ACLK #21236
ACLK #21236
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR significantly enhances the ACLK (Agent-Cloud Link) README documentation by adding comprehensive troubleshooting guidance. The update transforms a minimal README into a detailed operational guide with troubleshooting procedures, diagnostic commands, and FAQs.
Key changes:
- Converts blockquote-style warning to standard warning admonition syntax
- Adds extensive troubleshooting section covering connection diagnostics, status codes, error messages, and network testing
- Includes FAQ section with collapsible details for common ACLK questions
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| [plugins] | ||
| aclk = no |
There was a problem hiding this comment.
The configuration section shown here uses [plugins] to disable ACLK, but this appears inconsistent with typical Netdata configuration patterns where ACLK would be under a [cloud] section or similar. Please verify this is the correct configuration section for disabling ACLK in netdata.conf.
| [plugins] | |
| aclk = no | |
| [cloud] | |
| enabled = no |
| sudo iptables -A OUTPUT -p tcp -d api.netdata.cloud --dport 443 -j ACCEPT | ||
| sudo iptables -A OUTPUT -p tcp -d app.netdata.cloud --dport 443 -j ACCEPT | ||
| ``` | ||
|
|
There was a problem hiding this comment.
The iptables rules use -d with domain names (mqtt.netdata.cloud, etc.), which requires DNS resolution at rule creation time and creates static IP-based rules. This contradicts the earlier warning about IP addresses changing. Consider documenting that these rules will resolve to IPs at insertion time, or suggest using an alternative approach like using owner module to control by process, or explicitly noting that these examples need to be periodically updated.
| :::warning | |
| The above iptables rules use `-d` with domain names. **iptables resolves these domain names to IP addresses only at the time the rule is created.** If the IP addresses for these domains change (which is common for cloud services), the rules will not match future connections. You must manually update these rules whenever the IPs change. For dynamic allowlisting, use a firewall that supports domain-based rules, or automate IP updates. | |
| ::: |
updated aclk documentation (added troubleshooting section, faqs, format updated)