{"id":2362,"date":"2018-02-02T16:27:48","date_gmt":"2018-02-02T21:27:48","guid":{"rendered":"http:\/\/osric.com\/chris\/accidental-developer\/?p=2362"},"modified":"2018-02-02T16:27:48","modified_gmt":"2018-02-02T21:27:48","slug":"nagios-alert-critical-no-response-from-ntp-server","status":"publish","type":"post","link":"https:\/\/osric.com\/chris\/accidental-developer\/2018\/02\/nagios-alert-critical-no-response-from-ntp-server\/","title":{"rendered":"Nagios alert: CRITICAL: No response from NTP server"},"content":{"rendered":"<p>One of a pair of new hosts was causing the following Nagios alert today:<\/p>\n<p><code>CRITICAL: No response from NTP server<\/code><\/p>\n<p>Both of the new systems have the same configuration in theory, but based on the different results something clearly was overlooked.<\/p>\n<p>I tried running NTP from the Nagios host:<\/p>\n<p><strong>Host 1<\/strong><\/p>\n<p><code>$ check_ntp -H ephemeralbox1.osric.net -w 0.1 -c 0.2<br \/>\nNTP OK: Offset -0.02545583248 secs|offset=-0.025456s;0.100000;0.200000;<\/code><\/p>\n<p><strong>Host 2<\/strong><\/p>\n<p><code>$ check_ntp -H ephemeralbox2.osric.net -w 0.1 -c 0.2<br \/>\nCRITICAL: No response from NTP server<\/code><\/p>\n<p>The iptables rules look the same on both. The hosts are all on the same LAN, so there&#8217;s no firewall in the way.<\/p>\n<p>Both systems are running <code>chronyd<\/code>:<\/p>\n<p><strong>Host 1<\/strong><\/p>\n<p><code>[chris@ephemeralbox1 ssh]$ systemctl show chronyd | egrep '(ActiveState|SubState)'<br \/>\nActiveState=active<br \/>\nSubState=running<\/code><\/p>\n<p><strong>Host 2<\/strong><\/p>\n<p><code>[chris@ephemeralbox2 ssh]$ systemctl show chronyd | egrep '(ActiveState|SubState)'<br \/>\nActiveState=active<br \/>\nSubState=running<\/code><\/p>\n<p>Both systems are listening on port 123:<\/p>\n<p><strong>Host 1<\/strong><\/p>\n<p><code>[chris@ephemeralbox1 ssh]$ sudo lsof -i :123<br \/>\nCOMMAND  PID   USER   FD   TYPE  DEVICE SIZE\/OFF NODE NAME<br \/>\nchronyd 3027 chrony    3u  IPv4 1095448      0t0  UDP *:ntp<\/code><\/p>\n<p><strong>Host 2<\/strong><\/p>\n<p><code>[chris@ephemeralbox2 ssh]$ sudo lsof -i :123<br \/>\nCOMMAND  PID   USER   FD   TYPE DEVICE SIZE\/OFF NODE NAME<br \/>\nchronyd 1241 chrony    3u  IPv4  51276      0t0  UDP *:ntp<\/code><\/p>\n<p>Finally, I found it. In the obvious place that perhaps I should have looked first. The <code>\/etc\/chrony.conf<\/code> file on Host 2 was missing the <code>allow<\/code> line for the Nagios host:<\/p>\n<p><code># Allow NTP client access from Nagios host<br \/>\nallow 192.168.100.100<\/code><\/p>\n<p>And the first place I looked was iptables. Blame the firewall, after all. The configurations were both pushed to these systems via Ansible playbooks, but apparently I had not included the role that updates the chrony.conf file on the 2nd host. Looks like I need configuration management management!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>One of a pair of new hosts was causing the following Nagios alert today: CRITICAL: No response from NTP server Both of the new systems have the same configuration in theory, but based on the different results something clearly was overlooked. I tried running NTP from the Nagios host: Host 1 $ check_ntp -H ephemeralbox1.osric.net &hellip; <a href=\"https:\/\/osric.com\/chris\/accidental-developer\/2018\/02\/nagios-alert-critical-no-response-from-ntp-server\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Nagios alert: CRITICAL: No response from NTP server<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[484,422],"tags":[443,348,442],"class_list":["post-2362","post","type-post","status-publish","format-standard","hentry","category-monitoring","category-sysadmin","tag-chrony","tag-nagios","tag-ntp"],"_links":{"self":[{"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/posts\/2362","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/comments?post=2362"}],"version-history":[{"count":6,"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/posts\/2362\/revisions"}],"predecessor-version":[{"id":2374,"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/posts\/2362\/revisions\/2374"}],"wp:attachment":[{"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/media?parent=2362"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/categories?post=2362"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/tags?post=2362"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}