0

I need to install some rpm, python and R packages on a server that has no internet connexion: I can only ssh to it. I can download the packages and scp them to the server, then install them manually with rpm -i and the like. But managing dependencies and finding the right rpm package is cumbersome, and specific to each software (here that would be

Plus some dependency management for R and pip.)


So I'm considering another path that could work for any software:

  • launch a «manual proxy» locally, as an interactive command-line tool
  • in a new console, ask yum/R/pip to use that proxy and to install some package
  • whenever yum requests some file from the web (like PACKAGES or foo.tar.gz), the manual proxy prints the URL and waits
  • I download said URL from another machine and scp it to the server
  • I tell the manual proxy that the file is there, which then answers yum's request.

Is there a tool to implement the manual proxy? It look like mitmproxy could do that, can anyone with knowledge of this tool confirm?

I see those potential challenges:

  • I might need to increase yum's timeout.
  • If the package manager yum, pip or R uses SSL, I'll need to install mitmproxy's certificate
  • installing mitmproxy and its dependencies (on the internet-starved server) might be more hassle than the problem I'm trying to solve.

Any other tool to do that would be also welcome. Maybe a small Python script is enough.

Edit: Answer to TessellatingHeckler's second comment:

  • SSH back out from the server? Probably, but the network admin might not be happy about it (plus, setup is not trivial as my computer is also behind a proxy, so I would need double hop + ssh -R).
  • github.com/inaz2/proxy2 ? Looks good.
  • yum localinstall? It's indeed better than rpm -i, but my goal here is (to gain some experience and) a generic solution to any proxy-enabled package managers. Package managers differ in their ways to list dependencies and install form local repo, and those features are usually less documented than telling them to use a proxy.
Community
  • 1
jrouquie
  • 103
  • 5
  • 1
    If you're going to install whatever it needs, why not give it internet access so it can do it? Is it on a network with other hosts that have internet access? You could run a real proxy on one and configure `yum` to use it, and only bring the proxy service up when you are installing or updating, so it doesn't have net access most of the time. – TessellatingHeckler May 28 '15 at 19:04
  • I would by far prefer this option, installation would then be a matter of 5 min. But the admin won't tell me how to connect to internet (I don't blame him, he wants to protect the data on this machine). – jrouquie May 29 '15 at 08:44
  • 1
    Can you SSH back out from the server to something else with an internet connection (e.g. your computer)? SSH can be a SOCKS proxy or a TCP general proxy. I don't know mitmproxy at all, but this Python script is a HTTP proxy which might be easy to edit to print requests as they come through: https://github.com/inaz2/proxy2 . (what about `yum localinstall` instead of `rpm -i` for the installing by hand step - that will do yum dependency checks as well) – TessellatingHeckler May 29 '15 at 23:21
  • Even if the machine is "not allowed" to access the Internet it still needs updates. One solution is to maintain a local mirror of the distribution, and if your company is large enough there probably already is one. – Michael Hampton Jun 03 '15 at 15:09
  • I suspect the admin temporarily connects the machine to the internet when he needs to update. But nevermind, he agreed to install the packages for me. It's just a lenghty process... – jrouquie Jun 10 '15 at 15:05

0 Answers0