Avamar - FLR - Linux FLR wget-scripts mislykkes, når HTTP-proxy er konfigureret på virtuel maskine.

avvmwfile Error <0000>: Failed to restore files via network, check proxy log for details
avvmwfile Error <0000>: assist_restore error. ret: 157

ExecuteProgram failed. script text:/bin/bash /root/flrTBow8V, Return: 0, script return code: 8
FLRBase:: ScriptUploadAndExecute failed

<DATE>  https://Avamar-proxy-IP/download/<uuid>
Resolving internetproxy.example.com (internetproxy.example.com)... 10.2.3.4 
Connecting to internetproxy.example.com (internetproxy.example.com )|10.2.3.4|:3128... connected.

WARNING: cannot verify 10.1.4.50's certificate, issued by ‘/C=US/ST=California/L=Irvine/O=Dell Technologies/OU=Dell EMC/CN=Administrator’:
  Self-signed certificate encountered.
    WARNING: certificate common name ‘Administrator’ doesn't match requested host name ‘10.1.4.50’.Proxy request sent, awaiting response...
  HTTP/1.1 500 Failed to exec CGI
  Connection: close
  X-Frame-Options: SAMEORIGIN
  X-Content-Type-Options: nosniff
  Strict-Transport-Security: max-age=31536000;includeSubDomains
  X-XSS-Protection: 1; mode=block
  Cache-Control: must-revalidate,no-cache,no-store
  Content-Type: text/html;charset=iso-8859-1
  Content-Length: 368
  Server: Jetty(9.4.19.v20190610)
<DATE> ERROR 500: Failed to exec CGI.

ecode: "8"

Dette er et miljøproblem udløst af ikke-standard linux-konfiguration. 

I flr script output fil (flrTBow8V.err) kan vi se trafik flyder gennem kundens internet http proxy internetproxy.example.com. 

Problem: Af sikkerhedsmæssige årsager er det kun den virtuelle målmaskine, der har tilladelse til at downloade filer til dette bestemte FLR-job/script.  

HTTP PROXY får den indgående ip-adresse til IKKE at matche mål-vm'ens ip-adresse og udløser HTTP-statuskoden 500.   


Konfiguration:  
  I den virtuelle maskines gæsteoperativsystem har en wget-konfigurationsfil (~/.wgetrc eller /usr/local/etc/wgetrc) konfigureret en HTTP-proxy.    

https_proxy  =  http://internetproxy.example.com:3128

Løsning: 

For at løse dette problem skal vi sikre os, at FLR-scriptet IKKE bruger http-proxyen ved at ændre wget-scriptspecifikationsskabelonen.  

/usr/local/avamarclient/bin/wget_linux_script.template

#!/bin/bash
logfile=$0.err
url=https://%s/download
token=%s
files=(%s)
exit_code=0
for file in "${files[@]}";do
        IFS='","' read filepath dest  <<< "$file"
        wget "$url/$filepath" -N -nH -x -P "$dest" --no-check-certificate -S --restrict-file-names=nocontrol  --no-parent --tries 5 --header="Authorization:$token" --cut-dirs=2 --content-disposition 2>>$logfile
        let exit_code=$exit_code+$?
        if Avamar_PlaceHolderFile=$filepath; then
           rm -f "$dest/$filepath"
        fi
done
# delete it self after finish execution
rm -f "$0"
echo "ecode: \"$exit_code\"" >> $logfile
exit $exit_code

#!/bin/bash
logfile=$0.err
url=https://%s/download
token=%s
files=(%s)
exit_code=0
for file in "${files[@]}";do
        IFS='","' read filepath dest  <<< "$file"
        wget "$url/$filepath" -N --no-proxy -nH -x -P "$dest" --no-check-certificate -S --restrict-file-names=nocontrol  --no-parent --tries 5 --header="Authorization:$token" --cut-dirs=2 --content-disposition 2>>$logfile
        let exit_code=$exit_code+$?
        if Avamar_PlaceHolderFile=$filepath; then
           rm -f "$dest/$filepath"
        fi
done
# delete it self after finish execution
rm -f "$0"
echo "ecode: \"$exit_code\"" >> $logfile
exit $exit_code

192proxy:~ #  systemctl restart vmwareflr.service