在虚拟机上配置 HTTP 代理时,Avamar — FLR — Linux FLR wget 脚本失败。

Summary: Avamar — FLR — 由于目标 Linux 虚拟机对“wget”流量使用内部 Internet 代理,因此无法通过网络还原文件

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

在 Avamar FLR 还原日志中,我们看到以下内容:  
avvmwfile Error <0000>: Failed to restore files via network, check proxy log for details
avvmwfile Error <0000>: assist_restore error. ret: 157
在 Avamar 代理 flr 日志中:   /usr/local/avamaravamarclient/logs/VmwareFlr.log我们看到自动生成的 FLR 脚本“flrTBow8V”正在虚拟机来宾操作系统中执行。   但是,脚本未 成功(提醒:只有退出代码 0 表示 成功,任何其他数字都是失败代码)。此日志中的失败退出代码为 8。  
ExecuteProgram failed. script text:/bin/bash /root/flrTBow8V, Return: 0, script return code: 8
FLRBase:: ScriptUploadAndExecute failed

在 Avamar FLR 脚本日志中 ,我们看到以下内容:/usr/local/avamaravamarclient/logs/flrTBow8V.err  
<DATE>  https://Avamar-proxy-IP/download/<uuid>
Resolving internetproxy.example.com (internetproxy.example.com)... 10.2.3.4 
Connecting to internetproxy.example.com (internetproxy.example.com )|10.2.3.4|:3128... connected.

WARNING: cannot verify 10.1.4.50's certificate, issued by ‘/C=US/ST=California/L=Irvine/O=Dell Technologies/OU=Dell EMC/CN=Administrator’:
  Self-signed certificate encountered.
    WARNING: certificate common name ‘Administrator’ doesn't match requested host name ‘10.1.4.50’.Proxy request sent, awaiting response...
  HTTP/1.1 500 Failed to exec CGI
  Connection: close
  X-Frame-Options: SAMEORIGIN
  X-Content-Type-Options: nosniff
  Strict-Transport-Security: max-age=31536000;includeSubDomains
  X-XSS-Protection: 1; mode=block
  Cache-Control: must-revalidate,no-cache,no-store
  Content-Type: text/html;charset=iso-8859-1
  Content-Length: 368
  Server: Jetty(9.4.19.v20190610)
<DATE> ERROR 500: Failed to exec CGI.

ecode: "8"

Cause

这是非标准 linux 配置触发的环境问题。

在 flr 脚本输出文件 (flrTBow8V.err) 中,我们可以看到流量流经客户的互联网 http 代理 internetproxy.example.com

问题:出于安全原因,仅允许目标虚拟机为此特定 FLR 作业/脚本下载文件。  

HTTP 代理会导致传入 ip 地址与目标虚拟机的 ip 地址不匹配,并触发 HTTP 状态代码 500。   


配置:  
  在虚拟机的客户机操作系统中,wget 配置文件(~/.wgetrc 或 /usr/local/etc/wgetrc)配置了 HTTP 代理。    

https_proxy  =  http://internetproxy.example.com:3128
 

Resolution

解决方案: 

要解决此问题,我们需要通过更改 wget 脚本规范模板来确保 FLR 脚本不使用 http 代理。  

     

步骤:
1.通过 SSH 连接到 Avamar 代理
2。在以下位置编辑 wget 模板脚本:  
/usr/local/avamarclient/bin/wget_linux_script.template
3.  添加 wget 命令开关“--no-proxy”

更改前的配置示例: 
#!/bin/bash
logfile=$0.err
url=https://%s/download
token=%s
files=(%s)
exit_code=0
for file in "${files[@]}";do
        IFS='","' read filepath dest  <<< "$file"
        wget "$url/$filepath" -N -nH -x -P "$dest" --no-check-certificate -S --restrict-file-names=nocontrol  --no-parent --tries 5 --header="Authorization:$token" --cut-dirs=2 --content-disposition 2>>$logfile
        let exit_code=$exit_code+$?
        if Avamar_PlaceHolderFile=$filepath; then
           rm -f "$dest/$filepath"
        fi
done
# delete it self after finish execution
rm -f "$0"
echo "ecode: \"$exit_code\"" >> $logfile
exit $exit_code

更改后的配置示例: 
#!/bin/bash
logfile=$0.err
url=https://%s/download
token=%s
files=(%s)
exit_code=0
for file in "${files[@]}";do
        IFS='","' read filepath dest  <<< "$file"
        wget "$url/$filepath" -N --no-proxy -nH -x -P "$dest" --no-check-certificate -S --restrict-file-names=nocontrol  --no-parent --tries 5 --header="Authorization:$token" --cut-dirs=2 --content-disposition 2>>$logfile
        let exit_code=$exit_code+$?
        if Avamar_PlaceHolderFile=$filepath; then
           rm -f "$dest/$filepath"
        fi
done
# delete it self after finish execution
rm -f "$0"
echo "ecode: \"$exit_code\"" >> $logfile
exit $exit_code
4.重新启动代理上的 vmwareflr webservice。   (或重新启动代理) 
192proxy:~ #  systemctl restart vmwareflr.service

Affected Products

Avamar

Products

Avamar Client for VMware
Article Properties
Article Number: 000183577
Article Type: Solution
Last Modified: 05 Sep 2021
Version:  5
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.