User story #11791
closedAllow configuring a proxy for HTTP(S) communication between agent and policy server
Description
It is currently impossible to use Rudder when HTTPS communication between the node and the policy servers require using a proxy. I should be possible to provide a proxy value to the agent, currently proxy is explicitly empty.
It needs to be on the node side, to be usable in initial policies.
Updated by Alexis Mousset about 7 years ago
- Translation missing: en.field_tag_list changed from Reloca rudder agent, Quick and important to Quick and important
- Tracker changed from Question to User story
- Subject changed from Implementation of Rudder Agent on Cloud environment with proxy to Allow configuring a proxy for HTTP(S) communication between agent and policy server
- Description updated (diff)
- Category set to System techniques
- Assignee deleted (
Anonymous) - Target version set to 4.1.9
Updated by Paul Bramy about 7 years ago
Rudder agent 4.2.2.release (CFEngine Core 3.10.2)
Updated by Nicolas CHARLES about 7 years ago
- Target version changed from 4.1.9 to 4.2.3
It has two parts:
- on the node side, at first installation, there is the script set_proxy.sh that defines the proxy for the node, and sends the inventory
- on the server side, it's a patch in techniques, which, when the node property 'inventory_proxy' is defined, will set the proxy for the node
Updated by Nicolas CHARLES about 7 years ago
- Status changed from New to In progress
- Assignee set to Nicolas CHARLES
Updated by Nicolas CHARLES about 7 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from Nicolas CHARLES to Alexis Mousset
- Pull Request set to https://github.com/Normation/rudder-techniques/pull/1223
Updated by Nicolas CHARLES about 7 years ago
- Assignee changed from Alexis Mousset to Anonymous
Updated by Paul Bramy about 7 years ago
Nicolas CHARLES wrote:
Proposing a workaround in the PR, for branch 4.2
It has two parts:
- on the node side, at first installation, there is the script set_proxy.sh that defines the proxy for the node, and sends the inventory
- on the server side, it's a patch in techniques, which, when the node property 'inventory_proxy' is defined, will set the proxy for the node
Nicolas, just a question. Does it mean that the set_proxy.sh exists ? If it does I don't understand how to get it.. Ready to test. Many thanx in advance. Impressed by your reactivity. Paul
Updated by Nicolas CHARLES about 7 years ago
Paul,
Code for workaround is submitted in the attached pull request.
The script set_proxy.sh can be downloaded at https://raw.githubusercontent.com/ncharles/rudder-techniques/2b105439a7046c676a8ae42d5989390f4f18b836/tools/set_proxy.sh - you can download it on the nodes, and use it to set the proxy for the initial promises (so when the node hasn't yet sent its inventory to the server)
To check its usage, you can run the command set_proxy.sh usage
You also have a patch to apply on the Rudder server, for continuous operations. It will ensure that the nodes will be able to send their inventory once they are managed by Rudder, with the proxy correctly defined.
The easiest way to apply this patch is to replace the file /var/rudder/configuration-repository/techniques/system/inventory/1.0/fusionAgent.st by the file https://raw.githubusercontent.com/ncharles/rudder-techniques/2b105439a7046c676a8ae42d5989390f4f18b836/techniques/system/inventory/1.0/fusionAgent.st , and then to commit this file into rudder git repository. The procedure is:
cd /var/rudder/configuration-repository/techniques/system/inventory/1.0/ git add fusionAgent.st git commit -m "Updating inventory code to be able to set a proxy" rudder server reload-techniques
It should regenerate policies for all nodes, and you'll be able to set the proxy for each node by setting a node property (in the node details /properties tab) with the name inventory_proxy and the value being proxyname:proxyport
Note that you can also automate the definition of this node property using the rudder API, as described in http://www.rudder-project.org/rudder-api-doc/#api-Nodes-updateNode
Finally, this is a workaround, the actual implementation might be slightly different.
Don't hesitate to ask if you need more details on this, or help applying these patches
Updated by Paul Bramy about 7 years ago
Dear Ruuder team,
Only one word. FANTASTIC !
We applied the patch on the server and we integrated the workaround in our automation engine.
All inventories have been sent.
Our Big picture is now BIGGER !!
Thanx again for you support and reactivity.
Let us run the meetup now !!
Pau
Updated by Vincent MEMBRÉ about 7 years ago
- Target version changed from 4.2.3 to 4.2.4
Updated by Nicolas CHARLES about 7 years ago
- Status changed from Pending technical review to In progress
- Assignee changed from Anonymous to Alexis Mousset
- Target version changed from 4.2.4 to 4.1.10
assiging to Alexis for a proper implementation in 4.1 - Alexis mentionned he wanted a real configuration file
Updated by Nicolas CHARLES almost 7 years ago
- Status changed from In progress to Pending technical review
- Pull Request changed from https://github.com/Normation/rudder-techniques/pull/1223 to https://github.com/Normation/rudder-techniques/pull/1244
Updated by François ARMAND almost 7 years ago
- Related to User story #3384: We should allow the user to specify a proxy to be used with the Rudder cURL calls added
Updated by Vincent MEMBRÉ almost 7 years ago
- Target version changed from 4.1.10 to 4.1.11
Updated by Vincent MEMBRÉ over 6 years ago
- Target version changed from 4.1.11 to 4.1.12
Updated by Vincent MEMBRÉ over 6 years ago
- Target version changed from 4.1.12 to 4.1.13
Updated by Benoît PECCATTE over 6 years ago
- Target version changed from 4.1.13 to 411
Updated by Benoît PECCATTE over 6 years ago
- Target version changed from 411 to 4.1.13
Updated by Vincent MEMBRÉ over 6 years ago
- Target version changed from 4.1.13 to 4.1.14
Updated by Benoît PECCATTE over 6 years ago
- Translation missing: en.field_tag_list deleted (
Quick and important) - Status changed from Pending technical review to Discussion
- Pull Request deleted (
https://github.com/Normation/rudder-techniques/pull/1244)
Updated by Benoît PECCATTE over 6 years ago
- Target version changed from 4.1.14 to 4.1.15
Updated by Vincent MEMBRÉ about 6 years ago
- Target version changed from 4.1.15 to 4.1.16
Updated by Vincent MEMBRÉ about 6 years ago
- Target version changed from 4.1.16 to 4.1.17
Updated by Vincent MEMBRÉ about 6 years ago
- Target version changed from 4.1.17 to 4.1.18
Updated by Vincent MEMBRÉ almost 6 years ago
- Target version changed from 4.1.18 to 4.1.19
Updated by Alexis Mousset almost 6 years ago
- Target version changed from 4.1.19 to 4.1.20
Updated by François ARMAND almost 6 years ago
- Target version changed from 4.1.20 to 4.1.21
Updated by Vincent MEMBRÉ over 5 years ago
- Target version changed from 4.1.21 to 4.1.22
Updated by Benoît PECCATTE over 5 years ago
- Target version changed from 4.1.22 to 5.0.10
Updated by Alexis Mousset over 5 years ago
- Related to User story #12100: Add a global setting to configure curl proxy behaviour added
Updated by Vincent MEMBRÉ over 5 years ago
- Target version changed from 5.0.10 to 5.0.11
Updated by Vincent MEMBRÉ over 5 years ago
- Target version changed from 5.0.11 to 5.0.12
Updated by Vincent MEMBRÉ over 5 years ago
- Target version changed from 5.0.12 to 5.0.13
Updated by Vincent MEMBRÉ over 5 years ago
- Target version changed from 5.0.13 to 5.0.14
Updated by Vincent MEMBRÉ about 5 years ago
- Target version changed from 5.0.14 to 5.0.15
Updated by Vincent MEMBRÉ about 5 years ago
- Target version changed from 5.0.15 to 5.0.16
Updated by Alexis Mousset almost 5 years ago
- Target version changed from 5.0.16 to 5.0.17
Updated by Vincent MEMBRÉ over 4 years ago
- Target version changed from 5.0.17 to 5.0.18
Updated by Benoît PECCATTE over 4 years ago
- Target version changed from 5.0.18 to 6.2.0~beta1
Updated by Vincent MEMBRÉ about 4 years ago
- Target version changed from 6.2.0~beta1 to 6.2.0~rc1
Updated by Vincent MEMBRÉ about 4 years ago
- Target version changed from 6.2.0~rc1 to 6.2.0
Updated by Vincent MEMBRÉ about 4 years ago
- Target version changed from 6.2.0 to 6.2.1
Updated by Vincent MEMBRÉ almost 4 years ago
- Target version changed from 6.2.1 to 6.2.2
Updated by Vincent MEMBRÉ almost 4 years ago
- Target version changed from 6.2.2 to 6.2.3
Updated by Vincent MEMBRÉ almost 4 years ago
- Target version changed from 6.2.3 to 6.2.4
Updated by Vincent MEMBRÉ almost 4 years ago
- Target version changed from 6.2.4 to 6.2.5
Updated by Vincent MEMBRÉ over 3 years ago
- Target version changed from 6.2.5 to 6.2.6
Updated by Vincent MEMBRÉ over 3 years ago
- Target version changed from 6.2.6 to 6.2.7
Updated by Vincent MEMBRÉ over 3 years ago
- Target version changed from 6.2.7 to 6.2.8
Updated by Vincent MEMBRÉ over 3 years ago
- Target version changed from 6.2.8 to 6.2.9
Updated by Vincent MEMBRÉ over 3 years ago
- Target version changed from 6.2.9 to 6.2.10
Updated by Vincent MEMBRÉ over 3 years ago
- Target version changed from 6.2.10 to 6.2.11
Updated by Vincent MEMBRÉ about 3 years ago
- Target version changed from 6.2.11 to 6.2.12
Updated by Vincent MEMBRÉ about 3 years ago
- Target version changed from 6.2.12 to 6.2.13