Hello,
have you considered some kind of transparent TCP-to-proxy redirection, i.e.
redsocks?
I have not tested is personally but I bookmarked it in the past - I thought
it could be helpful one day (today?)

Martin J.

"ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU> wrote on 2018-03-06
10:34:13:

> From: Uwe Schreiber <uwe.h.schreiber AT T-ONLINE DOT DE>
> To: ADSM-L AT VM.MARIST DOT EDU
> Date: 2018-03-06 10:36
> Subject: Re: [ADSM-L] Operations Center 8.1.4 - Client Package
> Download using Proxy
> Sent by: "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
>
> I did a test by setting the Java options for the instance user, and
> restarted the instance.
>
> As well i set the Java options for usage by the OPC.
>
> -> unchanged situation -> download of packages is failing.
>
> Not the OC which is downloading the software packages.
> The "Deploy Package Manager" (integrated in the dsmserv binary?)
> triggers the download / refresh / etc. of the software packages.
>
> I did not see any other java processes than the OPC GUI when the
> message "ANR3753I The client update packages manager is started. /
> ANR3756I A refresh of client update packeges was started."
>
> So I assume dsmserv does not start any Java based sub-processes for
> downloading the software packages.
>
> Uwe
>
> On Tue, 2018-03-06 at 11:07 +0300, Efim wrote:
> > Why not to configure a transparent proxy for this traffic?
> >
> > Assuming that the hub participates in the download of packages, by
> > default Java does not use a system proxy.
> > You can try to use option Djava.net.useSystemProxies = true in the
> > environment settings for the user, on behalf of which the hub starts
> > .....
> > it will looks like export IBM_JAVA_OPTIONS="-Dmysysprop1=tcpip
> > -Dmysysprop2=wait -Xdisablejavadump"
> > I found example in https://www.ibm.com/support/knowledgecenter/en/SSM
> > KFH/com.ibm.apmaas.doc/install/config_forwardproxy_dc.htm
> > but it uses jvm.options file.
> >
> > Efim
> >
> >
> > > 6 марта 2018 г., в 10:39, Uwe Schreiber <[email protected]
> > > E> написал(а):
> > >
> > > Hello Efim,
> > >
> > > thank you for your response.
> > >
> > > I already had a try using the local catalog.
> > > This did not bypass the direct download from IBM.
> > >
> > > From my point of view, the local catalog gives you the possibility
> > > to
> > > create your own package repository.
> > > Therefor you have to build a http server where you store the
> > > package
> > > for a download by the OC hub instance.
> > > In addition you have to modify the local catalog.json file to point
> > > to
> > > the right package locations on your own http server.
> > >
> > > Of course i could setup my own http server and build a local
> > > repository.
> > > But this would increase the complexity, etc.
> > >
> > > Uwe
> > >
> > >
> > > On Tue, 2018-03-06 at 09:25 +0300, Efim wrote:
> > > > Hi
> > > > you can try to configure local catalog. it will bypass using
> > > > proxy:
> > > >
> > > > setopt clientdeployuselocalcatalog yes
> > > > create dir: /<instance dir>/deployconfig/
> > > > run (you can add it to the cron): curl -o /<instance
> > > > dir>/deployconfig/catalog.json https://public.dhe.ibm.com/storage
> > > > /tiv
> > > > oli-storage-management/catalog/client/catalog.json
> > > >
> > > > Efim
> > > >
> > > >
> > > >
> > > > > 6 марта 2018 г., в 0:32, Uwe Schreiber <uwe.h.schreiber@T-ONLIN
> > > > > E.DE
> > > > > > написал(а):
> > > > >
> > > > > I'am searching a solution for deploying client updates using
> > > > > Operations
> > > > > Center 8.1.4.
> > > > >
> > > > > My OC hub (is spoke as well) is not able to connect direct to
> > > > > https://urldefense.proofpoint.com/v2/url?
> u=https-3A__p&d=DwIFaQ&c=jf_iaSHvJObTbx-
> siA1ZOg&r=H5e_B7Ka5iXApV9NLO3a6LPjgmGzpTrVrSapqmyEY0E&m=TCER6L5E-
>
e0Od-1y1NcsjYk6dr2uwz7GBhdESLV4VP0&s=KfrP7fY71S9D98_YhAxk99uk4IhkHCZZ6h7jnd9iQgM&e=

> > > > > ublic.dhe.ibm.com/...
> > > > > I have to use a proxy configuration to enable that
> > > > > communication.
> > > > >
> > > > > So I configured the variables http_proxy / https_proxy with the
> > > > > according proxy informations for the instance user within the
> > > > > RHEL
> > > > > 7.4
> > > > > operating System.
> > > > >
> > > > > Testing using "curl" and "wget" works as expected when trying
> > > > > to
> > > > > download an deployment package.
> > > > >
> > > > > For forcing the instance to do a software package refresh I
> > > > > restarted
> > > > > the instance, but I still got the error
> > > > >
> > > > > ANR3763E An error occurred while the catalog file used for
> > > > > client
> > > > > updates was downloading from
> > > > > https://public.dhe.ibm.com/storage/tivoli-storage-management/ca
> > > > > talo
> > > > > g/cl
> > > > > ient/catalog.json.
> > > > >
> > > > > After restarting the instance a "tcpdump" was showing packets
> > > > > to
> > > > > "public.dhe.ibm.com" using https.
> > > > > The tcpdump tool stops to show such packets as soon as I get
> > > > > the
> > > > > above
> > > > > message within the activity-log of the instance.
> > > > >
> > > > > So I assume that dsmserv is ignoring the environment variables
> > > > > for
> > > > > the
> > > > > proxy configuration.
> > > > >
> > > > > As well I tried to tell the hub instance to load the client
> > > > > update
> > > > > packages from a local filesystem instead by downloading them
> > > > > from
> > > > > IBM,
> > > > > by modifying the local installed catalog.json file to use
> > > > > "file://..."
> > > > > instead of "https://...."; .... without success.
> > > > > It seems that the usage of https is "hard coded".
> > > > >
> > > > > I already tried a manual import of the client autodeployment
> > > > > packages,
> > > > > as well as the package for the update manager.
> > > > >
> > > > > But querying the manifest table by using "select
> > > > > pkg_name,pkg_type,state from client_pkg" is showing the
> > > > > packages
> > > > > with
> > > > > state=2.
> > > > >
> > > > > I assume as long as the client update package manager is not
> > > > > able
> > > > > to do
> > > > > the software download the state will not change and there
> > > > > is no possibility to deploy any software to the attached
> > > > > clients.
> >
> >
>