Consoleproxy VM is no longer created

2022-12-05 Thread Antoine Boucher 
Hello,

We had a failure with a secondary storage that created several issues.

Nevertheless, after fixing the issues, we discovered that the system 
consoleproxy and secondarystorage vm were hung.

We deleted both system VMs, the secondarystorage vm came back without issues, 
but the consoleproxy vm is not being created. 

We will investigate further, but we have found nothing out of the ordinary in 
the management log file so far.

Has anyone had a similar issue before?

Regards,
Antoine
  



Confidentiality Warning: This message and any attachments are intended only for 
the use of the intended recipient(s), are confidential, and may be privileged. 
If you are not the intended recipient, you are hereby notified that any review, 
retransmission, conversion to hard copy, copying, circulation or other use of 
this message and any attachments is strictly prohibited. If you are not the 
intended recipient, please notify the sender immediately by return e-mail, and 
delete this message and any attachments from your system.

Issues with Rocky 9.1 qcow2 image

2022-12-05 Thread Jeremy Hansen 
I’m trying to boot a Rocky cloud image for Rocky 9.1 using their qcow2 image.

As soon as I start the VM, I get:

“Probing EDD (edd=off to disable)… ok”

and then nothing. I don’t see a DHCP lease being pulled, so I assume the VM 
isn’t actually proceeding with boot.

Anyone else see this? This is on Cloudstack 4.17.1.0. I posted a similar 
message on the Rocky mail list. Is there an easy way via virsh or cloudstack to 
alter the kernel command line parameters in an existing image before it boots?

Thanks
-jeremy



signature.asc
Description: PGP signature

Re: VMs HA not working with Ceph

2022-12-05 Thread Nux 

Hello,

For HA to work you need to:
1 - add a service offering with "HA" box enabled
2 - you need to have some NFS storage for the heartbeat/fencing 
mechanism - you don't need to use it for VMs, but it needs to be present 
and it needs to be super reliable or hypervisors might reboot if they 
see it goes away - this behaviour can be customised if you want to (and 
know what you are doing):

https://github.com/apache/cloudstack/blob/a63b2aba7aa3948f78d280a356c550c6638a137b/scripts/vm/hypervisor/kvm/kvmheartbeat.sh#L162

HTH

---
Nux
www.nux.ro

On 2022-12-02 07:02, Ranjit Jadhav wrote:

Hello Guys,

We are also struggling with this HA thing any guidance will be highly
appreciated.

Regards,
Ranjit

On Thu, 1 Dec 2022 at 20:50, pspa...@hotmail.com 
wrote:


Hi,
I have build new infra with Ceph storage everything working well.
But VMs HA not working. Can anyone guide me.

Regards Pradeep Kumar

Re: Console View Not Working

2022-12-05 Thread Granwille Strauss 
I am an idiot I now understand what you mean. In the urldomain setting, 
I need to literally specify "*.domain.tld" and then proceed to configure 
"1-2-3-4.domain.tld" DNS records. It now fully works as expected, thank 
you Nux.


On 12/5/22 15:56, Granwille Strauss wrote:


Thank you

For what its worth, I have two CCVMs and my URL domain for console in 
general settings is set as 'console.domain.tld'. And now I have two A 
records for this subdomain one "pointing" to each CCVM. If I remove 
one IP from the DNS zone, after DNS propagation I cannot access the 
console for any VM. When adding it again back, it seems to work.


On 12/5/22 15:17, Nux wrote:


The hostnames are unique, modeled after the following scheme:

1-2-3-4.domain.tld resolves to 1.2.3.4

As such, for any IP a CPVM (or indeed SSVM) might get allocated, then 
you will need to have that kind of resolution working. If you don't 
have too many IPs, then it might be worth defining A records as the 
above for all of them, as you won't necessarily know which IP a 
system VM will use (during the lifecycle of Cloudstack, as you create 
and delete them).



HTH

---
Nux
www.nux.ro 


On 2022-12-05 10:53, Granwille Strauss wrote:


Hi Guys

Just a quick question, when specifying your console domain in the 
general settings, you need to add an A record to said domains DNS 
zone to *point to the CCVM public IP*, for it to be accessible and 
for SSL to work accordingly. Now if you have more than one CCVM 
because you have multiple zones, should you update the DNS A record 
to include the additional CCVMs public IPs too? Or is having only 
one enough?


On 11/21/22 14:23, Granwille Strauss wrote:


Hi Nicolas

On my working zone it shows the same:


root@v-47-VM:~# telnet public_ip 5900
Trying kvm_public_ip...
Connected to 41.72.146.218.
Escape character is '^]'.
RFB 003.008


Both my kvm hosts have the same qemu/libvirt versions too. The 
issue seems to boil down to my routing. I tested other telnet ports 
such as 53 and 80 etc the all come back with no route error.


My existing zone, the one working is fully connected using public 
IP addresses and zero private networking subnets. I created a new 
zone to reconfigure my set up this time using private subnets, 
since its recommended that way. I created a backlink connection 
between my three hosts on the same private VLAN. But it turns out 
my private backlink connection cannot reach the public network. So 
I now had to configure a gateway myself and its supposed to route 
network from my private subnets to the internet such as a ping to 
1.1.1.1.


I believe this configuration might be the reason, because as soon 
as I turn off the firewall "gateway" I can telnet successfully from 
the cpvm but then the agents disconnects because if cannot reach 
the public network.


On 11/21/22 14:01, Nicolas Vazquez wrote:

Hi Granwille,

I see the RFB version offered by the VNC server is 3.8, and the CPVM currently 
can handle up to 3.3. Can you compare on your working zone the output of the 
telnet to a VNC working port? Is there any difference on the qemu/libvirt 
configurations on the hosts from each zone?

Regards,
Nicolas Vazquez


From: Granwille Strauss  

Date: Monday, 21 November 2022 at 08:20
To: Nux  
Cc:users@cloudstack.apache.org    
  
Subject: Re: Console View Not Working

Hi

Its running on the KVM server:
root@hostname ~ $ grep -w 5900 /etc/services
rfb 5900/tcp# Remote Framebuffer
rfb 5900/udp# Remote Framebuffer
root@hostname ~ $

I stopped the firewall and was able to connect to the VNC service from the cpvm:
root@v-78-VM:~# telnet 192.168.50.3 5900
Trying 192.168.50.3...
Connected to 192.168.50.3.
Escape character is '^]'.
RFB 003.008

Thank you, this helps a lot. I am going to see if white listing some rules 
might work. And see if it works after testing.
On 11/21/22 13:02, Nux wrote:

Networking can get tricky, especially if you want to be too smart about it, it 
will bite back.

Anyway, VNC port 5900, is that even listening on the hypervisor, what is 
ss/netstat saying?

Try to find an existing port to test against. If that fails check/disable the 
firewall on the hypervisor or on any firewall device between management server 
and hypervisor.
---
Nux
www.nux.ro    



On 2022-11-21 10:47, Granwille Strauss wrote:

Hi Nux

Thanks for the update. I ssh'd into the CPVM and when I run `telnet 
HV_Private_IP 5900` I get no route error. But if I do this with my working 
existing zone it works fine.  So it seems my systemvms cannot reach the VNC 
server but when I ping from cpvm to kvm private ip I get a successful response, 
this makes no sense.

--

Regards / Groete

Apache CloudStack Yearly Survey - Please fill in!

2022-12-05 Thread Ivet Petrova 
Hi all,

As it is December and the end of the year approaches, I want to remind again 
for the CloudStack Yearly Survey: https://forms.gle/RojUoTq2rnsdvyN97
This survey is designed to collect feedback from CloudStack users about its 
capabilities, features, use cases and roadmap. It targets to help the community 
get better understanding of the CloudStack usage and improve the project even 
more.

The results from the survey will be used so that we can prepare an Apache 
CloudStack Yearly Report and show to the world how rapidly our community is 
growing and why companies prefer CloudStack as a turnkey solution.
I will appreciate the help of you all and do not hesitate also to share the 
survey with colleagues and on social media.

Kind regards,

Re: Console View Not Working

2022-12-05 Thread Granwille Strauss 

Thank you

For what its worth, I have two CCVMs and my URL domain for console in 
general settings is set as 'console.domain.tld'. And now I have two A 
records for this subdomain one "pointing" to each CCVM. If I remove one 
IP from the DNS zone, after DNS propagation I cannot access the console 
for any VM. When adding it again back, it seems to work.


On 12/5/22 15:17, Nux wrote:


The hostnames are unique, modeled after the following scheme:

1-2-3-4.domain.tld resolves to 1.2.3.4

As such, for any IP a CPVM (or indeed SSVM) might get allocated, then 
you will need to have that kind of resolution working. If you don't 
have too many IPs, then it might be worth defining A records as the 
above for all of them, as you won't necessarily know which IP a system 
VM will use (during the lifecycle of Cloudstack, as you create and 
delete them).



HTH

---
Nux
www.nux.ro 


On 2022-12-05 10:53, Granwille Strauss wrote:


Hi Guys

Just a quick question, when specifying your console domain in the 
general settings, you need to add an A record to said domains DNS 
zone to *point to the CCVM public IP*, for it to be accessible and 
for SSL to work accordingly. Now if you have more than one CCVM 
because you have multiple zones, should you update the DNS A record 
to include the additional CCVMs public IPs too? Or is having only one 
enough?


On 11/21/22 14:23, Granwille Strauss wrote:


Hi Nicolas

On my working zone it shows the same:


root@v-47-VM:~# telnet public_ip 5900
Trying kvm_public_ip...
Connected to 41.72.146.218.
Escape character is '^]'.
RFB 003.008


Both my kvm hosts have the same qemu/libvirt  versions too. The 
issue seems to boil down to my routing. I tested other telnet ports 
such as 53 and 80 etc the all come back with no route error.


My existing zone, the one working is fully connected using public IP 
addresses and zero private networking subnets. I created a new zone 
to reconfigure my set up this time using private subnets, since its 
recommended that way. I created a backlink connection between my 
three hosts on the same private VLAN. But it turns out my private 
backlink connection cannot reach the public network. So I now had to 
configure a gateway myself and its supposed to route network from my 
private subnets to the internet such as a ping to 1.1.1.1.


I believe this configuration might be the reason, because as soon as 
I turn off the firewall "gateway" I can telnet successfully from the 
cpvm but then the agents disconnects because if cannot reach the 
public network.


On 11/21/22 14:01, Nicolas Vazquez wrote:

Hi Granwille,

I see the RFB version offered by the VNC server is 3.8, and the CPVM currently 
can handle up to 3.3. Can you compare on your working zone the output of the 
telnet to a VNC working port? Is there any difference on the qemu/libvirt 
configurations on the hosts from each zone?

Regards,
Nicolas Vazquez


From: Granwille Strauss  

Date: Monday, 21 November 2022 at 08:20
To: Nux  
Cc:users@cloudstack.apache.org    
  
Subject: Re: Console View Not Working

Hi

Its running on the KVM server:
root@hostname ~ $ grep -w 5900 /etc/services
rfb 5900/tcp# Remote Framebuffer
rfb 5900/udp# Remote Framebuffer
root@hostname ~ $

I stopped the firewall and was able to connect to the VNC service from the cpvm:
root@v-78-VM:~# telnet 192.168.50.3 5900
Trying 192.168.50.3...
Connected to 192.168.50.3.
Escape character is '^]'.
RFB 003.008

Thank you, this helps a lot. I am going to see if white listing some rules 
might work. And see if it works after testing.
On 11/21/22 13:02, Nux wrote:

Networking can get tricky, especially if you want to be too smart about it, it 
will bite back.

Anyway, VNC port 5900, is that even listening on the hypervisor, what is 
ss/netstat saying?

Try to find an existing port to test against. If that fails check/disable the 
firewall on the hypervisor or on any firewall device between management server 
and hypervisor.
---
Nux
www.nux.ro    



On 2022-11-21 10:47, Granwille Strauss wrote:

Hi Nux

Thanks for the update. I ssh'd into the CPVM and when I run `telnet 
HV_Private_IP 5900` I get no route error. But if I do this with my working 
existing zone it works fine.  So it seems my systemvms cannot reach the VNC 
server but when I ping from cpvm to kvm private ip I get a successful response, 
this makes no sense.

--

Regards / Groete
[https://www.adsigner.com/v1/s/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818/logo/621b3fa39fb210001f975298/cd2904ba-304d-4a49-bf33-cbe9ac76d929_248x-.png

Re: Redirect HTTP 8080 to HTTPS 8443 on Cloudstack 4.17.1.0

2022-12-05 Thread Nux 



I never bothered to do this in Cloudstack, I always used Apache to 
terminate SSL and do proxy requests, you can of course use any other web 
servers for this (nginx, lighttpd).


---
Nux
www.nux.ro [11]

On 2022-12-02 13:58, Granwille Strauss wrote:


Hi Guys

Would like to follow up on this any ideas?

On 11/18/22 16:47, David Larsen wrote:


Hi

We are using Cloudstack 4.17.1.0.
Https://host.domain.com:8443 works fine.

I followed to steps below to redirect http 8080 to https 8443 with no 
luck

Is there another way to do this in 4.17.1.0?
Hope so... :-)



For auto redirection from 8080 to 8443, Add below content in 
'/usr/share/cloudstack-management/webapp/WEB-INF/web.xml' file at line 
22





Everything in the webapp

/*





CONFIDENTIAL











...

8443






Restart the management service
systemctl restart cloudstack-management

Best regards
David Larsen


--

Regards / Groete

[1]
Granwille Strauss  //  Senior Systems Admin

e: granwi...@namhost.com
m: +264 81 323 1260 [2]
w: www.namhost.com [3]

[4] [5] [6] [7] [8]

[9]

Namhost Internet Services (Pty) Ltd,

24 Black Eagle Rd, Hermanus, 7210, RSA

The content of this message is confidential. If you have received it by 
mistake, please inform us by email reply and then delete the message. 
It is forbidden to copy, forward, or in any way reveal the contents of 
this message to anyone without our explicit consent. The integrity and 
security of this email cannot be guaranteed over the Internet. 
Therefore, the sender will not be held liable for any damage caused by 
the message. For our full privacy policy and disclaimers, please go to 
https://www.namhost.com/privacy-policy


[10]



Links:
--
[1] https://www.namhost.com
[2] tel:+264813231260
[3] https://www.namhost.com/
[4] https://www.facebook.com/namhost
[5] https://twitter.com/namhost
[6] https://www.instagram.com/namhostinternetservices/
[7] https://www.linkedin.com/company/namhos
[8] https://www.youtube.com/channel/UCTd5v-kVPaic_dguGur15AA
[9] 
https://www.adsigner.com/v1/l/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818/banner
[10] 
https://www.adsigner.com/v1/c/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818

[11] http://www.nux.ro

Re: Console View Not Working

2022-12-05 Thread Nux 



The hostnames are unique, modeled after the following scheme:

1-2-3-4.domain.tld resolves to 1.2.3.4

As such, for any IP a CPVM (or indeed SSVM) might get allocated, then 
you will need to have that kind of resolution working. If you don't have 
too many IPs, then it might be worth defining A records as the above for 
all of them, as you won't necessarily know which IP a system VM will use 
(during the lifecycle of Cloudstack, as you create and delete them).


HTH

---
Nux
www.nux.ro [1]

On 2022-12-05 10:53, Granwille Strauss wrote:


Hi Guys

Just a quick question, when specifying your console domain in the 
general settings, you need to add an A record to said domains DNS zone 
to point to the CCVM public IP, for it to be accessible and for SSL to 
work accordingly. Now if you have more than one CCVM because you have 
multiple zones, should you update the DNS A record to include the 
additional CCVMs public IPs too? Or is having only one enough?


On 11/21/22 14:23, Granwille Strauss wrote:

Hi Nicolas

On my working zone it shows the same:

root@v-47-VM:~# telnet public_ip 5900
Trying kvm_public_ip...
Connected to 41.72.146.218.
Escape character is '^]'.
RFB 003.008

Both my kvm hosts have the same qemu/libvirt  versions too. The issue 
seems to boil down to my routing. I tested other telnet ports such as 
53 and 80 etc the all come back with no route error.


My existing zone, the one working is fully connected using public IP 
addresses and zero private networking subnets. I created a new zone to 
reconfigure my set up this time using private subnets, since its 
recommended that way. I created a backlink connection between my three 
hosts on the same private VLAN. But it turns out my private backlink 
connection cannot reach the public network. So I now had to configure a 
gateway myself and its supposed to route network from my private 
subnets to the internet such as a ping to 1.1.1.1.


I believe this configuration might be the reason, because as soon as I 
turn off the firewall "gateway" I can telnet successfully from the cpvm 
but then the agents disconnects because if cannot reach the public 
network.


On 11/21/22 14:01, Nicolas Vazquez wrote:

Hi Granwille,

I see the RFB version offered by the VNC server is 3.8, and the CPVM 
currently can handle up to 3.3. Can you compare on your working zone 
the output of the telnet to a VNC working port? Is there any difference 
on the qemu/libvirt configurations on the hosts from each zone?


Regards,
Nicolas Vazquez

From: Granwille Strauss 
Date: Monday, 21 November 2022 at 08:20
To: Nux 
Cc: users@cloudstack.apache.org 
Subject: Re: Console View Not Working

Hi

Its running on the KVM server:
root@hostname ~ $ grep -w 5900 /etc/services
rfb 5900/tcp# Remote Framebuffer
rfb 5900/udp# Remote Framebuffer
root@hostname ~ $

I stopped the firewall and was able to connect to the VNC service from 
the cpvm:

root@v-78-VM:~# telnet 192.168.50.3 5900
Trying 192.168.50.3...
Connected to 192.168.50.3.
Escape character is '^]'.
RFB 003.008

Thank you, this helps a lot. I am going to see if white listing some 
rules might work. And see if it works after testing.

On 11/21/22 13:02, Nux wrote:

Networking can get tricky, especially if you want to be too smart about 
it, it will bite back.


Anyway, VNC port 5900, is that even listening on the hypervisor, what 
is ss/netstat saying?


Try to find an existing port to test against. If that fails 
check/disable the firewall on the hypervisor or on any firewall device 
between management server and hypervisor.

---
Nux
www.nux.ro [1] [1]

On 2022-11-21 10:47, Granwille Strauss wrote:

Hi Nux

Thanks for the update. I ssh'd into the CPVM and when I run `telnet 
HV_Private_IP 5900` I get no route error. But if I do this with my 
working existing zone it works fine.  So it seems my systemvms cannot 
reach the VNC server but when I ping from cpvm to kvm private ip I get 
a successful response, this makes no sense.


--

Regards / Groete
[https://www.adsigner.com/v1/s/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818/logo/621b3fa39fb210001f975298/cd2904ba-304d-4a49-bf33-cbe9ac76d929_248x-.png] 
[2]

Granwille Strauss  //  Senior Systems Admin

e: granwi...@namhost.com
m: +264 81 323 1260 [3]
w: www.namhost.com [4] [2]

[https://www.adsigner.com/v1/s/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818/social_icon_01/621b3fa39fb210001f975298/9151954b-b298-41aa-89c8-1d68af075373_48x48.png] 
[5][https://www.adsigner.com/v1/s/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818/social_icon_02/621b3fa39fb210001f975298/85a9dc7c-7bd1-4958-85a9-e6a25baeb028_48x48.png]

Re: VM instances and RVR cannot communicate with each other when on different hosts

2022-12-05 Thread Andrija Panic 
Hi,

RVR is a feature that is known to break from time to time, and is NOT
recommended for the Production use, at least that's what we advise your
customers to do/avoid doing.

However, if 2 VMs can not communicate while on different hosts, but CAN
communicate while on the same host - this might indicate VLAN (trunking)
misconfiguration on the switches - the VLANs via which those VMs are
communicating, has to be trunked to all the hypervisors in your Zone - so
that host1 and hostN both can talk over the specific VLAN (here, I'm
guessing you are hitting issues with Guest traffic - so check that all your
VLANs for Guest traffic are properly trunked on all switch ports to which
all of your servers are connected)

Best,

On Fri, 18 Nov 2022 at 15:08, Gary Dixon 
wrote:

> Hi
>
>
>
> I am hoping someone could help with a new Dev Cloudstack system we are
> trying to setup based on Ubuntu 20.04 KVM hosts and mgmt. servers with CS
> 4.15.2 and an Adv Zone with VPC’s
>
>
>
> We spotted that the RVR’s in the VPC’s are both in the ‘MASTER’ state
> indicating that they cannot communicate with each other. Also testing
> within a guest VM – it is able to ping another guest VM in the same network
> – but only when on the same KVM host.
>
> If we live migrate one of the VM’s to a different KVM host then the ping
> breaks.
>
> Our guest network is using VXLAN isolation method and all network labesl
> in CS are correct. We  are trying to setup this Dev system to match our
> production system as closely as possible and all networking works perfectly
> in the Production system
>
>
>
> One thing we have noticed is if we put a KVM host into maintenance mode –
> thus destroying all the brvx-xxx interfaces on there and then bring it back
> out of maintenance mode and migrate VM’s to it and Restart the VPC with
> cleanup enabled – communication between VM’s cross host works again for a
> few minutes. The RVR’s go into Master and Backup status briefly – but then
> after a few minutes both VR’s go into ‘MASTER’ state and VM’s cannot ping
> each other when on different hosts.
>
> Any pointers/help would be greatly appreciated
>
>
>
> BR
>
>
>
> Gary
> Gary Dixon​
> Senior Technical Consultant
> T:  +44 161 537 4990
> E:  *v* <+44%207989717661>ms@quadris‑support.com
> W: www.quadris.co.uk
> The information contained in this e-mail from Quadris may be confidential
> and privileged for the private use of the named recipient.  The contents of
> this e-mail may not necessarily represent the official views of Quadris.
> If you have received this information in error you must not copy,
> distribute or take any action or reliance on its contents.  Please destroy
> any hard copies and delete this message.
>


-- 

Andrija Panić

Cloudstack: NFS Secondary Storage is not working.

2022-12-05 Thread Chan Yu Huang 
Hi,

I would like any idea my secondary storage usage empty and logs show it is not 
found any VM although I check both SSVM and CPVM is running.

As my setup I use management server as secondary NFS too and added other 
secondary NFS server as backup, but seem dashboard show unable view usage.
May I know any guideline or I miss out some step?

[cid:image002.png@01D908E1.F802FEF0]
[cid:image003.png@01D908E1.F802FEF0]

[cid:image004.png@01D908E1.F802FEF0]

[cid:image005.png@01D908E1.F802FEF0]

With Regards,

CHAN YU HUANG
Server & System Support
[cid:image003.jpg@01D7C979.8E624670]
N2N disclaimer:
This e-mail (including any attachments) is owned by N2N CONNECT BERHAD and may 
contain confidential information. They are protected by copyright law and may 
not be reproduced, distributed, transmitted, displayed, published or broadcast 
without the prior, express written permission of N2N CONNECT BERHAD. If you are 
not the intended recipient, you are hereby notified that any review, 
distribution, printing, copying or use of this e-mail is strictly prohibited. 
If you have received this e-mail in error, please notify the sender or N2N 
CONNECT BERHAD and/or its group of companies (hereinafter referred to as "N2N 
Group") immediately and delete the original message. Opinions, conclusions and 
other information in this e-mail that do not relate to the official business of 
N2N Group are neither given nor endorsed by N2N Group and in no way shall it 
accepts any responsibility for the same. All liability arising from or in 
connection with computer viruses and/or corrupted e-mail is excluded to the 
fullest permitted by law.

Re: Console View Not Working

2022-12-05 Thread Granwille Strauss 

Hi Guys

Just a quick question, when specifying your console domain in the 
general settings, you need to add an A record to said domains DNS zone 
to *point to the CCVM public IP*, for it to be accessible and for SSL to 
work accordingly. Now if you have more than one CCVM because you have 
multiple zones, should you update the DNS A record to include the 
additional CCVMs public IPs too? Or is having only one enough?


On 11/21/22 14:23, Granwille Strauss wrote:


Hi Nicolas

On my working zone it shows the same:


root@v-47-VM:~# telnet public_ip 5900
Trying kvm_public_ip...
Connected to 41.72.146.218.
Escape character is '^]'.
RFB 003.008


Both my kvm hosts have the same qemu/libvirt  versions too. The issue 
seems to boil down to my routing. I tested other telnet ports such as 
53 and 80 etc the all come back with no route error.


My existing zone, the one working is fully connected using public IP 
addresses and zero private networking subnets. I created a new zone to 
reconfigure my set up this time using private subnets, since its 
recommended that way. I created a backlink connection between my three 
hosts on the same private VLAN. But it turns out my private backlink 
connection cannot reach the public network. So I now had to configure 
a gateway myself and its supposed to route network from my private 
subnets to the internet such as a ping to 1.1.1.1.


I believe this configuration might be the reason, because as soon as I 
turn off the firewall "gateway" I can telnet successfully from the 
cpvm but then the agents disconnects because if cannot reach the 
public network.


On 11/21/22 14:01, Nicolas Vazquez wrote:

Hi Granwille,

I see the RFB version offered by the VNC server is 3.8, and the CPVM currently 
can handle up to 3.3. Can you compare on your working zone the output of the 
telnet to a VNC working port? Is there any difference on the qemu/libvirt 
configurations on the hosts from each zone?

Regards,
Nicolas Vazquez


From: Granwille Strauss
Date: Monday, 21 November 2022 at 08:20
To: Nux
Cc:users@cloudstack.apache.org  
Subject: Re: Console View Not Working

Hi

Its running on the KVM server:
root@hostname ~ $ grep -w 5900 /etc/services
rfb 5900/tcp# Remote Framebuffer
rfb 5900/udp# Remote Framebuffer
root@hostname ~ $

I stopped the firewall and was able to connect to the VNC service from the cpvm:
root@v-78-VM:~# telnet 192.168.50.3 5900
Trying 192.168.50.3...
Connected to 192.168.50.3.
Escape character is '^]'.
RFB 003.008

Thank you, this helps a lot. I am going to see if white listing some rules 
might work. And see if it works after testing.
On 11/21/22 13:02, Nux wrote:

Networking can get tricky, especially if you want to be too smart about it, it 
will bite back.

Anyway, VNC port 5900, is that even listening on the hypervisor, what is 
ss/netstat saying?

Try to find an existing port to test against. If that fails check/disable the 
firewall on the hypervisor or on any firewall device between management server 
and hypervisor.
---
Nux
www.nux.ro



On 2022-11-21 10:47, Granwille Strauss wrote:

Hi Nux

Thanks for the update. I ssh'd into the CPVM and when I run `telnet 
HV_Private_IP 5900` I get no route error. But if I do this with my working 
existing zone it works fine.  So it seems my systemvms cannot reach the VNC 
server but when I ping from cpvm to kvm private ip I get a successful response, 
this makes no sense.

--

Regards / Groete
[https://www.adsigner.com/v1/s/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818/logo/621b3fa39fb210001f975298/cd2904ba-304d-4a49-bf33-cbe9ac76d929_248x-.png]
Granwille Strauss  //  Senior Systems Admin

e:granwi...@namhost.com
m: +264 81 323 1260
w:www.namhost.com

[https://www.adsigner.com/v1/s/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818/social_icon_01/621b3fa39fb210001f975298/9151954b-b298-41aa-89c8-1d68af075373_48x48.png][https://www.adsigner.com/v1/s/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818/social_icon_02/621b3fa39fb210001f975298/85a9dc7c-7bd1-4958-85a9-e6a25baeb028_48x48.png][https://www.adsigner.com/v1/s/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818/social_icon_03/621b3fa39fb210001f975298/c1c5386c-914c-43cf-9d37-5b4aa8e317ab_48x48.png][https://www.adsigner.com/v1/s/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818/social_icon_04/621b3fa39fb210001f975298/3aaa7968-130e-48ec-821d-559a332cce47_48x48.png][https://www.adsigner.com/v1/s/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818/social_icon_05/621b3fa39fb210001f975298/3a8c09e6-588f-43a8-acfd-be4423fd3fb6_48x48.png]