Community
 
 
 

CloudPlatform 3.x

343 followers
 
Avatar
Administrator

Console proxy: no listener on port 443

Avatar

Console proxy: no listener on port 443

Hi All.

 

I have just deployed CloudPlatform 3.0.6 (on XenServer 6.1) - it's working well but I'm not able to connect to guest VM consoles when I click on "view console" via the GUI.  It gives me:

 

    Firefox can't establish a connection to the server at 172-26-16-184.realhostip.com.

 

I have followed the debugging steps here: https://cwiki.apache.org/confluence/display/CLOUDSTACK/View+Console+and+Console+Proxy+Troubleshooting

 

When I run through these checks, com.cloud.agent.AgentShell is running and listening on port 8250, but there is no listener on port 443:

 

root@v-13-VM:/var/log/cloud# ps aux | grep -v grep | grep com.cloud.agent.AgentShell
root      6152  0.0  2.4 953420 25524 pts/0    Sl   00:55   0:01 java -Djavax.net.ssl.trustStore=./certs/realhostip.keystore -mx805m -cp ./:./conf:cloud-agent.jar:cloud-api.jar:cloud-axis.jar:cloud-cglib.jar:cloud-commons-codec-1.5.jar:cloud-commons-collections-3.2.1.jar:cloud-commons-discovery.jar:cloud-commons-httpclient-3.1.jar:cloud-commons-logging-1.1.1.jar:cloud-commons-pool-1.5.6.jar:cloud-console-proxy.jar:cloud-core.jar:cloud-google-gson-1.7.1.jar:cloud-log4j.jar:cloud-utils.jar:cloud-vmware-base.jar:cloud-ws-commons-util-1.0.2.jar:cloud-wsdl4j.jar:cloud-xmlrpc-client-3.1.3.jar:cloud-xmlrpc-common-3.1.3.jar:vmware-apputils.jar:vmware-lib-jaxrpc.jar:vmware-vim25.jar:vmware-vim.jar com.cloud.agent.AgentShell root=LABEL console=tty0 xencons=ttyS0,115200 console=hvc0 console=hvc0 template=domP type=consoleproxy host=172.26.16.202 port=8250 name=v-13-VM premium=true zone=1 pod=1 guid=Proxy.13 proxy_vm=13 disable_rp_filter=true eth2ip=172.26.16.184 eth2mask=255.255.255.192 gateway=172.26.16.129 eth0ip=169.254.2.143 eth0mask=255.255.0.0 eth1ip=172.26.16.245 eth1mask=255.255.255.192 mgmtcidr=172.26.16.192/26 localgw=172.26.16.193 internaldns1=128.250.66.5 internaldns2=128.250.201.5 dns1=128.250.66.5 dns2=128.250.201.5

 

root@v-13-VM:/var/log/cloud# netstat -na | grep 8250
tcp        0      0 172.26.16.245:39476     172.26.16.202:8250      ESTABLISHED

 

root@v-13-VM:/var/log/cloud# netstat -na | grep 443
root@v-13-VM:/var/log/cloud#

 

 

Does anyone have any suggestions about what the problem might be here?

 

(I've tried restarting the console proxy VM several times now but to no avail).

 

Regards,

 

Robert.


Robert Sturrock MEMBERS
3 comments
0

Please sign in to leave a comment.

 
 

Previous 3 comments

Avatar
Administrator
Avatar

Console proxy: no listener on port 443

Just to verify...

 

Mgmt CIDR = 172.26.16.192/26

Public CIDR = 172.16.16.128/26

 

Hopefully this makes sense and is correct.

 

Looks like you can talk on your Mgmt network, since you have a link established with the managment server.

 

Can you verify that you can talk on your Public network, by pinging the gateway for example? It is very common to not have the VLAN allowed, at the switch, for new hypervisors.

 

--Mike


Mike Little MEMBERS
Comment actions Permalink
Avatar
Administrator
Avatar

Hi Mike - thanks for the followup.  Yes, I can ping my local router from the console VM:

 

root@v-13-VM:~# netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
128.250.201.5   172.26.16.193   255.255.255.255 UGH       0 0          0 eth1
128.250.66.5    172.26.16.193   255.255.255.255 UGH       0 0          0 eth1
172.26.16.128   0.0.0.0         255.255.255.192 U         0 0          0 eth2
172.26.16.192   0.0.0.0         255.255.255.192 U         0 0          0 eth1
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
0.0.0.0         172.26.16.129   0.0.0.0         UG        0 0          0 eth2

 

root@v-13-VM:~# ping 172.26.16.129
PING 172.26.16.129 (172.26.16.129): 56 data bytes
64 bytes from 172.26.16.129: icmp_seq=0 ttl=255 time=4.211 ms
64 bytes from 172.26.16.129: icmp_seq=1 ttl=255 time=0.712 ms
64 bytes from 172.26.16.129: icmp_seq=2 ttl=255 time=0.762 ms
^C--- 172.26.16.129 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.712/1.895/4.211/1.638 ms

 

The other thing I should have mentioned is that the console VM doesn't have any sort of external access.  Some documentation I've read mentions that this is required - could this be the issue?

 

Thanks,

 

Robert.


Robert Sturrock MEMBERS
Comment actions Permalink
Avatar
Administrator
Avatar

If I'm not mistaken, the CPVM doesn't need public access, as such, but does need to be reachable from your web browser. When you click on the console link in the CCP UI, a new browser window opens and is redirected to the "public" interface of your CPVM. That is the 172-26-16-184.realhostip.com address in your initial question.

 

realhostip.com is a service that returns a valid DNS response, based on the hostname requested. This is used to make the default SSL cert work, so you aren't prompted with cert issues.

 

Typically, the CPVM has access to the internet, but if you are a completely private cloud, this can be worked around. You will just need to ensure that your browser can reach 172.26.16.184 in you case.

 

For this issue, I would login to the CPVM and restart the cloud service, then look at cloud.log to see if there is any obvious reason that the service isn't listening on port 443.

 

--Mike


Mike Little MEMBERS
Comment actions Permalink

Top Contributors