5.4 Configuring TinyProxy

For Oracle ASR to work, both Oracle PCA management nodes must be running TinyProxy version 1.8.3 or later. Verify the installed version and upgrade if necessary. Configure TinyProxy according to the procedure in this section.

Warning

Strictly apply the configuration changes presented in this section. Do not modify TinyProxy in any other way. Certain modifications to TinyProxy can cause the provisioning functionality to break.

Configuring TinyProxy for ASR

  1. Using SSH and an account with superuser privileges, log into the master management node.

    Note

    The data center IP address used in this procedure is an example.

    # ssh root@10.100.1.101
    root@10.100.1.101's password:
    [root@ovcamn05r1 ~]# pca-check-master
    NODE: 10.100.1.101  MASTER: True
  2. Stop the tinyproxy service and verify the version installed on the system.

    # service tinyproxy stop
    Stopping tinyproxy: [ OK ]
    # rpm -q tinyproxy
    tinyproxy-1.8.2-1.el6.x86_64
  3. If the installed TinyProxy is older than version 1.8.3, upgrade it to the version referenced in the support note with Doc ID 2032791.1.

    Download the tinyproxy rpm to a temporary directory on the management node and run the upgrade command.

    # cd /tmp
    # ls -al tinyproxy*
    -rw-r--r-- 1 root root 61224 Apr 4 13:44 tinyproxy-1.8.3-1.el6.x86_64.rpm
    # rpm -Uvh tinyproxy-1.8.3-1.el6.x86_64.rpm
    warning: tinyproxy-1.8.3-1.el6.x86_64.rpm: Header V3 RSA/SHA256 Signature,
    key ID ec551f03: NOKEY
    Preparing...                ########################################### [100%]
       1:tinyproxy              ########################################### [100%]
  4. Make the necessary changes to the TinyProxy configuration to enable ASR traffic through the management node.

    1. Open the file /etc/tinyproxy/tinyproxy.conf for editing.

    2. Navigate to the section that defines on which interfaces tinyproxy listens. It starts with # Listen:.

      Comment out the line that binds tinyproxy to the interface in the Oracle VM management network by adding a hash character (#) in front of it.

      # Listen: If you have multiple interfaces this allows you to bind to
      # only one. If this is commented out, tinyproxy will bind to all
      # interfaces present.
      #
      #Listen 192.168.140.4
    3. Scroll down to the section Customization of authorization controls. It starts with # Allow:.

      Add two lines to allow traffic from the internal appliance management network and Oracle VM management network.

      # Allow: Customization of authorization controls. If there are any
      # access control keywords then the default action is to DENY. Otherwise,
      # the default action is ALLOW.
      #
      # The order of the controls are important. All incoming connections are
      # tested against the controls based on order.
      #
      #Allow 127.0.0.1
      Allow 192.168.4.0/24
      Allow 192.168.140.0/24

    4. Save and close the file /etc/tinyproxy/tinyproxy.conf.

  5. Restart the tinyproxy service and verify the installed version.

    # service tinyproxy start
    Starting tinyproxy: [ OK ]
    # tinyproxy -version
    tinyproxy 1.8.3
  6. Repeat this procedure on the other management node.