Support for HTTP or HTTPS repos

This forum is for the discussions and support for the Chocolatey For Automate plugin. Inside you will find the Documentation Project forum that describes the operation of the plugin.
Post Reply
mrcomps
Posts: 1
Joined: Sun Jun 19, 2022 5:10 am

Support for HTTP or HTTPS repos

Post by mrcomps »

I work for an MSP with over 50 clients/100 client locations in Automate, The clients are all separate from each other, so there's no domain trusts or VPN connections between them. To make Chocolately for Automate work, we'll need to setup 100 cache folders and logon accounts. Plus some sites don't even have a dedicated server to host the cache, or have machines that are rarely or never connected to the office network.

Is there any way to make the Chocolatey plugin work with HTTP or HTTPS repos so that we can host our own repo and have machines download from that?

User avatar
Cubert
Posts: 1996
Joined: Tue Dec 29, 2015 7:57 pm
6
Contact:

Re: Support for HTTP or HTTPS repos

Post by Cubert »

To answer your question quickly.... Yes, place all agent in stand alone mode. This will cause all agent to speak directly to repo via HTTPs.

The long answer is:

The reason Chocolatey for Automate 3.5 uses caching services locally to client locations is that Chocolatey.org limits and blocks the number of repeat accesses to its repositories. Chocolatey plugin does not change the way the repo is connected so it is always connecting to repos via HTTPs just who does the connecting is what the plugin controls.

Chocolatey repo allow for one or two repeaded conections to the public repo for free. If it sees an entire business location making requests it kicks in a heavy throttle. Then what ends up happening is the first 2 or 3 agents at a location start updating and installing packages and the location gets throttled and then black listed for 24 hours. 24 hours later 1 or 2 agents try to continue and with in the first 30 minutes your blocked now for 24 hours. This continues until you either use caching or pay $16 per year per agent to Chocolatey.org for what amounts to a free service.

Now here are some pointers on how deploy caching agents and services.

There are 3 agent types in plugin. Caching Agents, Normal Agents and Stand-Alone Agents.

Caching agents manage the cache for a location or set of networks in case of a VPN.

Normal agents get their data from the caching agents.

Stand alone agents are assumed to be laptops and other devices that are a single device at any given public IP address. (StarBucks, airport, home office)

Absolutely use a VPN if available when SMB protocols are available across network LANs. This will save time on setups and allow for a more central management of cache. Also allows for backup caching agents to help contribute to cache. (Instead of having one agent from one location keep cache, 2 or more agents , one from each location could be used to keep cache updated)

In case of many single LAN environments, cache is typically les than 1 GB of data which is easily offered up by just about any desktop PC. Creating a secure share just for the caching service on any PC at that location would provide the needed access to Chocolatey to process as expected. Of course network servers and NAS are the best solution but even a USB flash drive hanging of the receptionists PC would do in a pinch. The usage is minimal and the load to PC is next to nothing on a Gbit network.

Any agent can be set to "StandAlone" which then sets agent to speak directly to Chocolatey forgoing any caching services. Be-warned that using more then 2 or 3 Stand-alone agents at the same locational IP address will invoke chocolatey site restrictions that will cause delays and odd behaviors in plugin.

Things like versions not updating or versions not matching. Chocolatey failing to deploy to new agents and systems not showing any progress.

You can also choose to put all agents in standalone and pay Chocolatey $16 per agent. They will give you a XML file that you place in the chocolatey install directory of each agent. This will cause Chocolatey.exe to send license info back to Chocolatey which will stop any blocks or throttling that repo would otherwise do.

but my thoughts are if you have a client with a location that has 50 agents, its worth your time to setup a simple share to manage cache. it would save your client $800 a year in Chocolatey fees.

Post Reply

Return to “Chocolatey For Automate”