Hello, have you considered some kind of transparent TCP-to-proxy redirection, i.e. redsocks? I have not tested is personally but I bookmarked it in the past - I thought it could be helpful one day (today?)
Martin J. "ADSM: Dist Stor Manager" <[email protected]> wrote on 2018-03-06 10:34:13: > From: Uwe Schreiber <[email protected]> > To: [email protected] > Date: 2018-03-06 10:36 > Subject: Re: [ADSM-L] Operations Center 8.1.4 - Client Package > Download using Proxy > Sent by: "ADSM: Dist Stor Manager" <[email protected]> > > I did a test by setting the Java options for the instance user, and > restarted the instance. > > As well i set the Java options for usage by the OPC. > > -> unchanged situation -> download of packages is failing. > > Not the OC which is downloading the software packages. > The "Deploy Package Manager" (integrated in the dsmserv binary?) > triggers the download / refresh / etc. of the software packages. > > I did not see any other java processes than the OPC GUI when the > message "ANR3753I The client update packages manager is started. / > ANR3756I A refresh of client update packeges was started." > > So I assume dsmserv does not start any Java based sub-processes for > downloading the software packages. > > Uwe > > On Tue, 2018-03-06 at 11:07 +0300, Efim wrote: > > Why not to configure a transparent proxy for this traffic? > > > > Assuming that the hub participates in the download of packages, by > > default Java does not use a system proxy. > > You can try to use option Djava.net.useSystemProxies = true in the > > environment settings for the user, on behalf of which the hub starts > > ..... > > it will looks like export IBM_JAVA_OPTIONS="-Dmysysprop1=tcpip > > -Dmysysprop2=wait -Xdisablejavadump" > > I found example in https://www.ibm.com/support/knowledgecenter/en/SSM > > KFH/com.ibm.apmaas.doc/install/config_forwardproxy_dc.htm > > but it uses jvm.options file. > > > > Efim > > > > > > > 6 марта 2018 г., в 10:39, Uwe Schreiber <[email protected] > > > E> написал(а): > > > > > > Hello Efim, > > > > > > thank you for your response. > > > > > > I already had a try using the local catalog. > > > This did not bypass the direct download from IBM. > > > > > > From my point of view, the local catalog gives you the possibility > > > to > > > create your own package repository. > > > Therefor you have to build a http server where you store the > > > package > > > for a download by the OC hub instance. > > > In addition you have to modify the local catalog.json file to point > > > to > > > the right package locations on your own http server. > > > > > > Of course i could setup my own http server and build a local > > > repository. > > > But this would increase the complexity, etc. > > > > > > Uwe > > > > > > > > > On Tue, 2018-03-06 at 09:25 +0300, Efim wrote: > > > > Hi > > > > you can try to configure local catalog. it will bypass using > > > > proxy: > > > > > > > > setopt clientdeployuselocalcatalog yes > > > > create dir: /<instance dir>/deployconfig/ > > > > run (you can add it to the cron): curl -o /<instance > > > > dir>/deployconfig/catalog.json https://public.dhe.ibm.com/storage > > > > /tiv > > > > oli-storage-management/catalog/client/catalog.json > > > > > > > > Efim > > > > > > > > > > > > > > > > > 6 марта 2018 г., в 0:32, Uwe Schreiber <uwe.h.schreiber@T-ONLIN > > > > > E.DE > > > > > > написал(а): > > > > > > > > > > I'am searching a solution for deploying client updates using > > > > > Operations > > > > > Center 8.1.4. > > > > > > > > > > My OC hub (is spoke as well) is not able to connect direct to > > > > > https://urldefense.proofpoint.com/v2/url? > u=https-3A__p&d=DwIFaQ&c=jf_iaSHvJObTbx- > siA1ZOg&r=H5e_B7Ka5iXApV9NLO3a6LPjgmGzpTrVrSapqmyEY0E&m=TCER6L5E- > e0Od-1y1NcsjYk6dr2uwz7GBhdESLV4VP0&s=KfrP7fY71S9D98_YhAxk99uk4IhkHCZZ6h7jnd9iQgM&e= > > > > > ublic.dhe.ibm.com/... > > > > > I have to use a proxy configuration to enable that > > > > > communication. > > > > > > > > > > So I configured the variables http_proxy / https_proxy with the > > > > > according proxy informations for the instance user within the > > > > > RHEL > > > > > 7.4 > > > > > operating System. > > > > > > > > > > Testing using "curl" and "wget" works as expected when trying > > > > > to > > > > > download an deployment package. > > > > > > > > > > For forcing the instance to do a software package refresh I > > > > > restarted > > > > > the instance, but I still got the error > > > > > > > > > > ANR3763E An error occurred while the catalog file used for > > > > > client > > > > > updates was downloading from > > > > > https://public.dhe.ibm.com/storage/tivoli-storage-management/ca > > > > > talo > > > > > g/cl > > > > > ient/catalog.json. > > > > > > > > > > After restarting the instance a "tcpdump" was showing packets > > > > > to > > > > > "public.dhe.ibm.com" using https. > > > > > The tcpdump tool stops to show such packets as soon as I get > > > > > the > > > > > above > > > > > message within the activity-log of the instance. > > > > > > > > > > So I assume that dsmserv is ignoring the environment variables > > > > > for > > > > > the > > > > > proxy configuration. > > > > > > > > > > As well I tried to tell the hub instance to load the client > > > > > update > > > > > packages from a local filesystem instead by downloading them > > > > > from > > > > > IBM, > > > > > by modifying the local installed catalog.json file to use > > > > > "file://..." > > > > > instead of "https://...."; .... without success. > > > > > It seems that the usage of https is "hard coded". > > > > > > > > > > I already tried a manual import of the client autodeployment > > > > > packages, > > > > > as well as the package for the update manager. > > > > > > > > > > But querying the manifest table by using "select > > > > > pkg_name,pkg_type,state from client_pkg" is showing the > > > > > packages > > > > > with > > > > > state=2. > > > > > > > > > > I assume as long as the client update package manager is not > > > > > able > > > > > to do > > > > > the software download the state will not change and there > > > > > is no possibility to deploy any software to the attached > > > > > clients. > > > > >
