The use case is: I have some VAs already stood up, configured with no proxy settings (proxy.yaml does not exist on the VAs).
My organization’s proxy configuration has changed and now I must route the VA traffic through our new proxy. When trying to create the proxy.yaml file, I receive the following error:
touch proxy.yaml
touch: cannot touch ‘proxy.yaml’: Read-only file system
Am I correct in understanding that it is impossible to reconfigure existing VAs to use proxies? The only path forward is a full redeploy?
Are you following the exact steps mentioned in the document?
If not , Please follow the steps as mentioned in the document -
After you have deployed the VA image on your virtualization platform, but before creating VAs, complete the following additional configuration steps to set up the HTTP proxy:
Uncomment the https and http lines and replace the <proxyserver> and <port> values. A space after the colon and before the URL is required.
https_proxy: http://<proxyserver>:<port>/
http_proxy: http://<proxyserver>:<port>/
Where <proxyserver> is either a host name or IP address. Typically both the http and https lines will point to a single server.
Important
SailPoint does not recommend using the HTTP proxy VA configuration in cloud environments.
If you choose to use the HTTP proxy VA configuration in a cloud environment, be sure to allow traffic to all required URLs and avoid connectivity to the cloud environment’s metadata API.
Important
If you have a host that needs to be reached directly over HTTP/HTTPS, you can bypass the proxy configuration by adding an exception to the proxy.yaml file. For example, you might have a custom connector that needs to reach locally-hosted APIs. In this case, add the following line to the proxy.yaml file:
no_proxy: <host1>|<host2>
Where <hostN> can either be a domain or an IP address. This can contain any number of hosts separated by pipe (|) symbols.
Save the proxy.yaml file and exit the editor.
Create an empty file named config.yaml and place it in the folder /home/sailpoint/
The VA should automatically reboot. If this does not happen, reboot the virtual appliance using the sudo reboot command.
@amit_1140 yeah the VAs have been configured already for months. There is a one-line mentioning proxy configs need to be setup before initial VA configuration, and wanted to confirm there was no way to update after the fact.