Avamar - FLR - Linux FLR wget-skript mislykkes når HTTP-proxy er konfigurert på en virtuell maskin.

avvmwfile Error <0000>: Failed to restore files via network, check proxy log for details
avvmwfile Error <0000>: assist_restore error. ret: 157

ExecuteProgram failed. script text:/bin/bash /root/flrTBow8V, Return: 0, script return code: 8
FLRBase:: ScriptUploadAndExecute failed

<DATE>  https://Avamar-proxy-IP/download/<uuid>
Resolving internetproxy.example.com (internetproxy.example.com)... 10.2.3.4 
Connecting to internetproxy.example.com (internetproxy.example.com )|10.2.3.4|:3128... connected.

WARNING: cannot verify 10.1.4.50's certificate, issued by ‘/C=US/ST=California/L=Irvine/O=Dell Technologies/OU=Dell EMC/CN=Administrator’:
  Self-signed certificate encountered.
    WARNING: certificate common name ‘Administrator’ doesn't match requested host name ‘10.1.4.50’.Proxy request sent, awaiting response...
  HTTP/1.1 500 Failed to exec CGI
  Connection: close
  X-Frame-Options: SAMEORIGIN
  X-Content-Type-Options: nosniff
  Strict-Transport-Security: max-age=31536000;includeSubDomains
  X-XSS-Protection: 1; mode=block
  Cache-Control: must-revalidate,no-cache,no-store
  Content-Type: text/html;charset=iso-8859-1
  Content-Length: 368
  Server: Jetty(9.4.19.v20190610)
<DATE> ERROR 500: Failed to exec CGI.

ecode: "8"

Dette er et miljøproblem som utløses av ikke-standard linux-konfigurasjon. 

I flr script utdatafil (flrTBow8V.err) kan vi se trafikken flyter gjennom kundens internett http proxy internetproxy.example.com. 

Problem: Av sikkerhetsmessige årsaker bare målet virtuelle maskinen er tillatt å laste ned filer for denne spesielle FLR jobb / skript.  

HTTP PROXY fører til at den innkommende ip-adressen IKKE samsvarer med mål-VM-ens ip-adresse og utløser HTTP-statuskoden 500.   


Konfigurasjon:  
  I den virtuelle maskinens gjesteoperativsystem har en wget-konfigurasjonsfil (~/.wgetrc eller /usr/local/etc/wgetrc) en HTTP-proxy konfigurert.    

https_proxy  =  http://internetproxy.example.com:3128

Løsning: 

For å løse dette problemet må vi sørge for at FLR-skriptet IKKE bruker http-proxyen ved å endre malen for wget-skriptspesifikasjon.  

/usr/local/avamarclient/bin/wget_linux_script.template

#!/bin/bash
logfile=$0.err
url=https://%s/download
token=%s
files=(%s)
exit_code=0
for file in "${files[@]}";do
        IFS='","' read filepath dest  <<< "$file"
        wget "$url/$filepath" -N -nH -x -P "$dest" --no-check-certificate -S --restrict-file-names=nocontrol  --no-parent --tries 5 --header="Authorization:$token" --cut-dirs=2 --content-disposition 2>>$logfile
        let exit_code=$exit_code+$?
        if Avamar_PlaceHolderFile=$filepath; then
           rm -f "$dest/$filepath"
        fi
done
# delete it self after finish execution
rm -f "$0"
echo "ecode: \"$exit_code\"" >> $logfile
exit $exit_code

#!/bin/bash
logfile=$0.err
url=https://%s/download
token=%s
files=(%s)
exit_code=0
for file in "${files[@]}";do
        IFS='","' read filepath dest  <<< "$file"
        wget "$url/$filepath" -N --no-proxy -nH -x -P "$dest" --no-check-certificate -S --restrict-file-names=nocontrol  --no-parent --tries 5 --header="Authorization:$token" --cut-dirs=2 --content-disposition 2>>$logfile
        let exit_code=$exit_code+$?
        if Avamar_PlaceHolderFile=$filepath; then
           rm -f "$dest/$filepath"
        fi
done
# delete it self after finish execution
rm -f "$0"
echo "ecode: \"$exit_code\"" >> $logfile
exit $exit_code

192proxy:~ #  systemctl restart vmwareflr.service