Description
Is your feature request related to a problem? Please describe.
To download updates and connect to fingerbank a proxy is needed in some networks. When upgrading a cluster following the instructions from the documentation for https://www.packetfence.org/doc/PacketFence_Clustering_Guide.html#_configuration_synchronisation it is needed to unset the environment variable for the proxy to make this work.
Describe the solution you'd like
In my understanding the packetfence cluster relies on the nodes being able to communicate directly with each other (keepalived: same broadcast domain, galera cluster: direct IP connection). I couldn't think of a setup where /usr/local/pf/bin/cluster/sync needs to communicate over an https_proxy.
Therefor I'd suggest to disable the proxy for /usr/local/pf/bin/cluster/sync.
Describe alternatives you've considered
- keep own documentation stating to not forget to unset the proxy
- use a wrapper or a shell configuration to automatically unset the proxy when
syncis called
Additional context
To disable a proxy CURLOPT_NOPROXY needs to be set to *. The settings are provided in pf::api::jsonrpcclient . If there's no other use for this package that would let an admin expect that a configured proxy is used the option could simply be set there.
Otherwise pf::api::jsonrpcclient->new(host => $master_server, proto => 'https', username => $api_user, password => $api_password); in /usr/local/pf/bin/cluster/sync could be changed to include another option like noproxy => '*' which than would be used to overwrite the default to use a configured proxy in pf::api::jsonrpcclient.
Activity