For Oracle ASR to work, both Oracle PCA management nodes must be running TinyProxy version 1.8.3 or later. Verify the installed version and upgrade if necessary. Configure TinyProxy according to the procedure in this section.
Strictly apply the configuration changes presented in this section. Do not modify TinyProxy in any other way. Certain modifications to TinyProxy can cause the provisioning functionality to break.
Configuring TinyProxy for ASR
Using SSH and an account with superuser privileges, log into the master management node.
NoteThe data center IP address used in this procedure is an example.
# ssh root@10.100.1.101 root@10.100.1.101's password: [root@ovcamn05r1 ~]# pca-check-master NODE: 10.100.1.101 MASTER: True
Stop the
tinyproxy
service and verify the version installed on the system.# service tinyproxy stop Stopping tinyproxy: [ OK ] # rpm -q tinyproxy tinyproxy-1.8.2-1.el6.x86_64
If the installed TinyProxy is older than version 1.8.3, upgrade it to the version referenced in the support note with Doc ID 2032791.1.
Download the tinyproxy rpm to a temporary directory on the management node and run the upgrade command.
# cd /tmp # ls -al tinyproxy* -rw-r--r-- 1 root root 61224 Apr 4 13:44 tinyproxy-1.8.3-1.el6.x86_64.rpm # rpm -Uvh tinyproxy-1.8.3-1.el6.x86_64.rpm warning: tinyproxy-1.8.3-1.el6.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID ec551f03: NOKEY Preparing... ########################################### [100%] 1:tinyproxy ########################################### [100%]
Make the necessary changes to the TinyProxy configuration to enable ASR traffic through the management node.
Open the file
/etc/tinyproxy/tinyproxy.conf
for editing.Navigate to the section that defines on which interfaces tinyproxy listens. It starts with “
# Listen:
”.Comment out the line that binds tinyproxy to the interface in the Oracle VM management network by adding a hash character (#) in front of it.
# Listen: If you have multiple interfaces this allows you to bind to # only one. If this is commented out, tinyproxy will bind to all # interfaces present. #
#Listen 192.168.140.4
Scroll down to the section Customization of authorization controls. It starts with “
# Allow:
”.Add two lines to allow traffic from the internal appliance management network and Oracle VM management network.
# Allow: Customization of authorization controls. If there are any # access control keywords then the default action is to DENY. Otherwise, # the default action is ALLOW. # # The order of the controls are important. All incoming connections are # tested against the controls based on order. # #Allow 127.0.0.1
Allow 192.168.4.0/24
Allow 192.168.140.0/24
Save and close the file
/etc/tinyproxy/tinyproxy.conf
.
Restart the
tinyproxy
service and verify the installed version.# service tinyproxy start Starting tinyproxy: [ OK ] # tinyproxy -version tinyproxy 1.8.3
Repeat this procedure on the other management node.