PDA

View Full Version : SLES 12 SP3 zypper via squid proxy in Amazon VPC



bavialle
11-Feb-2019, 04:08
Currently I am unable to patch or install additional packages on SLES 12 SP3 Instances which are located in a VPC which only has Internet access through Amazon Linux based Squid proxies which we do not manage.

Security restrictions do not permit direct Internet access from our VPC. When our instances are configured with Proxy Server settings in /etc/sysconfig/proxy we get the following error messages:

Refreshing service 'SMT-http_smt-ec2_susecloud_net'.
Problem retrieving the repository index file for service 'SMT-http_smt-ec2_susecloud_net':
Location 'http://smt-ec2.susecloud.net/repo/repoindex.xml?cookies=0&credentials=SMT-http_smt-ec2_susecloud_net' is temporarily unaccessible.
Check if the URI is valid and accessible.
Refreshing service 'cloud_update'.
Location 'http://smt-ec2.susecloud.net/repo/SUSE/Updates/SLE-Module-Adv-Systems-Management/12/x86_64/update/repodata/repomd.xml?credentials=SMT-http_smt-ec2_susecloud_net' is temporarily unaccessible.
Abort, retry, ignore? [a/r/i] (r):

Is there any way to make this set-up work?

If I attempt to force a new cloud registration I end up with only the nVidia-Driver-SLE12-SP3 repository as available.

rjschwei
11-Feb-2019, 13:41
Currently I am unable to patch or install additional packages on SLES 12 SP3 Instances which are located in a VPC which only has Internet access through Amazon Linux based Squid proxies which we do not manage.

Security restrictions do not permit direct Internet access from our VPC. When our instances are configured with Proxy Server settings in /etc/sysconfig/proxy we get the following error messages:

Refreshing service 'SMT-http_smt-ec2_susecloud_net'.
Problem retrieving the repository index file for service 'SMT-http_smt-ec2_susecloud_net':
Location 'http://smt-ec2.susecloud.net/repo/repoindex.xml?cookies=0&credentials=SMT-http_smt-ec2_susecloud_net' is temporarily unaccessible.
Check if the URI is valid and accessible.
Refreshing service 'cloud_update'.
Location 'http://smt-ec2.susecloud.net/repo/SUSE/Updates/SLE-Module-Adv-Systems-Management/12/x86_64/update/repodata/repomd.xml?credentials=SMT-http_smt-ec2_susecloud_net' is temporarily unaccessible.
Abort, retry, ignore? [a/r/i] (r):

Is there any way to make this set-up work?

If I attempt to force a new cloud registration I end up with only the nVidia-Driver-SLE12-SP3 repository as available.

To the update infrastructure the traffic appears to be as originating from the proxy, which is the whole idea of a proxy of course. However the proxy is not an on-demand SLES instance and thus you cannot access to update infrastructure. How to use on-demand SLES instances in a VPC is documented in this blog [1]

[1] https://www.suse.com/c/using-suse-linux-enterprise-demand-aws-vpc-setup/