Patching behind a corporate proxy server
-
I have 2 HPE servers and a separate VM with XO built from sources using ronivay's script.
I have the web proxy setup in the XO VM for yarn, apt, and global use and everything works there. I can do apt updates and XO updates.
I am trying to understand what I need to set elsewhere in XCP-ng for patching to work, i.e. detection, download, and deployment. I have set the same proxy used elsewhere for the proxy setting in the master host but I have no idea if that is the correct thing to do or do I need to setup something else on the XO instance?
I think this is the last issue before I can say the environment is ready for prime time.
Thanks
Danny -
Hi!
I suppose it's for a production environment, right? Have you contacted us already?
There's different ways to achieve it, and the best one depends a bit on more details.
-
@olivierlambert Not production yet. I'm setting up a proof of concept so that management can see there are alternatives to
VMwareBroadcom. -
After you do this below you need to restart all of them.
Proxy has IP 10.10.10.10 and port: 8080
For XOCE is set this in VMcat > /etc/profile.d/http_proxy.csh <<EOF setenv https_proxy=http://10.10.10.10:8080/ setenv http_proxy=http://10.10.10.10:8080/ setenv ftp_proxy=http://10.10.10.10:8080/ setenv HTTPS_PROXY=http://10.10.10.10:8080/ setenv HTTP_PROXY=http://10.10.10.10:8080/ setenv FTP_PROXY=http://10.10.10.10:8080/ EOF chmod 755 /etc/profile.d/http_proxy.csh cat > /etc/profile.d/http_proxy.sh <<EOF export https_proxy=http://10.10.10.10:8080/ export http_proxy=http://10.10.10.10:8080/ export ftp_proxy=http://10.10.10.10:8080/ export HTTPS_PROXY=http://10.10.10.10:8080/ export HTTP_PROXY=http://10.10.10.10:8080/ export FTP_PROXY=http://10.10.10.10:8080/ EOF chmod 755 /etc/profile.d/http_proxy.sh cat > /etc/environment <<EOF http_proxy=http://10.10.10.10:8080 https_proxy=http://10.10.10.10:8080 ftp_proxy=http://10.10.10.10:8080 HTTP_PROXY=http://10.10.10.10:8080 HTTPS_PROXY=http://10.10.10.10:8080 FTP_PROXY=http://10.10.10.10:8080 EOF
On Rocky Linux
cat >> /etc/dnf/dnf.conf <<EOF proxy=http://10.10.10.10:8080 EOF
On debian
cat >> /etc/apt/apt.conf.d/95proxies <<EOF Acquire::https::proxy "http://10.10.10.10:8080/"; Acquire::http::proxy "http://10.10.10.10:8080/"; Acquire::ftp::proxy "ftp://10.10.10.10:8080/"; EOF
For XCP-ng
cat > /etc/profile.d/http_proxy.csh <<EOF setenv https_proxy=http://10.10.10.10:8080/ setenv http_proxy=http://10.10.10.10:8080/ setenv ftp_proxy=http://10.10.10.10:8080/ setenv HTTPS_PROXY=http://10.10.10.10:8080/ setenv HTTP_PROXY=http://10.10.10.10:8080/ setenv FTP_PROXY=http://10.10.10.10:8080/ EOF chmod 755 /etc/profile.d/http_proxy.csh cat > /etc/profile.d/http_proxy.sh <<EOF export https_proxy=http://10.10.10.10:8080/ export http_proxy=http://10.10.10.10:8080/ export ftp_proxy=http://10.10.10.10:8080/ export HTTPS_PROXY=http://10.10.10.10:8080/ export HTTP_PROXY=http://10.10.10.10:8080/ export FTP_PROXY=http://10.10.10.10:8080/ EOF chmod 755 /etc/profile.d/http_proxy.sh cat > /etc/environment <<EOF http_proxy=http://10.10.10.10:8080 https_proxy=http://10.10.10.10:8080 ftp_proxy=http://10.10.10.10:8080 HTTP_PROXY=http://10.10.10.10:8080 HTTPS_PROXY=http://10.10.10.10:8080 FTP_PROXY=http://10.10.10.10:8080 EOF cat >> /etc/yum.conf <<EOF proxy=http://10.10.10.10:8080 EOF
-
@Gheppy Thank you.
-
@Gheppy A follow up... Patches appeared in XO right after updating the files (prior to an XCP-ng reboot). Just FYI.
-
I had a similar issue, and what helped me was routing update traffic through Static Residential Proxies to avoid deep packet inspection that was blocking some repositories. They worked better than regular proxies in our setup since they look like normal home users, so the network didn’t treat the traffic as suspicious. You might need to whitelist some domains manually though, depending on how strict your proxy rules are.