Outgoing internet connections from petasan nodes
Shiori
86 Posts
December 6, 2018, 1:48 amQuote from Shiori on December 6, 2018, 1:48 amI have noticed outgoing internet connections from my petasan nodes. These go to various ip addresses but always to port 443. I have tried to connect to several of these ip addresses via a browser as port 443 is usually https, but there are no web pages.
I get thes connections even on a clean build.
Is this expected behavior? If so, why hide it?
I have noticed outgoing internet connections from my petasan nodes. These go to various ip addresses but always to port 443. I have tried to connect to several of these ip addresses via a browser as port 443 is usually https, but there are no web pages.
I get thes connections even on a clean build.
Is this expected behavior? If so, why hide it?
admin
2,930 Posts
December 6, 2018, 4:53 amQuote from admin on December 6, 2018, 4:53 amNo it is something we are not aware of. It could be from one of the installed packages. Can you list the outgoing addresses, what client process and any more detail such as how often and how to check for this ?
Maybe could be this
https://github.com/grafana/grafana/issues/5079
No it is something we are not aware of. It could be from one of the installed packages. Can you list the outgoing addresses, what client process and any more detail such as how often and how to check for this ?
Maybe could be this
https://github.com/grafana/grafana/issues/5079
Last edited on December 6, 2018, 5:00 am by admin · #2
admin
2,930 Posts
December 6, 2018, 5:11 amQuote from admin on December 6, 2018, 5:11 amtry this:
on all nodes /opt/petasan/config/stats/grafana/grafana.ini
# Set to false to disable all checks to https://grafana.net
# for new vesions (grafana itself and plugins), check is used
# in some UI views to notify that grafana or plugin update exists
# This option does not cause any auto updates, nor send any information
# only a GET request to http://grafana.com to get latest versions
;check_for_updates = true
change to
check_for_updates = false
Only on the node running grafana
systemctl status grafana-server
do a restart
/opt/petasan/scripts/stats-stop.sh
/opt/petasan/scripts/stats-setup.sh.sh
/opt/petasan/scripts/stats-start.sh
try this:
on all nodes /opt/petasan/config/stats/grafana/grafana.ini
# Set to false to disable all checks to https://grafana.net
# for new vesions (grafana itself and plugins), check is used
# in some UI views to notify that grafana or plugin update exists
# This option does not cause any auto updates, nor send any information
# only a GET request to http://grafana.com to get latest versions
;check_for_updates = true
change to
check_for_updates = false
Only on the node running grafana
systemctl status grafana-server
do a restart
/opt/petasan/scripts/stats-stop.sh
/opt/petasan/scripts/stats-setup.sh.sh
/opt/petasan/scripts/stats-start.sh
Shiori
86 Posts
December 6, 2018, 5:25 amQuote from Shiori on December 6, 2018, 5:25 amI found it on our gateway routers while tracing a problem. The subnet that the petasan cluster is on should not originate any outgoing connections but the servers do have to connect to our NTP servers and our syslog servers which are not on the same subnet and must use the gateway subnet to connect to these services.
When I checked the petasan nodes, I couldnt find a log record of the connections nor which script had initiated the connection.
I will try to get as full of a list of IP addresses as we have, site names would be problematic due to our dns log sizes assuming that the petasan servers are even using our dns servers.
I found it on our gateway routers while tracing a problem. The subnet that the petasan cluster is on should not originate any outgoing connections but the servers do have to connect to our NTP servers and our syslog servers which are not on the same subnet and must use the gateway subnet to connect to these services.
When I checked the petasan nodes, I couldnt find a log record of the connections nor which script had initiated the connection.
I will try to get as full of a list of IP addresses as we have, site names would be problematic due to our dns log sizes assuming that the petasan servers are even using our dns servers.
admin
2,930 Posts
December 6, 2018, 6:17 amQuote from admin on December 6, 2018, 6:17 amyou can also stop the grafana updates as per above and re-check this.
you can also stop the grafana updates as per above and re-check this.
Outgoing internet connections from petasan nodes
Shiori
86 Posts
Quote from Shiori on December 6, 2018, 1:48 amI have noticed outgoing internet connections from my petasan nodes. These go to various ip addresses but always to port 443. I have tried to connect to several of these ip addresses via a browser as port 443 is usually https, but there are no web pages.
I get thes connections even on a clean build.
Is this expected behavior? If so, why hide it?
I have noticed outgoing internet connections from my petasan nodes. These go to various ip addresses but always to port 443. I have tried to connect to several of these ip addresses via a browser as port 443 is usually https, but there are no web pages.
I get thes connections even on a clean build.
Is this expected behavior? If so, why hide it?
admin
2,930 Posts
Quote from admin on December 6, 2018, 4:53 amNo it is something we are not aware of. It could be from one of the installed packages. Can you list the outgoing addresses, what client process and any more detail such as how often and how to check for this ?
Maybe could be this
https://github.com/grafana/grafana/issues/5079
No it is something we are not aware of. It could be from one of the installed packages. Can you list the outgoing addresses, what client process and any more detail such as how often and how to check for this ?
Maybe could be this
https://github.com/grafana/grafana/issues/5079
admin
2,930 Posts
Quote from admin on December 6, 2018, 5:11 amtry this:
on all nodes /opt/petasan/config/stats/grafana/grafana.ini# Set to false to disable all checks to https://grafana.net
# for new vesions (grafana itself and plugins), check is used
# in some UI views to notify that grafana or plugin update exists
# This option does not cause any auto updates, nor send any information
# only a GET request to http://grafana.com to get latest versions
;check_for_updates = truechange to
check_for_updates = false
Only on the node running grafana
systemctl status grafana-serverdo a restart
/opt/petasan/scripts/stats-stop.sh
/opt/petasan/scripts/stats-setup.sh.sh
/opt/petasan/scripts/stats-start.sh
try this:
on all nodes /opt/petasan/config/stats/grafana/grafana.ini
# Set to false to disable all checks to https://grafana.net
# for new vesions (grafana itself and plugins), check is used
# in some UI views to notify that grafana or plugin update exists
# This option does not cause any auto updates, nor send any information
# only a GET request to http://grafana.com to get latest versions
;check_for_updates = true
change to
check_for_updates = false
Only on the node running grafana
systemctl status grafana-server
do a restart
/opt/petasan/scripts/stats-stop.sh
/opt/petasan/scripts/stats-setup.sh.sh
/opt/petasan/scripts/stats-start.sh
Shiori
86 Posts
Quote from Shiori on December 6, 2018, 5:25 amI found it on our gateway routers while tracing a problem. The subnet that the petasan cluster is on should not originate any outgoing connections but the servers do have to connect to our NTP servers and our syslog servers which are not on the same subnet and must use the gateway subnet to connect to these services.
When I checked the petasan nodes, I couldnt find a log record of the connections nor which script had initiated the connection.
I will try to get as full of a list of IP addresses as we have, site names would be problematic due to our dns log sizes assuming that the petasan servers are even using our dns servers.
I found it on our gateway routers while tracing a problem. The subnet that the petasan cluster is on should not originate any outgoing connections but the servers do have to connect to our NTP servers and our syslog servers which are not on the same subnet and must use the gateway subnet to connect to these services.
When I checked the petasan nodes, I couldnt find a log record of the connections nor which script had initiated the connection.
I will try to get as full of a list of IP addresses as we have, site names would be problematic due to our dns log sizes assuming that the petasan servers are even using our dns servers.
admin
2,930 Posts
Quote from admin on December 6, 2018, 6:17 amyou can also stop the grafana updates as per above and re-check this.
you can also stop the grafana updates as per above and re-check this.