wget proxy configuration

 

I needed to configure a proxy for wget. Per definition, it should only be available for the root user.

To get that right, I didn't use my proxy.sh solution, and instead set up the proxy for wget only.

 

This was done with a

NCF technique:

In this case, I did not use a template of any kind. Instead the ensure lines present does all of the work.

It's still able to use variables if I need to have different proxies in different environments.

 

The conditions

Both methods are set to only apply on AWS for now:

This means a non-AWS system will not have any proxy configured.

Alternatively, you can also skip this condition and set a proxy per location and refer that from a variable.

You can set a variable via the standard techniques, which support priorities or here in NCF, where you don't have priorities but can have conditions and don't need more rudder objects to manage.

The wgetrc

 

# Configured by NCF technique "wget proxy config root user"
use_proxy=yes
http_proxy=my_proxy_ip:3128
no_proxy=169.254.169.254,*.compute.internal,localhost

 

It took a painful lesson to add all the exceptions -

  • querying the AWS API would tell me info for the same EC2 instance, no matter where I asked.
  • all the ElasticSearch monitors (connecting to localhost) had stopped working!

 

Since the condition limits this to AWS (might later need to drill this down per region) I could safely attach this rule to all systems.

 

This is how it looks:

 

This is showing Rudder 3.2's directive management. The new interface in Rudder 4.0 will be a lot shinier!