You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cloudstack.apache.org by Fariborz Navidan <md...@gmail.com> on 2018/09/09 21:17:18 UTC

Very slow SSL-enabled console proxy

Hello folks,

After enabling console proxy SSL, it is very slow, It takes to long to
establish https session. What can be the cause? Please help.

Best Regards

Re: Very slow SSL-enabled console proxy

Posted by Fariborz Navidan <md...@gmail.com>.

I think I've found the reason. All system VMs including SSVM and CPVM
cannot reach internet. Oddly incoming connection to them from outside works
well but they cannot establish outgoing connections to the internet. The
host itself can reach and can be reached through Internet but system VMs
cannot. You may firstly think that it is an issue with firewall and egress
rules, but it isn't! Because guests can reach internet with no problem. I
have checked system VMs and found that public interface on them has no
gateway set. If I manually set it, it works. But I'm wondering why
cloudstack does not set gateway on public interface of system VMs?

Any idea will be appreciated.

Regards.

On Mon, Sep 10, 2018 at 11:47 AM Fariborz Navidan <md...@gmail.com>
wrote:

> This is what I get:
>
> sysctl: cannot stat /proc/sys/‎kernel/random/entropy_avail: No such file
> or directory
>
>
> On Mon, Sep 10, 2018 at 11:37 AM Stephan Seitz <s....@mailbox.org>
> wrote:
>
>> You coul check inside the CPVM via
>> sysctl ‎kernel.random.entropy_avail
>>
>> That value should never drop to zero. Keep in mind that a single peek
>> wont give you the picture. You have to check that a few times‎ during ssl
>> handshakes taking place.
>>
>> Alternatively,, you could apt-get install haveged without checking. That
>> daemon wont take much re,ssources.
>>
>> Gesendet von meinem BlackBerry 10-Smartphone.
>>   Originalnachricht
>> Von: Fariborz Navidan
>> Gesendet: Montag, 10. September 2018 08:44
>> An: users@cloudstack.apache.org
>> Antwort an: users@cloudstack.apache.org
>> Betreff: Re: Very slow SSL-enabled console proxy
>>
>>
>>
>> > Fariborz Navidan <md...@gmail.com> hat am 10. September 2018 um
>> 08:44 geschrieben:
>> >
>> >
>> > Please provide me commands to run on CPVM to check this.
>> >
>> > Thanks
>> >
>> > On Mon, Sep 10, 2018 at 11:00 AM Stephan Seitz <s....@mailbox.org>
>> wrote:
>> >
>> > >
>> > > I'ld check the available entropy inside the console proxy vm. If the
>> > > entropy pool is running low, you could install haveged as a gathering
>> > > daemon.
>> > >
>> > >
>> > >
>> > > � Originalnachricht �
>> > > Von: Fariborz Navidan
>> > > Gesendet: Montag, 10. September 2018 08:14
>> > > An: users@cloudstack.apache.org
>> > > Antwort an: users@cloudstack.apache.org
>> > > Betreff: RE: Very slow SSL-enabled console proxy
>> > >
>> > >
>> > >
>> > > > Fariborz Navidan <md...@gmail.com> hat am 10. September 2018
>> um
>> > > 08:13 geschrieben:
>> > > >
>> > > >
>> > > > Hello,
>> > > >
>> > > > It cannot be due to server load because it is fresh cloudstack
>> > > installation and no one connects to console. It is something
>> regarding SSL
>> > > connection.
>> > > >
>> > > > Regards.
>> > > >
>> > > > Sent from Mail for Windows 10
>> > > >
>> > > > From: Ivan Kudryavtsev
>> > > > Sent: Monday, September 10, 2018 4:22 AM
>> > > > To: users
>> > > > Subject: Re: Very slow SSL-enabled console proxy
>> > > >
>> > > > Hello, Fariborz.
>> > > >
>> > > > You can try to create a service offering for CPVM and set its UUID
>> in
>> > > > global vars, but usually it works fine by default.
>> > > >
>> > > > пн, 10 сент. 2018 г., 4:17 Fariborz Navidan <mdvlinquest@gmail.com
>> >:
>> > > >
>> > > > > Hello folks,
>> > > > >
>> > > > > After enabling console proxy SSL, it is very slow, It takes to
>> long to
>> > > > > establish https session. What can be the cause? Please help.
>> > > > >
>> > > > > Best Regards
>> > > > >
>> > > >
>> > >
>>
>

Re: Very slow SSL-enabled console proxy

Posted by Fariborz Navidan <md...@gmail.com>.

This is what I get:

sysctl: cannot stat /proc/sys/‎kernel/random/entropy_avail: No such file or
directory


On Mon, Sep 10, 2018 at 11:37 AM Stephan Seitz <s....@mailbox.org> wrote:

> You coul check inside the CPVM via
> sysctl ‎kernel.random.entropy_avail
>
> That value should never drop to zero. Keep in mind that a single peek wont
> give you the picture. You have to check that a few times‎ during ssl
> handshakes taking place.
>
> Alternatively,, you could apt-get install haveged without checking. That
> daemon wont take much re,ssources.
>
> Gesendet von meinem BlackBerry 10-Smartphone.
>   Originalnachricht
> Von: Fariborz Navidan
> Gesendet: Montag, 10. September 2018 08:44
> An: users@cloudstack.apache.org
> Antwort an: users@cloudstack.apache.org
> Betreff: Re: Very slow SSL-enabled console proxy
>
>
>
> > Fariborz Navidan <md...@gmail.com> hat am 10. September 2018 um
> 08:44 geschrieben:
> >
> >
> > Please provide me commands to run on CPVM to check this.
> >
> > Thanks
> >
> > On Mon, Sep 10, 2018 at 11:00 AM Stephan Seitz <s....@mailbox.org>
> wrote:
> >
> > >
> > > I'ld check the available entropy inside the console proxy vm. If the
> > > entropy pool is running low, you could install haveged as a gathering
> > > daemon.
> > >
> > >
> > >
> > > � Originalnachricht �
> > > Von: Fariborz Navidan
> > > Gesendet: Montag, 10. September 2018 08:14
> > > An: users@cloudstack.apache.org
> > > Antwort an: users@cloudstack.apache.org
> > > Betreff: RE: Very slow SSL-enabled console proxy
> > >
> > >
> > >
> > > > Fariborz Navidan <md...@gmail.com> hat am 10. September 2018
> um
> > > 08:13 geschrieben:
> > > >
> > > >
> > > > Hello,
> > > >
> > > > It cannot be due to server load because it is fresh cloudstack
> > > installation and no one connects to console. It is something regarding
> SSL
> > > connection.
> > > >
> > > > Regards.
> > > >
> > > > Sent from Mail for Windows 10
> > > >
> > > > From: Ivan Kudryavtsev
> > > > Sent: Monday, September 10, 2018 4:22 AM
> > > > To: users
> > > > Subject: Re: Very slow SSL-enabled console proxy
> > > >
> > > > Hello, Fariborz.
> > > >
> > > > You can try to create a service offering for CPVM and set its UUID in
> > > > global vars, but usually it works fine by default.
> > > >
> > > > пн, 10 сент. 2018 г., 4:17 Fariborz Navidan <md...@gmail.com>:
> > > >
> > > > > Hello folks,
> > > > >
> > > > > After enabling console proxy SSL, it is very slow, It takes to
> long to
> > > > > establish https session. What can be the cause? Please help.
> > > > >
> > > > > Best Regards
> > > > >
> > > >
> > >
>

AW: Very slow SSL-enabled console proxy

Posted by Stephan Seitz <s....@mailbox.org>.

You coul check inside the CPVM via
sysctl ‎kernel.random.entropy_avail

That value should never drop to zero. Keep in mind that a single peek wont give you the picture. You have to check that a few times‎ during ssl handshakes taking place.

Alternatively,, you could apt-get install haveged without checking. That daemon wont take much re,ssources.

Gesendet von meinem BlackBerry 10-Smartphone.
  Originalnachricht  
Von: Fariborz Navidan
Gesendet: Montag, 10. September 2018 08:44
An: users@cloudstack.apache.org
Antwort an: users@cloudstack.apache.org
Betreff: Re: Very slow SSL-enabled console proxy



> Fariborz Navidan <md...@gmail.com> hat am 10. September 2018 um 08:44 geschrieben:
> 
> 
> Please provide me commands to run on CPVM to check this.
> 
> Thanks
> 
> On Mon, Sep 10, 2018 at 11:00 AM Stephan Seitz <s....@mailbox.org> wrote:
> 
> >
> > I'ld check the available entropy inside the console proxy vm. If the
> > entropy pool is running low, you could install haveged as a gathering
> > daemon.
> >
> >
> >
> > � Originalnachricht �
> > Von: Fariborz Navidan
> > Gesendet: Montag, 10. September 2018 08:14
> > An: users@cloudstack.apache.org
> > Antwort an: users@cloudstack.apache.org
> > Betreff: RE: Very slow SSL-enabled console proxy
> >
> >
> >
> > > Fariborz Navidan <md...@gmail.com> hat am 10. September 2018 um
> > 08:13 geschrieben:
> > >
> > >
> > > Hello,
> > >
> > > It cannot be due to server load because it is fresh cloudstack
> > installation and no one connects to console. It is something regarding SSL
> > connection.
> > >
> > > Regards.
> > >
> > > Sent from Mail for Windows 10
> > >
> > > From: Ivan Kudryavtsev
> > > Sent: Monday, September 10, 2018 4:22 AM
> > > To: users
> > > Subject: Re: Very slow SSL-enabled console proxy
> > >
> > > Hello, Fariborz.
> > >
> > > You can try to create a service offering for CPVM and set its UUID in
> > > global vars, but usually it works fine by default.
> > >
> > > пн, 10 сент. 2018 г., 4:17 Fariborz Navidan <md...@gmail.com>:
> > >
> > > > Hello folks,
> > > >
> > > > After enabling console proxy SSL, it is very slow, It takes to long to
> > > > establish https session. What can be the cause? Please help.
> > > >
> > > > Best Regards
> > > >
> > >
> >

Re: Very slow SSL-enabled console proxy

Posted by Fariborz Navidan <md...@gmail.com>.

Please provide me commands to run on CPVM to check this.

Thanks

On Mon, Sep 10, 2018 at 11:00 AM Stephan Seitz <s....@mailbox.org> wrote:

>
> I'ld check the available entropy inside the console proxy vm. If the
> entropy pool is running low, you could install haveged as a gathering
> daemon.
>
>
>
> � Originalnachricht �
> Von: Fariborz Navidan
> Gesendet: Montag, 10. September 2018 08:14
> An: users@cloudstack.apache.org
> Antwort an: users@cloudstack.apache.org
> Betreff: RE: Very slow SSL-enabled console proxy
>
>
>
> > Fariborz Navidan <md...@gmail.com> hat am 10. September 2018 um
> 08:13 geschrieben:
> >
> >
> > Hello,
> >
> > It cannot be due to server load because it is fresh cloudstack
> installation and no one connects to console. It is something regarding SSL
> connection.
> >
> > Regards.
> >
> > Sent from Mail for Windows 10
> >
> > From: Ivan Kudryavtsev
> > Sent: Monday, September 10, 2018 4:22 AM
> > To: users
> > Subject: Re: Very slow SSL-enabled console proxy
> >
> > Hello, Fariborz.
> >
> > You can try to create a service offering for CPVM and set its UUID in
> > global vars, but usually it works fine by default.
> >
> > пн, 10 сент. 2018 г., 4:17 Fariborz Navidan <md...@gmail.com>:
> >
> > > Hello folks,
> > >
> > > After enabling console proxy SSL, it is very slow, It takes to long to
> > > establish https session. What can be the cause? Please help.
> > >
> > > Best Regards
> > >
> >
>

AW: Very slow SSL-enabled console proxy

Posted by Stephan Seitz <s....@mailbox.org>.

I'ld check the available entropy inside the console proxy vm. If the entropy pool is running low, you could install haveged as a gathering daemon.



� Originalnachricht �
Von: Fariborz Navidan
Gesendet: Montag, 10. September 2018 08:14
An: users@cloudstack.apache.org
Antwort an: users@cloudstack.apache.org
Betreff: RE: Very slow SSL-enabled console proxy



> Fariborz Navidan <md...@gmail.com> hat am 10. September 2018 um 08:13 geschrieben:
> 
> 
> Hello,
> 
> It cannot be due to server load because it is fresh cloudstack installation and no one connects to console. It is something regarding SSL connection. 
> 
> Regards.
> 
> Sent from Mail for Windows 10
> 
> From: Ivan Kudryavtsev
> Sent: Monday, September 10, 2018 4:22 AM
> To: users
> Subject: Re: Very slow SSL-enabled console proxy
> 
> Hello, Fariborz.
> 
> You can try to create a service offering for CPVM and set its UUID in
> global vars, but usually it works fine by default.
> 
> пн, 10 сент. 2018 г., 4:17 Fariborz Navidan <md...@gmail.com>:
> 
> > Hello folks,
> >
> > After enabling console proxy SSL, it is very slow, It takes to long to
> > establish https session. What can be the cause? Please help.
> >
> > Best Regards
> >
>

RE: Very slow SSL-enabled console proxy

Posted by Fariborz Navidan <md...@gmail.com>.

Hello,

It cannot be due to server load because it is fresh cloudstack installation and no one connects to console. It is something regarding SSL connection. 

Regards.

Sent from Mail for Windows 10

From: Ivan Kudryavtsev
Sent: Monday, September 10, 2018 4:22 AM
To: users
Subject: Re: Very slow SSL-enabled console proxy

Hello, Fariborz.

You can try to create a service offering for CPVM and set its UUID in
global vars, but usually it works fine by default.

пн, 10 сент. 2018 г., 4:17 Fariborz Navidan <md...@gmail.com>:

> Hello folks,
>
> After enabling console proxy SSL, it is very slow, It takes to long to
> establish https session. What can be the cause? Please help.
>
> Best Regards
>

Re: Very slow SSL-enabled console proxy

Posted by Ivan Kudryavtsev <ku...@bw-sw.com>.

Hello, Fariborz.

You can try to create a service offering for CPVM and set its UUID in
global vars, but usually it works fine by default.

пн, 10 сент. 2018 г., 4:17 Fariborz Navidan <md...@gmail.com>:

> Hello folks,
>
> After enabling console proxy SSL, it is very slow, It takes to long to
> establish https session. What can be the cause? Please help.
>
> Best Regards
>