-
Notifications
You must be signed in to change notification settings - Fork 24
OpsManager 1.7 behind a http proxy - need new CLI option --opsmanagersshhost #99
Comments
i think i understand your issue. If you are leveraging haproxy to control the point of ingress, wouldn't it make sense to forward ssh through your HAProxy as well? |
We would need to change the ssh port that OpsMan is using - as we can't change the ssh port that the HAProxy is using. So all in all would still require cfops change. |
This is impact analysis of areas likely to change: https://github.com/pivotalservices/cfbackup/blob/develop/tiles/opsmanager/opsmanager.go
https://github.com/pivotalservices/cfops/search?q=NewOpsManager
|
Concern I have is the ssh specific flag would make the flags and UX harder to understand, as this is a very specific edge case to accommodate. What might allow us to achieve the same result but in a more generally applicable way is to make an additional flag for The UAA only understanding a single host (which is a common support question) is something that a override flag would address nicely. I believe this will also help you in your scenario. Let me know if this sounds workable. |
Yes that makes sense if the UAA client can deal with a specific Host/IP header |
cool, its in our backlog. Ill keep this issue up to date as it progresses. |
Checking prioritization of this |
there is a new product team that has been spun up within pivotal that now owns cfops. |
We have PCF 1.7 and using cfops latest 2.2.29
The OpsMan is behind an HA proxy for security & network layout reasons.
https://proxyIP forwards to OpsMan:443
The OpsMan UAA is therefore remembering that proxyIP is the access IP.
All fine for ER backup - but having issues for OpsMan backup
with --opsmanagerhost we can target the UAA-aware proxyIP, but then we have ssh failing to access /var/tempest and do its work - as it goes ssh to proxyIP obviously.
if we use OpsMan IP, then UAA does not authenticate.
Would it be possible to add an optional --opsmanagersshhost (--omssh) that if present would be the one used in calling
https://github.com/pivotalservices/cfbackup/tree/develop/tiles/opsmanager
especially
https://github.com/pivotalservices/cfbackup/blob/develop/tiles/opsmanager/opsmanager.go
or would you propose something else?
The text was updated successfully, but these errors were encountered: