Project

General

Profile

Actions

User story #11791

closed

Allow configuring a proxy for HTTP(S) communication between agent and policy server

Added by Paul Bramy over 6 years ago. Updated about 2 years ago.

Status:
Resolved
Priority:
N/A
Category:
System techniques
Target version:
UX impact:
Suggestion strength:
User visibility:
Effort required:
Name check:
Fix check:
Regression:

Description

It is currently impossible to use Rudder when HTTPS communication between the node and the policy servers require using a proxy. I should be possible to provide a proxy value to the agent, currently proxy is explicitly empty.

It needs to be on the node side, to be usable in initial policies.


Related issues 2 (0 open2 closed)

Related to Rudder - User story #3384: We should allow the user to specify a proxy to be used with the Rudder cURL callsRejectedFrançois ARMANDActions
Related to Rudder - User story #12100: Add a global setting to configure curl proxy behaviourRejectedActions
Actions #1

Updated by Alexis Mousset over 6 years ago

  • Translation missing: en.field_tag_list changed from Reloca rudder agent, Quick and important to Quick and important
  • Tracker changed from Question to User story
  • Subject changed from Implementation of Rudder Agent on Cloud environment with proxy to Allow configuring a proxy for HTTP(S) communication between agent and policy server
  • Description updated (diff)
  • Category set to System techniques
  • Assignee deleted (Anonymous)
  • Target version set to 4.1.9
Actions #2

Updated by Paul Bramy over 6 years ago

Rudder agent 4.2.2.release (CFEngine Core 3.10.2)

Actions #3

Updated by Nicolas CHARLES over 6 years ago

  • Target version changed from 4.1.9 to 4.2.3
Proposing a workaround in the PR, for branch 4.2
It has two parts:
  1. on the node side, at first installation, there is the script set_proxy.sh that defines the proxy for the node, and sends the inventory
  2. on the server side, it's a patch in techniques, which, when the node property 'inventory_proxy' is defined, will set the proxy for the node
Actions #4

Updated by Nicolas CHARLES over 6 years ago

  • Status changed from New to In progress
  • Assignee set to Nicolas CHARLES
Actions #5

Updated by Nicolas CHARLES over 6 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Nicolas CHARLES to Alexis Mousset
  • Pull Request set to https://github.com/Normation/rudder-techniques/pull/1223
Actions #6

Updated by Nicolas CHARLES over 6 years ago

  • Assignee changed from Alexis Mousset to Anonymous
Actions #7

Updated by Paul Bramy over 6 years ago

Nicolas CHARLES wrote:

Proposing a workaround in the PR, for branch 4.2
It has two parts:
  1. on the node side, at first installation, there is the script set_proxy.sh that defines the proxy for the node, and sends the inventory
  2. on the server side, it's a patch in techniques, which, when the node property 'inventory_proxy' is defined, will set the proxy for the node

Nicolas, just a question. Does it mean that the set_proxy.sh exists ? If it does I don't understand how to get it.. Ready to test. Many thanx in advance. Impressed by your reactivity. Paul

Actions #8

Updated by Nicolas CHARLES over 6 years ago

Paul,

Code for workaround is submitted in the attached pull request.

The script set_proxy.sh can be downloaded at https://raw.githubusercontent.com/ncharles/rudder-techniques/2b105439a7046c676a8ae42d5989390f4f18b836/tools/set_proxy.sh - you can download it on the nodes, and use it to set the proxy for the initial promises (so when the node hasn't yet sent its inventory to the server)
To check its usage, you can run the command set_proxy.sh usage

You also have a patch to apply on the Rudder server, for continuous operations. It will ensure that the nodes will be able to send their inventory once they are managed by Rudder, with the proxy correctly defined.
The easiest way to apply this patch is to replace the file /var/rudder/configuration-repository/techniques/system/inventory/1.0/fusionAgent.st by the file https://raw.githubusercontent.com/ncharles/rudder-techniques/2b105439a7046c676a8ae42d5989390f4f18b836/techniques/system/inventory/1.0/fusionAgent.st , and then to commit this file into rudder git repository. The procedure is:

cd /var/rudder/configuration-repository/techniques/system/inventory/1.0/
git add fusionAgent.st
git commit -m "Updating inventory code to be able to set a proxy" 
rudder server reload-techniques

It should regenerate policies for all nodes, and you'll be able to set the proxy for each node by setting a node property (in the node details /properties tab) with the name inventory_proxy and the value being proxyname:proxyport
Note that you can also automate the definition of this node property using the rudder API, as described in http://www.rudder-project.org/rudder-api-doc/#api-Nodes-updateNode

Finally, this is a workaround, the actual implementation might be slightly different.

Don't hesitate to ask if you need more details on this, or help applying these patches

Actions #9

Updated by Paul Bramy over 6 years ago

Dear Ruuder team,
Only one word. FANTASTIC !
We applied the patch on the server and we integrated the workaround in our automation engine.
All inventories have been sent.
Our Big picture is now BIGGER !!
Thanx again for you support and reactivity.
Let us run the meetup now !!
Pau

Actions #10

Updated by Vincent MEMBRÉ over 6 years ago

  • Target version changed from 4.2.3 to 4.2.4
Actions #11

Updated by Nicolas CHARLES over 6 years ago

  • Status changed from Pending technical review to In progress
  • Assignee changed from Anonymous to Alexis Mousset
  • Target version changed from 4.2.4 to 4.1.10

assiging to Alexis for a proper implementation in 4.1 - Alexis mentionned he wanted a real configuration file

Actions #12

Updated by Nicolas CHARLES about 6 years ago

  • Status changed from In progress to Pending technical review
  • Pull Request changed from https://github.com/Normation/rudder-techniques/pull/1223 to https://github.com/Normation/rudder-techniques/pull/1244
Actions #13

Updated by François ARMAND about 6 years ago

  • Related to User story #3384: We should allow the user to specify a proxy to be used with the Rudder cURL calls added
Actions #14

Updated by Vincent MEMBRÉ about 6 years ago

  • Target version changed from 4.1.10 to 4.1.11
Actions #15

Updated by Vincent MEMBRÉ about 6 years ago

  • Target version changed from 4.1.11 to 4.1.12
Actions #16

Updated by Vincent MEMBRÉ almost 6 years ago

  • Target version changed from 4.1.12 to 4.1.13
Actions #17

Updated by Benoît PECCATTE almost 6 years ago

  • Target version changed from 4.1.13 to 411
Actions #18

Updated by Benoît PECCATTE almost 6 years ago

  • Target version changed from 411 to 4.1.13
Actions #19

Updated by Vincent MEMBRÉ almost 6 years ago

  • Target version changed from 4.1.13 to 4.1.14
Actions #20

Updated by Benoît PECCATTE over 5 years ago

  • Translation missing: en.field_tag_list deleted (Quick and important)
  • Status changed from Pending technical review to Discussion
  • Pull Request deleted (https://github.com/Normation/rudder-techniques/pull/1244)
Actions #21

Updated by Benoît PECCATTE over 5 years ago

  • Target version changed from 4.1.14 to 4.1.15
Actions #22

Updated by Vincent MEMBRÉ over 5 years ago

  • Target version changed from 4.1.15 to 4.1.16
Actions #23

Updated by Vincent MEMBRÉ over 5 years ago

  • Target version changed from 4.1.16 to 4.1.17
Actions #24

Updated by Vincent MEMBRÉ over 5 years ago

  • Target version changed from 4.1.17 to 4.1.18
Actions #25

Updated by Vincent MEMBRÉ over 5 years ago

  • Target version changed from 4.1.18 to 4.1.19
Actions #26

Updated by Alexis Mousset about 5 years ago

  • Target version changed from 4.1.19 to 4.1.20
Actions #27

Updated by François ARMAND about 5 years ago

  • Target version changed from 4.1.20 to 4.1.21
Actions #28

Updated by Vincent MEMBRÉ about 5 years ago

  • Target version changed from 4.1.21 to 4.1.22
Actions #29

Updated by Benoît PECCATTE almost 5 years ago

  • Target version changed from 4.1.22 to 5.0.10
Actions #30

Updated by Alexis Mousset almost 5 years ago

  • Related to User story #12100: Add a global setting to configure curl proxy behaviour added
Actions #31

Updated by Vincent MEMBRÉ almost 5 years ago

  • Target version changed from 5.0.10 to 5.0.11
Actions #32

Updated by Vincent MEMBRÉ almost 5 years ago

  • Target version changed from 5.0.11 to 5.0.12
Actions #33

Updated by Vincent MEMBRÉ almost 5 years ago

  • Target version changed from 5.0.12 to 5.0.13
Actions #34

Updated by Vincent MEMBRÉ over 4 years ago

  • Target version changed from 5.0.13 to 5.0.14
Actions #35

Updated by Vincent MEMBRÉ over 4 years ago

  • Target version changed from 5.0.14 to 5.0.15
Actions #36

Updated by Vincent MEMBRÉ over 4 years ago

  • Target version changed from 5.0.15 to 5.0.16
Actions #37

Updated by Alexis Mousset about 4 years ago

  • Target version changed from 5.0.16 to 5.0.17
Actions #38

Updated by Vincent MEMBRÉ almost 4 years ago

  • Target version changed from 5.0.17 to 5.0.18
Actions #39

Updated by Benoît PECCATTE almost 4 years ago

  • Target version changed from 5.0.18 to 6.2.0~beta1
Actions #40

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 6.2.0~beta1 to 6.2.0~rc1
Actions #41

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 6.2.0~rc1 to 6.2.0
Actions #42

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 6.2.0 to 6.2.1
Actions #43

Updated by Vincent MEMBRÉ about 3 years ago

  • Target version changed from 6.2.1 to 6.2.2
Actions #44

Updated by Vincent MEMBRÉ about 3 years ago

  • Target version changed from 6.2.2 to 6.2.3
Actions #45

Updated by Vincent MEMBRÉ about 3 years ago

  • Target version changed from 6.2.3 to 6.2.4
Actions #46

Updated by Vincent MEMBRÉ about 3 years ago

  • Target version changed from 6.2.4 to 6.2.5
Actions #47

Updated by Vincent MEMBRÉ about 3 years ago

  • Target version changed from 6.2.5 to 6.2.6
Actions #48

Updated by Vincent MEMBRÉ almost 3 years ago

  • Target version changed from 6.2.6 to 6.2.7
Actions #49

Updated by Vincent MEMBRÉ almost 3 years ago

  • Target version changed from 6.2.7 to 6.2.8
Actions #50

Updated by Vincent MEMBRÉ almost 3 years ago

  • Target version changed from 6.2.8 to 6.2.9
Actions #51

Updated by Vincent MEMBRÉ over 2 years ago

  • Target version changed from 6.2.9 to 6.2.10
Actions #52

Updated by Vincent MEMBRÉ over 2 years ago

  • Target version changed from 6.2.10 to 6.2.11
Actions #53

Updated by Vincent MEMBRÉ over 2 years ago

  • Target version changed from 6.2.11 to 6.2.12
Actions #54

Updated by Vincent MEMBRÉ over 2 years ago

  • Target version changed from 6.2.12 to 6.2.13
Actions #55

Updated by Alexis Mousset about 2 years ago

  • Status changed from Discussion to Resolved

done in 7.0

Actions

Also available in: Atom PDF