You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by GitBox <gi...@apache.org> on 2021/09/07 16:55:24 UTC
[GitHub] [cloudstack] coreymr opened a new issue #5413: Console Proxy & VMware 7 websocket issue
coreymr opened a new issue #5413:
URL: https://github.com/apache/cloudstack/issues/5413
<!--
Verify first that your issue/request is not already reported on GitHub.
Also test if the latest release and main branch are affected too.
Always add information AFTER of these HTML comments, but no need to delete the comments.
-->
##### ISSUE TYPE
<!-- Pick one below and delete the rest -->
* Bug Report
* Improvement Request
##### COMPONENT NAME
<!--
API
-->
~~~
~~~
##### CLOUDSTACK VERSION
<!--
4.15.1
-->
~~~
~~~
##### CONFIGURATION
<!--
Running ACS 4.15.1 with VMware vCenter 7 and ESXi 7 hosts.
-->
##### OS / ENVIRONMENT
<!--
Information about the environment if relevant, N/A otherwise
-->
##### SUMMARY
<!-- When launching web console of a VM Instance, the window times out with "Failed to connect to server".
Initial web page launches to https://<ACS_Management_FQDN>:8443/client/console?cmd=access&vm=a61db944-89f3-4a64-8f40-558fb3c99510
Web browser has html code pointing to "https://10-x-xx-xx.<my_domain>/resource/noVNC/vnc.html?autoconnect=true&port=8080&token=jBwbg4-xBNLmwSZ7Je_aZxq4XsQ5v0AzSOl5d5UMosoUakpLAebY5DviBWz-ogCZMpy1ML7jVm6wPXwliwLmBfZdRt77MKPagjXTTC5FON3zxgimC6Y0Vvef6OUden8yKoiU9SyFz7qV1EzT4ESZ4Eb0TR2u_K3GyfPt4xTduTc8soUIf9u8VOqO31Upi8RFI4YXYenAiKWEyS3bMlIZiMdnkJNByXcuu3aHPpfvt4PKb5G_pcPWnFeqA11W0gss4slXd16ZfQU3bsxGSwMVuaO_P95aM72cexCovb6xAnIibCBTeHpW9iPOz-SGpnKwCFQwM8w-kxbcXTfzZpjsKvpetf2QzCpT23cgbSNX8aLwytiHLL245AB7F3AenXoQ&guest=windows"
Cloud.log error reports below:
2021-08-31 13:00:57,702 INFO [cloud.consoleproxy.ConsoleProxyResourceHandler] (Thread-108:null) Get resource request for /resource/noVNC/vnc.html
2021-08-31 13:00:57,706 INFO [cloud.consoleproxy.ConsoleProxyResourceHandler] (Thread-108:null) Sent file /resource/noVNC/vnc.html with content type text/html
2021-08-31 13:00:58,362 INFO [cloud.consoleproxy.ConsoleProxyNoVNCHandler] (qtp631791375-46:null) Get websocket connection request from remote IP : 10.4.89.3
2021-08-31 13:00:58,366 INFO [cloud.consoleproxy.ConsoleProxyNoVncClient] (Thread-109:null) Connect to VNC over websocket URL: wss://<ESXi host IP>:443/ticket/a0155dcb1eaa3383
2021-08-31 13:00:58,383 ERROR [consoleproxy.websocket.WebSocketReverseProxy] (WebSocketConnectReadThread-154:null) Error on connection to websocket: No subject alternative names matching IP address <ESXi Host IP> found
2021-08-31 13:00:58,386 INFO [consoleproxy.websocket.WebSocketReverseProxy] (WebSocketWriteThread-155:null) Closing connection to websocket: reason= code=-1 remote=true
-->
##### STEPS TO REPRODUCE
<!--
Launch VM instance console on instance hosted on VMware ESXi 7.
-->
<!-- Paste example playbooks or commands between quotes below -->
~~~
~~~
<!-- You can also paste gist.github.com links for larger files -->
##### EXPECTED RESULTS
<!-- The web console for the VM instance would launch without issue.
I don't know why the websocket url is using IP address instead of FQDN. IPs change, FQDN rarely change.
The code in VirualMachineMO.java is using Summary.getHostIP - can it be changed so the url is created using FQDN?
https://github.com/apache/cloudstack/blob/4.15.1.0/vmware-base/src/main/java/com/cloud/hypervisor/vmware/mo/VirtualMachineMO.java#L1137-L1154
-->
~~~
~~~
##### ACTUAL RESULTS
<!-- When launching web console of a VM Instance, the window times out with "Failed to connect to server". -->
<!-- Paste verbatim command output between quotes below -->
~~~
~~~
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] nvazquez closed issue #5413: Console Proxy & VMware 7 websocket issue
Posted by GitBox <gi...@apache.org>.
nvazquez closed issue #5413:
URL: https://github.com/apache/cloudstack/issues/5413
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on issue #5413: Console Proxy & VMware 7 websocket issue
Posted by GitBox <gi...@apache.org>.
weizhouapache commented on issue #5413:
URL: https://github.com/apache/cloudstack/issues/5413#issuecomment-914968104
@nvazquez @davidjumani
have a quick check, it looks the certitificate is handled in #4300 by @rhtyd
```
public class WebSocketReverseProxy extends WebSocketClient {
private static final Protocol protocol = new Protocol("binary");
private static final DefaultExtension defaultExtension = new DefaultExtension();
private static final Draft_6455 draft = new Draft_6455(Collections.singletonList(defaultExtension), Collections.singletonList(protocol));
private static final Logger logger = Logger.getLogger(WebSocketReverseProxy.class);
private Session remoteSession;
private void acceptAllCerts() {
TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new java.security.cert.X509Certificate[]{};
}
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
}};
SSLContext sc;
try {
sc = SSLContext.getInstance("TLS");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
SSLSocketFactory factory = sc.getSocketFactory();
this.setSocketFactory(factory);
} catch (Exception e) {
e.printStackTrace();
}
}
...
```
I cannot reproduce the issue in my testing env (vmware 7).
```
2021-09-08 06:33:08,521 INFO [cloud.consoleproxy.ConsoleProxyNoVNCHandler] (qtp663952265-36:null) Get websocket connection request from remote IP : 172.16.250.3
2021-09-08 06:33:08,539 INFO [cloud.consoleproxy.ConsoleProxyNoVncClient] (Thread-154:null) Connect to VNC over websocket URL: wss://10.0.34.176:443/ticket/c5fbc972af4f26c8
2021-09-08 06:33:09,211 INFO [cloud.consoleproxy.ConsoleProxyResourceHandler] (Thread-157:null) Get resource request for /resource/noVNC/app/images/handle_bg.svg
2021-09-08 06:33:09,217 INFO [cloud.consoleproxy.ConsoleProxyResourceHandler] (Thread-157:null) file does not exist/resource/noVNC/app/images/handle_bg.svg
...
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on issue #5413: Console Proxy & VMware 7 websocket issue
Posted by GitBox <gi...@apache.org>.
weizhouapache commented on issue #5413:
URL: https://github.com/apache/cloudstack/issues/5413#issuecomment-915342767
@coreymr
It is good to hear that #5419 solved the issue. however it is just a workaround (the change will be gone if you destroy CPVM).
do you use host fqdn in vmware vcenter ? if yes, can you change to to host IP and retry ?
can you share the results of command `hostname` and `hostname -f`, and content of `/etc/hosts` ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org