Configuring a customer managed proxy server for VIDB Appliance
search cancel

Configuring a customer managed proxy server for VIDB Appliance

book

Article ID: 393078

calendar_today

Updated On:

Products

VMware Cloud Foundation

Issue/Introduction

Enterprises that require all outbound HTTP/HTTPS access in their network to pass through an enterprise proxy will need to configure enterprise proxy for VIDB appliance, since VIDB appliance requires outbound HTTPS access to reach the configured OIDC identity provider.
 
This configuration be done by running the attached script, which will use credentials to the appliance stored within the VCF Lifecycle Manager (LCM), to make appropriate internal configuration changes to proxy all outbound API calls through the provided enterprise proxy.

Environment

VIDB Appliance 9.0.0

Resolution

We make available a python script to configure a proxy for the VIDB appliance through internal calls. The customer will need to download the script to a system that has connectivity to the VCF LCM host as well as the VIDB appliance, and run with appropriate command line arguments. 

Details on attachments:
  • configure-customer-proxy.py: This is the python script that will perform the necessary changes on the appliance.  The script requires python3 for execution.
  • requirements.txt: This file lists the needed dependencies for the python script. They will need to be install using pip3 command.
Configuring a proxy:
 
To configure a proxy, you will need to invoke the command $ python3 ./configure-customer-proxy.py and include the following command line arguments:

  1. --lcmHost (Required): The Lifecycle Manager Hostname where the VIDB Appliance is available.

  2. --lcmUsername (Required): The username used for authenticating with the LCM UI.

  3. --lcmUiPwd (Required): The password for the LCM UI user.

  4. --lcmSshRootPwd (Required): The SSH root password for the LCM instance, used to retrieve the Kubeconfig content.

  5. --vidbFqdn (Required): The Fully Qualified Domain Name (FQDN) of the VIDB instance you want to configure.

  6. --proxyHost (Required, if you need to enable proxy): The hostname of the proxy server you want to set for VIDB.

  7. --proxyPort (Required, if you need to enable proxy): The port of the proxy server.

  8. --proxyUsername (Optional): The username for the proxy server (if authentication is required).

  9. --proxyPassword (Optional): The password for the proxy server (if authentication is required).

  10. --proxyEncodedCertificate (Optional): The base64 encoded certificate of the proxy server (if required).

  11. --excludeDomains (Optional): A comma-separated list of domains that should be excluded from the proxy (e.g., example.com, anotherdomain.com).

  12. --excludeIpAddresses (Optional): A comma-separated list of IP addresses or CIDRs to exclude from the proxy (e.g., 10.x.x.x, 192.168.x.x/24).

Once the script is invoked, it configures the enterprise proxy in the VIDB appliance and routes all outgoing HTTP traffic through it. 
 
Disabling the proxy:
 
If there is any issue with the configuration or wish to remove the proxy configuration, you will need to invoke the script with the following command line argument to remove the proxy configuration:
 
--disableProxy - Mention this argument if customer needs to disable proxy, along with required --lcmHost, --lcmUsername, --lcmUiPwd, --lcmSshRootPwd and --vidbFqdn

Attachments

requirements.txt get_app
configure-customer-proxy.py get_app
Powered by Wolken Software