Important This documentation space contains information about PATROL Agents when deployed in a BMC Helix Operations Management environment. If you are a TrueSight Operations Management user, see PATROL Agent 21.3.

Configuring a Squid proxy server

Important

  • To explain configuring a forward proxy server, we have used Squid as an example. BMC does not bundle any forward proxy server with PATROL Agent. We do not provide support for any issues related to forward proxy servers. It is the responsibility of the your network administrator to install, configure, and maintain the forward proxy server.

  • We have performed a containerized deployment of Squid on Ubuntu. For more information, see Squid documentation.

  • The commands provided in the topic are applicable to Ubuntu and might vary depending on the Linux distribution. 

As an administrator, you can set up a forward proxy server in your infrastructure environment so that PATROL Agent can communicate with BMC Helix Operations Management via the proxy server. 

To configure a Squid proxy server as a Docker container without authentication support

  1. Log in to the computer on which you plan to configure the Squid proxy server.

  2. Update the apt package index by running the following command: 

    apt-get update

  3. Install the package to enable apt to use a repository over HTTPS by running the following command:

    apt-get install apt-transport-https ca-certificates curl software-properties-common

  4. Add Docker's official GPG key by running the following command: 

    curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

  5. Update the registry by running the following command: 

    add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"

  6. Install the Docker engine by running the following command: 

    apt-get update
    apt-get install docker-ce

  7. Verify that Docker CE is installed correctly by running the hello-world image: 

    docker run hello-world

  8. Extract the Docker image of the Squid proxy server from the Docker repository:

    #Syntax
    docker pull <Squid docker image name>

    #Example
    docker pull sameersbn/squid:3.5.27-2

    Important

    sameersbn/squid:3.5.27-2 is a community Docker image and is used only as an example here. Use the Docker image approved by your organization.

  9. Download the conf file and copy it to the /opt/tmp/ directory.

  10. Using a text editor, open the /opt/tmp/squid.conf file, and update the http_access parameter. By default http_access is set to deny all. Change it to allow all.

    http_access allow all

  11. Start the Docker container by running the following command: 

    docker run --name squid -d --restart=always --publish 3129:3128 --volume /opt/tmp/squid.conf:/etc/squid/squid.conf --volume /srv/docker/squid/cache:/var/spool/squid sameersbn/squid:3.5.27-2

    Parameter description

    • 3129: External proxy server container port that the PATROL Agent will use to talk to BMC Helix Operations Management. You can use any other port number in the preceding command.
    • 3128: Internal container port on which the proxy server is running. This is a default Squid proxy server port.
    • /opt/tmp/squid.conf: The configuration file that you updated in the Step 5.
    • /etc/squid/squid.conf: The configuration file created inside the container and linked to the /opt/tmp/squid.conf which is outside the container.
    • /srv/docker/squid/cache: The cache directory created outside the container by the Docker pull command.
    • /var/spool/squid: The directory inside the container and linked to /srv/docker/squid/cache that is outside the container.
    • sameersbn/squid:3.5.27-2: The Docker image name.

  12. Verify that the Docker container is running by using the following command:

    docker ps

  13. Update the PATROL Agent configuration to add the proxy server details as shown in the following example. For details, see Configuring-PATROL-Agents-to-support-a-forward-proxy-server.

    #Example
    PATROL_CONFIG "/AgentSetup/integration/forwardProxyServer" = {REPLACE = "testmachine.bmc.com:3128"}

    Parameter description

    testmachine.bmc.com: FQDN of the computer on which the Squid proxy server is configured.

    3128: External proxy server container port number. If you have configured a different port in Step 6, then use the relevant port number.

To configure a Squid proxy server as a Docker container with local authentication support

  1. Log in to the computer on which you plan to configure the Squid proxy server.

  2. Update the apt package index by running the following command: 

    apt-get update

  3. Install the package to enable apt to use a repository over HTTPS by running the following command:

    apt-get install apt-transport-https ca-certificates curl software-properties-common

  4. Add Docker's official GPG key by running the following command: 

    curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

  5. Update the registry by running the following command: 

    add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"

  6. Install the Docker engine by running the following command: 

    apt-get update
    apt-get install docker-ce

  7. Verify that Docker CE is installed correctly by running the hello-world image: 

    docker run hello-world

  8. Extract the Docker image of the Squid proxy server from the Docker repository:

    #Syntax
    docker pull <Squid docker image name>


    #Example
    docker pull sameersbn/squid:3.5.27-2

    Important

    sameersbn/squid:3.5.27-2 is a community Docker image and is used only as an example here. Use the Docker image that is approved by your organization.

  9. Install the apache2-utils utility to manage credentials:

    sudo apt-get install apache2-utils
  10. Create a directory named squid in the /etc directory.

  11. Create a password file named passwd under /etc/squid, and change the ownership: 

    sudo touch /etc/squid/passwd
    sudo chown proxy: /etc/squid/passwd

  12. Add a new user to the Squid server. 

    sudo htpasswd /etc/squid/passwd testuser

    The command prompts you to enter a password for the new user. 

    In the preceding example, testuser is the new user added.

  13. Download the conf file and copy it to the /opt/tmp directory.
  14. Rename the squid_auth.conf file to squid.conf.

  15. Start the Docker container by running the following command: 

    docker run --name squid -d --restart=always --publish 3129:3128 --volume /opt/squid.conf:/etc/squid/squid.conf --volume /srv/docker/squid/cache:/var/spool/squid sameersbn/squid:3.5.27-2

    Parameter description

    • 3129: External proxy server container port that the PATROL Agent will use to talk to BMC Helix Operations Management. You can use any other port number in the preceding command.
    • 3128: Internal container port on which the proxy server is running. This is a default Squid proxy server port.
    • /opt/tmp/squid.conf: The configuration file that you downloaded in the Step 8.
    • /etc/squid/squid.conf: The configuration file that is created inside the container and linked to the /opt/tmp/squid.conf file which is outside the container.
    • /srv/docker/squid/cache: The cache directory created outside the container by the Docker pull command.
    • /var/spool/squid: The directory inside the container and linked to /srv/docker/squid/cache that is outside the container.
    • sameersbn/squid:3.5.27-2: The Docker image name.

  16. Verify that the the Docker container is running by using the following command: 

    docker ps

  17. Update the PATROL Agent configuration to add the proxy server, user and password details as shown in the following example. For details, see Configuring-PATROL-Agents-to-support-a-forward-proxy-server

    #Example
    PATROL_CONFIG "/AgentSetup/integration/forwardProxyServer" = {REPLACE = "testmachine.bmc.com:3128"}
    PATROL_CONFIG "/AgentSetup/integration/forwardProxyUser" = {REPLACE = "testuser"}
    PATROL_CONFIG "/SecureStore/mca/tenant/forwardProxyPasswd" = {MCA/<forwardProxyPasswd>}

To configure a Squid proxy server with LDAP authentication support

Get the following details from the LDAP administrator:

  • Organizational Unit (OU)
  • Domain Component (DC)
  • Common Name (CN)
  1. Log in to the computer on which you plan to configure the Squid proxy server.
  2. Download the squid.conf file. Copy it to the $SQUID_HOME\etc\squid directory after you configure the squid proxy server.
  3. To store the password of the LDAP account, create a file named ldap_password.txt under the $SQUID_HOME\etc\squid directory.
  4. Restart the squid proxy service.

  5. To add the proxy server connection details, update the PATROL Agent configuration as shown in the following example.
    For details, see Configuring-PATROL-Agents-to-support-a-forward-proxy-server

    #Example
    PATROL_CONFIG "/AgentSetup/integration/forwardProxyServer" = {REPLACE = "testmachine.bmc.com:3128"}
    PATROL_CONFIG "/AgentSetup/integration/forwardProxyUser" = {REPLACE = "testuser"}
    PATROL_CONFIG "/SecureStore/mca/tenant/forwardProxyPasswd" = {MCA/<forwardProxyPasswd>}
  6. Restart the PATROL Agent.
  1. To verify if the PATROL Agent is communicating with BHOM via the squid proxy server, go to the PatrolAgent-<hostname>-<port>.errs log file and search for the PATROL Agent guid.
    The log file is present in the following directory:

    • (Linux): $PATROL_HOME/../log
    • (Windows): %PATROL_HOME%log

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*