在虛擬機器上設定 HTTP 代理時,Avamar - FLR - Linux FLR wget 指令檔失敗。

Summary: Avamar - FLR - 無法透過網路還原檔案,因為目的地 Linux VM 使用內部網際網路代理進行「wget」流量

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

在 Avamar FLR 還原記錄中,我們看到下列內容:  
avvmwfile Error <0000>: Failed to restore files via network, check proxy log for details
avvmwfile Error <0000>: assist_restore error. ret: 157
在 Avamar Proxy flr 記錄中:   /usr/local/avamaravamarclient/logs/VmwareFlr.log 我們看到 FLR 指令檔自動產生的「flrTBow8V」正在虛擬機器客體作業系統內執行。   但是指令檔未 成功 (注意:只有結束代碼 0 表示 成功,任何其他數字均為失敗代碼) 此記錄中的失敗結束代碼為 8。  
ExecuteProgram failed. script text:/bin/bash /root/flrTBow8V, Return: 0, script return code: 8
FLRBase:: ScriptUploadAndExecute failed

在 Avamar FLR 指令檔記錄,我們會看到下列內容 /usr/local/avamaravamarclient/logs/flrTBow8V.err  
<DATE>  https://Avamar-proxy-IP/download/<uuid>
Resolving internetproxy.example.com (internetproxy.example.com)... 10.2.3.4 
Connecting to internetproxy.example.com (internetproxy.example.com )|10.2.3.4|:3128... connected.

WARNING: cannot verify 10.1.4.50's certificate, issued by ‘/C=US/ST=California/L=Irvine/O=Dell Technologies/OU=Dell EMC/CN=Administrator’:
  Self-signed certificate encountered.
    WARNING: certificate common name ‘Administrator’ doesn't match requested host name ‘10.1.4.50’.Proxy request sent, awaiting response...
  HTTP/1.1 500 Failed to exec CGI
  Connection: close
  X-Frame-Options: SAMEORIGIN
  X-Content-Type-Options: nosniff
  Strict-Transport-Security: max-age=31536000;includeSubDomains
  X-XSS-Protection: 1; mode=block
  Cache-Control: must-revalidate,no-cache,no-store
  Content-Type: text/html;charset=iso-8859-1
  Content-Length: 368
  Server: Jetty(9.4.19.v20190610)
<DATE> ERROR 500: Failed to exec CGI.

ecode: "8"

Cause

這是由非標準 Linux 組態觸發的環境問題。

在 flr 指令檔輸出檔案 (flrTBow8V.err) 中,我們可以看到流量正流經客戶的網際網路 HTTP 代理 internetproxy.example.com

問題:出於安全考慮,僅允許目標虛擬機下載此特定 FLR 作業/指令檔的檔案。  

HTTP 代理會導致傳入的 IP 位址與目標虛擬機器的 IP 位址不相符,並觸發 HTTP 狀態代碼 500。   


組態:  
  在虛擬機器的客戶機作業系統中,wget 組態檔案 (~/.wgetrc 或 /usr/local/etc/wgetrc) 已設定 HTTP 代理。    

https_proxy  =  http://internetproxy.example.com:3128
 

Resolution

解決方案: 

若要解決此問題,我們需要變更 wget 指令檔規格範本,以確保 FLR 指令檔不會使用 http 代理。  

     

步驟:
1.SSH 進入 avamar Proxy
2。在下列位置編輯 wget 範本指令檔:  
/usr/local/avamarclient/bin/wget_linux_script.template
3.  新增 wget 命令切換「--no-proxy」

變更前的組態範例: 
#!/bin/bash
logfile=$0.err
url=https://%s/download
token=%s
files=(%s)
exit_code=0
for file in "${files[@]}";do
        IFS='","' read filepath dest  <<< "$file"
        wget "$url/$filepath" -N -nH -x -P "$dest" --no-check-certificate -S --restrict-file-names=nocontrol  --no-parent --tries 5 --header="Authorization:$token" --cut-dirs=2 --content-disposition 2>>$logfile
        let exit_code=$exit_code+$?
        if Avamar_PlaceHolderFile=$filepath; then
           rm -f "$dest/$filepath"
        fi
done
# delete it self after finish execution
rm -f "$0"
echo "ecode: \"$exit_code\"" >> $logfile
exit $exit_code

變更後的組態範例: 
#!/bin/bash
logfile=$0.err
url=https://%s/download
token=%s
files=(%s)
exit_code=0
for file in "${files[@]}";do
        IFS='","' read filepath dest  <<< "$file"
        wget "$url/$filepath" -N --no-proxy -nH -x -P "$dest" --no-check-certificate -S --restrict-file-names=nocontrol  --no-parent --tries 5 --header="Authorization:$token" --cut-dirs=2 --content-disposition 2>>$logfile
        let exit_code=$exit_code+$?
        if Avamar_PlaceHolderFile=$filepath; then
           rm -f "$dest/$filepath"
        fi
done
# delete it self after finish execution
rm -f "$0"
echo "ecode: \"$exit_code\"" >> $logfile
exit $exit_code
4.在代理上重新啟動 vmwareflr web服務。   (或重新開機代理) 
192proxy:~ #  systemctl restart vmwareflr.service

Affected Products

Avamar

Products

Avamar Client for VMware
Article Properties
Article Number: 000183577
Article Type: Solution
Last Modified: 05 Sep 2021
Version:  5
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.