Re: Network error when uploading local ISO
Thanks for everyone's help on this. I was able to successfully upload a local ISO file after following the blog post. On 7/6/21 5:34 AM, Andrija Panic wrote: > The default SSL might be the old *.realhostip.com - which is not to be used > in any similar-to-production way - but yes, this is a good workaround to > accept that browser warning, and later actions work fine > > > On Tue, 6 Jul 2021 at 08:56, Vivek Kumar > wrote: > >> I did the same way a long back..! If you are using any self signed >> certificate for testing or something.! >> >> >> >>> On 05-Jul-2021, at 1:15 PM, Abishek Budhathoki >> wrote: >>> If it may help, >>> Please open the ssvm public IP https://192.41.41.161/ in the new tab of >> the running browser and accept the certificate warning and try again >> uploading the ISO. >>> Faced the same issue at first while not using ssl for system vms. >>> Thank You. >>> >>> On 2021/07/05 00:23:34, Joshua Schaeffer >> wrote: On 7/4/21 4:16 PM, Andrija Panic wrote: > What's the value of your global config parameters: > > consoleproxy.url.domain Empty/blank > consoleproxy.sslEnabled False > secstorage.ssl.cert.domain Empty/blank > secstorage.encrypt.copy False > I expect last one or second to last one is wrong/not set - since your > browser is showing the request POST being sent to HTTPS: ( > https://192.41.41.161) instead of (https://192-41-41-161 > . > > Best, > > On Fri, 2 Jul 2021 at 17:35, Joshua Schaeffer < >> jschaef...@harmonywave.com> > wrote: If this could be related to SSL/TLS then I should probably mention I >> have set the ca.plugin.root.auth.strictness to "false". I can't remember >> the exact error I get but I know I got an error on a new install if I >> didn't do this. I could turn it back on and check if that would provide >> more info. I should also mention that I have not done any SSL/TLS at this >> point except at the load balancer and that does SSL termination. Are there >> any guides/documentation on how best to set these values? -- Thanks, Joshua Schaeffer >> -- Thanks, Joshua Schaeffer
Re: Network error when uploading local ISO
The default SSL might be the old *.realhostip.com - which is not to be used in any similar-to-production way - but yes, this is a good workaround to accept that browser warning, and later actions work fine On Tue, 6 Jul 2021 at 08:56, Vivek Kumar wrote: > I did the same way a long back..! If you are using any self signed > certificate for testing or something.! > > > > > On 05-Jul-2021, at 1:15 PM, Abishek Budhathoki > wrote: > > > > If it may help, > > Please open the ssvm public IP https://192.41.41.161/ in the new tab of > the running browser and accept the certificate warning and try again > uploading the ISO. > > Faced the same issue at first while not using ssl for system vms. > > Thank You. > > > > On 2021/07/05 00:23:34, Joshua Schaeffer > wrote: > >> On 7/4/21 4:16 PM, Andrija Panic wrote: > >>> What's the value of your global config parameters: > >>> > >>> consoleproxy.url.domain > >> Empty/blank > >>> consoleproxy.sslEnabled > >> False > >>> secstorage.ssl.cert.domain > >> Empty/blank > >>> secstorage.encrypt.copy > >> False > >>> > >>> I expect last one or second to last one is wrong/not set - since your > >>> browser is showing the request POST being sent to HTTPS: ( > >>> https://192.41.41.161) instead of (https://192-41-41-161 > >>> . > >>> > >>> Best, > >>> > >>> On Fri, 2 Jul 2021 at 17:35, Joshua Schaeffer < > jschaef...@harmonywave.com> > >>> wrote: > >> If this could be related to SSL/TLS then I should probably mention I > have set the ca.plugin.root.auth.strictness to "false". I can't remember > the exact error I get but I know I got an error on a new install if I > didn't do this. I could turn it back on and check if that would provide > more info. I should also mention that I have not done any SSL/TLS at this > point except at the load balancer and that does SSL termination. Are there > any guides/documentation on how best to set these values? > >> > >> -- > >> Thanks, > >> Joshua Schaeffer > >> > >> > > -- Andrija Panić
Re: Network error when uploading local ISO
I did the same way a long back..! If you are using any self signed certificate for testing or something.! > On 05-Jul-2021, at 1:15 PM, Abishek Budhathoki wrote: > > If it may help, > Please open the ssvm public IP https://192.41.41.161/ in the new tab of the > running browser and accept the certificate warning and try again uploading > the ISO. > Faced the same issue at first while not using ssl for system vms. > Thank You. > > On 2021/07/05 00:23:34, Joshua Schaeffer wrote: >> On 7/4/21 4:16 PM, Andrija Panic wrote: >>> What's the value of your global config parameters: >>> >>> consoleproxy.url.domain >> Empty/blank >>> consoleproxy.sslEnabled >> False >>> secstorage.ssl.cert.domain >> Empty/blank >>> secstorage.encrypt.copy >> False >>> >>> I expect last one or second to last one is wrong/not set - since your >>> browser is showing the request POST being sent to HTTPS: ( >>> https://192.41.41.161) instead of (https://192-41-41-161 >>> . >>> >>> Best, >>> >>> On Fri, 2 Jul 2021 at 17:35, Joshua Schaeffer >>> wrote: >> If this could be related to SSL/TLS then I should probably mention I have >> set the ca.plugin.root.auth.strictness to "false". I can't remember the >> exact error I get but I know I got an error on a new install if I didn't do >> this. I could turn it back on and check if that would provide more info. I >> should also mention that I have not done any SSL/TLS at this point except at >> the load balancer and that does SSL termination. Are there any >> guides/documentation on how best to set these values? >> >> -- >> Thanks, >> Joshua Schaeffer >> >>
Re: Network error when uploading local ISO
If it may help, Please open the ssvm public IP https://192.41.41.161/ in the new tab of the running browser and accept the certificate warning and try again uploading the ISO. Faced the same issue at first while not using ssl for system vms. Thank You. On 2021/07/05 00:23:34, Joshua Schaeffer wrote: > On 7/4/21 4:16 PM, Andrija Panic wrote: > > What's the value of your global config parameters: > > > > consoleproxy.url.domain > Empty/blank > > consoleproxy.sslEnabled > False > > secstorage.ssl.cert.domain > Empty/blank > > secstorage.encrypt.copy > False > > > > I expect last one or second to last one is wrong/not set - since your > > browser is showing the request POST being sent to HTTPS: ( > > https://192.41.41.161) instead of (https://192-41-41-161 > > . > > > > Best, > > > > On Fri, 2 Jul 2021 at 17:35, Joshua Schaeffer > > wrote: > If this could be related to SSL/TLS then I should probably mention I have set > the ca.plugin.root.auth.strictness to "false". I can't remember the exact > error I get but I know I got an error on a new install if I didn't do this. > I could turn it back on and check if that would provide more info. I should > also mention that I have not done any SSL/TLS at this point except at the > load balancer and that does SSL termination. Are there any > guides/documentation on how best to set these values? > > -- > Thanks, > Joshua Schaeffer > >
Re: Network error when uploading local ISO
Alright - because I might have mixed up other ML threads- let me ask you to read https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/ and implement the same (for the Console Proxy/SSVM only) Otherwise, if there is no working certificate for the SSVM (I believe by default, the old "realhostip" from the old days is used) - anyway - you won't be able to upload locally ISO or a template Because there is a hardcoded requirement that HTTPS must be used - so you must configure TLS certificate as per that blog page (or the official docs, but blog is much more straightforward) Cheers, On Mon, 5 Jul 2021 at 02:24, Joshua Schaeffer wrote: > On 7/4/21 4:16 PM, Andrija Panic wrote: > > What's the value of your global config parameters: > > > > consoleproxy.url.domain > Empty/blank > > consoleproxy.sslEnabled > False > > secstorage.ssl.cert.domain > Empty/blank > > secstorage.encrypt.copy > False > > > > I expect last one or second to last one is wrong/not set - since your > > browser is showing the request POST being sent to HTTPS: ( > > https://192.41.41.161) instead of (https://192-41-41-161 > > . > > > > Best, > > > > On Fri, 2 Jul 2021 at 17:35, Joshua Schaeffer < > jschaef...@harmonywave.com> > > wrote: > If this could be related to SSL/TLS then I should probably mention I have > set the ca.plugin.root.auth.strictness to "false". I can't remember the > exact error I get but I know I got an error on a new install if I didn't > do this. I could turn it back on and check if that would provide more info. > I should also mention that I have not done any SSL/TLS at this point except > at the load balancer and that does SSL termination. Are there any > guides/documentation on how best to set these values? > > -- > Thanks, > Joshua Schaeffer > > -- Andrija Panić
Re: Network error when uploading local ISO
On 7/4/21 4:16 PM, Andrija Panic wrote: > What's the value of your global config parameters: > > consoleproxy.url.domain Empty/blank > consoleproxy.sslEnabled False > secstorage.ssl.cert.domain Empty/blank > secstorage.encrypt.copy False > > I expect last one or second to last one is wrong/not set - since your > browser is showing the request POST being sent to HTTPS: ( > https://192.41.41.161) instead of (https://192-41-41-161 > . > > Best, > > On Fri, 2 Jul 2021 at 17:35, Joshua Schaeffer > wrote: If this could be related to SSL/TLS then I should probably mention I have set the ca.plugin.root.auth.strictness to "false". I can't remember the exact error I get but I know I got an error on a new install if I didn't do this. I could turn it back on and check if that would provide more info. I should also mention that I have not done any SSL/TLS at this point except at the load balancer and that does SSL termination. Are there any guides/documentation on how best to set these values? -- Thanks, Joshua Schaeffer
Re: Network error when uploading local ISO
What's the value of your global config parameters: consoleproxy.url.domain consoleproxy.sslEnabled secstorage.ssl.cert.domain secstorage.encrypt.copy I expect last one or second to last one is wrong/not set - since your browser is showing the request POST being sent to HTTPS: ( https://192.41.41.161) instead of (https://192-41-41-161 . Best, On Fri, 2 Jul 2021 at 17:35, Joshua Schaeffer wrote: > I posted a couple weeks back about some issues getting ISO's and templates > uploaded in ACS and received some excellent help. I've changed a few things > around based on that previous issue and am finally circling back to it but > still running into a problem uploading an ISO. When I try to upload an ISO > through primate I now get two messages [1]: > > Network Error: Unable to reach the management server or a browser > extension may be blocking the network request. > > Upload Failed: Failed to upload ISO - Error: Network Error > > After I click "OK" on the "Upload ISO from Local" dialog box I get these > two messages/errors and nothing else happens, the dialog box doesn't go > away and I can click "OK" again as many times as I want (the messages > always repeat). Also, If I refresh the ISO page then I see that my ISO that > I tried to upload is now listed [2], but is not actually ready [3]. > > To give some background, I am running ACS 4.15.0.0 with two load balanced > management servers and a KVM compute host. I've tried the following: > > 1. Disabled one of the management servers. > 2. Connected directly to a management server. > 3. Used different browsers. > > Nothing listed above has changed the outcome and the same message is > always thrown, so I don't think it is a load balancer or browser issue. As > this is related to my previous issue in getting the ssvm started I wanted > to show that it is now up and running [4], I can connect to it, and the > /usr/local/cloud/systemvm/ssvm-check.sh script doesn't throw any errors: > > root@s-41-VM:~# /usr/local/cloud/systemvm/ssvm-check.sh > > First DNS server is 10.2.81.1 > PING 10.2.81.1 (10.2.81.1): 56 data bytes > 64 bytes from 10.2.81.1: icmp_seq=0 ttl=63 time=0.357 ms > 64 bytes from 10.2.81.1: icmp_seq=1 ttl=63 time=0.399 ms > --- 10.2.81.1 ping statistics --- > 2 packets transmitted, 2 packets received, 0% packet loss > round-trip min/avg/max/stddev = 0.357/0.378/0.399/0.000 ms > Good: Can ping DNS server > > Good: DNS resolves cloudstack.apache.org > > nfs is currently mounted > Mount point is /mnt/SecStorage/df2ca46d-aee0-302e-9ad0-2e94252341e4 > Good: Can write to mount point > > Management server is bllcloudlb01.harmonywave.cloud. Checking connectivity. > Good: Can connect to management server bllcloudlb01.harmonywave.cloud port > 8250 > > Good: Java process is running > > Tests Complete. Look for ERROR or WARNING above. > > The cloud service inside the system VM is also running: > > root@s-41-VM:~# service cloud status > ● cloud.service - CloudStack Agent service >Loaded: loaded (/etc/systemd/system/cloud.service; enabled; vendor > preset: enabled) >Active: active (running) since Sat 2021-06-26 02:58:24 UTC; 6 days ago > Main PID: 3011 (bash) > Tasks: 48 (limit: 543) >Memory: 157.0M >CGroup: /system.slice/cloud.service >├─3011 bash /usr/local/cloud/systemvm/_run.sh >└─3241 java > -Djavax.net.ssl.trustStore=./certs/realhostip.keystore > -Djdk.tls.ephemeralDHKeySize=2048 -Djsse.enableSNIExtension=false -Dlog.hom > > Jul 02 15:16:41 s-41-VM _run.sh[3011]: at > java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) > Jul 02 15:16:41 s-41-VM _run.sh[3011]: at > java.base/java.lang.Thread.run(Thread.java:834) > Jul 02 15:16:41 s-41-VM _run.sh[3011]: 15:16:41,284 INFO Agent:835 - > Processing agent ready command, agent id = 16 > Jul 02 15:16:41 s-41-VM _run.sh[3011]: 15:16:41,284 INFO Agent:375 - Set > agent id 16 > Jul 02 15:16:41 s-41-VM _run.sh[3011]: 15:16:41,285 INFO Agent:842 - > Ready command is processed for agent id = 16 > Jul 02 15:16:41 s-41-VM _run.sh[3011]: 15:16:41,459 INFO Agent:835 - > Processing agent ready command, agent id = 16 > Jul 02 15:16:41 s-41-VM _run.sh[3011]: 15:16:41,459 INFO Agent:375 - Set > agent id 16 > Jul 02 15:16:41 s-41-VM _run.sh[3011]: 15:16:41,469 INFO Agent:791 - > Processed new management server list: bllcloudlb01.harmonywave.cloud@static > Jul 02 15:16:41 s-41-VM _run.sh[3011]: 15:16:41,469 INFO Agent:842 - > Ready command is processed for agent id = 16 > Jul 02 15:16:45 s-41-VM _run.sh[3011]: 15:16:45,134 INFO Agent:549 - > Connected to the host: bllcloudlb01.harmonywave.cloud > > Finally I took a network capture from
Network error when uploading local ISO
I posted a couple weeks back about some issues getting ISO's and templates
uploaded in ACS and received some excellent help. I've changed a few things
around based on that previous issue and am finally circling back to it but
still running into a problem uploading an ISO. When I try to upload an ISO
through primate I now get two messages [1]:
Network Error: Unable to reach the management server or a browser extension may
be blocking the network request.
Upload Failed: Failed to upload ISO - Error: Network Error
After I click "OK" on the "Upload ISO from Local" dialog box I get these two
messages/errors and nothing else happens, the dialog box doesn't go away and I
can click "OK" again as many times as I want (the messages always repeat).
Also, If I refresh the ISO page then I see that my ISO that I tried to upload
is now listed [2], but is not actually ready [3].
To give some background, I am running ACS 4.15.0.0 with two load balanced
management servers and a KVM compute host. I've tried the following:
1. Disabled one of the management servers.
2. Connected directly to a management server.
3. Used different browsers.
Nothing listed above has changed the outcome and the same message is always
thrown, so I don't think it is a load balancer or browser issue. As this is
related to my previous issue in getting the ssvm started I wanted to show that
it is now up and running [4], I can connect to it, and the
/usr/local/cloud/systemvm/ssvm-check.sh script doesn't throw any errors:
root@s-41-VM:~# /usr/local/cloud/systemvm/ssvm-check.sh
First DNS server is 10.2.81.1
PING 10.2.81.1 (10.2.81.1): 56 data bytes
64 bytes from 10.2.81.1: icmp_seq=0 ttl=63 time=0.357 ms
64 bytes from 10.2.81.1: icmp_seq=1 ttl=63 time=0.399 ms
--- 10.2.81.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.357/0.378/0.399/0.000 ms
Good: Can ping DNS server
Good: DNS resolves cloudstack.apache.org
nfs is currently mounted
Mount point is /mnt/SecStorage/df2ca46d-aee0-302e-9ad0-2e94252341e4
Good: Can write to mount point
Management server is bllcloudlb01.harmonywave.cloud. Checking connectivity.
Good: Can connect to management server bllcloudlb01.harmonywave.cloud port 8250
Good: Java process is running
Tests Complete. Look for ERROR or WARNING above.
The cloud service inside the system VM is also running:
root@s-41-VM:~# service cloud status
● cloud.service - CloudStack Agent service
Loaded: loaded (/etc/systemd/system/cloud.service; enabled; vendor preset:
enabled)
Active: active (running) since Sat 2021-06-26 02:58:24 UTC; 6 days ago
Main PID: 3011 (bash)
Tasks: 48 (limit: 543)
Memory: 157.0M
CGroup: /system.slice/cloud.service
├─3011 bash /usr/local/cloud/systemvm/_run.sh
└─3241 java -Djavax.net.ssl.trustStore=./certs/realhostip.keystore
-Djdk.tls.ephemeralDHKeySize=2048 -Djsse.enableSNIExtension=false -Dlog.hom
Jul 02 15:16:41 s-41-VM _run.sh[3011]: at
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
Jul 02 15:16:41 s-41-VM _run.sh[3011]: at
java.base/java.lang.Thread.run(Thread.java:834)
Jul 02 15:16:41 s-41-VM _run.sh[3011]: 15:16:41,284 INFO Agent:835 -
Processing agent ready command, agent id = 16
Jul 02 15:16:41 s-41-VM _run.sh[3011]: 15:16:41,284 INFO Agent:375 - Set agent
id 16
Jul 02 15:16:41 s-41-VM _run.sh[3011]: 15:16:41,285 INFO Agent:842 - Ready
command is processed for agent id = 16
Jul 02 15:16:41 s-41-VM _run.sh[3011]: 15:16:41,459 INFO Agent:835 -
Processing agent ready command, agent id = 16
Jul 02 15:16:41 s-41-VM _run.sh[3011]: 15:16:41,459 INFO Agent:375 - Set agent
id 16
Jul 02 15:16:41 s-41-VM _run.sh[3011]: 15:16:41,469 INFO Agent:791 - Processed
new management server list: bllcloudlb01.harmonywave.cloud@static
Jul 02 15:16:41 s-41-VM _run.sh[3011]: 15:16:41,469 INFO Agent:842 - Ready
command is processed for agent id = 16
Jul 02 15:16:45 s-41-VM _run.sh[3011]: 15:16:45,134 INFO Agent:549 - Connected
to the host: bllcloudlb01.harmonywave.cloud
Finally I took a network capture from the browser when I hit "OK" and I see the
following: [5]
https://drive.google.com/file/d/1w-gnARJ1XegK5D24c91T3qseU8GDNAPd/view?usp=sharing
I'm not quite sure what to make of that and can provide more details if needed.
I have been able to verify that port 443 is up on the SSVM:
root@s-41-VM:~# ss -tupanl | grep 443
tcp LISTEN 0 511 192.41.41.161:443 0.0.0.0:*
users:(("apache2",pid=28140,fd=4),("apache2",pid=28139,fd=4),("apache2",pid=28136,fd=4))
The logs don't seem to provide me with any hint of the
