Important This documentation space contains information about PATROL Agents when deployed in a BMC Helix Operations Management environment. If you are a TrueSight Operations Management user, see PATROL Agent 21.02.

Installing a Squid proxy server

As an administrator, you can set up a forward proxy server in your infrastructure environment so that PATROL Agent 20.08 and later can communicate with BMC Helix Operations Management via the proxy server. 

For internal testing:

  • BMC uses Squid. You can use other forward proxy servers that are configured correctly.

  • BMC performs a containerized deployment of Squid on Ubuntu by using the instructions in the following section. Squid also supports other types of installations. For more information, see the Squid documentation.

Note

The following commands are applicable to Ubuntu and might vary depending on the Linux distribution. Refer to the relevant operating system documentation for the commands.

To install a Squid proxy server as a Docker container without authentication support

  1. Log in to the computer on which you plan to install the Squid proxy server.

  2. Update the apt package index by running the following command: 

    apt-get update

  3. Install the package to enable apt to use a repository over HTTPS by running the following command:

    apt-get install apt-transport-https ca-certificates curl software-properties-common

  4. Add Docker's official GPG key by running the following command: 

    curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

  5. Update the registry by running the following command: 

    add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"

  6. Install the Docker engine by running the following command: 

    apt-get update
    apt-get install docker-ce

  7. Verify that Docker CE is installed correctly by running the hello-world image: 

    docker run hello-world

  8. Extract the Docker image of the Squid proxy server from the Docker repository:

    #Syntax
    docker pull <Squid docker image name>

    #Example
    docker pull sameersbn/squid:3.5.27-2

    Important

    sameersbn/squid:3.5.27-2 is a community Docker image and is used only as an example here. Use the Docker image approved by your organization.

  9. Download the conf file and copy it to the /opt/tmp/ directory.

  10. Using a text editor, open the /opt/tmp/squid.conf file, and update the http_access parameter. By default http_access is set to deny all. Change it to allow all.

    http_access allow all

  11. Start the Docker container by running the following command: 

    docker run --name squid -d --restart=always --publish 3129:3128 --volume /opt/tmp/squid.conf:/etc/squid/squid.conf --volume /srv/docker/squid/cache:/var/spool/squid sameersbn/squid:3.5.27-2

    Parameter description

    • 3129: External proxy server container port that the PATROL Agent will use to talk to BMC Helix Operations Management. You can use any other port number in the preceding command.
    • 3128: Internal container port on which the proxy server is running. This is a default Squid proxy server port.
    • /opt/tmp/squid.conf: The configuration file that you updated in the Step 5.
    • /etc/squid/squid.conf: The configuration file created inside the container and linked to the /opt/tmp/squid.conf which is outside the container.
    • /srv/docker/squid/cache: The cache directory created outside the container by the Docker pull command.
    • /var/spool/squid: The directory inside the container and linked to /srv/docker/squid/cache that is outside the container.
    • sameersbn/squid:3.5.27-2: The Docker image name.

  12. Verify that the Docker container is running by using the following command:

    docker ps

  13. Update the PATROL Agent configuration to add the proxy server details as shown in the following example . For details, see Configuring-PATROL-Agents-to-support-a-forward-proxy-server.

    #Example
    PATROL_CONFIG "/AgentSetup/integration/forwardProxyServer" = {REPLACE = "testmachine.bmc.com:3129"}

    Parameter description

    testmachine.bmc.com: FQDN of the computer on which the Squid proxy server is installed.

    3129: External proxy server container port number. If you have configured a different port in Step 6, then use the relevant port number.

To install a Squid proxy server as a Docker container with authentication support

  1. Log in to the computer on which you plan to install the Squid proxy server.

  2. Update the apt package index by running the following command: 

    apt-get update

  3. Install the package to enable apt to use a repository over HTTPS by running the following command:

    apt-get install apt-transport-https ca-certificates curl software-properties-common

  4. Add Docker's official GPG key by running the following command: 

    curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

  5. Update the registry by running the following command: 

    add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"

  6. Install the Docker engine by running the following command: 

    apt-get update
    apt-get install docker-ce

  7. Verify that Docker CE is installed correctly by running the hello-world image: 

    docker run hello-world

  8. Extract the Docker image of the Squid proxy server from the Docker repository:

    #Syntax
    docker pull <Squid docker image name>


    #Example
    docker pull sameersbn/squid:3.5.27-2

    Important

    sameersbn/squid:3.5.27-2 is a community Docker image and is used only as an example here. Use the Docker image that is approved by your organization.

  9. Install the apache2-utils utility to manage credentials:

    sudo apt-get install apache2-utils
  10. Create a directory named squid in the /etc directory.

  11. Create a password file named passwd under /etc/squid, and change the ownership: 

    sudo touch /etc/squid/passwd
    sudo chown proxy: /etc/squid/passwd

  12. Add a new user to the Squid server. 

    sudo htpasswd /etc/squid/passwd testuser

    The command prompts you to enter a password for the new user. 

    In the preceding example, testuser is the new user added.

  13. Download the conf file and copy it to the /opt/tmp directory.
  14. Rename the squid_auth.conf file to squid.conf.

  15. Start the Docker container by running the following command: 

    docker run --name squid -d --restart=always --publish 3129:3128 --volume /opt/squid.conf:/etc/squid/squid.conf --volume /srv/docker/squid/cache:/var/spool/squid sameersbn/squid:3.5.27-2

    Parameter description

    • 3129: External proxy server container port that the PATROL Agent will use to talk to BMC Helix Operations Management. You can use any other port number in the preceding command.
    • 3128: Internal container port on which the proxy server is running. This is a default Squid proxy server port.
    • /opt/tmp/squid.conf: The configuration file that you downloaded in the Step 8.
    • /etc/squid/squid.conf: The configuration file that is created inside the container and linked to the /opt/tmp/squid.conf file which is outside the container.
    • /srv/docker/squid/cache: The cache directory created outside the container by the Docker pull command.
    • /var/spool/squid: The directory inside the container and linked to /srv/docker/squid/cache that is outside the container.
    • sameersbn/squid:3.5.27-2: The Docker image name.

  16. Verify that the the Docker container is running by using the following command: 

    docker ps

  17. Update the PATROL Agent configuration to add the proxy server, user and password details as shown in the following example. For details, see Configuring-PATROL-Agents-to-support-a-forward-proxy-server

    #Example
    PATROL_CONFIG "/AgentSetup/integration/forwardProxyServer" = {REPLACE = "testmachine.bmc.com:3129"}
    PATROL_CONFIG "/AgentSetup/integration/forwardProxyUser" = {REPLACE = "testuser"}
    PATROL_CONFIG "/SecureStore/mca/tenant/forwardProxyPasswd" =

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*