.000000;0.000000;10.000000
and this:
ssh 10.0.100.143 /usr/local/nagios/libexec/check_procs
PROCS OK: 603 processes
I see this in the messages files:
Nov 9 00:00:00 nagiosbox nagios: CURRENT SERVICE STATE: monitorednode;Home
Page;CRITICAL;HARD;1;No route to host
Nov 10 00:00:00 nagiosbox nagios: CURRENT HOST STATE:
monitorednode;UP;HARD;1;PING OK - Packet loss = 0%, RTA = 0.21 ms
Nov 10 00:00:00 nagiosbox nagios: CURRENT SERVICE STATE: monitorednode;Home
Page;CRITICAL;HARD;1;No route to host
which looks like there is no packet loss on the PING to the host, but then it
shows No Route To Host
Thanks again for the assistance.
------------------------------------------------------------------------------
Centralized Desktop Delivery: Dell and VMware Reference Architecture
Simplifying enterprise desktop deployment and management using
Dell EqualLogic storage and VMware View: A highly scalable, end-to-end
client virtualization framework. Read more!
http://p.sf.net/sfu/dell-eql-dev2dev
_______________________________________________
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting
any issue.
::: Messages without supporting info will risk being sent to /dev/null
