nach 4.3 Update Proxy Fehler

[Rzpertt]

Hallo,

das Upgrade auf 4.3 scheint gut geklappt zu haben.
wenn ich jetzt aber den opsi-client-agent im configed updaten möchte kommt diese Fehlermeldung:

Code: Alles auswählen

tnls-cl44.bla.de:	 HTTPSConnectionPool(host='192.168.155.180', port=4441): Max retries exceeded with url: /opsiclientd (Caused by ProxyError('Unable to connect to proxy. Your proxy appears to only use HTTP and not HTTPS, try changing your proxy URL to be HTTP. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy', SSLError(SSLError(1, '[SSL] record layer failure (_ssl.c:1006)'))))

Wenn ich den Client reboote installiert er das Paket sauber und danach anscheinend alle auch sauber
Soll das so sein?

mein health-check sieht so aus:

Code: Alles auswählen

● OPSI Configuration: WARNING
   ➔ 1 issues found in the opsi configuration.

   WARNING - 1 issues found in the opsi configuration.

   WARNING - Configuration opsiclientd.global.verify_server_cert is set to [False] - default is [True].

● Opsiconfd config: OK
   ➔ No issues found in the configuration.

● SSL: OK
   ➔ No SSL issues found.

● Redis server: OK
   ➔ No Redis issues found.

● MySQL server: ERROR
   ➔ Some issues found with MySQL.

   OK - Connection to MySQL is working
   ERROR - Configured max_allowed_packet=16777216 is too small (should be at least 64000000).

● Run as user: OK
   ➔ No issues found with user 'opsiconfd'.

● OPSI licenses: OK
   ➔ 106 active clients, no licensing issues.

● Operating System End Of Life: OK
   ➔ Version 11 of distribution debian is supported until 2024-07-01.

● System packages: OK
   ➔ All packages are up to date.

● Disk usage: OK
   ➔ Sufficient free space on all file systems.

● Depotserver check: OK
   ➔ No problems found with the depot servers.

● Products on depots: ERROR
   ➔ Failed to get package info from repository 'https://opsipackages.43.opsi.org/stable/packages.msgpack.zstd': HTTPSConnectionPool(host='opsipackages.43.opsi.org', port=443): Max retries exceeded with url:
   /stable/packages.msgpack.zstd (Caused by ProxyError('Unable to connect to proxy. Your proxy appears to only use HTTP and not HTTPS, try changing your proxy URL to be HTTP. See:
   https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy', SSLError(SSLError(1, '[SSL] record layer failure (_ssl.c:1006)'))))

● Products on clients: ERROR
   ➔ Failed to get package info from repository 'https://opsipackages.43.opsi.org/stable/packages.msgpack.zstd': HTTPSConnectionPool(host='opsipackages.43.opsi.org', port=443): Max retries exceeded with url:
   /stable/packages.msgpack.zstd (Caused by ProxyError('Unable to connect to proxy. Your proxy appears to only use HTTP and not HTTPS, try changing your proxy URL to be HTTP. See:
   https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy', SSLError(SSLError(1, '[SSL] record layer failure (_ssl.c:1006)'))))

● Deprecated RPCs: WARNING
   ➔ Use of 2 deprecated methods found.

   WARNING - Use of 2 deprecated methods found.

   WARNING - Deprecated method 'getClientIds_list' was called 1 times.
             The method will be dropped with opsiconfd version 4.4.
             Last call was 2024-01-24 06:48:33
             The method was called from the following applications:
             - Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
   WARNING - Deprecated method 'getBackendInfos_listOfHashes' was called 2 times.
             Last call was 2023-03-27 04:28:15
             The method was called from the following applications:
             - opsi config editor 4.2.15.1.2

● OPSI LDAP Connection: OK
   ➔ LDAP authentication is not configured.

Da ist der Proxy Fehler wieder, ich habe in der /etc/environment beide eingetragen:

Code: Alles auswählen

https_proxy="https://cache.bla.de:3128"
http_proxy="http://cache.bla.de:3128"

[j.schneider]

Hallo!

Wahrscheinlich muss der Proxy per HTTP angesprochen werden.

Code: Alles auswählen

https_proxy="http://cache.bla.de:3128"
http_proxy="http://cache.bla.de:3128"

Nach einer Änderung an der /etc/environment muss der opsiconfd neu gestartet werden damit die Änderung greift.

Grüße
Jan Schneider

[Rzpertt]

Ich kann die Pakete auf den Clients installieren solange niemand eingeloggt ist,
wenn ich mich auslogge geht das. Bei opsi 4.1 war das egal.

Der Fehler im health-check war anders als ich opsi.org vom proxy ausgeschlossen haben:

Code: Alles auswählen

● Products on depots: ERROR
   ➔ Failed to get package info from repository 'https://opsipackages.43.opsi.org/stable/packages.msgpack.zstd':
   HTTPSConnectionPool(host='opsipackages.43.opsi.org', port=443): Max retries exceeded with url: /stable/packages.msgpack.zstd (Caused by
   ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f083c72d510>, 'Connection to opsipackages.43.opsi.org timed out. (connect
   timeout=10)'))

● Products on clients: ERROR
   ➔ Failed to get package info from repository 'https://opsipackages.43.opsi.org/stable/packages.msgpack.zstd':
   HTTPSConnectionPool(host='opsipackages.43.opsi.org', port=443): Max retries exceeded with url: /stable/packages.msgpack.zstd (Caused by
   ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f083c7182d0>, 'Connection to opsipackages.43.opsi.org timed out. (connect
   timeout=10)'))

ich habe gestern testweise dies nochmal ausgemacht:

Code: Alles auswählen

 WARNING - Configuration opsiclientd.global.verify_server_cert is set to [False] - default is [True].

[Rzpertt]

Hallo!

Wahrscheinlich muss der Proxy per HTTP angesprochen werden.

Code: Alles auswählen

https_proxy="http://cache.bla.de:3128"
http_proxy="http://cache.bla.de:3128"

Nach einer Änderung an der /etc/environment muss der opsiconfd neu gestartet werden damit die Änderung greift.

Grüße
Jan Schneider

danke.
das hat geholfen, da der opsi im LAN ist habe ich aber mal unsere Domain vom Proxy ausgeschlossen.
der health-check macht noch die fehler:

Code: Alles auswählen

● Products on depots: ERROR
   ➔ Failed to get package info from repository 'https://opsipackages.43.opsi.org/stable/packages.msgpack.zstd': HTTPSConnectionPool(host='opsipackages.43.opsi.org', port=443): Max retries exceeded with url:
   /stable/packages.msgpack.zstd (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f23b0d084d0>, 'Connection to opsipackages.43.opsi.org timed out. (connect timeout=10)'))

● Products on clients: ERROR
   ➔ Failed to get package info from repository 'https://opsipackages.43.opsi.org/stable/packages.msgpack.zstd': HTTPSConnectionPool(host='opsipackages.43.opsi.org', port=443): Max retries exceeded with url:
   /stable/packages.msgpack.zstd (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f23b0cfd5d0>, 'Connection to opsipackages.43.opsi.org timed out. (connect timeout=10)'))

ein versuchtes update der pakete läuft aber durch:

Code: Alles auswählen

opsi-package-updater -v update
[5] [2024-02-15 09:58:04.505] [               ] Repository metafile successfully fetched: https://opsipackages.43.opsi.org/stable/packages.msgpack.zstd   (Updater.py:1192)
[5] [2024-02-15 09:58:04.544] [               ] No new packages available   (Updater.py:266)

[n.doerrer]

Der health-check benutzt dem im system konfigurierten proxy (im Gegensatz zum opsi-package-updater, der den proxy aus seiner eigenenen Konfigurationsdatei verwendet).

Wenn der opsi-server nicht ohne proxy ins internet kommt, muss, damit der health-check funktioniert, der Proxy im system konfiguriert werden.
Je nach System z.B. in /etc/environment

Code: Alles auswählen

HTTPS_PROXY="http://cache.bla.de:3128"
HTTP_PROXY="http://cache.bla.de:3128"