Avamar - FLR - Linux FLR wget scripts fails when HTTP proxy is configured on virtual machine.

Summary: Avamar - FLR - Failed to restore files via network due to destination Linux VM using internal internet proxy for "wget" traffic

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

In the Avamar FLR restore log we see the following:  
avvmwfile Error <0000>: Failed to restore files via network, check proxy log for details
avvmwfile Error <0000>: assist_restore error. ret: 157
On the Avamar proxy flr logs:   /usr/local/avamaravamarclient/logs/VmwareFlr.log we see flr script auto-generated "flrTBow8V" is being executed inside virtual machines guest operating system.   However the script was not successful ( Note: only exit code 0 would indicate a success, any other number is a failure code)  The failure exit code in this log  was 8.  
ExecuteProgram failed. script text:/bin/bash /root/flrTBow8V, Return: 0, script return code: 8
FLRBase:: ScriptUploadAndExecute failed

In the Avamar FLR script log  we see the following   /usr/local/avamaravamarclient/logs/flrTBow8V.err  
<DATE>  https://Avamar-proxy-IP/download/<uuid>
Resolving internetproxy.example.com (internetproxy.example.com)... 10.2.3.4 
Connecting to internetproxy.example.com (internetproxy.example.com )|10.2.3.4|:3128... connected.

WARNING: cannot verify 10.1.4.50's certificate, issued by ‘/C=US/ST=California/L=Irvine/O=Dell Technologies/OU=Dell EMC/CN=Administrator’:
  Self-signed certificate encountered.
    WARNING: certificate common name ‘Administrator’ doesn't match requested host name ‘10.1.4.50’.Proxy request sent, awaiting response...
  HTTP/1.1 500 Failed to exec CGI
  Connection: close
  X-Frame-Options: SAMEORIGIN
  X-Content-Type-Options: nosniff
  Strict-Transport-Security: max-age=31536000;includeSubDomains
  X-XSS-Protection: 1; mode=block
  Cache-Control: must-revalidate,no-cache,no-store
  Content-Type: text/html;charset=iso-8859-1
  Content-Length: 368
  Server: Jetty(9.4.19.v20190610)
<DATE> ERROR 500: Failed to exec CGI.

ecode: "8"

Cause

This is a environmental issue triggered by non standard linux configuration. 

In flr script output file ( flrTBow8V.err )  we can see  traffic is flowing thru customer's internet http proxy internetproxy.example.com . 

Problem: For security reasons only the target virtual machine is allowed to download files for this particular FLR job/script.  

The HTTP PROXY causes the incoming ip address to NOT match the target vm's ip address and trigger the HTTP Status code 500.   


Configuration:  
  In the virtual machine's guest operating system a wget configuration file ( ~/.wgetrc  or /usr/local/etc/wgetrc) has a HTTP proxy configured.    

https_proxy  =  http://internetproxy.example.com:3128
 

Resolution

Resolution: 

To resolve this issue we need to ensure the FLR script does NOT use the http proxy by changing wget script specification template.  

     

Steps:
1. SSH into the avamar proxy 
2. Edit the wget template script in the following location:  
/usr/local/avamarclient/bin/wget_linux_script.template
3.  Add the wget command switch "--no-proxy"

Example of configuration before change: 
#!/bin/bash
logfile=$0.err
url=https://%s/download
token=%s
files=(%s)
exit_code=0
for file in "${files[@]}";do
        IFS='","' read filepath dest  <<< "$file"
        wget "$url/$filepath" -N -nH -x -P "$dest" --no-check-certificate -S --restrict-file-names=nocontrol  --no-parent --tries 5 --header="Authorization:$token" --cut-dirs=2 --content-disposition 2>>$logfile
        let exit_code=$exit_code+$?
        if Avamar_PlaceHolderFile=$filepath; then
           rm -f "$dest/$filepath"
        fi
done
# delete it self after finish execution
rm -f "$0"
echo "ecode: \"$exit_code\"" >> $logfile
exit $exit_code

Example  of configuration AFTER change: 
#!/bin/bash
logfile=$0.err
url=https://%s/download
token=%s
files=(%s)
exit_code=0
for file in "${files[@]}";do
        IFS='","' read filepath dest  <<< "$file"
        wget "$url/$filepath" -N --no-proxy -nH -x -P "$dest" --no-check-certificate -S --restrict-file-names=nocontrol  --no-parent --tries 5 --header="Authorization:$token" --cut-dirs=2 --content-disposition 2>>$logfile
        let exit_code=$exit_code+$?
        if Avamar_PlaceHolderFile=$filepath; then
           rm -f "$dest/$filepath"
        fi
done
# delete it self after finish execution
rm -f "$0"
echo "ecode: \"$exit_code\"" >> $logfile
exit $exit_code
4. Restart the vmwareflr webservice on the proxy.   ( or reboot proxy) 
192proxy:~ #  systemctl restart vmwareflr.service

Affected Products

Avamar

Products

Avamar Client for VMware
Article Properties
Article Number: 000183577
Article Type: Solution
Last Modified: 05 Sep 2021
Version:  5
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.