Tetra Hub v2 Proxy Settings

The following procedure describes how to configure Tetra Hub V2 proxy settings after the hub is installed.

For instructions on how to configure proxy settings when installing a Tetra Hub, see Create and Install a Tetra Hub v2.

📘

NOTE

You can use the following procedure to help troubleshoot Tetra Hub V2 proxy connection issues.

Step 1: Configure Environment Variables

Configure the TetraScience shell environment variables manually by doing the following:

  1. Open the root user’s profile on the dedicated Linux machine that you’re installing the Tetra Hub V2 on.
  2. In the root user’s profile, open one of the following files, based on your operating system:
    • For Ubuntu, open the /root/.bashrc file.
    • For RedHat, open the /root/.bash_profile file.
    • For CentOS, open the /root/.bash_profile file.
  3. Add the following lines of code to the file:
export http_proxy=http://hostname:port
export https_proxy=http://hostname:port
export no_proxy=169.254.169.254
  1. (Optional) Add basic authentication settings, if required. To configure basic authentication, add the username and password to the http_proxy and https_proxy lines in the example code in step 3.
  2. Make sure that the settings are applied by doing the following:
    • Restart the Tetra Hub V2 host machine.
    • Then, verify that the proxy settings environment variables are configured by invoking the shell command env.
    • In the command response, look for code lines that match the ones you entered in step 3. If the same lines appear, the settings are applied.

📘

NOTE

You can’t configure environment variables temporarily when you create a new session. You must configure the environment variables in the Tetra Hub host machine’s root user’s profile. This is because the AWS Systems Manager Agent (SSM Agent), Amazon Elastic Container Service (Amazon ECS) Agent, and Amazon CloudWatch Agent that the Tetra Hub uses must use the root account on a dedicated Linux machine.

Step 2: Configure Connector Proxy Settings

📘

NOTE

Connectors installed on a Tetra Hub V2 that’s configured to use a proxy are also automatically configured to use the hub’s proxy. The hub’s proxy acts as a parent proxy for the Connector’s connections to the TDP and AWS services.

Edit /etc/hub/proxy.env so that it matches the other proxy environment changes being made. Connector parent proxy settings are stored in /etc/hub/proxy.env, which is mounted in the Docker containers for the Connectors.

Make sure that you enter the following code lines for each corresponding setting in your proxy environment (omit lines that don’t have a corresponding setting):

  • http_proxy=http://${proxyAuthInfo}${httpProxy}
  • http_proxy_redacted=http://${proxyAuthRedacted}${httpProxy}
  • https_proxy=http://${proxyAuthInfo}${httpsProxy}
  • https_proxy_redacted=http://${proxyAuthRedacted}${httpProxy}
  • https_proxy_host=${hub.httpsProxyIp}
  • https_proxy_port=${hub.httpsProxyPort}
  • https_proxy_username=${hub.httpsProxyUsername}
  • no_proxy=localhost,otherNoProxyHosts

🚧

IMPORTANT

If you change a Connector’s proxy settings, the settings' associated Docker containers must be restarted manually on the Tetra Hub machine before the new settings are applied. The Connector settings are stored in /etc/hub/proxy.env.

Step 3: Configure SSM Agent Proxy Settings

To configure AWS Systems Manager Agent (SSM Agent) proxy settings, see Configuring SSM Agent to use a proxy (Linux) in the AWS documentation.

The SSM Agent’s proxy settings are stored in one of the following files, depending on whether the Linux system uses snap or not:

  • On Ubuntu Server instances where SSM Agent is installed by using a snap:

/etc/systemd/system/snap.amazon-ssm-agent.amazon-ssm-agent.service.d/override.conf

  • On Amazon Linux 2 and Amazon Linux 2023 instances:

/etc/systemd/system/amazon-ssm-agent.service.d/override.conf

At either path, TetraScience inserts the following lines to configure the Hub’s proxy:

Environment="http_proxy=http://$proxyAuthInfo$httpProxy"
Environment="https_proxy=http://$proxyAuthInfo$httpsProxy"
Environment="no_proxy=169.254.169.254$noProxy"

The hard-coded no_proxy IPs are used locally by AWS services to retrieve instance metadata and credentials. The hard-coded no_proxy IPs must not be removed.

🚧

IMPORTANT

If you change SSM Agent proxy settings, then the SSM Agent must be restarted before the settings are applied. For instructions, see Checking SSM Agent status and starting the agent in the AWS documentation.

Step 4: Configure Amazon ECS Agent Proxy Settings

To configure Amazon ECS Agent proxy settings, see HTTP proxy configuration in the AWS documentation.

The ECS Agent’s proxy settings are stored in the following three files:

  1. /etc/systemd/system/ecs.service.d/http-proxy.conf contains the following proxy settings:
HTTP_PROXY=$proxyAuthInfo$httpProxy
NO_PROXY=169.254.169.254,169.254.170.2,/var/run/docker.sock$noProxy
  1. /etc/systemd/system/ecs.service.d/http-proxy.conf contains the following proxy settings:
Environment="HTTP_PROXY=${proxyAuthInfo}${httpProxy}/"
Environment="NO_PROXY=169.254.169.254,169.254.170.2,/var/run/docker.sock$noProxy"
  1. /etc/systemd/system/docker.service.d/http-proxy.conf contains the following proxy settings:
Environment="HTTP_PROXY=$proxyAuthInfo$httpProxy"
Environment="NO_PROXY=169.254.169.254,169.254.170.2,/var/run/docker.sock$noProxy"

The hard-coded no_proxy IPs are used locally by AWS services to retrieve instance metadata and credentials. The hard-coded no_proxy IPs must not be removed.

🚧

IMPORTANT

If you change Amazon ECS Agent proxy settings, then the agent must be restarted before the settings are applied. For instructions, see Installing the Amazon ECS container agent in the AWS documentation.

Step 5: Configure Amazon CloudWatch Agent Proxy Settings

To configure Amazon CloudWatch Agent proxy settings, see Installing and running the CloudWatch agent on your servers in the AWS documentation.

The CloudWatch Agent’s proxy settings are stored in the following file: /opt/aws/amazon-cloudwatch-agent/etc/common-config.toml

The file contains the following proxy settings:

[proxy]
http_proxy="$proxyAuthInfo$httpProxy"
https_proxy="$proxyAuthInfo$httpsProxy"

The hard-coded no_proxy IPs are used locally by AWS services to retrieve instance metadata and credentials. The hard-coded no_proxy IPs must not be removed.

🚧

IMPORTANT

If you change Amazon CloudWatch Agent proxy settings, then the agent must be restarted before the settings are applied. For instructions, see Stopping and restarting the CloudWatch agent in the AWS documentation.