We have recreated the CPVM -Antoine
Antoine Boucher antoi...@haltondc.com [o] +1-226-505-9734 www.haltondc.com “Data security made simple”  Confidentiality Warning: This message and any attachments are intended only for the use of the intended recipient(s), are confidential, and may be privileged. If you are not the intended recipient, you are hereby notified that any review, retransmission, conversion to hard copy, copying, circulation or other use of this message and any attachments is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, and delete this message and any attachments from your system. > On Jan 15, 2024, at 2:56 AM, Wei ZHOU <ustcweiz...@gmail.com> wrote: > > Hi, > > Have you patched the CPVM, or recreated CPVM ? > > -Wei > > On Mon, 15 Jan 2024 at 06:34, Antoine Boucher <antoi...@haltondc.com > <mailto:antoi...@haltondc.com>> wrote: > >> Hello, >> >> The console access now fails on KVM hosts after upgrading from ACS 4.17.2 >> to ACS 4.18.1 >> The console has been working flawlessly on 4.17.2 with SSL and >> www-xxx-yyy-zzz.domain.com configuration. >> I see some authentication and loading resource issues in the following >> Proxy logs. Everything else works well, including the console access on >> Xen hosts. >> >> The firewall on the host is disabled, times are synced, the management >> server is using the local time zone, and the KVM hosts are using UTC. >> >> What am I missing? >> >> Regards, >> Antoine >> >> >> Note: The KVM host IP has been changed to 10.xx.xx.xx >> >> >> MANAGEMENT SERVER LOGS >> >> 2024-01-14 23:57:20,027 DEBUG [c.c.a.m.AgentManagerImpl] >> (AgentManager-Handler-4:null) (logid:) SeqA 104-3099: Processing Seq >> 104-3099: { Cmd , MgmtId: -1, via: 104, Ver: v1, Flags: 11, >> [{"com.cloud.agent.api.ConsoleProxyLoadReportCommand":{"_proxyVmId":"493","_loadInfo":"{ >> "connections": [], >> "removedSessions": [] >> }","wait":"0","bypassHostMaintenance":"false"}}] } >> 2024-01-14 23:57:20,032 DEBUG [c.c.a.m.AgentManagerImpl] >> (AgentManager-Handler-4:null) (logid:) SeqA 104-3099: Sending Seq >> 104-3099: { Ans: , MgmtId: 130593671224, via: 104, Ver: v1, Flags: 100010, >> [{"com.cloud.agent.api.AgentControlAnswer":{"result":"true","wait":"0","bypassHostMaintenance":"false"}}] >> } >> 2024-01-14 23:57:21,363 DEBUG [c.c.a.m.AgentManagerImpl] >> (AgentManager-Handler-5:null) (logid:) SeqA 102-2964: Processing Seq >> 102-2964: { Cmd , MgmtId: -1, via: 102, Ver: v1, Flags: 11, >> [{"com.cloud.agent.api.ConsoleProxyLoadReportCommand":{"_proxyVmId":"488","_loadInfo":"{ >> "connections": [], >> "removedSessions": [] >> }","wait":"0","bypassHostMaintenance":"false"}}] } >> 2024-01-14 23:57:21,367 DEBUG [c.c.a.m.AgentManagerImpl] >> (AgentManager-Handler-5:null) (logid:) SeqA 102-2964: Sending Seq >> 102-2964: { Ans: , MgmtId: 130593671224, via: 102, Ver: v1, Flags: 100010, >> [{"com.cloud.agent.api.AgentControlAnswer":{"result":"true","wait":"0","bypassHostMaintenance":"false"}}] >> } >> 2024-01-14 23:57:23,558 DEBUG [c.c.a.ApiServlet] >> (qtp279593458-695:ctx-2e31e696) (logid:a3f76229) ===START=== 104.28.133.19 >> -- GET >> virtualmachineid=bca11a2a-f642-4ded-a8d8-809a046de56b&command=createConsoleEndpoint&response=json >> 2024-01-14 23:57:23,559 DEBUG [c.c.a.ApiServlet] >> (qtp279593458-695:ctx-2e31e696) (logid:a3f76229) Two factor authentication >> is already verified for the user 2, so skipping >> 2024-01-14 23:57:23,574 DEBUG [c.c.a.ApiServer] >> (qtp279593458-695:ctx-2e31e696 ctx-ced9fb8e) (logid:a3f76229) CIDRs from >> which account 'Account >> [{"accountName":"admin","id":2,"uuid":"2cee75f9-8bc4-11ec-9c43-001e67fd4838"}]' >> is allowed to perform API calls: 0.0.0.0/0,::/0 >> 2024-01-14 <http://0.0.0.0/0,::/02024-01-14> 23:57:23,579 INFO >> [o.a.c.a.DynamicRoleBasedAPIAccessChecker] (qtp279593458-695:ctx-2e31e696 >> ctx-ced9fb8e) (logid:a3f76229) Account [Account >> [{"accountName":"admin","id":2,"uuid":"2cee75f9-8bc4-11ec-9c43-001e67fd4838"}]] >> is Root Admin or Domain Admin, all APIs are allowed. >> 2024-01-14 23:57:23,581 WARN [o.a.c.a.ProjectRoleBasedApiAccessChecker] >> (qtp279593458-695:ctx-2e31e696 ctx-ced9fb8e) (logid:a3f76229) Project is >> null, ProjectRoleBasedApiAccessChecker only applies to projects, returning >> API [createConsoleEndpoint] for user [User >> {"username":"admin","uuid":"2cefb708-8bc4-11ec-9c43-001e67fd4838"}.] as >> allowed. >> 2024-01-14 23:57:23,591 WARN [c.c.a.d.ParamGenericValidationWorker] >> (qtp279593458-695:ctx-2e31e696 ctx-ced9fb8e) (logid:a3f76229) Received >> unknown parameters for command createConsoleEndpoint. Unknown parameters : >> client-inet-address >> 2024-01-14 23:57:23,607 DEBUG [c.c.c.ConsoleProxyManagerImpl] >> (qtp279593458-695:ctx-2e31e696 ctx-ced9fb8e) (logid:a3f76229) Assign >> previous allocated console proxy for user vm : 59 >> 2024-01-14 23:57:23,614 DEBUG [c.c.a.t.Request] >> (qtp279593458-695:ctx-2e31e696 ctx-ced9fb8e) (logid:a3f76229) Seq >> 59-4686558362232422593: Sending { Cmd , MgmtId: 130593671224, via: >> 59(cs-kvm01), Ver: v1, Flags: 100011, >> [{"com.cloud.agent.api.GetVncPortCommand":{"id":"59","name":"i-11-59-VM","wait":"0","bypassHostMaintenance":"false"}}] >> } >> 2024-01-14 23:57:23,679 DEBUG [c.c.a.t.Request] >> (AgentManager-Handler-7:null) (logid:) Seq 59-4686558362232422593: >> Processing: { Ans: , MgmtId: 130593671224, via: 59, Ver: v1, Flags: 10, >> [{"com.cloud.agent.api.GetVncPortAnswer":{"address":"10.xxx.xxx.xxx","port":"5905","result":"true","wait":"0","bypassHostMaintenance":"false"}}] >> } >> 2024-01-14 23:57:23,680 DEBUG [c.c.a.t.Request] >> (qtp279593458-695:ctx-2e31e696 ctx-ced9fb8e) (logid:a3f76229) Seq >> 59-4686558362232422593: Received: { Ans: , MgmtId: 130593671224, via: >> 59(cs-kvm01), Ver: v1, Flags: 10, { GetVncPortAnswer } } >> 2024-01-14 23:57:23,680 INFO [o.a.c.c.ConsoleAccessManagerImpl] >> (qtp279593458-695:ctx-2e31e696 ctx-ced9fb8e) (logid:a3f76229) Parse host >> info returned from executing GetVNCPortCommand. host info: 10.xxx.xxx.xxx >> 2024-01-14 23:57:23,769 DEBUG [c.c.c.ConsoleProxyManagerImpl] >> (qtp279593458-695:ctx-2e31e696 ctx-ced9fb8e) (logid:a3f76229) Assign >> previous allocated console proxy for user vm : 59 >> 2024-01-14 23:57:23,774 DEBUG [c.c.a.t.Request] >> (qtp279593458-695:ctx-2e31e696 ctx-ced9fb8e) (logid:a3f76229) Seq >> 102-5612892510587191300: Sending { Cmd , MgmtId: 130593671224, via: >> 102(v-488-VM), Ver: v1, Flags: 100011, >> [{"com.cloud.agent.api.proxy.AllowConsoleAccessCommand":{"sessionUuid":"d7e6f73b-230a-43b7-95dc-dfc20c2f8992","wait":"0","bypassHostMaintenance":"false"}}] >> } >> 2024-01-14 23:57:23,817 DEBUG [c.c.a.t.Request] >> (AgentManager-Handler-13:null) (logid:) Seq 102-5612892510587191300: >> Processing: { Ans: , MgmtId: 130593671224, via: 102, Ver: v1, Flags: 10, >> [{"com.cloud.agent.api.Answer":{"result":"true","wait":"0","bypassHostMaintenance":"false"}}] >> } >> 2024-01-14 23:57:23,817 DEBUG [c.c.a.t.Request] >> (qtp279593458-695:ctx-2e31e696 ctx-ced9fb8e) (logid:a3f76229) Seq >> 102-5612892510587191300: Received: { Ans: , MgmtId: 130593671224, via: >> 102(v-488-VM), Ver: v1, Flags: 10, { Answer } } >> 2024-01-14 23:57:23,829 DEBUG [c.c.c.ConsoleProxyManagerImpl] >> (qtp279593458-695:ctx-2e31e696 ctx-ced9fb8e) (logid:a3f76229) Assign >> previous allocated console proxy for user vm : 59 >> 2024-01-14 23:57:23,833 DEBUG [c.c.a.ApiServlet] >> (qtp279593458-695:ctx-2e31e696 ctx-ced9fb8e) (logid:a3f76229) ===END=== >> 104.28.133.19 -- GET >> virtualmachineid=bca11a2a-f642-4ded-a8d8-809a046de56b&command=createConsoleEndpoint&response=json >> 2024-01-14 23:57:24,738 DEBUG [c.c.a.m.AgentManagerImpl] >> (AgentManager-Handler-15:null) (logid:) SeqA 102-2965: Processing Seq >> 102-2965: { Cmd , MgmtId: -1, via: 102, Ver: v1, Flags: 11, >> [{"com.cloud.agent.api.ConsoleAccessAuthenticationCommand":{"_host":"10.xxx.xxx.xxx","_port":"5905","_vmId":"bca11a2a-f642-4ded-a8d8-809a046de56b","_sid":"UysC5FUxYMMtUvYBlzJLSQ","_ticket":"4ywKfs2GYjKVD+CkRYFseKlsBVJwGdfWWlDN/Vp3llos2plRn2Ek4lxkOgMzMkmuhcBTk998OE3j9n7/S7yUpw==","sessionUuid":"d7e6f73b-230a-43b7-95dc-dfc20c2f8992","_isReauthenticating":"false","wait":"0","bypassHostMaintenance":"false"}}] >> } >> 2024-01-14 23:57:24,740 DEBUG [c.c.c.AgentHookBase] >> (AgentManager-Handler-15:null) (logid:) Console authentication. Ticket in >> url for 10.xxx.xxx.xxx:5905-bca11a2a-f642-4ded-a8d8-809a046de56b is >> 4ywKfs2GYjKVD+CkRYFseKlsBVJwGdfWWlDN/Vp3llos2plRn2Ek4lxkOgMzMkmuhcBTk998OE3j9n7/S7yUpw== >> 2024-01-14 23:57:24,741 DEBUG [c.c.c.AgentHookBase] >> (AgentManager-Handler-15:null) (logid:) Console authentication. Ticket in 1 >> minute boundary for >> 10.xxx.xxx.xxx:5905-bca11a2a-f642-4ded-a8d8-809a046de56b is >> 4ywKfs2GYjKVD+CkRYFseKlsBVJwGdfWWlDN/Vp3llos2plRn2Ek4lxkOgMzMkmuhcBTk998OE3j9n7/S7yUpw== >> 2024-01-14 23:57:24,744 DEBUG [c.c.c.AgentHookBase] >> (AgentManager-Handler-15:null) (logid:) Acquiring session >> [d7e6f73b-230a-43b7-95dc-dfc20c2f8992] as it was just used. >> 2024-01-14 23:57:24,761 DEBUG [c.c.a.m.AgentManagerImpl] >> (AgentManager-Handler-15:null) (logid:) SeqA 102-2965: Sending Seq >> 102-2965: { Ans: , MgmtId: 130593671224, via: 102, Ver: v1, Flags: 100010, >> [{"com.cloud.agent.api.ConsoleAccessAuthenticationAnswer":{"_success":"true","_isReauthenticating":"false","_port":"0","result":"true","wait":"0","bypassHostMaintenance":"false"}}] >> } >> 2024-01-14 23:57:24,850 DEBUG [c.c.a.m.AgentManagerImpl] >> (AgentManager-Handler-6:null) (logid:) SeqA 102-2966: Processing Seq >> 102-2966: { Cmd , MgmtId: -1, via: 102, Ver: v1, Flags: 11, >> [{"com.cloud.agent.api.ConsoleProxyLoadReportCommand":{"_proxyVmId":"488","_loadInfo":"{ >> "connections": [ >> { >> "id": 13, >> "clientInfo": "", >> "host": "10.xxx.xxx.xxx", >> "port": 5905, >> "tag": "bca11a2a-f642-4ded-a8d8-809a046de56b", >> "createTime": 1705294644803, >> "lastUsedTime": 1705294644803, >> "sessionUuid": "d7e6f73b-230a-43b7-95dc-dfc20c2f8992" >> } >> ] >> }","wait":"0","bypassHostMaintenance":"false"}}] } >> 2024-01-14 23:57:24,855 DEBUG [c.c.a.m.AgentManagerImpl] >> (AgentManager-Handler-6:null) (logid:) SeqA 102-2966: Sending Seq >> 102-2966: { Ans: , MgmtId: 130593671224, via: 102, Ver: v1, Flags: 100010, >> [{"com.cloud.agent.api.AgentControlAnswer":{"result":"true","wait":"0","bypassHostMaintenance":"false"}}] >> } >> 2024-01-14 23:57:30,026 DEBUG [c.c.a.m.AgentManagerImpl] >> (AgentManager-Handler-14:null) (logid:) SeqA 104-3100: Processing Seq >> 104-3100: { Cmd , MgmtId: -1, via: 104, Ver: v1, Flags: 11, >> [{"com.cloud.agent.api.ConsoleProxyLoadReportCommand":{"_proxyVmId":"493","_loadInfo":"{ >> "connections": [], >> "removedSessions": [] >> }","wait":"0","bypassHostMaintenance":"false"}}] } >> 2024-01-14 23:57:30,030 DEBUG [c.c.a.m.AgentManagerImpl] >> (AgentManager-Handler-14:null) (logid:) SeqA 104-3100: Sending Seq >> 104-3100: { Ans: , MgmtId: 130593671224, via: 104, Ver: v1, Flags: 100010, >> [{"com.cloud.agent.api.AgentControlAnswer":{"result":"true","wait":"0","bypassHostMaintenance":"false"}}] >> } >> 2024-01-14 23:57:31,364 DEBUG [c.c.a.m.AgentManagerImpl] >> (AgentManager-Handler-12:null) (logid:) SeqA 102-2967: Processing Seq >> 102-2967: { Cmd , MgmtId: -1, via: 102, Ver: v1, Flags: 11, >> [{"com.cloud.agent.api.ConsoleProxyLoadReportCommand":{"_proxyVmId":"488","_loadInfo":"{ >> "connections": [ >> { >> "id": 13, >> "clientInfo": "", >> "host": "10.xxx.xxx.xxx", >> "port": 5905, >> "tag": "bca11a2a-f642-4ded-a8d8-809a046de56b", >> "createTime": 1705294644803, >> "lastUsedTime": 1705294644803, >> "sessionUuid": "d7e6f73b-230a-43b7-95dc-dfc20c2f8992" >> } >> ], >> "removedSessions": [] >> }","wait":"0","bypassHostMaintenance":"false"}}] } >> 2024-01-14 23:57:31,368 DEBUG [c.c.a.m.AgentManagerImpl] >> (AgentManager-Handler-12:null) (logid:) SeqA 102-2967: Sending Seq >> 102-2967: { Ans: , MgmtId: 130593671224, via: 102, Ver: v1, Flags: 100010, >> [{"com.cloud.agent.api.AgentControlAnswer":{"result":"true","wait":"0","bypassHostMaintenance":"false"}}] >> } >> >> >> >> CONSOLE PROXY LOGS >> >> 2024-01-15 04:57:24,497 INFO >> [cloud.consoleproxy.ConsoleProxyResourceHandler] (Thread-175:null) Get >> resource request for /resource/noVNC/vnc.html >> 2024-01-15 04:57:24,506 INFO >> [cloud.consoleproxy.ConsoleProxyResourceHandler] (Thread-175:null) Sent >> file /resource/noVNC/vnc.html with content type text/html >> 2024-01-15 04:57:24,630 INFO >> [cloud.consoleproxy.ConsoleProxyResourceHandler] (Thread-176:null) Get >> resource request for /resource/noVNC/app/sounds/bell.mp3 >> 2024-01-15 04:57:24,635 INFO >> [cloud.consoleproxy.ConsoleProxyResourceHandler] (Thread-176:null) Sent >> file /resource/noVNC/app/sounds/bell.mp3 with content type >> application/octet-stream >> 2024-01-15 04:57:24,735 INFO >> [cloud.consoleproxy.ConsoleProxyNoVNCHandler] (qtp1640959236-39:null) Get >> websocket connection request from remote IP : 104.28.133.19 >> 2024-01-15 04:57:24,810 INFO [cloud.consoleproxy.ConsoleProxyNoVncClient] >> (Thread-177:null) Connect to VNC server directly. host: 10.xxx.xxx.xxx, >> port: 5905 >> 2024-01-15 04:57:24,815 INFO [consoleproxy.vnc.NoVncClient] >> (Thread-177:null) Connecting to VNC server 10.xxx.xxx.xxx:5905 ... >> 2024-01-15 04:57:25,028 INFO [vnc.security.VncAuthSecurity] >> (Thread-177:null) VNC server requires password authentication >> 2024-01-15 04:57:25,041 INFO [vnc.security.VncAuthSecurity] >> (Thread-177:null) Finished VNCAuth security >> >> >> >> >> Antoine Boucher
