Hello!, In an isolated environment I would like to avoid VMs accessing Internet directly to grab updates. I'll probably create a local mirror with The Foreman + Katello, but meanwhile I'll force the use of an HTTP proxy. The proxy I'm using (embedded in OPNsense) allows dynamic whitelists, where the firewall can grab the list from an URL. Are there official repositories lists for OpenSUSE that I could use to feed it?. Regards, CI.-
On 02.07.2021 22:08, Ciro Iriarte wrote:
Hello!,
In an isolated environment I would like to avoid VMs accessing Internet directly to grab updates. I'll probably create a local mirror with The Foreman + Katello, but meanwhile I'll force the use of an HTTP proxy.
The proxy I'm using (embedded in OPNsense) allows dynamic whitelists, where the firewall can grab the list from an URL. Are there official repositories lists for OpenSUSE that I could use to feed it?.
On Fri, 2 Jul 2021 23:20:05 +0300 Andrei Borzenkov <arvidjaar@gmail.com> wrote:
On 02.07.2021 22:08, Ciro Iriarte wrote:
Hello!,
In an isolated environment I would like to avoid VMs accessing Internet directly to grab updates. I'll probably create a local mirror with The Foreman + Katello, but meanwhile I'll force the use of an HTTP proxy.
The proxy I'm using (embedded in OPNsense) allows dynamic whitelists, where the firewall can grab the list from an URL. Are there official repositories lists for OpenSUSE that I could use to feed it?.
I'm sure the OP will be along to say that isn't quite what they asked for, but in the meantime I'd like to ask a question/express an opinion. Why does the openSUSE entry say it doesn't have source available? Is it correct or an error? If it's correct, how do I get 'guaranteed authentic' source of the opensuse system?
Dave Howorth wrote:
On Fri, 2 Jul 2021 23:20:05 +0300 Andrei Borzenkov <arvidjaar@gmail.com> wrote:
On 02.07.2021 22:08, Ciro Iriarte wrote:
Hello!,
In an isolated environment I would like to avoid VMs accessing Internet directly to grab updates. I'll probably create a local mirror with The Foreman + Katello, but meanwhile I'll force the use of an HTTP proxy.
The proxy I'm using (embedded in OPNsense) allows dynamic whitelists, where the firewall can grab the list from an URL. Are there official repositories lists for OpenSUSE that I could use to feed it?.
I'm sure the OP will be along to say that isn't quite what they asked for,
It was a little difficult figuring what the OP wanted, but it sounds like he wants a list of the openSUSE mirrors to feed to an http proxy. https://mirrors.opensuse.org/ is about as good as it gets.
but in the meantime I'd like to ask a question/express an opinion.
Why does the openSUSE entry say it doesn't have source available?
The general answer is - because it has no source or because the mirror scanning has not found any. It depends on which mirror you mean - is it 'openSUSE Heroes', http://widehat.opensuse.org ? There is also the openSUSE mirror in Provo, and that does have the source.
Is it correct or an error? If it's correct, how do I get 'guaranteed authentic' source of the opensuse system?
It is most probably an error - I have just now seen that widehat is full, so .... For 'guaranteed authentic' source of the opensuse system : http://download.opensuse.org/source -- Per Jessen, Zürich (20.5°C)
On Sat, 03 Jul 2021 09:27:24 +0200 Per Jessen <per@computer.org> wrote:
Dave Howorth wrote:
On Fri, 2 Jul 2021 23:20:05 +0300 Andrei Borzenkov <arvidjaar@gmail.com> wrote:
On 02.07.2021 22:08, Ciro Iriarte wrote:
Hello!,
In an isolated environment I would like to avoid VMs accessing Internet directly to grab updates. I'll probably create a local mirror with The Foreman + Katello, but meanwhile I'll force the use of an HTTP proxy.
The proxy I'm using (embedded in OPNsense) allows dynamic whitelists, where the firewall can grab the list from an URL. Are there official repositories lists for OpenSUSE that I could use to feed it?.
I'm sure the OP will be along to say that isn't quite what they asked for,
It was a little difficult figuring what the OP wanted, but it sounds like he wants a list of the openSUSE mirrors to feed to an http proxy. https://mirrors.opensuse.org/ is about as good as it gets.
but in the meantime I'd like to ask a question/express an opinion.
Why does the openSUSE entry say it doesn't have source available?
The general answer is - because it has no source or because the mirror scanning has not found any. It depends on which mirror you mean - is it 'openSUSE Heroes', http://widehat.opensuse.org ? There is also the openSUSE mirror in Provo, and that does have the source.
It's listed as Germany opeSUSE Her... and if I hover over the text it says www.opensuse.org So being as SUSE is based in Germany I take that as the primary and would expect it to have source. If that's not the case then the page is even worse designed than I thought.
Is it correct or an error? If it's correct, how do I get 'guaranteed authentic' source of the opensuse system?
It is most probably an error - I have just now seen that widehat is full, so ....
For 'guaranteed authentic' source of the opensuse system :
Thanks.
Dave Howorth wrote:
On Sat, 03 Jul 2021 09:27:24 +0200 Per Jessen <per@computer.org> wrote:
Why does the openSUSE entry say it doesn't have source available?
The general answer is - because it has no source or because the mirror scanning has not found any. It depends on which mirror you mean - is it 'openSUSE Heroes', http://widehat.opensuse.org ? There is also the openSUSE mirror in Provo, and that does have the source.
It's listed as Germany opeSUSE Her... and if I hover over the text it says www.opensuse.org So being as SUSE is based in Germany I take that as the primary and would expect it to have source.
It is not the primary, only another mirror. It is operated by the openSUSE Heroes though.
If that's not the case then the page is even worse designed than I thought.
As it says at the top of the page, "The information on this page is generated directly off the database used by the master download server every 30 minutes. Under normal circumstances, there should be no need to use mirrors directly". -- Per Jessen, Zürich (24.6°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland.
Hello!, Thanks for the feedback, I'm after something similar to the public lists generated by AWS or CloudFlare, where they provide a clean consumable list on plain TXT or JSON: https://ip-ranges.amazonaws.com/ip-ranges.json https://www.cloudflare.com/ips-v4 https://www.cloudflare.com/ips-v6 Nonetheless, the information is there, I may just scrap it with a script and repost for the firewall to consume. Thanks!. Regards, CI.- El vie, 2 jul 2021 a las 16:20, Andrei Borzenkov (<arvidjaar@gmail.com>) escribió:
On 02.07.2021 22:08, Ciro Iriarte wrote:
Hello!,
In an isolated environment I would like to avoid VMs accessing Internet directly to grab updates. I'll probably create a local mirror with The Foreman + Katello, but meanwhile I'll force the use of an HTTP proxy.
The proxy I'm using (embedded in OPNsense) allows dynamic whitelists, where the firewall can grab the list from an URL. Are there official repositories lists for OpenSUSE that I could use to feed it?.
-- Ciro Iriarte http://iriarte.it --
On Saturday, 3 July 2021 4:38:20 AM ACST Ciro Iriarte wrote:
Hello!,
In an isolated environment I would like to avoid VMs accessing Internet directly to grab updates. I'll probably create a local mirror with The Foreman + Katello, but meanwhile I'll force the use of an HTTP proxy.
The proxy I'm using (embedded in OPNsense) allows dynamic whitelists, where the firewall can grab the list from an URL. Are there official repositories lists for OpenSUSE that I could use to feed it?.
Regards, CI.-
Look at apt-cacher-ng - it was originally designed for Debian-based distros but also works with zypper (the documentation shows how to configure zypper repos to retrieve via the proxy). It caches all downloads locally, meaning the second and subsequent downloads come from the local cached copy instead of being downloaded multiple times, and only the proxy needs direct internet access (which can also be via an http/https proxy if desired). There are openSUSE packages available for it, so it can be installed with zypper. It will work out of the box with minimal to no custom config, unless you want to configure it to use an upstream proxy. I'm using it at home and at work for both Debian and Leap/TW machines (VM's and physical machines) so I know it works. Regards, Rodney. -- ================================================================================================================== Rodney Baker rodney.baker@iinet.net.au ==================================================================================================================
Thanks for the suggestion!, I'm aiming at Katello because I need The Foreman to cover other needs. Regards, CI.- On Sat, Jul 3, 2021, 03:28 Rodney Baker <rodney.baker@iinet.net.au> wrote:
On Saturday, 3 July 2021 4:38:20 AM ACST Ciro Iriarte wrote:
Hello!,
In an isolated environment I would like to avoid VMs accessing Internet directly to grab updates. I'll probably create a local mirror with The Foreman + Katello, but meanwhile I'll force the use of an HTTP proxy.
The proxy I'm using (embedded in OPNsense) allows dynamic whitelists, where the firewall can grab the list from an URL. Are there official repositories lists for OpenSUSE that I could use to feed it?.
Regards, CI.-
Look at apt-cacher-ng - it was originally designed for Debian-based distros but also works with zypper (the documentation shows how to configure zypper repos to retrieve via the proxy). It caches all downloads locally, meaning the second and subsequent downloads come from the local cached copy instead of being downloaded multiple times, and only the proxy needs direct internet access (which can also be via an http/https proxy if desired).
There are openSUSE packages available for it, so it can be installed with zypper. It will work out of the box with minimal to no custom config, unless you want to configure it to use an upstream proxy.
I'm using it at home and at work for both Debian and Leap/TW machines (VM's and physical machines) so I know it works.
Regards, Rodney.
--
================================================================================================================== Rodney Baker rodney.baker@iinet.net.au
==================================================================================================================
participants (5)
-
Andrei Borzenkov -
Ciro Iriarte -
Dave Howorth -
Per Jessen -
Rodney Baker