Details the symptoms, potential causes, and resolution steps when port 443 to the Trustgrid Control Plane is blocked.
2 minute read
Symptoms
Node will not update either automatically or when manually triggered
Node will not be able to pull down container images from the organization repository
Node cannot send up debug logs
Cause
The Trustgrid node cannot connect to repo.trustgrid.io on port 443 to update packages
Troubleshooting Connectivity
Either of the below methods can be used to verify connectivity:
Use the Interface TCP Port Test tool. Make sure the WAN interfaces IP is the source, repo.trustgrid.io is the Host, and 443 is the target
From the terminal run the command
nc -vz repo.trustgrid.io 443
If the above tests are successful but the device still exhibits the symptoms listed above, the issue is likely that something is interfering with the TLS certificate
If unsuccessful:
First confirm repo.trustgrid.io is resolvable by the configured DNS servers. In this example, we will assume the DNS server is 8.8.8.8, replace this with the configured DNS server IPs. From the terminal run the command:
dig @8.8.8.8 repo.trustgrid.io
Repeat the above process with the second configured DNS server if available.
If either fails to confirm:
Any firewall rules are not blocking TCP and UDP port 53 to the configured DNS server
Confirm there is not an interface route on any LAN interface for CIDR that includes the DNS server’s IP. This will cause requests to route out the LAN interface instead of WAN and only after the Trustgrid service has started and brought up the LAN interfaces.
If DNS returns an IP address but the connection still fails, confirm any firewall between the node and the internet allows port 443and port 8443 to the Trustgrid control plane public IP ranges.
Resolution
Confirm the node can resolve repo.trustgrid.io
Ensure the node can connect to repo.trustgrid.io:443