When attempting to download content from a private repository, the Aria Automation Orchestrator is observing an error message similar to:

<date> info Looking in indexes: https://<private repository domain>/<private repository uri>/
<date> error WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ProxyError('Cannot connect to proxy.', OSError('Tunnel connection failed: 502 Bad Gateway'))': /<private repository uri>/

Aria Automation/Orchestrator 8.18.x

The private repository may be missing from the internal proxy's user proxy exclude list.

Part 1: Preparation:

1. SSH to the Aria Automation/Orchestrator appliance (just 1 if in a cluster is enough).

   Run 'vracli proxy show' to retrieve the current settings for the internal proxy, save/copy these settings some.

2. The section and domains of interest are:

   "user-proxy-exclude": "docker-registry.prelude.svc.cluster.local,localhost,.cluster.local,192.,vra-k8s.local,kubernetes,kubernetes.default.svc.cluster.local,<my domain 1>,<another domain 2>,<some other repository domain X>,...",

Part 2: Applying the change:

1. Apart from the environment's internal domains and other existing private or external domains, add the <private repository domain> that is failing to the list as follows:

   vracli proxy set --proxy-exclude "docker-registry.prelude.svc.cluster.local,localhost,.cluster.local,192.,vra-k8s.local,kubernetes,kubernetes.default.svc.cluster.local,<my domain 1>,<another domain 2>,<some other repository domain X>,<the private repository domain>,..."

2. Run:

   vracli proxy apply

3. Running the 'apply' command above will restart the proxy pods and update the list across all nodes in the cluster.

Part 3: Rollback:

Reversing this change consists of the same commands, only excluding <the private repository domain> from the list.