Skip to content

Instantly share code, notes, and snippets.

@mwmahlberg

mwmahlberg/README.md

Last active July 21, 2019 10:19
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save mwmahlberg/62762432bfa45cca45a6ec62848f86ed to your computer and use it in GitHub Desktop.
Save mwmahlberg/62762432bfa45cca45a6ec62848f86ed to your computer and use it in GitHub Desktop.
Download ZIP
Raw
README.md

Doublechecking of potential communication by influxd with 104.131.151.204

In a question on Stackoverflow the question was raised wether influxd would communicate with 104.131.151.204 despite reporting-disabled was set to true.

This gist contains all the data required to replicate my check on this.

Requirements to replicate

  • docker
  • influxdb:1.7.7 docker image (sha256:38bc51a4a606e4c91e6adc475d28398bee05ae271102cc3e26ddbabe25cb3f71)
  • influxdb.conf included in this gist
  • tcpdump
  • coreutils (on Mac via macports or brew)

Procedure

Start container

$ curl -O -L https://gist.github.com/mwmahlberg/62762432bfa45cca45a6ec62848f86ed/raw/8e1e72a372b1b76253dcaab8cfeffb6768f58747/influxdb.conf
$ docker pull influxdb:1.7.7@sha256:38bc51a4a606e4c91e6adc475d28398bee05ae271102cc3e26ddbabe25cb3f71
$ docker run -d --name influxdb-sec -p 8086:8086 -v $(PWD)/influxdb.conf:/etc/influxdb/influxdb.config influxdb:1.7.7 influxd -config /etc/influxdb/influxdb.config

Note that I chose to use non-standard names to make positively sure the configuration as below is used.

Start tcpdump

$ [sudo] sudo [g]timeout -s SIGTERM 2h tcpdump -i en0 dst 104.131.151.204 -s 0 -w capture

In my case, en0 is the interface leasing to the default gateway. Your value might differ. If you use a Mac, you need to call the coreutil timeoututility as gtimeout. You do not need to call sudo in case you already are root.

This will run tcpdumpfor 2h. Increase if you want to make double-sure. For thorough testing, I would suggest running this setup for one week.

Raw
influxdb.conf
reporting-disabled = true
bind-address = "127.0.0.1:8088"
[meta]
dir = "/var/lib/influxdb/meta"
retention-autocreate = true
logging-enabled = true
[data]
dir = "/var/lib/influxdb/data"
index-version = "inmem"
wal-dir = "/var/lib/influxdb/wal"
wal-fsync-delay = "0s"
validate-keys = false
query-log-enabled = true
cache-max-memory-size = 1073741824
cache-snapshot-memory-size = 26214400
cache-snapshot-write-cold-duration = "10m0s"
compact-full-write-cold-duration = "4h0m0s"
compact-throughput = 50331648
compact-throughput-burst = 50331648
max-series-per-database = 1000000
max-values-per-tag = 100000
max-concurrent-compactions = 0
max-index-log-file-size = 1048576
series-id-set-cache-size = 100
trace-logging-enabled = false
tsm-use-madv-willneed = false
[coordinator]
write-timeout = "10s"
max-concurrent-queries = 0
query-timeout = "0s"
log-queries-after = "0s"
max-select-point = 0
max-select-series = 0
max-select-buckets = 0
[retention]
enabled = true
check-interval = "30m0s"
[shard-precreation]
enabled = true
check-interval = "10m0s"
advance-period = "30m0s"
[monitor]
store-enabled = true
store-database = "_internal"
store-interval = "10s"
[subscriber]
enabled = true
http-timeout = "30s"
insecure-skip-verify = false
ca-certs = ""
write-concurrency = 40
write-buffer-size = 1000
[http]
enabled = true
bind-address = ":8086"
auth-enabled = false
log-enabled = true
suppress-write-log = false
write-tracing = false
flux-enabled = false
flux-log-enabled = false
pprof-enabled = true
debug-pprof-enabled = false
https-enabled = false
https-certificate = "/etc/ssl/influxdb.pem"
https-private-key = ""
max-row-limit = 0
max-connection-limit = 0
shared-secret = ""
realm = "InfluxDB"
unix-socket-enabled = false
unix-socket-permissions = "0777"
bind-socket = "/var/run/influxdb.sock"
max-body-size = 25000000
access-log-path = ""
max-concurrent-write-limit = 0
max-enqueued-write-limit = 0
enqueued-write-timeout = 30000000000
[logging]
format = "auto"
level = "info"
suppress-logo = false
[[graphite]]
enabled = false
bind-address = ":2003"
database = "graphite"
retention-policy = ""
protocol = "tcp"
batch-size = 5000
batch-pending = 10
batch-timeout = "1s"
consistency-level = "one"
separator = "."
udp-read-buffer = 0
[[collectd]]
enabled = false
bind-address = ":25826"
database = "collectd"
retention-policy = ""
batch-size = 5000
batch-pending = 10
batch-timeout = "10s"
read-buffer = 0
typesdb = "/usr/share/collectd/types.db"
security-level = "none"
auth-file = "/etc/collectd/auth_file"
parse-multivalue-plugin = "split"
[[opentsdb]]
enabled = false
bind-address = ":4242"
database = "opentsdb"
retention-policy = ""
consistency-level = "one"
tls-enabled = false
certificate = "/etc/ssl/influxdb.pem"
batch-size = 1000
batch-pending = 5
batch-timeout = "1s"
log-point-errors = true
[[udp]]
enabled = false
bind-address = ":8089"
database = "udp"
retention-policy = ""
batch-size = 5000
batch-pending = 10
read-buffer = 0
batch-timeout = "1s"
precision = ""
[continuous_queries]
log-enabled = true
enabled = true
query-stats-enabled = false
run-interval = "1s"
[tls]
min-version = ""
max-version = ""
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment