git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Broken guest vm consoles after upgrading to 4.11.1.0


Thanks Andrija, I will look into this tomorrow.

Cheers



----- Original Message -----
> From: "Andrija Panic" <andrija.panic@xxxxxxxxx>
> To: "users" <users@xxxxxxxxxxxxxxxxxxxxx>
> Sent: Monday, 9 July, 2018 22:58:09
> Subject: Re: Broken guest vm consoles after upgrading to 4.11.1.0

> In 4.8 - to make sure you are NOT hitting the improper SSL chain build,
> after the MGMT server restart, you could grep for following line in the
> MGMT logs
> 
> "Could not find and construct a valid SSL certificate"
> 
> but in 4.11 (master) I can't find this by searching within the
> repo...strange...
> 
> 
> On Mon, 9 Jul 2018 at 23:35, Andrija Panic <andrija.panic@xxxxxxxxx> wrote:
> 
>> HI Andrei,
>>
>> I will share my setup, ACS 4.8 though - we also had "similar" issue from
>> 4.5 going forward to 4.8 - there was some settings that needed to be on
>> (for whatever reason), hope this will help
>>
>> consoleproxy.url.domain     *.consoleproxy.net (yes we did buy that one
>> :D )
>> secstorage.ssl.cert.domain   *.consoleproxy.net
>> secstorage.encrypt.copy      true (I believe it was this one change
>> required !)
>>
>> (Sorry if this was not helpful, I know you are fighting  with 4.11)
>>
>> Anyhow, I would suggest examining keystore DB for the records, to see if
>> they are still correct and in correct sequence - since you say that CPVM is
>> not listening on 443 - seems like SSL chain issue maybe.
>>
>> Cheers
>>
>>
>>
>>
>>
>> On Mon, 9 Jul 2018 at 18:23, Andrei Mikhailovsky <andrei@xxxxxxxxxx.invalid>
>> wrote:
>>
>>> Hi Ivan,
>>>
>>> I have recreated the CPVM, but that didn't help. The SSL cert + chain has
>>> been uploaded a few years ago and was working just fine up to the upgrade
>>> to 4.11.1.0.
>>>
>>> So, the issue must be somewhere else I guess.
>>>
>>> Andrei
>>>
>>> ----- Original Message -----
>>> > From: "Ivan Kudryavtsev" <kudryavtsev_ia@xxxxxxxxx>
>>> > To: "users" <users@xxxxxxxxxxxxxxxxxxxxx>
>>> > Sent: Monday, 9 July, 2018 17:13:42
>>> > Subject: Re: Broken guest vm consoles after upgrading to 4.11.1.0
>>>
>>> > Try recreatin CPVM, it worked for me. I haven't met such problem with
>>> wrong
>>> > ports... Have you uploaded SSL chain to ACS?
>>> >
>>> > пн, 9 июл. 2018 г., 23:05 Andrei Mikhailovsky <andrei@xxxxxxxxxx.invalid
>>> >:
>>> >
>>> >> Ivan, thanks.
>>> >>
>>> >> I have found this option and changed from the default False value to
>>> True.
>>> >> Restarted the management server and the CPVM. I can now see that the
>>> >> generated link has changed to the IP address + domain (inf the form of
>>> >> x-x-x-x.domain.com). However, this did not solve the problem as it is
>>> >> trying to connect over port 443. The CPVM is not listening on that
>>> port,
>>> >> only on port 80. So, it is not really helping me.
>>> >>
>>> >> Andrei
>>> >>
>>> >> ----- Original Message -----
>>> >> > From: "Ivan Kudryavtsev" <kudryavtsev_ia@xxxxxxxxx>
>>> >> > To: "users" <users@xxxxxxxxxxxxxxxxxxxxx>
>>> >> > Sent: Monday, 9 July, 2018 11:40:07
>>> >> > Subject: Re: Broken guest vm consoles after upgrading to 4.11.1.0
>>> >>
>>> >> > Hey, Andrei. There is a parameter ib global vars about SSL and CPVM
>>> which
>>> >> > fixes it. Don't remember the name, but met it as well as you. I
>>> suppose
>>> >> > it's a bug.
>>> >> >
>>> >> > пн, 9 июл. 2018 г., 17:35 Andrei Mikhailovsky
>>> <andrei@xxxxxxxxxx.invalid
>>> >> >:
>>> >> >
>>> >> >> Hello everyone,
>>> >> >>
>>> >> >> I have upgraded ACS from 4.11.0.0 to 4.11.1.0 over the weekend and
>>> have
>>> >> >> noticed that after performing all the usual stuff, like upgrading
>>> >> virtual
>>> >> >> routers and recreating console proxy / ssvm I have lost access to
>>> the vm
>>> >> >> consoles (both guest vms and system vms). I have performed the
>>> creation
>>> >> of
>>> >> >> host keys by clicking the button in ACS Gui. All hosts seems to have
>>> >> done
>>> >> >> this successfully with the Status changing from Unsecure to Up. The
>>> >> console
>>> >> >> access worked just fine prior to 4.11.1.0 upgrade.
>>> >> >>
>>> >> >> When I click on the Console button, a new browser window pops up.
>>> The
>>> >> page
>>> >> >> is empty. Inspecting the source I get the following (modified a bit
>>> to
>>> >> save
>>> >> >> space and replaced the domain name):
>>> >> >>
>>> >> >>
>>> >> >>
>>> >> >> <html><title>VM-Name</title><frameset><frame
>>> >> >> src="http://*.DOMAIN.com/ajax?token=qxXZQlpCi7xa-o8XgJM6Z_fb<MORE
>>> >> >> STUFF HERE>“></frame></frameset></html>
>>> >> >>
>>> >> >>
>>> >> >>
>>> >> >>
>>> >> >>
>>> >> >>
>>> >> >> Looking at the above, it is obvious that the *.DOMAIN.com is not
>>> valid.
>>> >> If
>>> >> >> I copy the URL and change the *.DOMAIN.com to the public IP address
>>> of
>>> >> the
>>> >> >> console proxy, I get access to the console just fine.
>>> >> >>
>>> >> >> Cheers
>>> >> >>
>>> >> >>
>>> >> >>
>>>
>>
>>
>> --
>>
>> Andrija Panić
>>
> 
> 
> --
> 
> Andrija Panić