XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Patching behind a corporate proxy server

    Scheduled Pinned Locked Moved Management
    7 Posts 4 Posters 2.1k Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      dsiminiuk
      last edited by dsiminiuk

      I have 2 HPE servers and a separate VM with XO built from sources using ronivay's script.

      I have the web proxy setup in the XO VM for yarn, apt, and global use and everything works there. I can do apt updates and XO updates.

      I am trying to understand what I need to set elsewhere in XCP-ng for patching to work, i.e. detection, download, and deployment. I have set the same proxy used elsewhere for the proxy setting in the master host but I have no idea if that is the correct thing to do or do I need to setup something else on the XO instance?

      I think this is the last issue before I can say the environment is ready for prime time.

      Thanks
      Danny

      1 Reply Last reply Reply Quote 0
      • olivierlambertO Offline
        olivierlambert Vates 🪐 Co-Founder CEO
        last edited by

        Hi!

        I suppose it's for a production environment, right? Have you contacted us already?

        There's different ways to achieve it, and the best one depends a bit on more details.

        D 1 Reply Last reply Reply Quote 0
        • D Offline
          dsiminiuk @olivierlambert
          last edited by

          @olivierlambert Not production yet. I'm setting up a proof of concept so that management can see there are alternatives to VMware Broadcom.

          1 Reply Last reply Reply Quote 0
          • GheppyG Offline
            Gheppy
            last edited by Gheppy

            After you do this below you need to restart all of them.
            Proxy has IP 10.10.10.10 and port: 8080
            For XOCE is set this in VM

            cat > /etc/profile.d/http_proxy.csh <<EOF
            setenv https_proxy=http://10.10.10.10:8080/ 
            setenv http_proxy=http://10.10.10.10:8080/ 
            setenv ftp_proxy=http://10.10.10.10:8080/ 
            setenv HTTPS_PROXY=http://10.10.10.10:8080/ 
            setenv HTTP_PROXY=http://10.10.10.10:8080/ 
            setenv FTP_PROXY=http://10.10.10.10:8080/ 
            
            EOF
            
            chmod 755 /etc/profile.d/http_proxy.csh
            
            
            cat > /etc/profile.d/http_proxy.sh <<EOF
            export https_proxy=http://10.10.10.10:8080/ 
            export http_proxy=http://10.10.10.10:8080/ 
            export ftp_proxy=http://10.10.10.10:8080/ 
            export HTTPS_PROXY=http://10.10.10.10:8080/ 
            export HTTP_PROXY=http://10.10.10.10:8080/ 
            export FTP_PROXY=http://10.10.10.10:8080/ 
            
            EOF
            
            chmod 755 /etc/profile.d/http_proxy.sh
            
            
            cat > /etc/environment <<EOF
            http_proxy=http://10.10.10.10:8080
            https_proxy=http://10.10.10.10:8080
            ftp_proxy=http://10.10.10.10:8080
            HTTP_PROXY=http://10.10.10.10:8080
            HTTPS_PROXY=http://10.10.10.10:8080
            FTP_PROXY=http://10.10.10.10:8080
            
            EOF
            
            

            On Rocky Linux

            cat >> /etc/dnf/dnf.conf <<EOF
            proxy=http://10.10.10.10:8080
            
            EOF
            

            On debian

            cat >> /etc/apt/apt.conf.d/95proxies <<EOF 
            Acquire::https::proxy "http://10.10.10.10:8080/";
            Acquire::http::proxy "http://10.10.10.10:8080/";
            Acquire::ftp::proxy "ftp://10.10.10.10:8080/";
            
            EOF
            

            For XCP-ng

            cat > /etc/profile.d/http_proxy.csh <<EOF
            setenv https_proxy=http://10.10.10.10:8080/ 
            setenv http_proxy=http://10.10.10.10:8080/ 
            setenv ftp_proxy=http://10.10.10.10:8080/ 
            setenv HTTPS_PROXY=http://10.10.10.10:8080/ 
            setenv HTTP_PROXY=http://10.10.10.10:8080/ 
            setenv FTP_PROXY=http://10.10.10.10:8080/ 
            
            EOF
            
            chmod 755 /etc/profile.d/http_proxy.csh
            
            
            cat > /etc/profile.d/http_proxy.sh <<EOF
            export https_proxy=http://10.10.10.10:8080/ 
            export http_proxy=http://10.10.10.10:8080/ 
            export ftp_proxy=http://10.10.10.10:8080/ 
            export HTTPS_PROXY=http://10.10.10.10:8080/ 
            export HTTP_PROXY=http://10.10.10.10:8080/ 
            export FTP_PROXY=http://10.10.10.10:8080/ 
            
            EOF
            
            chmod 755 /etc/profile.d/http_proxy.sh
            
            
            cat > /etc/environment <<EOF
            http_proxy=http://10.10.10.10:8080
            https_proxy=http://10.10.10.10:8080
            ftp_proxy=http://10.10.10.10:8080
            HTTP_PROXY=http://10.10.10.10:8080
            HTTPS_PROXY=http://10.10.10.10:8080
            FTP_PROXY=http://10.10.10.10:8080
            
            EOF
            
            
            cat >> /etc/yum.conf <<EOF
            proxy=http://10.10.10.10:8080
            
            EOF
            
            D 2 Replies Last reply Reply Quote 0
            • D Offline
              dsiminiuk @Gheppy
              last edited by

              @Gheppy Thank you.

              1 Reply Last reply Reply Quote 0
              • D Offline
                dsiminiuk @Gheppy
                last edited by

                @Gheppy A follow up... Patches appeared in XO right after updating the files (prior to an XCP-ng reboot). Just FYI.

                1 Reply Last reply Reply Quote 0
                • H Offline
                  Hershien
                  last edited by Hershien

                  I had a similar issue, and what helped me was routing update traffic through Static Residential Proxies to avoid deep packet inspection that was blocking some repositories. They worked better than regular proxies in our setup since they look like normal home users, so the network didn’t treat the traffic as suspicious. You might need to whitelist some domains manually though, depending on how strict your proxy rules are.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post