I just realized I had to set the consoleproxy.url.domain field to "
realhostip.com" but now when I try to view the console, the browser says
"The server refused the connection." Does that indicate a problem with the
SSL certificate?
management-server.log:
2014-05-15 14:43:55,506 DEBUG [c.c.a.t.Request] (catalina-exec-15:null) Seq
1-90898443: Sending { Cmd , MgmtId: 161342909744, via: 1(
virthost1.lax.ratespecial.com), Ver: v1, Flags: 100011,
[{"com.cloud.agent.api.GetVncPortCommand":{"id":2,"name":"v-2-VM","wait":0}}]
}
2014-05-15 14:43:55,563 DEBUG [c.c.a.t.Request]
(AgentManager-Handler-5:null) Seq 1-90898443: Processing: { Ans: , MgmtId:
161342909744, via: 1, Ver: v1, Flags: 10,
[{"com.cloud.agent.api.GetVncPortAnswer":{"address":"192.168.100.6","port":5901,"result":true,"wait":0}}]
}
2014-05-15 14:43:55,563 DEBUG [c.c.a.t.Request] (catalina-exec-15:null) Seq
1-90898443: Received: { Ans: , MgmtId: 161342909744, via: 1, Ver: v1,
Flags: 10, { GetVncPortAnswer } }
2014-05-15 14:43:55,563 DEBUG [c.c.s.ConsoleProxyServlet]
(catalina-exec-15:null) Port info 192.168.100.6
2014-05-15 14:43:55,563 INFO [c.c.s.ConsoleProxyServlet]
(catalina-exec-15:null) Parse host info returned from executing
GetVNCPortCommand. host info: 192.168.100.6
2014-05-15 14:43:55,570 DEBUG [c.c.s.ConsoleProxyServlet]
(catalina-exec-15:null) Compose console url:
https://192-168-100-159.realhostip.com/ajax?token=CsPhU4m_R2ZoLIdXOtjo3y3humnQN20wt5fSPjbZOHtRh7nli7tiq0ZiWUuwCVIn7K0vuegv6oMAAq_vDY4Vr_f7jwoVQDkxAE1vmK9oRhy9pvBVlmAdCer6hlVjXQlwL9oJEQO4thhSDg2qeNji02xuxlSmDilVKnd9U9xiHqIV-PgktrKq3J2GT1EpcpTvhsew5COQ1h3j8M9IM8KLZpYA0dDp7TejMmfgSiQI8ifZSh_nNLyyqBzYvl1XWxSaDIrnj7UsP3JKUq74kdY5Pg
2014-05-15 14:43:55,570 DEBUG [c.c.s.ConsoleProxyServlet]
(catalina-exec-15:null) the console url is ::
<html><title>v-2-VM</title><frameset><frame src="
https://192-168-100-159.realhostip.com/ajax?token=CsPhU4m_R2ZoLIdXOtjo3y3humnQN20wt5fSPjbZOHtRh7nli7tiq0ZiWUuwCVIn7K0vuegv6oMAAq_vDY4Vr_f7jwoVQDkxAE1vmK9oRhy9pvBVlmAdCer6hlVjXQlwL9oJEQO4thhSDg2qeNji02xuxlSmDilVKnd9U9xiHqIV-PgktrKq3J2GT1EpcpTvhsew5COQ1h3j8M9IM8KLZpYA0dDp7TejMmfgSiQI8ifZSh_nNLyyqBzYvl1XWxSaDIrnj7UsP3JKUq74kdY5Pg
"></frame></frameset></html>
ssl_access_log:
192.168.100.166 - - [15/May/2014:14:44:55 -0700] "GET
/client/console?cmd=access&vm=086b5822-de00-4764-8b05-d8e00657ee54
HTTP/1.1" 200 405
On Wed, May 14, 2014 at 5:56 PM, Ian Young <iyo...@ratespecial.com> wrote:
> Looks like it's still using HTTP, not HTTPS:
>
> 2014-05-14 17:52:35,812 DEBUG [c.c.a.t.Request] (catalina-exec-20:null)
> Seq 1-800529939: Sending { Cmd , MgmtId: 161342909744, via: 1(
> virthost1.lax.ratespecial.com), Ver: v1, Flags: 100011,
> [{"com.cloud.agent.api.GetVncPortCommand":{"id":6,"name":"i-5-6-VM","wait":0}}]
> }
> 2014-05-14 17:52:35,861 DEBUG [c.c.a.t.Request]
> (AgentManager-Handler-1:null) Seq 1-800529939: Processing: { Ans: ,
> MgmtId: 161342909744, via: 1, Ver: v1, Flags: 10,
> [{"com.cloud.agent.api.GetVncPortAnswer":{"address":"192.168.100.6","port":5903,"result":true,"wait":0}}]
> }
> 2014-05-14 17:52:35,861 DEBUG [c.c.a.t.Request] (catalina-exec-20:null)
> Seq 1-800529939: Received: { Ans: , MgmtId: 161342909744, via: 1, Ver: v1,
> Flags: 10, { GetVncPortAnswer } }
> 2014-05-14 17:52:35,861 DEBUG [c.c.s.ConsoleProxyServlet]
> (catalina-exec-20:null) Port info 192.168.100.6
> 2014-05-14 17:52:35,861 INFO [c.c.s.ConsoleProxyServlet]
> (catalina-exec-20:null) Parse host info returned from executing
> GetVNCPortCommand. host info: 192.168.100.6
> 2014-05-14 17:52:35,865 DEBUG [c.c.s.ConsoleProxyServlet]
> (catalina-exec-20:null) Compose console url:
> http://192.168.100.159/ajax?token=CsPhU4m_R2ZoLIdXOtjo3y3humnQN20wt5fSPjbZOHtRh7nli7tiq0ZiWUuwCVIn_GSECIK5nC2lBX8cMHvt1_GrmwDVK1PEEAwyueLlgNRgodobz8Lsyv2jEc-mUvMH340AYGt0FyZOuXIA6dunN3yx-bP-vp4rao5Up61eJwOvqFr3PhggNpbq5Up59ObOdYMe2GsBP_3FrL8ZQfBhNBSmViHQ0fKJSyUHDoC9tKlfs2Bb0rPOBxsZeTPfe-hDuaVT-pZxjQXCKM93sujnWw
> 2014-05-14 17:52:35,865 DEBUG [c.c.s.ConsoleProxyServlet]
> (catalina-exec-20:null) the console url is ::
> <html><title>phonesynergy</title><frameset><frame src="
> http://192.168.100.159/ajax?token=CsPhU4m_R2ZoLIdXOtjo3y3humnQN20wt5fSPjbZOHtRh7nli7tiq0ZiWUuwCVIn_GSECIK5nC2lBX8cMHvt1_GrmwDVK1PEEAwyueLlgNRgodobz8Lsyv2jEc-mUvMH340AYGt0FyZOuXIA6dunN3yx-bP-vp4rao5Up61eJwOvqFr3PhggNpbq5Up59ObOdYMe2GsBP_3FrL8ZQfBhNBSmViHQ0fKJSyUHDoC9tKlfs2Bb0rPOBxsZeTPfe-hDuaVT-pZxjQXCKM93sujnWw
> "></frame></frameset></html>
>
>
> On Wed, May 14, 2014 at 5:41 PM, Ian Young <iyo...@ratespecial.com> wrote:
>
>> I decided to create my own internal realhostip.com. My DNS servers use
>> PowerDNS, not BIND, so the $GENERATE directive was not an option and I
>> didn't want to have to populate my DNS servers' databases with a record for
>> every possible IP address. Fortunately, I found the following Lua script:
>>
>> https://github.com/terbolous/powerdns-cloudstack-proxy-dns
>>
>> I can confirm the Lua script works as expected and my CloudStack server
>> can be tricked into believing my internal DNS servers are the authority for
>> realhostip.com:
>>
>> [root@virthost1 ]# dig +short 1-2-3-4.realhostip.com
>> 1.2.3.4
>>
>> I followed this guide and updated the console proxy/SSVM SSL certificate
>> with my own *.realhostip.com certificate.
>>
>>
>> http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/latest/systemvm.html#changing-the-console-proxy-ssl-certificate-and-domain
>>
>> The console proxy restarted but it's still blank when I try to view the
>> console. Does the domain have to be something other than realhostip.com?
>>
>
>
