Tetra Hub v2 Proxy Settings
The following procedure describes how to configure Tetra Hub V2 proxy settings after the hub is installed.
For instructions on how to configure proxy settings when installing a Tetra Hub, see Create and Install a Tetra Hub v2.
NOTE
You can use the following procedure to help troubleshoot Tetra Hub V2 proxy connection issues.
Step 1: Configure Environment Variables
Configure the TetraScience shell environment variables manually by doing the following:
- Open the root user’s profile on the dedicated Linux machine that you’re installing the Tetra Hub V2 on.
- In the root user’s profile, open one of the following files, based on your operating system:
- For Ubuntu, open the
/root/.bashrc
file. - For RedHat, open the
/root/.bash_profile
file. - For CentOS, open the
/root/.bash_profile
file.
- For Ubuntu, open the
- Add the following lines of code to the file:
export http_proxy=http://hostname:port
export https_proxy=http://hostname:port
export no_proxy=169.254.169.254
- (Optional) Add basic authentication settings, if required. To configure basic authentication, add the username and password to the
http_proxy
andhttps_proxy
lines in the example code in step 3. - Make sure that the settings are applied by doing the following:
- Restart the Tetra Hub V2 host machine.
- Then, verify that the proxy settings environment variables are configured by invoking the shell command
env
. - In the command response, look for code lines that match the ones you entered in step 3. If the same lines appear, the settings are applied.
NOTE
You can’t configure environment variables temporarily when you create a new session. You must configure the environment variables in the Tetra Hub host machine’s root user’s profile. This is because the AWS Systems Manager Agent (SSM Agent), Amazon Elastic Container Service (Amazon ECS) Agent, and Amazon CloudWatch Agent that the Tetra Hub uses must use the root account on a dedicated Linux machine.
Step 2: Configure Connector Proxy Settings
NOTE
Connectors installed on a Tetra Hub V2 that’s configured to use a proxy are also automatically configured to use the hub’s proxy. The hub’s proxy acts as a parent proxy for the Connector’s connections to the TDP and AWS services.
Edit /etc/hub/proxy.env
so that it matches the other proxy environment changes being made. Connector parent proxy settings are stored in /etc/hub/proxy.env
, which is mounted in the Docker containers for the Connectors.
Make sure that you enter the following code lines for each corresponding setting in your proxy environment (omit lines that don’t have a corresponding setting):
http_proxy=http://${proxyAuthInfo}${httpProxy}
http_proxy_redacted=http://${proxyAuthRedacted}${httpProxy}
https_proxy=http://${proxyAuthInfo}${httpsProxy}
https_proxy_redacted=http://${proxyAuthRedacted}${httpProxy}
https_proxy_host=${hub.httpsProxyIp}
https_proxy_port=${hub.httpsProxyPort}
https_proxy_username=${hub.httpsProxyUsername}
no_proxy=localhost,otherNoProxyHosts
IMPORTANT
If you change a Connector’s proxy settings, the settings' associated Docker containers must be restarted manually on the Tetra Hub machine before the new settings are applied. The Connector settings are stored in
/etc/hub/proxy.env
.
Step 3: Configure SSM Agent Proxy Settings
To configure AWS Systems Manager Agent (SSM Agent) proxy settings, see Configuring SSM Agent to use a proxy (Linux) in the AWS documentation.
The SSM Agent’s proxy settings are stored in one of the following files, depending on whether the Linux system uses snap or not:
- On Ubuntu Server instances where SSM Agent is installed by using a snap:
/etc/systemd/system/snap.amazon-ssm-agent.amazon-ssm-agent.service.d/override.conf
- On Amazon Linux 2 and Amazon Linux 2023 instances:
/etc/systemd/system/amazon-ssm-agent.service.d/override.conf
At either path, TetraScience inserts the following lines to configure the Hub’s proxy:
Environment="http_proxy=http://$proxyAuthInfo$httpProxy"
Environment="https_proxy=http://$proxyAuthInfo$httpsProxy"
Environment="no_proxy=169.254.169.254$noProxy"
The hard-coded no_proxy
IPs are used locally by AWS services to retrieve instance metadata and credentials. The hard-coded no_proxy
IPs must not be removed.
IMPORTANT
If you change SSM Agent proxy settings, then the SSM Agent must be restarted before the settings are applied. For instructions, see Checking SSM Agent status and starting the agent in the AWS documentation.
Step 4: Configure Amazon ECS Agent Proxy Settings
To configure Amazon ECS Agent proxy settings, see HTTP proxy configuration in the AWS documentation.
The ECS Agent’s proxy settings are stored in the following three files:
/etc/systemd/system/ecs.service.d/http-proxy.conf
contains the following proxy settings:
HTTP_PROXY=$proxyAuthInfo$httpProxy
NO_PROXY=169.254.169.254,169.254.170.2,/var/run/docker.sock$noProxy
/etc/systemd/system/ecs.service.d/http-proxy.conf
contains the following proxy settings:
Environment="HTTP_PROXY=${proxyAuthInfo}${httpProxy}/"
Environment="NO_PROXY=169.254.169.254,169.254.170.2,/var/run/docker.sock$noProxy"
/etc/systemd/system/docker.service.d/http-proxy.conf
contains the following proxy settings:
Environment="HTTP_PROXY=$proxyAuthInfo$httpProxy"
Environment="NO_PROXY=169.254.169.254,169.254.170.2,/var/run/docker.sock$noProxy"
The hard-coded no_proxy
IPs are used locally by AWS services to retrieve instance metadata and credentials. The hard-coded no_proxy
IPs must not be removed.
IMPORTANT
If you change Amazon ECS Agent proxy settings, then the agent must be restarted before the settings are applied. For instructions, see Installing the Amazon ECS container agent in the AWS documentation.
Step 5: Configure Amazon CloudWatch Agent Proxy Settings
To configure Amazon CloudWatch Agent proxy settings, see Installing and running the CloudWatch agent on your servers in the AWS documentation.
The CloudWatch Agent’s proxy settings are stored in the following file: /opt/aws/amazon-cloudwatch-agent/etc/common-config.toml
The file contains the following proxy settings:
[proxy]
http_proxy="$proxyAuthInfo$httpProxy"
https_proxy="$proxyAuthInfo$httpsProxy"
The hard-coded no_proxy
IPs are used locally by AWS services to retrieve instance metadata and credentials. The hard-coded no_proxy
IPs must not be removed.
IMPORTANT
If you change Amazon CloudWatch Agent proxy settings, then the agent must be restarted before the settings are applied. For instructions, see Stopping and restarting the CloudWatch agent in the AWS documentation.
Updated about 1 month ago