Support for HTTP or HTTPS repos

This forum is for the discussions and support for the Chocolatey For Automate plugin. Inside you will find the Documentation Project forum that describes the operation of the plugin.
Post Reply
mrcomps
Posts: 1
Joined: Sun Jun 19, 2022 5:10 am
1

Support for HTTP or HTTPS repos

Post by mrcomps »

I work for an MSP with over 50 clients/100 client locations in Automate, The clients are all separate from each other, so there's no domain trusts or VPN connections between them. To make Chocolately for Automate work, we'll need to setup 100 cache folders and logon accounts. Plus some sites don't even have a dedicated server to host the cache, or have machines that are rarely or never connected to the office network.

Is there any way to make the Chocolatey plugin work with HTTP or HTTPS repos so that we can host our own repo and have machines download from that?

User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: Support for HTTP or HTTPS repos

Post by Cubert »

To answer your question quickly.... Yes, place all agent in stand alone mode. This will cause all agent to speak directly to repo via HTTPs.

The long answer is:

The reason Chocolatey for Automate 3.5 uses caching services locally to client locations is that Chocolatey.org limits and blocks the number of repeat accesses to its repositories. Chocolatey plugin does not change the way the repo is connected so it is always connecting to repos via HTTPs just who does the connecting is what the plugin controls.

Chocolatey repo allow for one or two repeaded conections to the public repo for free. If it sees an entire business location making requests it kicks in a heavy throttle. Then what ends up happening is the first 2 or 3 agents at a location start updating and installing packages and the location gets throttled and then black listed for 24 hours. 24 hours later 1 or 2 agents try to continue and with in the first 30 minutes your blocked now for 24 hours. This continues until you either use caching or pay $16 per year per agent to Chocolatey.org for what amounts to a free service.

Now here are some pointers on how deploy caching agents and services.

There are 3 agent types in plugin. Caching Agents, Normal Agents and Stand-Alone Agents.

Caching agents manage the cache for a location or set of networks in case of a VPN.

Normal agents get their data from the caching agents.

Stand alone agents are assumed to be laptops and other devices that are a single device at any given public IP address. (StarBucks, airport, home office)

Absolutely use a VPN if available when SMB protocols are available across network LANs. This will save time on setups and allow for a more central management of cache. Also allows for backup caching agents to help contribute to cache. (Instead of having one agent from one location keep cache, 2 or more agents , one from each location could be used to keep cache updated)

In case of many single LAN environments, cache is typically les than 1 GB of data which is easily offered up by just about any desktop PC. Creating a secure share just for the caching service on any PC at that location would provide the needed access to Chocolatey to process as expected. Of course network servers and NAS are the best solution but even a USB flash drive hanging of the receptionists PC would do in a pinch. The usage is minimal and the load to PC is next to nothing on a Gbit network.

Any agent can be set to "StandAlone" which then sets agent to speak directly to Chocolatey forgoing any caching services. Be-warned that using more then 2 or 3 Stand-alone agents at the same locational IP address will invoke chocolatey site restrictions that will cause delays and odd behaviors in plugin.

Things like versions not updating or versions not matching. Chocolatey failing to deploy to new agents and systems not showing any progress.

You can also choose to put all agents in standalone and pay Chocolatey $16 per agent. They will give you a XML file that you place in the chocolatey install directory of each agent. This will cause Chocolatey.exe to send license info back to Chocolatey which will stop any blocks or throttling that repo would otherwise do.

but my thoughts are if you have a client with a location that has 50 agents, its worth your time to setup a simple share to manage cache. it would save your client $800 a year in Chocolatey fees.

calvinv
Posts: 5
Joined: Mon Sep 19, 2022 3:56 pm
1

Re: Support for HTTP or HTTPS repos

Post by calvinv »

I also would like to see HTTP or HTTPS repos. If we could we could pull files directly from the Automate server's file paths to each client location rather than having to create local repo caches at each location.
This would simplify the process for each client setup.
I think this is what the original post was about.
For example in Automate all instances should have access to something like http://AutomateServerIP/labtech/transfer/Chocolatey/
So if HTTP access in this example was achievable the files could be pulled directly from that sub-folder to as many clients as needed.

User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: Support for HTTP or HTTPS repos

Post by Cubert »

Some thing like this is plausible in an on -primes environment but the hostedrmm.com users will not be able to do this as it would violate the TOS with ConnectWise.

We have had the same thought, that is we could just create a web share on the Automate host and have the host manage the packages. Then we could deliver packages via HTTP to entire environment. But then CW took away RDP for hosted systems and rewrote the TOS and that was the end of that...


So we had to get a little more creative..

calvinv
Posts: 5
Joined: Mon Sep 19, 2022 3:56 pm
1

Re: Support for HTTP or HTTPS repos

Post by calvinv »

Our Automate instance we host on our own server.
Would that mean there is a possibility (if the Automate server is self hosted) to be able to use HTTP/HTTPS for a repo cache for all clients i.e. the Automate server?

User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: Support for HTTP or HTTPS repos

Post by Cubert »

The plugin is not setup to pass a URL instead of a share to the installer but it could be done. It also would need to create a local storage area and make that available via URL. It would also need to get all the different approved packages you may set across all clients so it maintains everyone's packages.

You could also do this internally,
Set all chocolatey agents to standalone in plugin.
Create automate script to set the chocolatey cache settings for chocolatey to the URL that you want to use and run it on all agents.
Create a script that runs on automate host to get approved packages and copy them to URL folder location. You could look at our script to hack out the process we use.

Then when we automate a install or update it will use the default presets including the new cache URL and away you go..

Your automate hos becomes a repository

User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: Support for HTTP or HTTPS repos

Post by Cubert »

Attention,

As of Chocolatey For Automate 3.6 this is now available. We now support 3rd party repositories, Chocolatey proxies and private storage of packages.

Post Reply

Return to “Chocolatey For Automate”