Pivotal Knowledge Base

Follow

How to Configure and Modify Ops Manager proxy settings

Environment

Product Version
Ops Manager  1.7.x

Purpose

With the introduction of PCF 1.7 comes the ability to configure an HTTP Proxy to be used by Ops Manager, Ops Manager Director and Elastic runtime when the components talk to the API of your IaaS (AWS, Openstack, Azure).  This is often required by company security policies and regulations.  Presently this configuration option can only be set on the initial installation, but this KB article walks through the current method for changing these settings.

Instructions

The HTTP Proxy settings (HTTP_PROXY, HTTPS_PROXY & NO_PROXY) are stored in the database.  The following steps can be used to update the values in the database.

  1. SSH to the Ops Manager VM.
  2. To get access to the database run sudo su - tempest-web -s /bin/bash -c 'psql tempest_production'
  3. Run the following SQL queries to update the HTTP_PROXY, HTTPS_PROXY and NO_PROXY settings.

    • UPDATE proxy_settings SET http_proxy = '<NEW HTTP PROXY>' WHERE id = 1;
    • UPDATE proxy_settings SET https_proxy = '<NEW HTTPS PROXY>' WHERE id = 1;
    • UPDATE proxy_settings SET no_proxy = '<NEW NO PROXY>' WHERE id = 1;
  4. Run this command to confirm the settings have been updated: \d proxy_settings

You do not need to restart Ops Manager or the tempest-web process after making these changes.  They should take effect immediately.

Impact / Risks

The risk of this change is low, but because it requires editing the database manually it is strongly recommend that you take a back up of the database first.  

The command sudo su - tempest-web -s /bin/bash -c 'pg_dump tempest_production > /tmp/tempest_production.sql' will dump the SQL to a file on the disk.  

It can then be restored with sudo su - tempest-web -s /bin/bash -c 'psql tempest_production < /tmp/tempest_production.sql' .

Additional Information

As of the current release of Ops Manager, it is only possible to configure these settings when you initially install Ops Manager.  There is a story in the backlog to make this configurable at any time.  Until then, this KB describes how to manually change these settings.

There is a feature narrative that describes the proxy settings in more detail here.  There is also a story in Tracker for this.  The target for this is Ops Manager 1.8.

Comments

  • Avatar
    Anser Arif

    Hello,

    Starting PCF 1.8, the process of updating http_proxy, https_proxy or no_proxy is even more simple.
    This can be done using the Settings in the drop down of admin button on top right of Ops Manager Web-GUI.

    See below for details:
    https://docs.pivotal.io/pivotalcf/1-8/customizing/pcf-interface.html

  • Avatar
    Brian OConnell

    If you omit the no_proxy and save the settings in the opsman gui, you get kicked out and are prompted to login again. This then fails with a 500 error.

    To recover use the psql command in the article and to clear out the bad settings

    update proxy_settings set http_proxy='', https_proxy='', no_proxy='' where id=1;

    then restart the opsmanager.

    This occurred in pcf 1.11.4

Powered by Zendesk